See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/312964507

SDN and NFV integration in openstack cloud to improve network services and
security

Conference Paper · May 2016

DOI: 10.1109/ICACCCT.2016.7831721

CITATIONS READS

4 708

3 authors:

Parthkumar Patel Vineeta Tiwari

Algonquin College Centre for Development of Advanced Computing
2 PUBLICATIONS   4 CITATIONS    8 PUBLICATIONS   7 CITATIONS   

SEE PROFILE SEE PROFILE

Manish Abhishek
Indian Railways
4 PUBLICATIONS   4 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

[email protected] View project

DST PROJECT View project

All content following this page was uploaded by Manish Abhishek on 27 September 2018.

The user has requested enhancement of the downloaded file.

 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

SDN and NFV integration in Openstack Cloud

to Improve Network Services and Security
Parthkumar Patel Vineeta Tiwari Manish Kumar Abhishek
IT System And Network Security CDAC-ACTS IT Manager
GTUPGSCHOOL, Ahmadabad Pune RailTel Corporation of India Ltd.
Gujarat, India. Maharashtra, India. Delhi, India
[email protected] [email protected] [email protected]

Abstract—Cloud computing is proven service delivery replacement of the devices. SDN controller is a
model over the internet. Network play’s an important role programmable software which use an openflow
during this service provisioning but Cloud network have network protocol for communicating with networking
major security issue during service delivery. Network devices in ssl based connection. NFV (Network
security and reliability achieve together is much more
function virtualization) are useful for hardware and
difficult task. Now a day cloud traditional network is
replaced by the programmable and unified software software virtualization of networking devices. NFV
defined network which have separate control plane and provide external and internal virtualization where
data plane for managing network traffic. SDN have external virtualization combine various network
capability to reduce cost of networking device using together and create one virtual network and internal
network virtualization which have facilitate to hardware virtualization useful for network devices virtualize and
and software virtualization using NFV(Network Function use as a network.
Virtualization). SDN and NFV integration in cloud
computing give power of virtualization and improve So in this paper section II describe related work
network security and service. So in this paper we can and background and section III describe SDN enable
describe SDN and NFV and how both are integrate in network architecture, Section V & VI describe
Openstack cloud to minimize network attack surface, Openflow and NFV, Section VII describe the SDN
improve network service and provide some salient advantages in cloud, Section VIII describe Existing
advantage of SDN. system, Section IX include SDN integration with
Keywords—software defined network (SDN), network
Openstack and Section X describe NFV integration
function virtualization (NFV), Openflow, virtualization, with SDN and Openstack, Section XI proposed new
Open Virtual Switch (OVS) architecture of SDN and NFV in Openstack.

I. I NTRODUCTION II. RELATED WORK AND BACKGROUND

Today’s Cloud computing is emerging technology Cloud traditional network have combine data and
for providing service over the internet. Cloud control plane so that traffic forwarding decided based
computing provide various services like SaaS, PaaS on routing policy and rules, So many inconsistency
and IaaS. Where SaaS exist for Software as a service and internet protocol vulnerability affected cloud
useful to e-commerce software hosting and PaaS for network security. SDN come into picture through
platform as a service which provide various framework previous technology like network control point, active
for application building such like java, .NET, Ruby etc. network routing and RCP (Routing Control Platform)
IaaS known as infrastructure as a service mainly etc. SDN approach are useful to abstract higher level
include resources like operating system, processor and functionality in the network devices. SDN come into
RAM. In cloud computing bandwidth, storage and picture after 1995 when sun-micro release java
capacity increase in time and add new capability in distribution and First SDN project was GeoPlex
dynamic manner without investigating new introduced by AT and T. The IETF is investigating
infrastructure. Cloud have major security issue in models of SDN for technical and feasible aspect. At
network, which is important part of service delivery. IETF 86 in Orlando, Florida, an SDNRG (IRTF SDN
Cloud traditional network have a combined data and Research Group) session included several
control plane in which the routing devices decide the presentations of SDN article to devote a different
traffic forwarding path using routing algorithm and candidate solutions. The session covered the analysis
policy. SDN have separate control plane from data of OpenFlow. In 2012 NFV idea come into picture
plane which means one external controller is decided when specification group represent white paper on
the routing traffic and device functions. SDN have also virtualize technology of network such like network
monitoring the OS, processor and memory information routing device IDS, IPS and load balancer to chain of
of the network node and it aware about network device one network. NFV provide novel application of
status. SDN have to generate alert when device lifetime hardware and software virtualization in networking
are completed so cloud service provider manage concern. Now a day many architecture present to

