HP Network Protector SDN Application Administrator Guide
Figure 5 DNS inspection using a “fuzzy edge” approach
Edge routing approach to DNS inspection
In this example, you configure the solution to perform DNS inspection at the edge routers.
Figure 6 (page 16) illustrates this example.
In this example:
• Each edge router, such as an HP 5406 switch, is connected to the HP VAN SDN Controller,
is configured to use OpenFlow, and is routing packets.
• The application performs inspection and control on VLAN 20, 30, 40, 50, 60, and 70.
• An OpenFlow packet out operation is not supported for the routers in this configuration.
• If you want inspection to occur on a device that is routing, that device must support Service
Insertion.
• DNS inspection is automatic when endpoints are browsing because the transparent proxy
deployment is used. In a transparent proxy deployment, HTTP requests are automatically
directed to a Proxy server without requiring manual browser configuration.
Edge routing approach to DNS inspection 15