See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/312964507

SDN and NFV integration in openstack cloud to improve network services and
security

Conference Paper · May 2016

DOI: 10.1109/ICACCCT.2016.7831721

CITATIONS READS

4 708

3 authors:

Parthkumar Patel Vineeta Tiwari

Algonquin College Centre for Development of Advanced Computing
2 PUBLICATIONS   4 CITATIONS    8 PUBLICATIONS   7 CITATIONS   

SEE PROFILE SEE PROFILE

Manish Abhishek
Indian Railways
4 PUBLICATIONS   4 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

manish.9555122665@gmail.com View project

DST PROJECT View project

All content following this page was uploaded by Manish Abhishek on 27 September 2018.

The user has requested enhancement of the downloaded file.

 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)
SDN and NFV integration in Openstack Cloud
to Improve Network Services and Security
Parthkumar Patel Vineeta Tiwari
IT System And Network Security CDAC-ACTS
GTUPGSCHOOL, Ahmadabad Pune
Gujarat, India. Maharashtra, India.
patel14193@gmail.com vineetat@cdac.in
Abstract—Cloud computing is proven service delivery
model over the internet. Network play’s an important role
during this service provisioning but Cloud network have
major security issue during service delivery. Network
security and reliability achieve together is much more
difficult task. Now a day cloud traditional network is
replaced by the programmable and unified software
defined network which have separate control plane and
data plane for managing network traffic. SDN have
capability to reduce cost of networking device using
network virtualization which have facilitate to hardware
and software virtualization using NFV(Network Function
Virtualization). SDN and NFV integration in cloud
computing give power of virtualization and improve
network security and service. So in this paper we can
describe SDN and NFV and how both are integrate in
Openstack cloud to minimize network attack surface,
improve network service and provide some salient
advantage of SDN.
Keywords—software defined network (SDN), network
function virtualization (NFV), Openflow, virtualization,
Open Virtual Switch (OVS)
I. I NTRODUCTION
Today’s Cloud computing is emerging technology
for providing service over the internet. Cloud
computing provide various services like SaaS, PaaS
and IaaS. Where SaaS exist for Software as a service
useful to e-commerce software hosting and PaaS for
platform as a service which provide various framework
for application building such like java, .NET, Ruby etc.
IaaS known as infrastructure as a service mainly
include resources like operating system, processor and
RAM. In cloud computing bandwidth, storage and
capacity increase in time and add new capability in
dynamic manner without investigating new
infrastructure. Cloud have major security issue in
network, which is important part of service delivery.
Cloud traditional network have a combined data and
control plane in which the routing devices decide the
traffic forwarding path using routing algorithm and
policy. SDN have separate control plane from data
plane which means one external controller is decided
the routing traffic and device functions. SDN have also
monitoring the OS, processor and memory information
of the network node and it aware about network device
status. SDN have to generate alert when device lifetime
are completed so cloud service provider manage
ISBN No.978-1-4673-9545-8
Manish Kumar Abhishek
IT Manager
RailTel Corporation of India Ltd.
Delhi, India
Yadav.bit@gmail.com
replacement of the devices. SDN controller is a
programmable software which use an openflow
network protocol for communicating with networking
devices in ssl based connection. NFV (Network
function virtualization) are useful for hardware and
software virtualization of networking devices. NFV
provide external and internal virtualization where
external virtualization combine various network
together and create one virtual network and internal
virtualization useful for network devices virtualize and
use as a network.
So in this paper section II describe related work
and background and section III describe SDN enable
network architecture, Section V & VI describe
Openflow and NFV, Section VII describe the SDN
advantages in cloud, Section VIII describe Existing
system, Section IX include SDN integration with
Openstack and Section X describe NFV integration
with SDN and Openstack, Section XI proposed new
architecture of SDN and NFV in Openstack.
II. RELATED WORK AND BACKGROUND
Cloud traditional network have combine data and
control plane so that traffic forwarding decided based
on routing policy and rules, So many inconsistency
and internet protocol vulnerability affected cloud
network security. SDN come into picture through
previous technology like network control point, active
network routing and RCP (Routing Control Platform)
etc. SDN approach are useful to abstract higher level
functionality in the network devices. SDN come into
picture after 1995 when sun-micro release java
distribution and First SDN project was GeoPlex
introduced by AT and T. The IETF is investigating
models of SDN for technical and feasible aspect. At
IETF 86 in Orlando, Florida, an SDNRG (IRTF SDN