ISBN No.978-1-4673-9545-8 655

 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

integrate SDN and NFV with tenant network and IV. O PENFLOW
ADHOC networks. Cloud and mobile networks are OpenFlow is network communication protocol
also migrate over the SDN. between forwarding plane and network switch or router
III. S DN ENABLE NETWORK ARCHITECTURE over the network. ONF (Open Networking Foundation)
proposed the OpenFlow standard. OpenFlow allows
SDN network security contains three layer, remote administration of a layer 3 programmable
Application layer, control layer and data layer or switches for packet forwarding tables, by adding,
infrastructure layer. Application layer contain the modifying and removing packet matching rules, policy
business application such as Openstack cloud and actions. In traditional network packet forwarding
orchestration and SDN application. Which are and high level routing control occurs on same devices
interfaced with SDN controller to maintain the but Openflow switch separate this two function. The
programmable application interface. The functionality Data path still reside on the network switch but higher
of the SDN controller is to faithfully execute the query level routing decision are taken on external unified
requests of the applications it supports, while isolating controller. Openflow switch and controller
each application from all others. The infrastructure communicate via ssl based medium. OpenFlow define
plane contain resources. messages, such as packet received, send, modified and
status of device. All this entry reside on flow table to
forwarding network traffic further but if new request
that don’t have matching entry, forwarded to controller
which can decide further pass that request.
V. N FV
Network function virtualization useful as virtualize
network’s hardware and software to decouple network
function from networking device. So that we can
reduce cost of networking and fully utilize as a virtual
devices. Network functions like routers, load
balancers and firewall which are hosted as a VMs and
when hypervisor take control of those VMs all request
run on standard X86 server. So faithfully execute
Fig. 1. SDN architecture in network [10] network requirement by hypervisor, which can reduce
capital expenditure. NFV have three component VNF
That deal with customer traffic directly, Along with the (virtual network function), network function
necessary supporting resources of network to ensure virtualization infrastructure and NFV-orchestration
proper virtualization, network connectivity, security, framework. VNFs are software implementation of
availability, and quality. network function. NFV have two type of
virtualization external and internal virtualization
Major component of SDN architecture: which can separate with their functions. External
A. SDN Application virtualization combine external networks as a one
virtual network entity, where internal virtualization
SDN application layer contain several
create internal network as one entity.
programmable application which can communicate
directly, explicitly and programmatically to the VI. S DN ADVANTAGES IN CLOUD
network requirements and behavior of network using
Cloud network are very exposure and reliable for
north bound interface (NBI) and control network as per
service delivery so that if we can use SDN over
instructions and interface using NBI driver.
traditional network which have several advantages.
B. SDN Controller
A. Centralized network provisioning in cloud
SDN controller is a centralized programmable entity
Software defined networks provide a centralized
which can manage application requirement and
control view of network domain, so providing
behavior of network using abstract the higher level
centralized management. Multiple VLANs are
functionality. Controller is interface between
creating using physical LANs. SDN abstract higher
application layer and infrastructure layer. SDN
level functionality which provide better service
controller have many NBI agent, control logic and
delivery and agility which have central location
CDPI (control to data path interface).
provision.
C. SDN Data-path
B. Holistic approach of enterprise management
SDN Data-path is a logical network device, which
In cloud enterprise network on demand service and
exposes control and visibility of traffic forwarding and
application provisioning which have many application
processing. Data-path functionality is mapping, sharing
such as grid computing, Big Data analytics. SDN make
and management of network physical resources which
easier to IT administrator to experiment on network
can include OSI layer 4-7 functionality.

