HP Network Protector SDN Application Administrator Guide
Figure 1 High Level Network Protector Architecture
Click here to view a video of the HP Network Protector SDN Application overview.
HP VAN SDN Controller
The HP Network Protector SDN Application is deployed as an application that runs on top of the
HP VAN SDN Controller. As a stand-alone application bundled with the Controller, it leverages
several Controller features and subsystems like Application Manager, Pipeline Manager, Licensing
infrastructure, Cassandra Database, SKI UI framework, REST API framework, Audit, Alert, Support
logs, and others.
For information about the Controller, see the HP VAN SDN Controller Administrator Guide in the
SDN information library at http://www.hp.com/go/sdn/infolib.
OpenFlow enabled switches
One of the basic requirements for the application is the OpenFlow enabled switch. OpenFlow is
the mechanism by which the application instructs the discovered switches to redirect all DNS traffic
towards itself. There are several security policies supported in the application, which are
implemented by using the OpenFlow protocol to push desired flows on the switches. Currently,
OpenFlow 1.0 and OpenFlow 1.3 versions are supported.
The switch firmware plays an important role in the solution design. Provision switch firmware version
15.15 and above support an additional switch feature called Service Insertion, which helps send
DNS data traffic to the switch using switch hardware, bypassing the switch CPU, thereby enhancing
performance. Packet processing using the switch CPU is slower than the packet processing using
switch hardware.
Switch capabilities and extensions or lack thereof have significant impact on how much actual
packet processing needs to be handled by the application. The base level OpenFlow switch with
no Service Isertion is the most rudimentary environment and all inspected traffic and control is
shared on the OpenFlow interface port. Best performance is achieved with switches that support
OpenFlow and Service Insertion.
The application scalability and performance also depends on the hardware and software
specifications on the server on which it is deployed. For more information about the OpenFlow
and switch configuration setting for OpenFlow, see the HP OpenFlow 1.3 Administrator Guide in
the SDN information library at http://www.hp.com/go/sdn/infolib.
To enable the switches in the network to work with VAN SDN Controller and the application, you
must enable OpenFlow on the switches in the passive mode. This configuration allows the switch
HP VAN SDN Controller 7