research-article

Elastic IP and security groups implementation using OpenFlow

Authors:

Sebastien Goasguen,

Kuang-Ching WangAuthors Info & Claims

VTDC '12: Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date

Pages 53 - 60

https://doi.org/10.1145/2287056.2287069

Published: 18 June 2012 Publication History

Abstract

This paper presents a reference implementation of an Elastic IP and Security Group service using the OpenFlow protocol. The implementation is the first to present integration of OpenFlow within a virtual machine provisioning engine and an API for enabling such services. In this paper the OpenNebula system is used. The Elastic IP and Security Groups services are similar to the Amazon EC2 services and present a compatible Query API implemented by OpenNebula. The core of the implementation relies on the integration of an OpenFlow controller (NOX) with the EC2 server. Flow rules can be inserted in the OpenFlow controller using the EC2 API. These rules are then used by Open vSwitch bridges on the underlying hypervisor to manage network traffic. The reference implementation presented opens the door for more advanced cloud networking services that leverage principles from software defined networking including virtual private cloud, virtual data center spanning multiple availability zones, as well as seamless migration over wide are networks.

References

[1]

Feature guide: Amazon ec2 elastic ip addresses. http://aws.amazon.com/articles/1346, July 2010.

[2]

Flowvisor. http://flowvisor.org, Nov 2011.

[3]

Geni: Exploring networks of the future. http://www.geni.net, Nov 2011.

[4]

Openflow. http://www.openflow.org, Nov 2011.

[5]

Openstack. http://www.openstack.org, Nov 2011.

[6]

Open vswitch. http://openvswitch.org/, February 2012.

[7]

Opennebula home page. http://www.opennebula.org, January 2012.

[8]

User guide for amazon elastic compute cloud. http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/, Feb 2012.

[9]

T. Benson, A. Akella, A. Shaikh, and S. Sahu. Cloudnaas: a cloud networking platform for enterprise applications. In Proceedings of the 2nd ACM Symposium on Cloud Computing, page 8. ACM, 2011.

Digital Library

[10]

A. Ganguly, A. Agrawal, P. Boykin, and R. Figueiredo. Wow: Self-organizing wide area overlay networks of virtual workstations. In High Performance Distributed Computing, 2006 15th IEEE International Symposium on, pages 30--42. IEEE, 2006.

[11]

D. Inc. Dynamic insertion of services in a multi-tenant virtual data center. http://opennetsummit.org/demonstrations.html, Oct 2011.

[12]

R. Ltd. Scalable dos attack detection and mitigation. http://opennetsummit.org/demonstrations.html, Oct 2011.

[13]

P. Marshall, K. Keahey, and T. Freeman. Elastic site: Using clouds to elastically extend site resources. In Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, pages 43--52. IEEE Computer Society, 2010.

Digital Library

[14]

P. Mell and T. Grance. The nist definition of cloud computing (draft). NIST special publication, 800:145, 2011.

Digital Library

[15]

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. Openflow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2):69--74, 2008.

Digital Library

[16]

M. Murphy, L. Abraham, M. Fenn, and S. Goasguen. Autonomic clouds on the grid. Journal of Grid Computing, 8(1):1--18, 2010.

[17]

D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youse, and D. Zagorodnov. The eucalyptus open-source cloud-computing system. In Cluster Computing and the Grid, 2009. CCGRID'09. 9th IEEE/ACM International Symposium on, pages 124--131. IEEE, 2009.

Digital Library

[18]

P. Ruth, X. Jiang, D. Xu, and S. Goasguen. Virtual distributed environments in a shared infrastructure. Computer, 38(5):63--69, 2005.

Digital Library

[19]

B. Sotomayor, R. Montero, I. Llorente, and I. Foster. Virtual infrastructure management in private and hybrid clouds. Internet Computing, IEEE, 13(5):14--22, 2009.

Digital Library

Cited By

Ma MYu ZLiu B(2023)Automatic Generation of Network Micro-Segmentation Policies for Cloud Environments2023 4th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)10.1109/AINIT59027.2023.10212857(1-5)Online publication date: 16-Jun-2023
https://doi.org/10.1109/AINIT59027.2023.10212857
Ramachandra LHareesh K(2021)A Novel Design for Real-Time Intrusion Response in Latest Software-Defined Networks by Graphical Security ModelsSustainable Communication Networks and Application10.1007/978-981-15-8677-4_45(557-568)Online publication date: 26-Jan-2021
https://doi.org/10.1007/978-981-15-8677-4_45
Eom THong JAn SPark JKim D(2020)A Framework for Real-Time Intrusion Response in Software Defined Networking Using Precomputed Graphical Security ModelsSecurity and Communication Networks10.1155/2020/72350432020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/7235043
Show More Cited By

