The Linux Networking Architecture: Design And I...
A network architect is an expert at applying network technology to system designs. This type of architect has an extensive background in the physical aspects of network design and implementation on a very large scale. Network architects also understand the details and nuances of data exchange as defined by the OSI model. They are current with the latest developments in networking technologies and best practices, particularly around datacenter security and interoperability.
The Linux Networking Architecture: Design and I...
Anycast allows us to keep the networking setup uniform across all edge data centers. We applied the same design inside our data centers - our software stack is uniform across the edge servers. All software pieces are running on all the servers.
(4) Following the redirection the packets reach a designated machine. At this point they are ingested by the normal Linux networking stack, go through the usual iptables firewall, and are dispatched to an appropriate network socket.
Software-defined networking is an evolving network architecture beheading the traditional network architecture focusing its disadvantages in a limited perspective. A couple of decades before, programming and networking were viewed as different domains which today with the lights of SDN bridging themselves together. This is to overcome the existing challenges faced by the networking domain and an attempt to propose cost-efficient effective and feasible solutions. Changes to the existing network architecture are inevitable considering the volume of connected devices and the data being held together. SDN introduces a decoupled architecture and brings customization within the network making it easy to configure, manage, and troubleshoot. This paper focuses on the evolving network architecture, the software-defined networking. Unlike a generic view on the evolving network, which makes work as a review, this work addresses various perspectives of the architecture leaving it an intermediate work in between the review of the literature and implementation, contributing towards factors like the design, programmability, security, security behaviors, and security lapses. This paper also analyses various weak points of the architecture and evolves the attack vectors in each plane leaving a conclusion to further progress towards identifying the impacts of the attacks and proposing mitigation strategies.
The networking domain, a couple of decades ago, was in a similar situation but for a different problem. The depletion of IPv4 addresses leads to the design of IPv6 protocol. Even though the problem was well mitigated by proposing the most secured and scalable IPv6 addressing scheme, it stills raises challenges in completely adopting IPv6 and aborting IPv4 [6]. It took over the next decade after the solution being proposed on a problem to effectively implement in the real-time operations not completely but at least to a wide level. This experience is kept in consideration while new scopes were defined to the current problems or issues being faced in the network architecture.
Being in the position of evolving network architecture, the SDN architecture brings in various advantages compared with the traditional networking architecture. As discussed in the previous section, the decoupled design itself is an added advantage in the aspect of security [19]. Because of its decoupled design, the controller places itself in a dominant position having an eagles-eye view over the network and able to control the flow of data. Controlling the data flow includes various factors of operating a network including inspecting the packets entering the network and balancing the load within the forwarding devices.
These above categorized attacks are specific and could potentially make software-defined networking architecture vulnerable; however, the vulnerabilities are not limited to the above-stated attacks alone. Further adding values and contributing towards the work, few more possible attacks are listed here including compromising admin credentials, network manipulation, and man-in-the-middle attacks which might lead to activities like capturing the packets and analyzing the packets for enhanced attacks, session-related attacks, compromised applications, and the APIs. An optimized design [38] is vital to mitigate these categorized and noncategorized attacks.
Workstations may be designed for specific tasks like Auto CAD[1], Studio MAX etc or other work involving mathematical calculations, statistical data or video or graphic editing. While servers are intended for networking. 041b061a72