HP Network Protector SDN Application Administrator Guide
Figure 4 DNS inspection using an aggregate approach
Fuzzy edge approach to DNS inspection
In the fuzzy edge approach, the endpoints are connected to the edge switches but there are also
endpoints connected to the distribution switch. In this example, you choose to inspect DNS requests
at the distribution switch in addition to the edge switches. Using this approach allows specify which
VLANs you want the application to inspect.
Figure 5 (page 15) illustrates this example.
In this example:
• Each edge device, such as an HP 2920 switch or an HP 3800 series switch, is connected to
the HP VAN SDN Controller and configured to use OpenFlow.
• The L2 distribution switch, such as an HP 5406 switch, is also connected to the controller and
configured to use OpenFlow.
• The application performs inspection and control on VLAN 20, 30, 40, 50, 60, and 70.
• Each device has a single OpenFlow instance that is configured to include all VLANs except
the controller VLAN.
• DNS packets are inspected both at the edge and at the point of aggregation for VLANs 20,
30, and 40.
• DNS inspection is automatic when endpoints are browsing because the transparent proxy
deployment is used. In a transparent proxy deployment, HTTP requests are automatically
directed to a Proxy server without requiring manual browser configuration.
14 Deployment examples