Security inspection resource allocation in real time using SDN.

Network traffic security inspection is vital in today's network. However, due to the increasing user demand, security inspection resources are becoming a bottleneck of the network, therefore bringing down network throughput. In this paper, we proposed an OpenFlow‐based flow management prototype, which can properly allocate limited security resources in order to achieve the objective of making the best use of security resources without compromising network throughput. We introduced a capacity reservation scheme to enforce network security and avoid security devices becoming congested. In order to optimize utilization of security devices, we formulated the resource‐constrained problem as an integer linear programming problem and solved it. Extensive experiments were performed to attest to the effectiveness of our prototype. Finally, we analyzed results of the experiment, including the impact on network performance of two parameters in the optimization formulations. Compared to other works, we have the following strengths: our model was implemented on a general network topology with distributed security devices; we formulated the flow allocation problem into a linear programming problem and performed the optimization in the controller in real time; and no pre‐knowledge about the network, hosts, or traffic was needed. [ABSTRACT FROM AUTHOR]