Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Open SDN Controller 1.0
  5. White Paper

Cisco Cisco Open SDN Controller 1.0 White Paper

Download
Page of 10
 
 
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 
Page 1 of 10 
White Paper 
Event-Based Software-Defined Networking: Build a 
Secure Science DMZ 
What You Will Learn 
As the need to efficiently move large data sets around the world increases, the Science DMZ - built at the network 
edge and designed to be secure without the performance limitations imposed by traditional security devices such 
as firewalls - is becoming vital. This document explores an event-based software-defined networking (SDN) 
solution that improves both the security and efficiency of the traditional science DMZ. The document discusses: 
● 
Current science DMZ implementations and weaknesses 
● 
Network functions needed for a secure science DMZ 
● 
Concepts of event-based SDN 
● 
Details of the reference implementation 
This document is intended for individuals responsible for designing and engineering solutions for networks that 
involve the movement of large amounts of data. 
Background 
Scientific research increasingly relies on very large data flows, with large collaborative partnerships of researchers 
and the transfer of data from experiments and simulations around the world. The unique characteristics of this 
huge data transfer pose new networking challenges: 
● 
Traditional campus networks are designed for enterprise business operations. They typically are designed 
for a very large number of small flows and are not well suited to the bulk transfer of scientific data, which is 
characterized by a small number of very large flows. 
● 
Sharing scientific data characterized by large flows with traditional campus networks has significant 
drawbacks. For typical data traffic, packet loss is often tolerated in the campus LAN. However, even very 
small amounts of packet loss can reduce TCP performance by an order of magnitude when WAN latency is 
introduced, and hence such a solution does not meet the stringent requirements for the movement of 
scientific data. 
● 
The hardware limitations of firewalls are generally exposed when the heavy network-traffic loads of big data 
flows are managed under complex firewall rule-set constraints. Other limitations, such as old fiber optics 
also pose performance constraints on these large flows. 
● 
Traditional campus networks are optimized for security and partially sacrifice performance for this purpose. 
The security optimization in traditional networks leads to campus firewall policies that block ports or limit 
flows needed for various data-intensive experiments.  
● 
The traffic engineering methods in traditional campus networks cannot perform the detailed classification of 
flows needed to enforce big data policies for bandwidth provisioning.