›› 2017, Vol. 32 ›› Issue (6): 1265-1278.doi: 10.1007/s11390-017-1799-7

• Regular Paper • Previous Articles     Next Articles

LTSS:Load-Adaptive Traffic Steering and Forwarding for Security Services in Multi-Tenant Cloud Datacenters

Xue-Kai Du1, Zhi-Hui Lu1,*, Member, IEEE, Qiang Duan2, Senior Member, IEEE, Jie Wu1, Cheng-Rong Wu1   

  1. 1 School of Computer Science, Fudan University, Shanghai 200433, China;
    2 Information Sciences and Technology Department, the Pennsylvania State University Abington College Abington, PA 19001, U.S.A
  • Received:2016-11-02 Revised:2017-01-17 Online:2017-11-05 Published:2017-11-05
  • Contact: Zhi-Hui Lu E-mail:lzh@fudan.edu.cn
  • About author:Xue-Kai Du got his Master's degree in computer science at School of Computer Science,Fudan University,Shanghai,in 2016.His research interests are cloud computing,virtualized network and software-defined network.
  • Supported by:

    The work is supported by the National Natural Science Foundation of China under Grant Nos. 61572137 and 61728202, and Shanghai Innovation Action Project under Grant No. 16DZ1100200.

Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.

[1] Jain S, Kumar A, Mandal S et al. B4:Experience with a globally-deployed software defined WAN. In Proc. the ACM SIGCOMM, August 2013, pp.3-14.

[2] Benson T, Akella A, Shaikh A et al. CloudNaaS:A cloud networking platform for enterprise applications. In Proc. the 2nd ACM Symposium on Cloud Computing, October 2011, pp.353-365.

[3] Shin S, Song Y, Lee T et al. Rosemary:A robust, secure, and high performance network operating system. In Proc. the 21st ACM Conference on Computer and Communications Security (CCS), November 2014, pp.78-89.

[4] Shin S Gu G. CloudWatcher:Network security monitoring using OpenFlow in dynamic cloud networks. In Proc. NPSec12, November 2012.

[5] Sherry J, Hasan S, Scott C et al. Making middleboxes someone else's problem:Network processing as a cloud service. In Proc. the ACM SIGCOMM, August 2012, pp.13-24.

[6] Qazi Z A, Tu C, Chiang L et al. Simple-fying middlebox policy enforcement using SDN. In Proc. ACM SIGCOMM, August 2013, pp.27-38.

[7] Fayazbakhsh S K, Chiang L, Sekar V, Yu M L et al. Enforcing network-wide policies in the presence of dynamic middlebox actions using FlowTags. In Proc. the 11th USENIX Symposium on Networked Systems Design and Implementation, April 2014, pp.543-546.

[8] Hari A, Niesen U, Wilfong G. Optimal path encoding for software-defined networks. In Proc. IEEE International Symposium on Information Theory, June 2015, pp.2361-2365.

[9] Hari A, Lakshman T V, Wilfong G. Path switching:Reduced-state flow handling in SDN using path information. In Proc. CoNEXT, December 2015.

[10] Shin S, Wang H, Gu G et al. A first step toward network security virtualization:From concept to prototype. IEEE Transactions on Information Forensics and Security, 2015, 10(10):2236-2249.

[11] Shin S, Yegneswaran V, Porras P, Gu G. AVANT-GUARD:Scalable and vigilant switch flow management in softwaredefined networks. In Proc. the 20th ACM Conference on Computer and Communications Security (CCS), November 2013, pp.413-424.

[12] Shin S, Porras P A, Yegneswaran V, Fong M W, Gu G, Tyson M. Fresco:Modular composable security services for software-defined networks. In Proc. the 20th Annual Network and Distributed System Security Symposium (NDSS2013), February 2013.

[13] Du X K, Lu Z H, Wu J, Wu C R, Chen S. PDSDN:A policydriven SDN controller improving scheme for multi-tenant cloud datacenter environments. In Proc. the 13th IEEE International Conference on Services Computing (SCC), June 2016, pp.387-394.

[14] Erickson D. The beacon OpenFlow controller. In Proc. ACM SIGCOMM, August 2013, pp.13-18.

[15] John W, Pentikousis K, Agapiou G et al. Research directions in network service chaining. In Proc. Software Defined Networks for Future Networks & Services, November 2013.

[16] Cao Z Z, Kodialam M, Lakshman T V. Traffic steering in software defined networks:Planning and online routing. In Proc. the 2014 ACM SIGCOMM workshop on Distributed Cloud Computing (DCC), August 2014, pp.65-70.

[17] Pfaff B, Pettit J, Koponen T et al. The design and implementation of Open vSwitch. In Proc. the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15), March 2015, pp.117-130.

[18] Heorhiadi V, Reiter M K, Sekar V et al. New opportunities for load balancing in network-wide intrusion detection systems. In Proc. ACM CoNEXT, December 2012, pp.361-372.

[19] Zhang W, Rajasekaran S, Wood T et al. MIMP:Feadline and interference aware scheduling of Hadoop virtual machines. In Proc. the 14th ACM International Symposium on Cluster, Cloud and Grid Computing, May 2014, pp.394-403.

[20] Rao B T, Sridevi N V, Reddy V K, Reddy L S S. Performance issues of heterogeneous Hadoop clusters in cloud computing. Global Journal of Computer Science and Technology, 2011, XI(VⅢ):80-87.
No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] Liu Mingye; Hong Enyu;. Some Covering Problems and Their Solutions in Automatic Logic Synthesis Systems[J]. , 1986, 1(2): 83 -92 .
[2] Chen Shihua;. On the Structure of (Weak) Inverses of an (Weakly) Invertible Finite Automaton[J]. , 1986, 1(3): 92 -100 .
[3] Gao Qingshi; Zhang Xiang; Yang Shufan; Chen Shuqing;. Vector Computer 757[J]. , 1986, 1(3): 1 -14 .
[4] Zhang Cui; Zhao Qinping; Xu Jiafu;. Kernel Language KLND[J]. , 1986, 1(3): 65 -79 .
[5] Chen Zhaoxiong; Gao Qingshi;. A Substitution Based Model for the Implementation of PROLOG——The Design and Implementation of LPROLOG[J]. , 1986, 1(4): 17 -26 .
[6] Huang Heyan;. A Parallel Implementation Model of HPARLOG[J]. , 1986, 1(4): 27 -38 .
[7] Min Yinghua; Han Zhide;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[8] Lu Xuemiao;. On the Complexity of Induction of Structural Descriptions[J]. , 1987, 2(1): 12 -21 .
[9] Tang Tonggao; Zhao Zhaokeng;. Stack Method in Program Semantics[J]. , 1987, 2(1): 51 -63 .
[10] Min Yinghua;. Easy Test Generation PLAs[J]. , 1987, 2(1): 72 -80 .

ISSN 1000-9000(Print)

         1860-4749(Online)
CN 11-2296/TP

Home
Editorial Board
Author Guidelines
Subscription
Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
Tel.:86-10-62610746
E-mail: jcst@ict.ac.cn
 
  Copyright ©2015 JCST, All Rights Reserved