Research Group) session included several
presentations of SDN article to devote a different
candidate solutions. The session covered the analysis
of OpenFlow. In 2012 NFV idea come into picture
when specification group represent white paper on
virtualize technology of network such like network
routing device IDS, IPS and load balancer to chain of
one network. NFV provide novel application of
hardware and software virtualization in networking
concern. Now a day many architecture present to
655
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)
integrate SDN and NFV with tenant network and
ADHOC networks. Cloud and mobile networks are
also migrate over the SDN.
III. S DN ENABLE NETWORK ARCHITECTURE
SDN network security contains three layer,
Application layer, control layer and data layer or
infrastructure layer. Application layer contain the
business application such as Openstack cloud
orchestration and SDN application. Which are
interfaced with SDN controller to maintain the
programmable application interface. The functionality
of the SDN controller is to faithfully execute the query
requests of the applications it supports, while isolating
each application from all others. The infrastructure
plane contain resources.
Fig. 1. SDN architecture in network [10]
That deal with customer traffic directly, Along with the
necessary supporting resources of network to ensure
proper virtualization, network connectivity, security,
availability, and quality.
Major component of SDN architecture:
A. SDN Application
SDN application layer contain several
programmable application which can communicate
directly, explicitly and programmatically to the
network requirements and behavior of network using
north bound interface (NBI) and control network as per
instructions and interface using NBI driver.
B. SDN Controller
SDN controller is a centralized programmable entity
which can manage application requirement and
behavior of network using abstract the higher level
functionality. Controller is interface between
application layer and infrastructure layer. SDN
controller have many NBI agent, control logic and
CDPI (control to data path interface).
C. SDN Data-path
SDN Data-path is a logical network device, which
exposes control and visibility of traffic forwarding and
processing. Data-path functionality is mapping, sharing
and management of network physical resources which
can include OSI layer 4-7 functionality.
IV. O PENFLOW
OpenFlow is network communication protocol
between forwarding plane and network switch or router
over the network. ONF (Open Networking Foundation)
proposed the OpenFlow standard. OpenFlow allows
remote administration of a layer 3 programmable
switches for packet forwarding tables, by adding,
modifying and removing packet matching rules, policy
and actions. In traditional network packet forwarding
and high level routing control occurs on same devices
but Openflow switch separate this two function. The
Data path still reside on the network switch but higher
level routing decision are taken on external unified
controller. Openflow switch and controller
communicate via ssl based medium. OpenFlow define
messages, such as packet received, send, modified and
status of device. All this entry reside on flow table to
forwarding network traffic further but if new request
that don’t have matching entry, forwarded to controller
which can decide further pass that request.
V. N FV
Network function virtualization useful as virtualize
network’s hardware and software to decouple network
function from networking device. So that we can
reduce cost of networking and fully utilize as a virtual
devices. Network functions like routers, load
balancers and firewall which are hosted as a VMs and
when hypervisor take control of those VMs all request
run on standard X86 server. So faithfully execute
network requirement by hypervisor, which can reduce
capital expenditure. NFV have three component VNF
(virtual network function), network function
virtualization infrastructure and NFV-orchestration
framework. VNFs are software implementation of
network function. NFV have two type of
virtualization external and internal virtualization
which can separate with their functions. External
virtualization combine external networks as a one
virtual network entity, where internal virtualization
create internal network as one entity.
VI. S DN ADVANTAGES IN CLOUD
Cloud network are very exposure and reliable for
service delivery so that if we can use SDN over
traditional network which have several advantages.
A. Centralized network provisioning in cloud
Software defined networks provide a centralized
control view of network domain, so providing
centralized management. Multiple VLANs are
creating using physical LANs. SDN abstract higher
level functionality which provide better service
delivery and agility which have central location
provision.
B. Holistic approach of enterprise management
In cloud enterprise network on demand service and
application provisioning which have many application
such as grid computing, Big Data analytics. SDN make
easier to IT administrator to experiment on network
656
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

without impacting on physical network. VIII. S DN INTEGRATION WITH OPENSTACK CLOUD

