Securing VXLAN-based overlay network using SSH tunnel
Date
2017
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Delaware
Abstract
This project focuses on utilizing Virtual Extensible Local Area Network (VXLAN), a tunneling protocol used in cloud overlay networks to address the scalability issues in large production environments, and deploying a security measure to uphold VXLAN data integrity against possible infiltrations or snooping that uses data transparency as a leverage to disrupt the communication and launch attacks on the network. Though there are security implementations for VXLAN tunnel traffic over the IP network on physical VXLAN switches and several firewall rules to restrict network access at the industry, there is no implementation of SSH as a secured means for MAC over IP VXLAN communication between two different servers without the need for external firewall or other traditional security mechanisms. The purpose of this project is to deploy encryption mechanism over the VXLAN traffic on public internet for a secured communication. The first step of the project is manually setting up overlay between Open vSwitch virtual switches using VXLAN on both client and server, and second is configuring SSH tunnel between the hosts and channeling the VXLAN traffic through SSH. The VXLAN traffic over internet is unencrypted and prone to data compromise. Securing VXLAN based overlay network using SSH tunnel encrypts the data, thus protecting its integrity.
Description
Keywords
Applied sciences, Mininet, Open vSwitch, Openflow, Overlay network security, VXLAN, VXLAN through SSH