Dynamic Security Traversal in OpenFlow Networks with QoS Guarantee

Abstract

To provide the essential network protection, data flows are forced to pass through the desired sequences of security devices (middleboxes) in a datacenter, which is called security traversal. In this paper, we identify the problem of quality of service (QoS) guarantee in security traversal and propose a scheme to dynamically change the security traversal path. The dynamic security traversal scheme is achieved by the proposed optimal security traversal with middlebox addition (OSTMA) mechanism which poses and solves the considered QoS-guaranteed problem as a constrained shortest path problem (CSP). Besides, we design a system framework with a centralized security traversal controller adopting the proposed OSTMA mechanism, which leverage the capability of OpenFlow networks to dynamically monitor the network condition information and reconfigure the security traversal path. Finally, our experiment shows results show that the proposed dynamic security traversal scheme can achieve QoS requirements while still reserving the scalability and flexibility of distributed security middleboxes.