论文部分内容阅读
Network securityprotocolssuch as IPsechave been used for many years to ensure robust end-to-end communication and are impor-tant in the context of SDN.Despite the widespread installation of IPsec to date,per-packet protection offered by the protocol isnot very compatible with OpenFlow and flow-like behavior.OpenFlow architecture cannot aggregate IPsec-ESP flows in transportmode or tunnel mode because layer-3 information is encrypted and therefore unreadable.In this paper,we propose using the Secu-rity Parameter Index(SPI)of IPsec within the OpenFlow architecture to identify and direct IPsec flows.Thisenables IPsec to con-form to the packet-based behavior of OpenFlow architecture.In addition,by distinguishing between IPsec flows,the architectureis particularly suited to secure group communication.
Network security protocol has been used for many years to ensure robust end-to-end communication and are impor-tant in the context of SDN.Despite the widespread installation of IPsec to date, per-packet protection offered by the protocol isnot very compatible with OpenFlow and flow-like behavior. OpenFlow architecture can not aggregate IPsec-ESP flows in transportmode or tunnel mode because layer-3 information is encrypted and therefore unreadable. In this paper, we propose using the Severity-Based Index (SPI) of IPsec within the OpenFlow architecture to identify and direct IPsec flows.This enables IPsec to con-form to the packet-based behavior of OpenFlow architecture. In addition, by distinguishing between IPsec flows, the architectureis particularly suited to secure group communication.