Using Segment Routing to Improve the Security of Virtualized Environments

State: Open

Segment routing (SR) is a source routing protocol that allows several operations to be made at intermediate nodes by inserting instructions, called segments, into the packet header [1]. Thus, SR enables proper integration and chaining of different virtual network functions (VNF) in network function virtualization (NFV) environments, facilitating to enforce policies between them. SR allows, for instance, enforcing policies by steering traffic through a set of intermediate VNF solely by putting routing information into the packet header. 

This thesis aims to develop a solution to enforce security policies in current NFV environments. This includes (i) implementing an application on the controller-side to allow the specification of those policies and (ii) the deployment of such policies on top of a Docker infrastructure.


[1] RFC 8402. Segment Routing Architecture. Available at: https://datatracker.ietf.org/doc/html/rfc8402

Work distribution: 20% Design, 60% Implementation, 20% Documentation
Requirements: Strong Python and Linux skills, Basic knowledge of Computer networks and Docker containers

Supervisors: Rafael Hengen Ribeiro

back to the main page