656
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

without impacting on physical network. VIII. S DN INTEGRATION WITH OPENSTACK CLOUD

C. Network granular security Openstack cloud have a flexibility to integrate SDN
with cloud services to improve network security.
Virtualization has made complex network
management. In virtual network firewall and security Openstack cloud have capability to manage nova
policy applying consistently is difficult task because of services with separate neutron networking service. We
should virtualize neutron service with integration of
a part reside in physical infrastructure. SDN provide
SDN in Openstack. SDN provide several novel
central control of security and information policy. If
application such that resiliency, load balancing and
SDN use with proper security of control plane give
QoS in cloud services to improve user experience of
better result of network granularity.
better, flexible and enhancing cloud service.
D. Cloud abstraction
We can create Openstack multi node lab with one
Abstract cloud resources using unified cloud
controller node and all other are compute nodes with
infrastructure. Cloud have advantageous to massive
neutron-nova services, which have combine control and
network are managed using central controller that have
data plane. After that we can make separate private
application such like resilient data center management
network with interface and subnets to load an instances
and cloud QoS management.
with it. For SDN integration with Openstack we use
E. Guaranteed content delivery SDN controller Opendaylight (ODL) which have better
SDN have ability to shape and control cloud data performance over all previous SDN controller such like
traffic. Dynamic routing make up easier to improving POX, NOX, and Foodlight. Extract that distribution
QoS for VoIP and multimedia transmission. Live video and start root cell of karaf ODL distribution and install
Streaming with high resolution is easier because SDN features such like OVS-neutron manager and DLUX in
improves network responsiveness to ensure a flawless ODL.
user experience.
VII. E XISTING SYSTEM
Cloud traditional network used in past days have a
combined control and data plane, routing decision
made using forwarding table and routing policy. Cloud
traditional network is very dynamic regarding to
provide service over the internet in various KPIs (Key
performance indicator) like bandwidth, channel
allocation and latency. Cloud traditional network is
very reliable and secure over internet network but there
are some security issues with it, major threat of
network are DoS, DDoS, Data loss or Identity theft and
insecure cryptography make it vulnerable. So for
mitigating those attacks we can replace our traditional
network with SDN (Software Defined Network) which Fig. 2. SDN and OpenDayLight integration with
have completely isolate the control plane of network Openstack
from data plane. There are Various SDN controller are x Implementation Of ODL with SDN include
present POX, NOX and foodlight but based on following techniques
performance analysis ODL (OpenDayLight) is latest
and fully featured JAVA distribution SDN controller. a. Neutron ML2 plugins
POX, NOX and foodlight are not supported b. OVS
multitenancy, load balancing and overlay network but c. ODL driver
ODL support all those features. Openflow protocol
version 1.3 has latest distribution supported by cloud A. Neutron ML2 Plugins
network simulator. NFV also used with cloud network Modular layer 2 (ML2) is a framework in openstack
for virtualized network functions, NFV have advantage neutron service and work with openvswitch, Linux Bridge
to combine with SDN to give sufficient power of and HyperV Layer2 agents. Layer 2 networking devices
virtualization and control over network functions. work with neutron ML2 driver in openstack for package
Above multiple existing systems are fully or partially forwarding and routing policy.
useful in cloud multitenant network. Integration of
Multiple system with each other are given sufficient B. OVS (Open Virtual Switch)
power and advantage over previous technique. So here Open Virtual switch designed for massive network
we are proposed to integrate cloud network with SDN automation through programmatically extension, still
and NFV to improve network security and reliability of supporting network interface protocol like NetFlow, sFlow,
cloud network and provide some application such like IPFIX, RSPAN, CLI, LACP etc.
resiliency, load balancing and QoS in cloud services.

