InCNTRE shines at the SDN and OpenFlow World Congress

Indiana University SDN production deployments shine

The SDN & OpenFlow World Congress has rapidly become the go-to conference for major players in emerging networking technologies. The 2013 Congress took place in Bad Homburg, Germany from October 14 to18, and Indiana Center for Network Translational Research and Education (InCNTRE) Lead Engineer Uwe Dahlmann represented Indiana University.  

Dahlmann gave two presentations and participated in a panel discussion. In his first presentation, Dahlmann discussed how IU has used SDN. As one of the first universities to use OpenFlow to build their network, IU gave Dahlmann plenty to talk about. The InCNTRE SDN Lab also featured prominently in the discussion. Located at Indiana University-Purdue University Indianapolis (IUPUI), the SDN Lab is vital to the advancement of OpenFlow and SDN because it gives vendors a space to develop stable SDN system components. 

As the world’s first OpenFlow conformance test site, the SDN Lab is also a key ally of the Open Networking Foundation (ONF) as they seek to promote the adoption of SDN. Most importantly, the SDN Lab empowers end users with trust in the solutions and devices certified by the SDN Lab. This trust is an important component in constructing the burgeoning SDN ecosystem.

Dahlmann also shared details about IU’s hand in managing three SDN/OpenFlow networks: The Global Environment for Network Innovations (GENI), a Network Development and Deployment Initiative (NDDI) prototype network, and the Internet 2 Advanced Layer 2 Services (AL2S) network. In addition to these production deployments, Dahlmann detailed how IU has developed FlowScale, a network traffic load balancer based on OpenFlow that is used for the intrusion detection systems at IU.  

Since IU has more network traffic than one server could analyze for attacks, FlowScale uses an OpenFlow-enabled switch to distribute traffic among an array of servers. This significantly increases IU’s ability to maintain a secure network.  Notably, graduate students created this project in six months using existing switch hardware costing less than $20,000. In contrast, a dedicated load balancer would have cost IU around $250,000.  

SDN not only helped IU save money and time bringing FlowScale to market, but also helped customize it specifically to the needs of the university. What’s more, IU owns the source code and can easily adapt it to new requirements. Development is ongoing, and network administrators may eventually use FlowScale to create firewall bypass routes for known good traffic and to redirect or discard known bad traffic. FlowScale is open source and available to other universities – and it’s only one of the existing OpenFlow tools at IU. 

The SDN Lab’s other production deployment was Open Exchange Software Suite (OESS), a SDN based system used to create point-to-point access across the national Internet 2 backbone. Using OESS, a researcher at one university can provision a direct best effort connection to run an experiment at another research facility – or request a link of a specified bandwidth and immediately transfer data. OpenFlow is ideal for OESS because of its programmability and ability to be tailored for current needs. Ultimately, it enables seamless integration across domains as the network crosses into different universities. 

Dahlmann, in turn, discussed how IU employed SDN solutions in the classroom. In one case, IU used the network to push access policies onto devices missing that policy. Using Apple TV via a Bonjour protocol not designed for enterprise use, they developed a toolset to allow secure and targeted video streaming. OpenFlow makes it easy for controllers to build a database of relevant and authorized devices with which instructors can share content. 

The final component Dahlmann shared was SDN-related research conducted by IU faculty members Kevin Benton and Jean Camp in collaboration with Chris Small, principal investigator for the GENI OpenFlow Campus Trials. Using OpenFlow, these researchers created a more resilient exchange point to control the way traffic flows between routers. Unlike Border Gateway Protocol (BGP), the routing logic governing online data transfer, SDN can tell the underlying switch to allow or disallow Layer2 forwarding. This protects the target router against some well-known forms of attack.

All of Dahlmann’s examples are hands-on experiences of what can be done with proven technologies based on SDN.