Advertisement

Multi-tenant Isolation in Software Defined Networks

  • Sarah IrumEmail author
  • Patrick Luedke
  • Klaus Warnke
  • Gerrit Schulte
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 263)

Abstract

Software Defined Networking (SDN) provides a flexible and programmable infrastructure for future networks. SDN supports multi-domain networks where customers, called tenants, can share network resources on the large data centers. In the multi-tenant environment, tenants can share the network elements while keeping them isolated from each other. In this paper, we describe an isolated multi-tenant solution where the tenants can have control over their assigned network resources. The described approach provides isolation through VxLAN and configuration of flow tables in the OpenFlow switch. VxLAN tunnels are used to isolate packets transmitted by different tenants. Virtual Network Identifiers (VNIs) are assigned to the flow table for identification of the tenant.

Keywords

Software defined network VxLAN Network function virtualization OpenFlow 

Notes

Acknowledgment

This project has received funding from the European Unions H2020 research and innovation program under grant agreement H2020-MCSA-ITN- 2016-SECRET 722424

References

  1. 1.
    Ahlgren, B., Dannewitz, C., Imbrenda, C., Kutscher, D., Ohlman, B.: A survey of information-centric networking. IEEE Commun. Mag. 50(7), 26–36 (2012)CrossRefGoogle Scholar
  2. 2.
    S. Shin, P. Porras, V. Yegneswaran, M. Fong, G. Gu, M. Tyson, Fresco: modular composable security services for software-defined networks. In: Proceedings of Network and Distributed Security Symposium (2013)Google Scholar
  3. 3.
    Yu, M., Jose, L., Miao, R.: Software defined traffic measurement with opensketch. USENIX NSDI vol, 31 (2013)Google Scholar
  4. 4.
    Fayazbakhsh, S.K., Chiang, L., Sekar, V., Yu, M., Mogul, J.C.: Enforcing network-wide policies in the presence of dynamic middlebox actions using flowtags. In: USENIX NSDI, Seattle, WA, USA, pp. 1–13, 533–546 (2014)Google Scholar
  5. 5.
    Kapadia, S., Subagio, P.H., Yang, Y., Shah, N., Jain, V., Agrawal, A.: Implementation of virtual extensible local area network (VXLAN) in top-of-rack switches in a network environment, Google Patents, US Patent 9,565,105 (2017)Google Scholar
  6. 6.
    OpenFlow Switch Specification. http://goo.gl/1DYxw6. Accessed 14 Oct 2013
  7. 7.
    Ryu: An Operating System for Software Defined Network. http://osrg.github.com/ryu/
  8. 8.
  9. 9.
    POX: A Python-Based OpenFlow Controller. http://www.noxrepo.org/pox/about-pox/
  10. 10.
    Gude, N., et al.: NOX: towards an operating system for networks. ACM SIGCOMM CCR 38(3), 105–110 (2008)CrossRefGoogle Scholar
  11. 11.
  12. 12.
    Mahalingam, M., et al.: Virtual eXtensible Local Area Network (VXLAN): a framework for overlaying virtualized layer 2 networks over layer 3 networks. In: RFC7348 (2014).  https://doi.org/10.17487/RFC7348
  13. 13.
    Chowdhury, N., Boutaba, R.: A survey of network virtualization. In: Elsevier Computer Networks (2010)CrossRefGoogle Scholar
  14. 14.
    European Telecommunications Standards Institute, Network Functions Virtualisation (2012). http://portal.etsi.org/NFV/NFVWhitePaper.pdf
  15. 15.

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Sarah Irum
    • 1
    Email author
  • Patrick Luedke
    • 1
  • Klaus Warnke
    • 1
  • Gerrit Schulte
    • 1
  1. 1.Acticom GmbhBerlinGermany

Personalised recommendations