SCIPASS: IDS LOAD BALANCER & SCIENCE DMZ
SciPass is an OpenFlow application designed to help network security scale to 100Gbps. In its simplest mode of operation, SciPass turns an OpenFlow switch into an IDS load balancer capable of considering sensor load in its balancing decisions. When operating in Science DMZ mode, SciPass uses Bro to detect "good" data transfers and programs bypass rules to avoid forwarding through institutional firewalls, improving transfer performance and reducing load on IT infrastructure.
Currently, this application is designed to work with any OpenFlow 1.0 Switch, which supports multiple output actions and combined layer2 and layer3 header matching. We expect to support 1.3 in the next year depending on vendor availability, etc. SciPass provides the features needed to deploy as a load balancer for an inline or passive IDS cluster, in addition to its ability to provide the basis for a Science DMZ. At its heart SciPass is an interactive load balancer. On top of this core function, SciPass provides a set of web services that are typically used by IDS sensors or other system to guide forwarding behavior.
Current Features include:
- Sensor Load Report API - sensors can report their load which lets SciPass adjust volume of traffic sent to that sensor
- Blacklist API - Used to define traffic which should be dropped at the switch
- FastPath API - used to define the traffic which is good and thus should not traverse the firewall or IDS sensor.
- IDS load balancer - Balancing of traffic across sensors based on traffic dynamics and sensor load.
- CLI - for administration and troubleshooting
Proof of Concept:
The whitebox project will validate several bare-metal switch designs with this application, aiming at providing validated options for 10, 40, and 100GbE deployments.
We will also evaluate the additional chipset monitoring capabillities provided in many whitebox offerings to validate performance, and gather data on buffer needs of large high bandwidth high latency data transfers.