Protecting an MPLS-based Programmable Virtual Network Using Distributed Firewall
نویسندگان
چکیده
In Programmable Virtual Network (PVN), network providers sell network resources including programmable/nonprogrammable nodes and links connecting the nodes to customers for building their virtual networks. PVN can use Multi-Protocol Label Switching (MPLS) for creating virtual channels and fast packet forwarding. By using special MPLS labels, PVN can identify customers’ packets that require processing at network nodes. Giving customers the ability to process packets within the network provider’s network may introduce some security concerns. With distributed firewall, security policy is centrally defined but is enforced at different enforcement points. We show how to use distributed firewall to protect MPLS-based PVN.
منابع مشابه
Traffic Engineering and Network Management System for QoS-Guaranteed DiffServ Provisioning
This paper proposes an integrated traffic engineering and management system for DiffServ-over-MPLS services in Next Generation Internet (NGI). Using the proposed traffic engineering functions for DiffServover-MPLS network, the Internet service provider (ISP) can easily configure Diffserv-over-MPLS traffic flows among customer’s distributed sites, and can provide guaranteed end-to-end QoS by con...
متن کاملA Design of a Next Generation IX using MPLS Technology
An IX (Internet eXchange) is a mechanism to interconnect many networks to each other. Currently, an ISP (Internet Service Provider) establishes numerous interconnections to other ISPs. Although ‘private peering’ is one way for an ISP to interconnect to other ISPs with individual links, connecting to an IX is a more efficient way to establish and maintain a large number of peerings (or ‘public p...
متن کاملSecure Access Node: an FPGA-based Security Architecture for Access Networks
Providing network security is one of the most important tasks in today’s Internet. Unfortunately, many users are not able to protect themselves and their networks. Therefore, we present a novel security concept to protect users by providing security measures at the Internet Service Provider (ISP) level. Already now, ISP are using different security measures, e.g. Virtual Local Area Network tags...
متن کاملUsing a Fuzzy Rule-based Algorithm to Improve Routing in MPLS Networks
Today, the use of wireless and intelligent networks are widely used in many fields such as information technology and networking. There are several types of these networks that MPLS networks are one of these types. However, in MPLS networks there are issues and problems in the design and implementation discussion, for example security, throughput, losses, power consumption and so on. Basically,...
متن کاملArchitecture and Applications for a Distributed Embedded Firewall
The distributed firewall is an important new line of network defense. It provides fine-grained access control to augment the protections afforded by the traditional perimeter firewall. To be effective, though, a distributed firewall must satisfy two critical requirements. First, it must embrace a protection model that acknowledges that everything behind the firewall may not be trustworthy. The ...
متن کامل