Extreme Flow Optimizer
The Extreme Flow Optimizer (EFO) project aims to enhance Extreme Networks’ EFO application, and to use it to build an automated network-traffic steering system. EFO is a software-defined networking (SDN) application designed to improve visibility of network traffic, manage volumetric DDoS threats, and enable dynamic flow-steering by applying SDN and network-automation principles.
As technology evolves, traditional static network configurations often prove too rigid. Through this project, we are therefore using EFO’s dynamic flow-steering capabilities to provide increased programmability and flexibility in our networks. The project currently focuses on orchestrating traffic for building a scalable intrusion-detection system (IDS), with advanced features enabled by the EFO software (e.g. offloading the inspection of bulk data transfers).
During 2017, we made good progress on enhancing the IDS prototype at CERN. The IDS receives a copy of the traffic that crosses CERN’s network boundary and load-balances it across a pool of servers, each running the open-source Bro Network Security Monitor system. The setup was enhanced using Extreme Networks’ SLX 9540 hardware platform, a high-end data-centre switch with advanced hardware capabilities for traffic orchestration. Furthermore, we used the Extreme Workflow Composer (EWC) software to provide increased automation capabilities through modular and configurable workflows, thus abstracting the configuration of network devices. This upgraded technology stack plays a key role in fulfilling both current and future system requirements.
Throughout the year, we also made significant contributions to the general EFO product development; the research fellow funded by Extreme Networks and based at CERN is integrated in the EFO development team. Several features developed at CERN were included in two official EFO releases. In addition, we provided expert consultancy to two Internet service providers (ISPs) in Switzerland that are considering deploying EFO in their production systems.
Now that the evolved IDS prototype has been deployed in the CERN data centre, we will thoroughly evaluate it to ensure that all the technical requirements are met for the final production deployment. Contributions to EFO software development will continue, including the implementation of specific features required for the IDS and other possible CERN use cases.
- M. Abdullah, Network Automation with Brocade Workflow Composer (15 August), Presented at CERN openlab summer students’ lightning talks, Geneva, 2017. http://cern.ch/go/7fK8
- A. Krajewski, Lightning talk: Brocade Flow Optimizer (21 September), Presented at CERN openlab Open Day, Geneva, 2017. http://cern.ch/go/sd8Q
- A. Krajewski, Network Automation for Intrusion Detection System (18 October), Presented at HEPIX Fall 2017 Workshop, KEK, Tsukuba, Japan, 2017. http://cern.ch/go/x7Lr