657
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

C. ODL driver virtualization and firewall and IDS and IPS system.
Network device connected with virtual router manage
OpenDayLight support many south bound plugin
dynamic traffic forwarding using virtual NFV
application like OpenFlow, OVSDB for orchestrate to
hypervisor router and isolated network called switch
openstack integration. ODL driver useful for interface
stack. SDN controller also useful with Openflow
between OVSDB to ML2 plugins.
mechanism for cloud flow control of service and load
ODL use openflow protocol for network balancing using the request management dynamically.
communication between OVSDB and ML2 plugins. So complete network traffic are managed using the
We can configure neutron ML2 plugins file to use central SDN controller which is more stable, secure
SDN-ODL plugins for cloud networking. L3 and resilient and efficient from the previous networking
DHCP agent are managed cloud private network techniques.
subnets and mapping. Cloud traffic are forwarded to
Phases of proposed architecture:
openflow switch, where flow table entry matched and
route those traffic to specific node. If entry doesn’t A. DATA PLANE
exist than openflow switch pass traffic to ODL Cloud network is directly connected with the DATA
controller which can decide path to further forward that plane switching Devices that can be managed the
traffic. Here SDN improve network security using network routing and cloud network traffic forwarding
OVSDB plugins and also provide some application so that virtual switching are created using NFV and
such like if one OVS bridge are failed than choose isolate whole network function using OpenContrail.
another path using Openflow switch, network Load
balancing are managed using simply node status
managed by meter table entry and SDN controller
communicate over Openflow protocol. SDN
integration with openflow improve network security
using isolation of network and take of internet protocol
dependency and vulnerability.
IX. N FV INTEGRATION WITH SDN AND OPENSTACK
Network function virtualization technique have
advantage in cloud networking to improve network
service with integration of NFV with SDN and
Openstack cloud. This architecture provide enhance
network service capability over another networking
mechanism. NFV successfully integrate in juniper open
contrail distribution. Here NFV plugins with neutron
ML2 Successfully install all contrail package in cloud
controller node and configure them with SDN
controller. Let’s see how NFV integrate with neutron
device. OpenContrail have two component one is
OpenContrail controller and second is OpenContrail
virtual router. Virtual router is a forwarding plane run Fig. 3. Proposed architecture
on hypervisor of virtual server. Controller make
interface between northbound APIs which have Data plane connected with the control plane which
virtualized server used as a virtual router and connected give the instruction for cloud network routing using
with one central gateway router. We can integrate with SDN controller and Openflow mechanism. DATA
Openstack multinode lab and SDN with contrail release plane have multiple virtual machine and operating
so download contrail distribution and extract it on systems connected with private virtual network.
controller than install dependency of contrail release
and setup with neutron to use NFV. Than modified B. CONTROL PLANE
plugins file to activate NFV in neutron services use.
In the proposed architecture the external SDN
X. P ROPOSED ARCHITECTURE controller are establish for controlling the
SDN (Software Defined Network) platform in corresponding network traffic. Which have Openflow
cloud of things with separate control plane using the communication protocol for network. Here flow and
Openflow protocol fully dynamically managed network meter table introduce traffic matching entry and in
using network function virtualization (NFV). Cloud entry doesn’t exist than SDN program take decision to
orchestrator have the Openstack application which can forward traffic which can abstract lower level
be manage by SDN controller using the OPENFLOW network administration and remove human error
protocol with SSL. So that all the network devices are using programmable stack. NFV send network virtual
connected with central controller provide the dual link router status and isolate physical network with
resiliency and security using the network function network virtualization that separate every user
request. SDN controller programmed in JAVA

658
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

language, light weight and flexible in cloud network.

That can be make traffic connection over network
routing using SSL based communication of
Openflow. SDN controller have some salient feature
like compatibility, flexibility so that we can integrate
it with various mechanism and also manage the
network security using the firewall and IDS, IPS
system monitoring.
XI. P ERFORMANCE ANALYSIS OF NETWORK AFTER
INTEGRATION OF SDN AND NFV

Proposed architecture contain SDN controller with

NFV plugin in openstack cloud network have major
key performance terms are network packet analysis of
latency and throughput analysis in cloud network. Fig. 6. Throughput Routing
Cloud network have some major security and thread
issue are affecting those parameter. Openstack node Performance varies in terms of network flow
have packet flow are monitoring using OpenDayLight mechanism OpenFlow and Linux simple user space
SDN controller. network forwarding.

