Abstract

A number of challenges are facing the design of secure datacenter environments, such as applications high throughput requirements, low latency applications, scalability, ability to detect Advanced Persistent Threats (APT), bring your own device (BYOD), and protection against Distributed denial of service (DDOS) attacks. Software Defined networking (SDN) is an emerging paradigm that provides flexibility to Datacenter network design. In this paper, a framework is presented to enhance security in SDN-based datacenters. SDN features are leveraged to integrate network layer with security middleboxes such as intrusion prevention system (IPS) or Firewall (FW) to block attackers at the network edge. A proof of concept is designed and implemented using Citrix Xenservers and Mininet emulation software where a typical datacenter fat-tree topology is adopted. Performance evaluation results demonstrate that the proposed framework provides an adaptive self-defending network able to protect running services and defend against internal threats while reducing attack response time.