Access control with ONOS Controller in the SDN base WLAN

I.Concepts
Introduced the new concepts and propose to employ SDN architecture to wired and wireless networks such
as software-defined wireless local area network (SDWLAN), software-defined mobile-networks (SDMNs),
software defined access (SDA), and software defined wireless networking (SDWN).
However, existing research works mostly propose the SDN concepts without implementation. This is
because it is difficult to implement the network architecture with SDN controller. Especially, it requires
various network entities such as WLAN APs, switches, and base stations (BSs) to be controlled by an SDN
controller. Because of these limitations, the existing work rarely show any simulation results with
implementation environment. For implementation purpose, the business industry such as mobile network
operator (MNO) requires the practical SDN architecture and network application based on SDN controller.
Due to programmability characteristics, various network services (e.g. routing, traffic engineering,
multicasting, security, access control, bandwidth management) can be enabled. Thus, it is essential for
optimizing network (NW) application in the SDN-based network. In order to satisfy these requirements,
we introduce the NW application by using SDN controller with real implementation environment. As shown
in Fig. 1, this paper proposes SDN-based WLAN AP access control mechanism by open network operating
system (ONOS) controller. In accordance with the user characteristics, we classify the user groups with
different priorities and apply to flow table. When ONOS controller determines network congestion
situation, ONOS controller handle the WLAN AP access mode based on flow table. As a result, high priority
users can be prioritized and their quality of services (QoS) can be guaranteed.
II.Test Environment Design
We construct test environment with ONOS controller, OpenvSwitch (OpenFlow switch), hostapd
(WLANAPs) as shown in Fig. 2. We run the ONOS controller by installing the ONOS to the server. We
use Raspberry Pi for implementing of OpenFlow switch and WLAN AP. The Raspberry Pi can support the
Raspbian OS based on the Debian Linux. Therefore, by using the OpenvSwitch packages, we consist of
OpenFlow switch which can supports OpenFlow protocol.For implementing of WLAN AP, we also use
Raspberry Pi and WLAN USB adaptors. We install the hostapd package on the Raspberry Pi and connect
the WLAN USB adaptors which supports MediaTek RT 5572 chipsets. The hostapd package provides the
functionalities defined to IEEE 802.11 standards. We use 5GHz ISM band channels to communicate with
devices
III.Proposeed Scheme
A.System Architecture
Fig. 4 shows the system architecture design for proposed scheme. The system architecture design consists
of three components; control box for network operator, ONOS controller, and NW devices based on
OpenFlow protocol. By using OpenFlow protocol and TCP/IP socket programming, we connect the
interface among WLAN AP, OpenFlow switch, and ONOS controller. The network operator observes the
whole network status and change the configuration of the network via web GUI, command line interface
(CLI) of the control box. This is because the control box provides the abstraction view of the whole
OpenFlow-based networks.

B. Procedure for AP Access Control Base order-priority

The procedure for proposed scheme is shown in Fig. 5. We explain in more detail with following four
functions.
1) Traffic Monitoring: In order to making a decision for WLAN AP access control, ONOS controller has
to collect the network information from the multiple WLAN APs and OpenFlow switches. When the
resource utilization of WLAN AP is higher than configuration values, Traffic Monitoring application sends
the message to WLAN AP control application. After receiving message from the Traffic Monitoring
application, WLAN AP control application sends the control message to the WLAN AP.
2) Flow Table Update Based on order of priority: For supporting OpenFlow based network, we need to
define the flow table. By using NW information from the WLAN Aps and OpenFlow Switches, ONOS
controller assigns the priority and re-define the flow table. The example of flow table is as shown in Table.
I. We use two flow tables such as access list and deny list. We categories users as VIPs, members, and black
list members to the users. When the resource utilization of WLAN AP is lower than configuration value
(θ), WLAN AP allows the association and pass the traffic flows except black list members. If θ is higher
than 60%, users excluding VIP and member cannot associate the WLAN AP and detach the connection
from the WLAN AP. When the resource utilization of WLAN AP is very high, VIP users only use WLAN
AP. By discriminating the users, we guarantee the QoS for the inside members.

TABLE I
EXAMPLE OF FLOW TABLE BASED ON PRIORITY
Mac Type of Flow Conditions for
Priority
Address Table Service
A VIP Access List Always
B member Access List θ ≤ 80%
C none none θ ≤ 60%
Black
D Deny List Forbidden
List

3) WLAN AP Control: When the resource utilization of WLAN AP is higher than θ, ONOS controller has
to manage the WLAN AP access mode. how to interaction between ONOS controller and WLAN AP.
WLAN AP can update flow tables: access list and deny list.
4) MAC Filtering: In order to guarantee the members of the high priority, we use mac filtering function to
the WLAN AP. As mentioned above, we match the mac address to the type of priority. Based on the flow
table and control message from the ONOS controller, WLAN AP can dynamically adopt the access mode.
Therefore, VIP member can always guarantee NW service.