XII. CONCLUSION
Cloud resource such as compute, storage and
network become worthwhile infrastructure for
computation, data storage and hosting network based
application. Traditional network have many security
problem such like spoofing attack, MITM, DoS and
DDoS but migrating traditional network to SDN
provide flexibility and reliability both together using
unified, programmable controller called SDN
controller. Using SDN we can abstract lower level task
like network manipulation and configuration and
management and improve network security using
Fig. 4. OpenDayLight Packet Analysis virtualization and central control view. NFV with SDN
provide strong network management using virtualize
Here below show the network packet analysis as a network function and programmable network routing.
function of their complexity, flexibility, and potential SDN integration with Openstack and openflow protocol
and capabilities. We choose two different network improve neutron service with NFV plugins and abstract
cloud traditional network and software defined network vulnerable internet protocols and SNMP for network
and analyse network traffic of network which can management. We are integrate SDN with openflow
simply give out result how SDN improve network network communication protocol and NFV plugin
services. Throughput analysis made using iperf tool and (Network function virtualization) for isolate network to
latency analysis based on wireshark and TCP improve network control flow and security.
connection. The results of network monitoring show
that SDN architecture enables more security, flexibility, SDN implementation have many concerns such that
capability, and functionality doesn’t means to degrade SDN stack issue, controller issue, network
virtualization issue so in future work we propose
in performance. Performance reflects implementation
of SDN with NFV increase network capability using enhance SDN controller with control plane security and
much more flexibility with openflow protocol and NFV
virtualize programmatic control logic.
plugins.
REFERENCES
[1] Seeker,S.Rodosek Improving network security Through SDN
in cloud scenarios , G.D Network and Service Management
(CNSM), 10th Inter- national Conference on cloud and utility
2014.
[2] Lopes Da Frota, F,V. “Analysis of SDN contributions for
Cloud Computing Security” 2014 IEEE/ACM 7th
International Conference On Utility and Cloud Computing.
[3] Fressancourt, A.; Gagnaire, M. “A SDN-based network
architecture for cloud resiliency 12th Annual IEEE Consumer
Communications and Networking Conference (CCNC).
[4] Govindrajan, K.; Kong chee meng; Hong one; Wong Ming
Tat; Sivanand, S.;Low Swee Leong “Realizing the Quality of
Fig. 5. Latency Routing

659
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

Service (QoS) in Software-defined Networking (SDN) Based

cloud Infrastructure” 2nd International Conference on
Information And Communication technology (ICoICT) .
[5] Govindrajan, K.; Kong Chee Meng; Hong Ong “A Literature
Review on software-Defined Networking (SDN) Research
Topics, Challenges and Solutions” 2013 Fifth International
Conference on Advance Computing (ICoAC).
[6] L. R. Battula “Network Security Function Virtualization
(NSFV) towards Cloud computing with NFV over Openflow
infrastructure: Challenges and novel approaches” Advances in
Computing, Communications and Informatics (ICACCI, 2014
International Conference on Year: 2014.
[7] O. Tkachova; M. J. Salim; A. R. Yahya “An analysis of SDN-
OpenStack integration” Problems of Infocommunications
Science and Technology (PIC S&T), 2015 Second
International Scientific-Practical Conference Year: 2015.
[8] M. Banikazemi; D. Olshefski; A. Shaikh; J. Tracey; G. Wang
“Meridian: an SDN platform for cloud network services”
IEEE Communications Magazine Year: 2013.
[9] D. V. Bernardo; B. B. Chua “Introduction and Analysis of
SDN and NFV Security Architecture (SN-SECA)” Advanced
Information Networking and Applications (AINA), 2015 IEEE
29th International Conference on Year: 2015
[10] Architecture SDN [Electronic resource] // Open Networking
Foundation. — [2014]. — Mode of access:
https://www.opennetworking.org/ 2.
[11] OpenStack Cloud Administrator Guide [Electronic resource]
[2015]. Mode of access: http://docs.openstack.org/admin

660

View publication stats