C. Network granular security Openstack cloud have a flexibility to integrate SDN
with cloud services to improve network security.
Virtualization has made complex network
management. In virtual network firewall and security Openstack cloud have capability to manage nova
policy applying consistently is difficult task because of services with separate neutron networking service. We
should virtualize neutron service with integration of
a part reside in physical infrastructure. SDN provide
SDN in Openstack. SDN provide several novel
central control of security and information policy. If
application such that resiliency, load balancing and
SDN use with proper security of control plane give
QoS in cloud services to improve user experience of
better result of network granularity.
better, flexible and enhancing cloud service.
D. Cloud abstraction
We can create Openstack multi node lab with one
Abstract cloud resources using unified cloud
controller node and all other are compute nodes with
infrastructure. Cloud have advantageous to massive
neutron-nova services, which have combine control and
network are managed using central controller that have
data plane. After that we can make separate private
application such like resilient data center management
network with interface and subnets to load an instances
and cloud QoS management.
with it. For SDN integration with Openstack we use
E. Guaranteed content delivery SDN controller Opendaylight (ODL) which have better
SDN have ability to shape and control cloud data performance over all previous SDN controller such like
traffic. Dynamic routing make up easier to improving POX, NOX, and Foodlight. Extract that distribution
QoS for VoIP and multimedia transmission. Live video and start root cell of karaf ODL distribution and install
Streaming with high resolution is easier because SDN features such like OVS-neutron manager and DLUX in
improves network responsiveness to ensure a flawless ODL.
user experience.
VII. E XISTING SYSTEM
Cloud traditional network used in past days have a
combined control and data plane, routing decision
made using forwarding table and routing policy. Cloud
traditional network is very dynamic regarding to
provide service over the internet in various KPIs (Key
performance indicator) like bandwidth, channel
allocation and latency. Cloud traditional network is
very reliable and secure over internet network but there
are some security issues with it, major threat of
network are DoS, DDoS, Data loss or Identity theft and
insecure cryptography make it vulnerable. So for
mitigating those attacks we can replace our traditional
network with SDN (Software Defined Network) which Fig. 2. SDN and OpenDayLight integration with
have completely isolate the control plane of network Openstack
from data plane. There are Various SDN controller are x Implementation Of ODL with SDN include
present POX, NOX and foodlight but based on following techniques
performance analysis ODL (OpenDayLight) is latest
and fully featured JAVA distribution SDN controller. a. Neutron ML2 plugins
POX, NOX and foodlight are not supported b. OVS
multitenancy, load balancing and overlay network but c. ODL driver
ODL support all those features. Openflow protocol
version 1.3 has latest distribution supported by cloud A. Neutron ML2 Plugins
network simulator. NFV also used with cloud network Modular layer 2 (ML2) is a framework in openstack
for virtualized network functions, NFV have advantage neutron service and work with openvswitch, Linux Bridge
to combine with SDN to give sufficient power of and HyperV Layer2 agents. Layer 2 networking devices
virtualization and control over network functions. work with neutron ML2 driver in openstack for package
Above multiple existing systems are fully or partially forwarding and routing policy.
useful in cloud multitenant network. Integration of
Multiple system with each other are given sufficient B. OVS (Open Virtual Switch)
power and advantage over previous technique. So here Open Virtual switch designed for massive network
we are proposed to integrate cloud network with SDN automation through programmatically extension, still
and NFV to improve network security and reliability of supporting network interface protocol like NetFlow, sFlow,
cloud network and provide some application such like IPFIX, RSPAN, CLI, LACP etc.
resiliency, load balancing and QoS in cloud services.

