Elastic IP and security groups implementation using OpenFlow

Abstract

This paper presents a reference implementation of an Elastic IP and Security Group service using the OpenFlow protocol. The implementation is the first to present integration of OpenFlow within a virtual machine provisioning engine and an API for enabling such services. In this paper the OpenNebula system is used. The Elastic IP and Security Groups services are similar to the Amazon EC2 services and present a compatible Query API implemented by OpenNebula. The core of the implementation relies on the integration of an OpenFlow controller (NOX) with the EC2 server. Flow rules can be inserted in the OpenFlow controller using the EC2 API. These rules are then used by Open vSwitch bridges on the underlying hypervisor to manage network traffic. The reference implementation presented opens the door for more advanced cloud networking services that leverage principles from software defined networking including virtual private cloud, virtual data center spanning multiple availability zones, as well as seamless migration over wide are networks.