Skip to main content
SpringerLink
Log in

LTSS: Load-Adaptive Traffic Steering and Forwarding for Security Services in Multi-Tenant Cloud Datacenters

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Jain S, Kumar A, Mandal S et al. B4: Experience with a globally-deployed software defined WAN. In Proc. the ACM SIGCOMM, August 2013, pp.3-14.

  2. Benson T, Akella A, Shaikh A et al. CloudNaaS: A cloud networking platform for enterprise applications. In Proc. the 2nd ACM Symposium on Cloud Computing, October 2011, pp.353-365.

  3. Shin S, Song Y, Lee T et al. Rosemary: A robust, secure, and high performance network operating system. In Proc. the 21st ACM Conference on Computer and Communications Security (CCS), November 2014, pp.78-89.

  4. Shin S Gu G. CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks. In Proc. NPSec12, November 2012.

  5. Sherry J, Hasan S, Scott C et al. Making middleboxes someone else’s problem: Network processing as a cloud service. In Proc. the ACM SIGCOMM, August 2012, pp.13-24.

  6. Qazi Z A, Tu C, Chiang L et al. Simple-fying middlebox policy enforcement using SDN. In Proc. ACM SIGCOMM, August 2013, pp.27-38.

  7. Fayazbakhsh S K, Chiang L, Sekar V, Yu M L et al. Enforcing network-wide policies in the presence of dynamic middlebox actions using FlowTags. In Proc. the 11th USENIX Symposium on Networked Systems Design and Implementation, April 2014, pp.543-546.

  8. Hari A, Niesen U, Wilfong G. Optimal path encoding for software-defined networks. In Proc. IEEE International Symposium on Information Theory, June 2015, pp.2361-2365.

  9. Hari A, Lakshman T V, Wilfong G. Path switching: Reduced-state flow handling in SDN using path information. In Proc. CoNEXT, December 2015.

  10. Shin S, Wang H, Gu G et al. A first step toward network security virtualization: From concept to prototype. IEEE Transactions on Information Forensics and Security, 2015, 10(10): 2236-2249.

    Article  Google Scholar 

  11. Shin S, Yegneswaran V, Porras P, Gu G. AVANT-GUARD: Scalable and vigilant switch flow management in software-defined networks. In Proc. the 20th ACM Conference on Computer and Communications Security (CCS), November 2013, pp.413-424.

  12. Shin S, Porras P A, Yegneswaran V, Fong M W, Gu G, Tyson M. Fresco: Modular composable security services for software-defined networks. In Proc. the 20th Annual Network and Distributed System Security Symposium (NDSS2013), February 2013.

  13. Du X K, Lu Z H,Wu J,Wu C R, Chen S. PDSDN: A policydriven SDN controller improving scheme for multi-tenant cloud datacenter environments. In Proc. the 13th IEEE International Conference on Services Computing (SCC), June 2016, pp.387-394.

  14. Erickson D. The beacon OpenFlow controller. In Proc. ACM SIGCOMM, August 2013, pp.13-18.

  15. John W, Pentikousis K, Agapiou G et al. Research directions in network service chaining. In Proc. Software Defined Networks for Future Networks & Services, November 2013.

  16. Cao Z Z, Kodialam M, Lakshman T V. Traffic steering in software defined networks: Planning and online routing. In Proc. the 2014 ACM SIGCOMM workshop on Distributed Cloud Computing (DCC), August 2014, pp.65-70.

  17. Pfaff B, Pettit J, Koponen T et al. The design and implementation of Open vSwitch. In Proc. the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15), March 2015, pp.117-130.

  18. Heorhiadi V, Reiter M K, Sekar V et al. New opportunities for load balancing in network-wide intrusion detection systems. In Proc. ACM CoNEXT, December 2012, pp.361-372.

  19. Zhang W, Rajasekaran S, Wood T et al. MIMP: Feadline and interference aware scheduling of Hadoop virtual machines. In Proc. the 14th ACM International Symposium on Cluster, Cloud and Grid Computing, May 2014, pp.394-403.

  20. Rao B T, Sridevi N V, Reddy V K, Reddy L S S. Performance issues of heterogeneous Hadoop clusters in cloud computing. Global Journal of Computer Science and Technology, 2011, XI(VIII): 80-87.

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Fudan University, Shanghai, 200433, China

    Xue-Kai Du, Zhi-Hui Lu, Jie Wu & Cheng-Rong Wu

  2. Information Sciences and Technology Department, the Pennsylvania State University Abington College, Abington, PA, 19001, U.S.A.

    Qiang Duan

Authors
  1. Xue-Kai Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhi-Hui Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qiang Duan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jie Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Cheng-Rong Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhi-Hui Lu.

Electronic supplementary material

Below is the link to the electronic supplementary material.

ESM 1

(PDF 51 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Du, XK., Lu, ZH., Duan, Q. et al. LTSS: Load-Adaptive Traffic Steering and Forwarding for Security Services in Multi-Tenant Cloud Datacenters. J. Comput. Sci. Technol. 32, 1265–1278 (2017). https://doi.org/10.1007/s11390-017-1799-7

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-017-1799-7

Keywords

Search

Navigation