657
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

C. ODL driver virtualization and firewall and IDS and IPS system.
Network device connected with virtual router manage
OpenDayLight support many south bound plugin
dynamic traffic forwarding using virtual NFV
application like OpenFlow, OVSDB for orchestrate to
hypervisor router and isolated network called switch
openstack integration. ODL driver useful for interface
stack. SDN controller also useful with Openflow
between OVSDB to ML2 plugins.
mechanism for cloud flow control of service and load
ODL use openflow protocol for network balancing using the request management dynamically.
communication between OVSDB and ML2 plugins. So complete network traffic are managed using the
We can configure neutron ML2 plugins file to use central SDN controller which is more stable, secure
SDN-ODL plugins for cloud networking. L3 and resilient and efficient from the previous networking
DHCP agent are managed cloud private network techniques.
subnets and mapping. Cloud traffic are forwarded to
Phases of proposed architecture:
openflow switch, where flow table entry matched and
route those traffic to specific node. If entry doesn’t A. DATA PLANE
exist than openflow switch pass traffic to ODL Cloud network is directly connected with the DATA
controller which can decide path to further forward that plane switching Devices that can be managed the
traffic. Here SDN improve network security using network routing and cloud network traffic forwarding
OVSDB plugins and also provide some application so that virtual switching are created using NFV and
such like if one OVS bridge are failed than choose isolate whole network function using OpenContrail.
another path using Openflow switch, network Load
balancing are managed using simply node status
managed by meter table entry and SDN controller
communicate over Openflow protocol. SDN
integration with openflow improve network security
using isolation of network and take of internet protocol
dependency and vulnerability.
IX. N FV INTEGRATION WITH SDN AND OPENSTACK
Network function virtualization technique have
advantage in cloud networking to improve network
service with integration of NFV with SDN and
Openstack cloud. This architecture provide enhance
network service capability over another networking
mechanism. NFV successfully integrate in juniper open
contrail distribution. Here NFV plugins with neutron
ML2 Successfully install all contrail package in cloud
controller node and configure them with SDN
controller. Let’s see how NFV integrate with neutron
device. OpenContrail have two component one is
OpenContrail controller and second is OpenContrail
virtual router. Virtual router is a forwarding plane run Fig. 3. Proposed architecture
on hypervisor of virtual server. Controller make
interface between northbound APIs which have Data plane connected with the control plane which
virtualized server used as a virtual router and connected give the instruction for cloud network routing using
with one central gateway router. We can integrate with SDN controller and Openflow mechanism. DATA
Openstack multinode lab and SDN with contrail release plane have multiple virtual machine and operating
so download contrail distribution and extract it on systems connected with private virtual network.
controller than install dependency of contrail release
and setup with neutron to use NFV. Than modified B. CONTROL PLANE
plugins file to activate NFV in neutron services use.
In the proposed architecture the external SDN
X. P ROPOSED ARCHITECTURE controller are establish for controlling the
SDN (Software Defined Network) platform in corresponding network traffic. Which have Openflow
cloud of things with separate control plane using the communication protocol for network. Here flow and
Openflow protocol fully dynamically managed network meter table introduce traffic matching entry and in
using network function virtualization (NFV). Cloud entry doesn’t exist than SDN program take decision to
orchestrator have the Openstack application which can forward traffic which can abstract lower level
be manage by SDN controller using the OPENFLOW network administration and remove human error
protocol with SSL. So that all the network devices are using programmable stack. NFV send network virtual
connected with central controller provide the dual link router status and isolate physical network with
resiliency and security using the network function network virtualization that separate every user
request. SDN controller programmed in JAVA

