Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International...
-
Upload
emerald-morgan -
Category
Documents
-
view
220 -
download
2
Transcript of Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International...
![Page 1: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/1.jpg)
1
Flexible Access Management System for Campus VLAN
Based on OpenFlow
2011 IEEE/IPSJ International Symposium on Applications and the Internet
Yasuhiro Yamasaki Yoshinori Miyamoto Junichi Yamato Yasuhiro Yamasaki * , Yoshinori Miyamoto, Junichi Yamato , Hideaki Goto, Hideaki Sone Tohoku
University, Japan *NEC Corporation, Japan
![Page 2: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/2.jpg)
2
Outline
• Backgrounds • VLAN(Virtual Local Area Network)• RADIUS(Remote Authentication Dial In User Service)• SDN(Software Defined Networking)• OpenFlow
• Campus VLAN• Campus VLAN / Problems • Different between General network and OpenFlow• Evaluations• Summary
![Page 3: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/3.jpg)
3
Backgrounds
• VLAN(Virtual Local Area Network)• RADIUS(Remote Authentication Dial In User Service)• SDN(Software Defined Networking)
• OpenFlow
![Page 4: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/4.jpg)
4
VLAN(Virtual Local Area Network)
• A virtual local area network (virtual LAN) is the logical grouping of network nodes. A virtual LAN allows geographically dispersed network nodes to communicate as if they were physically on the same network.
![Page 5: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/5.jpg)
5
RADIUS(Remote Authentication Dial In User Service)• Authentication• Authorization• Accounting
![Page 6: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/6.jpg)
6
SDN(Software Defined Networking)
![Page 7: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/7.jpg)
7
SDN(Software Defined Networking)
![Page 8: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/8.jpg)
8
OpenFlow
![Page 9: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/9.jpg)
9
Campus VLAN
• Using a lot of VLANs in campus networks– Department, Floor , Guest-/home-users and so on
• For example, roaming system such as eduroam – The number of VLAN is (SSID/AP The number of VLAN is (SSID/AP × Area).
![Page 10: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/10.jpg)
10
Campus VLAN
• Packets are forwarded based on VLAN tag – Each network must be set to each VLAN configuration. – Each special field such as VLAN tag is necessary in the header of packet.
![Page 11: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/11.jpg)
11
Campus VLAN / Problems
• IEEE802.1Q has some limitations. – ID field of VLAN is 12bits (= 4096 ID) – It is difficult to manage multi stacked VLAN
• The system configuration work is laborious. – It is necessary to set configuration to all network nodes
![Page 12: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/12.jpg)
12
Differences between General network and OpenFlow• Network node: dumb but fast• Control server: intelligent as is expected
![Page 13: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/13.jpg)
13
System Architecture
• The system configuration becomes lighter • The number of ID isn’t restricted
![Page 14: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/14.jpg)
14
![Page 15: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/15.jpg)
15
Evaluations
• The access management function
• The times for communications
![Page 16: Flexible Access Management System for Campus VLAN Based on OpenFlow 2011 IEEE/IPSJ International Symposium on Applications and the Internet Yasuhiro Yamasaki.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c0241a28abf838cd4b6e/html5/thumbnails/16.jpg)
16
Summary
• The system manages communication access by virtual group ID (GID) managed in OpenFlow controller instead of VLAN.
• The number of ID is hardly restricted and even if GID is changed, the configuration of switches need not be changed because GID is only used in OpenFlow controller.