Index Terms

Elastic IP and security groups implementation using OpenFlow
1. Networks
  1. Network services
    1. Network management

Recommendations

Design and Implementation of a Cloud-Federation Agent for Software Defined Networking
IC2E '15: Proceedings of the 2015 IEEE International Conference on Cloud Engineering

This paper introduces a cloud-federation agent which enables a horizontal network federation between different cloud providers, based on Software Defined Networking (SDN). Furthermore, tenants, using the cloud's Infrastructureas a Service (IaaS) model, ...
Non-tunneling Edge-Overlay Model Using OpenFlow for Cloud Datacenter Networks
CLOUDCOM '13: Proceedings of the 2013 IEEE International Conference on Cloud Computing Technology and Science - Volume 02

In current SDN paradigm, an edge-overlay (distributed tunneling) model using L2-in-L3 tunneling protocols, such as VXLAN, has attracted attentions for multi-tenant data center networks. The edge-overlay model can establish rapid-deployment of virtual ...
Is your cloud elastic enough?: performance modelling the elasticity of infrastructure as a service (IaaS) cloud applications
ICPE '12: Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering

Elasticity, the ability to rapidly scale resources up and down on demand, is an essential feature of public cloud platforms. However, it is difficult to understand the elasticity requirements of a given application and workload, and if the elasticity ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

VTDC '12: Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date

June 2012

68 pages

ISBN:9781450313445

DOI:10.1145/2287056

General Chair:
Frédéric Desprez
INRIA, France
,
Program Chair:
Adrien Lèbre
Mines de Nantes, France

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

University of Arizona: University of Arizona
SIGARCH: ACM Special Interest Group on Computer Architecture

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 June 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

HPDC'12

Sponsor:

University of Arizona
SIGARCH

HPDC'12: The 21st International Symposium on High-Performance Parallel and Distributed Computing

June 18, 2012

Delft, The Netherlands

Acceptance Rates

Overall Acceptance Rate 5 of 10 submissions, 50%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
891
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ma MYu ZLiu B(2023)Automatic Generation of Network Micro-Segmentation Policies for Cloud Environments2023 4th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)10.1109/AINIT59027.2023.10212857(1-5)Online publication date: 16-Jun-2023
https://doi.org/10.1109/AINIT59027.2023.10212857
Ramachandra LHareesh K(2021)A Novel Design for Real-Time Intrusion Response in Latest Software-Defined Networks by Graphical Security ModelsSustainable Communication Networks and Application10.1007/978-981-15-8677-4_45(557-568)Online publication date: 26-Jan-2021
https://doi.org/10.1007/978-981-15-8677-4_45
Eom THong JAn SPark JKim D(2020)A Framework for Real-Time Intrusion Response in Software Defined Networking Using Precomputed Graphical Security ModelsSecurity and Communication Networks10.1155/2020/72350432020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/7235043
Jain VYatri VKanchan Kapoor C(2019)Software defined networkingJournal of High Speed Networks10.3233/JHS-19060125:1(1-40)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.3233/JHS-190601
Eom THong JAn SPark JKim D(2019)Security and Performance Modeling and Optimization for Software Defined Networking2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00087(610-617)Online publication date: Aug-2019
https://doi.org/10.1109/TrustCom/BigDataSE.2019.00087
Eom THong JAn SPark JKim D(2019)A Systematic Approach to Threat Modeling and Security Analysis for Software Defined NetworkingIEEE Access10.1109/ACCESS.2019.29400397(137432-137445)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2940039
Nguyen T(2018)The Challenges in ML-Based Security for SDN2018 2nd Cyber Security in Networking Conference (CSNet)10.1109/CSNET.2018.8602680(1-9)Online publication date: Oct-2018
https://doi.org/10.1109/CSNET.2018.8602680
Ushakov YShukhman APolezhaev PLegashev L(2017)Virtual cloud network laboratory based on IaaS for university IT education2017 IEEE Global Engineering Education Conference (EDUCON)10.1109/EDUCON.2017.7942955(906-909)Online publication date: Apr-2017
https://doi.org/10.1109/EDUCON.2017.7942955
Moreno-Vozmediano RMontero RHuedo ELlorente I(2017)Orchestrating the Deployment of High Availability Services on Multi-zone and Multi-cloud ScenariosJournal of Grid Computing10.1007/s10723-017-9417-z16:1(39-53)Online publication date: 3-Nov-2017
https://doi.org/10.1007/s10723-017-9417-z
Dayal NMaity PSrivastava SKhondoker R(2017)Research Trends in Security and DDoS in SDNSecurity and Communication Networks10.1002/sec.17599:18(6386-6411)Online publication date: 9-Feb-2017
https://doi.org/10.1002/sec.1759
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten