Networks become increasingly more complicated as they expand in size and much more difficult to manage and control. In a traditional network considerable IT resources are required to implement processes such as configuration and provisioning. Traditionally these tasks were manually implemented by a network administrator. The SDN approach automated these processes via software.
An SDN controller comprises a repository of control and policy instructions for the network. The SDN controller has an end-to-end view of the entire network, and information of all network paths and device capabilities. As a consequence, the SDN controller may calculate paths based on both source and destination addresses; use different network paths for different traffic types and react to the condition of the network changes. While a centralised control approach allows a network to be managed more efficiently that the conventional approach, delays may occur in view of huge volume of routing decisions that need to be centrally processed. Furthermore, the centralised control approach fails to address the individual granularity of setting specific policies for end users across millions of devices, as to how their devices should be controlled. The centralised approach fails to take account of how to scale the centrally operated SDN controller which controls very large numbers of distributed users with granular preferences and very large numbers of end devices. These limitations are inherent in the fully centralised approach and are specifically undesirable when SDN control is being used to manage millions of devices connected residential internet subscribers or businesses.
In addition this centralised approach fails to take into consideration the full scale and use of the analytics that are possible to be gathered. This approach fails to make use of the valuable historical reference capabilities of this data and its ability to be used to drive pro-active network management and control, to drive security applications, to compute infrastructure planning applications or to create automatic fault resolution.
There is therefore a need for a method of controlling a software defined network (SDN), and an SDN controller which addresses at least some of the drawbacks of the prior art.
Many applications have been created to breach security on a network, to do damage to another parties connectivity or systems, to steal data, to threaten or block systems and to invade the privacy of others. Their evolution started soon after the beginning of the computer age and include multiple types of viruses, malware, adware, trojans, denial of service (DOS), distributed DOS, spyware, etc.
In addition the shifting business models of companies now means that when a customer purchases a software product or even uses what is considered to be legitimate software, that this permits both legitimate and nefarious companies to gather very significant amounts of personal data on the user. The consumer is generally unaware of the level of tracking and monitoring taking place by what they consider to be legitimate products because the consumer has inadvertently agreed to terms and conditions which may not be valid under their local country regulations where they reside.
Most of these security breach and privacy violation developments are being used for some form of malicious purpose on a varying scale. The evolving and changing problems faced by the consumer in relation to both security violation and privacy violation can be considered against the historic way viruses evolved. Some years ago it was obvious when a virus infection was present. The viruses of the past were largely written by amateurs and tended to be obvious, in that they exhibited destructive behaviour or pop-ups. Modern viruses however, are often written by professionals and are financed by nefarious organizations. With this levels of nefarious activities being experienced by end users a new approach is required to address security and privacy concerns for end users.
In addition, the complexity and speed of the services being used by the consumer no longer permits for operator engineers to address problems through manual intervention. To address this a data driven intent based networking method is used to trigger automation as and when the data analytics is processed to identify near real time and real time scenarios. This gives the ISP the tools to meet the needs and expectations of the consumers and to limit the needs of the consumer to be technically skilled.
There is therefore a need for a method for providing security on a software defined network (SDN) which addresses at least some of the drawbacks of the prior art. Additionally, their is a need a network security controller which also overcomes at least some the drawbacks of the prior art.