658
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)
language, light weight and flexible in cloud network.
That can be make traffic connection over network
routing using SSL based communication of
Openflow. SDN controller have some salient feature
like compatibility, flexibility so that we can integrate
it with various mechanism and also manage the
network security using the firewall and IDS, IPS
system monitoring.
XI. P ERFORMANCE ANALYSIS OF NETWORK AFTER
INTEGRATION OF SDN AND NFV
Proposed architecture contain SDN controller with
NFV plugin in openstack cloud network have major
key performance terms are network packet analysis of
latency and throughput analysis in cloud network.
Cloud network have some major security and thread
issue are affecting those parameter. Openstack node
have packet flow are monitoring using OpenDayLight
SDN controller.
Fig. 4. OpenDayLight Packet Analysis
Here below show the network packet analysis as a
function of their complexity, flexibility, and potential
and capabilities. We choose two different network
cloud traditional network and software defined network
and analyse network traffic of network which can
simply give out result how SDN improve network
services. Throughput analysis made using iperf tool and
latency analysis based on wireshark and TCP
connection. The results of network monitoring show
that SDN architecture enables more security, flexibility,
capability, and functionality doesn’t means to degrade
in performance. Performance reflects implementation
of SDN with NFV increase network capability using
virtualize programmatic control logic.
Fig. 5. Latency Routing
Fig. 6. Throughput Routing
Performance varies in terms of network flow
mechanism OpenFlow and Linux simple user space
network forwarding.
XII. CONCLUSION
Cloud resource such as compute, storage and
network become worthwhile infrastructure for
computation, data storage and hosting network based
application. Traditional network have many security
problem such like spoofing attack, MITM, DoS and
DDoS but migrating traditional network to SDN
provide flexibility and reliability both together using
unified, programmable controller called SDN
controller. Using SDN we can abstract lower level task
like network manipulation and configuration and
management and improve network security using
virtualization and central control view. NFV with SDN
provide strong network management using virtualize
network function and programmable network routing.
SDN integration with Openstack and openflow protocol
improve neutron service with NFV plugins and abstract
vulnerable internet protocols and SNMP for network
management. We are integrate SDN with openflow
network communication protocol and NFV plugin
(Network function virtualization) for isolate network to
improve network control flow and security.
SDN implementation have many concerns such that
SDN stack issue, controller issue, network
virtualization issue so in future work we propose
enhance SDN controller with control plane security and
much more flexibility with openflow protocol and NFV
plugins.
REFERENCES
[1] Seeker,S.Rodosek Improving network security Through SDN
in cloud scenarios , G.D Network and Service Management
(CNSM), 10th Inter- national Conference on cloud and utility
2014.
[2] Lopes Da Frota, F,V. “Analysis of SDN contributions for
Cloud Computing Security” 2014 IEEE/ACM 7th
International Conference On Utility and Cloud Computing.
[3] Fressancourt, A.; Gagnaire, M. “A SDN-based network
architecture for cloud resiliency 12th Annual IEEE Consumer
Communications and Networking Conference (CCNC).
[4] Govindrajan, K.; Kong chee meng; Hong one; Wong Ming
Tat; Sivanand, S.;Low Swee Leong “Realizing the Quality of
659
 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

Service (QoS) in Software-defined Networking (SDN) Based

cloud Infrastructure” 2nd International Conference on
Information And Communication technology (ICoICT) .
[5] Govindrajan, K.; Kong Chee Meng; Hong Ong “A Literature
Review on software-Defined Networking (SDN) Research
Topics, Challenges and Solutions” 2013 Fifth International
Conference on Advance Computing (ICoAC).
[6] L. R. Battula “Network Security Function Virtualization
(NSFV) towards Cloud computing with NFV over Openflow
infrastructure: Challenges and novel approaches” Advances in
Computing, Communications and Informatics (ICACCI, 2014
International Conference on Year: 2014.
[7] O. Tkachova; M. J. Salim; A. R. Yahya “An analysis of SDN-
OpenStack integration” Problems of Infocommunications
Science and Technology (PIC S&T), 2015 Second
International Scientific-Practical Conference Year: 2015.
[8] M. Banikazemi; D. Olshefski; A. Shaikh; J. Tracey; G. Wang
“Meridian: an SDN platform for cloud network services”
IEEE Communications Magazine Year: 2013.
[9] D. V. Bernardo; B. B. Chua “Introduction and Analysis of
SDN and NFV Security Architecture (SN-SECA)” Advanced
Information Networking and Applications (AINA), 2015 IEEE
29th International Conference on Year: 2015
[10] Architecture SDN [Electronic resource] // Open Networking
Foundation. — [2014]. — Mode of access:
https://www.opennetworking.org/ 2.
[11] OpenStack Cloud Administrator Guide [Electronic resource]
[2015]. Mode of access: http://docs.openstack.org/admin

660

View publication stats