Jason Edelman comments on his blog:
What about load balancers and firewalls in these networks? With OpenFlow, the network can be turned into a giant network security device (lightweight FW) and load balancer since you would be predefining what to do with all traffic. Maybe the OpenFlow action is drop for turning a switch into a basic Firewall — exactly what Goldman said they were 6 months ago. Maybe the action is to do an L3 re-write, punt to the “load balancer” application that is running on top of the controller, and see which real server IP to forward the traffic to. In both of these examples, very few to no packets are sent to the controller and policy is distributed and enforced, largely based on Layer 3-4 information, throughout the edges of the network.
Great look at the future of packet inspection in OpenFlow networks.
Read more: DPI in Controller Networks – Jason Edelman’s Blog
Leave a Comment