A Sophisticated Packet Forwarding Scheme with Deep Packet Inspection in an OpenFlow Switch

Abstract

Network administrators can make their own programmable network by using an SDN infrastructure with the OpenFlow protocol. Through the OpenFlow protocol, a SDN controller instructs an OpenFlow switch to perform specific actions, such as service chaining, according to header fields of incoming packets. Our main goal is to support an extended view of the OpenFlow architecture by inspecting not only the packet header but also the payload information in the packets. For this purpose, we address a sophisticated packet forwarding scheme using DPI to inspect effectively all incoming packets. According to the results of our experiments, we choose the inside of a virtual switch as the most suitable position of the DPI module. In our scheme, there are a log server, a monitoring application, and DPI function for monitoring and managing network traffic. When the DPI module detects a predefined string pattern of bits in an incoming packet, the switch sends the matching information to the log server that stores logs that contain the detected pattern and resource usage. Then, the monitoring application periodically gathers log information on the log server to compare that information with predefined network policies. Finally, we show that the packets are dealt with in a more effective and efficient way in our sophisticated packet forwarding scheme.