Security Advances in the bwNET100G+ Project
Michael Menth, Universität Tübingen
BelWue is the Internet service provider for academic and research institutions in Baden-Wuerttemberg. When its core network was upgraded to 100G, the bwNET100G+ project was launched to bridge network operation and cutting edge research. The flexibility brought along by software-defined networking (SDN) and the support for bandwidths of up to 100G in core and campus networks are focus of the project. In this talk, we present three exemplary advances in the field of security. First, we show how authentication and authorization (AA) using IEEE 802.1X and RADIUS can be leveraged in OpenFlow-based SDN domains. This allows to improve security and flexibility through a network-wide session database and the integration of additional AA resources compared to classic deployment. Second, firewalls often cause networking bottlenecks.We explain how SDN can be leveraged for static and dynamic firewall bypassing in congestion situations and discuss the feasibility of that approach. Third, we present an SDN-based mitigation approach for distributed denial of service (DDoS) attacks that leverages SDN to flexibly inspect, redirect, and shape traffic during DDoS attacks. Furthermore, real users may use CAPTCHAs to whitelist their traffic in case of false positives.