Application delivery and security vendor Radware has contributed an open source distributed denial-of-service protection application to the OpenDaylight Project.
OpenDaylight, the open source SDN project that recently approved code for its core SDN controller, has accepted nearly a dozen additional contributions, including Radware's Defense4All application.
Defense4All is an open source variation of Radware's commercial SDN-based distributed denial-of-service (DDoS) prevention software, the first of the company's DefenseFlow portfolio of SDN security products, said Radware Chief Technology Officer Avi Chesla.
Commercial roots of Radware's open source DDoS protection
Radware's commercial DefenseFlow anti-DDoS application instructs an OpenFlow controller to program virtual and physical switches to be OpenFlow counters -- or probes -- that collect statistics on network traffic. The application learns baseline traffic patterns and then watches for anomalies indicative of a network-level DDoS attack. If the application detects an attack, it instructs the OpenFlow controller to send suspect flows to specialized mitigation appliances to filter out malicious traffic.
DefenseFlow and its open source cousin Defense4All offer variations in how granular their DDoS protection will be. "On edge [switches] we have a less granular view that can easily detect very high volume attacks that create risk on an entire infrastructure," Chesla said. If deployed at the virtual edge, such as on Open vSwitch, "we can be more sensitive to specific attacks on ports and IP addresses that represent the protected services or part of the range of services that [a customer wants protected]."
Additional coverage of OpenDaylight Project
University of Kentucky contributes Open vSwitch management to OpenDaylight
SDN pioneer Big Switch Networks drops out of OpenDaylight
Can hardware vendors truly lead in open source SDN?
Defense4All, the OpenDaylight contribution, is a collection of code enhancements to the OpenDaylight controller and an SDN application that plugs into the controller's northbound application programming interfaces (APIs).
"On the OpenDaylight controller we are contributing a statistics service and traffic redirection service that would allow the controller to do more efficient statistical collection and placement of OpenFlow counters … and some code that will allow the controller to do simpler redirection when needed to security monitoring services or mitigation devices," Chesla said.
Beyond detecting traffic anomalies associated with DDoS attacks, Radware's Java-based OpenDaylight application will also have a pluggable data model that can trigger redirection of traffic to security devices for filtering and analysis.
Defense4All relies on baseline and threshold settings to detect traffic, a very basic approach to anti-DDoS services. It's a foundation that other vendors should be able to use with OpenDaylight to create more advanced SDN-based DDoS protection.
"In the commercial version [of DefenseFlow], there are much smarter detection algorithms that are part of our intellectual property," Chesla said. "They do a lot of learning. For example, we learn the baseline not only from the rate of traffic, but also from the different types of distribution parameters within that traffic -- port numbers, packet sizes and other network-level parameters. The commercial version will automate the process much more and it will reduce false positives."
Radware and other vendors will also be able to compete on the mitigation appliances and services to which Defense4All redirects suspect flows, he said.
Radware has high hopes for the success of OpenDaylight because it believes the glut of SDN controllers and northbound APIs in the market has slowed down the industry, Chesla said.
"In the past year and half, we have been working with six or seven different controllers," he said. "There is still no standard northbound API and [the SDN controllers are] at different stages and capabilities, which instead of accelerating innovation is coming to stage where it is being suspended because there are too many of them. This is why we support [OpenDaylight], because it can help accelerate these things."