Traffic Tunnel Management in Cloud-based Flow Security System

Abstract

Considering the increasingly serious problem of Internet security recently, Cloud-based Flow Security System(CFS) has been built as a solution to the Internet security application, providing convenient and effective application and content level security for enterprise users by means of cloud services. Under the CFS system, this paper developed custom function modules to achieve unified management of network nodes and GRE tunnel between the nodes, management of the switch data forwarding, and real-time monitoring of the state of the tunnel in the control platform, accomplished the design scheme of combining the load balancing algorithm with the unified management of the tunnel, realized the efficient allocation of the network nodes in the large-scale network environment and improved the network flexibility. Introduction With the development of cloud traffic, network security problem, especially information security problem, is becoming increasingly prominent, which has become one of the primary concerns for cloud application business users. More and more research institutions and network security companies focus on research and development on the security aspects of cloud services under such a circumstance. Cloud computing has a natural advantage in pooling information across the entire network and dealing with massive amounts of information. Chen [1] used the cloud computing feature to propose a collaborative management model for network security. Seeber proposed the idea of using SDN technology to enhance cloud security [2]. On the basis of these research, the rapid development of safety information and event management (SIEM) will lead to the dominance in service field. However, the security of the data transmission above the operating system, especially cloud-based applications, is still at the users’ own risk. After addressing the infrastructure security issues, at the application level, whether it is application management or content security, users are also faced with similar problems with fragmentation of previous solutions, and even no mature solution. Under the condition that the weak link in the current cloud service security solution, the paper aims at building a framework to improve, ameliorate the Internet security application environment, providing a convenient, effective application and content level security guarantee for enterprise users by means of cloud services. In the second chapter, the overall framework of the Cloud-based Flow Security System (CFS) was described in detail. This work focuses on the implementation of traffic into the security cloud platform. Under the SDN [3,4,5] architecture, the centralized management for the GRE tunnel [6,7] between the management platform and the user side probe was accomplished, including the establishment of tunnels, demolition and condition monitoring. In addition, with the expansion of the network size and the increase of network nodes, the time of packet transmission will be greatly increased, which increases the possibility of unexpected data transmission, such as link damage, tunnel congestion and so on. In this paper, the load balancing algorithm [8] is introduced in the SDN-based tunnel management, which can improve the overall performance of the cluster system, including its availability and scalability, by increasing its throughput under the SDN network.