Page 62 - 108
P. 62
CYBERSECURITY
switch, fi rewall, network address translator, or so-
mething in between.
Flow Controller plays a key role in the de-
ployment of the network. While a traditional
plug-and-play network appliance is great for the
ease of installation and purpose engineering ap-
pears more diffi cult, this effort is the only way to
provide complete control over the desired path a
packet should take during normal and abnormal
network conditions.
Recent versions of fl ow controllers can defi ne host-
to-host communications with automatic identifi ca-
tion of alternative paths in the case of a network
failure. Because redundant paths are predetermi-
ned, we can expect the switches to react in micro-
seconds after the detection of a link failure without
losing any packets. While the initial release of Flow
At the end of the confi guration procedure, each Controller was limited to a manual confi guration
SDN device of the network receives a list of rules procedure, it is now possible to deploy complex
that can inspect and validate every single pa- networks leveraging the usage of standard fi les,
cket entering the device. If we consider an SDN such as IEC 61850 SCD fi les, Microsoft Visio fi les,
switch, each Ethernet packet can be analyzed, or scripts taking advantage of the aforementioned
and the related matching rules based on the fi rst API interface.
four layers of the OSI stack can be applied. MAC
addresses, virtual local area-network (VLAN) Thanks to the fact that a single fl ow controller can
tags, EtherType, IP addresses, and TCP ports manage the entire OT network, multicast and bro-
can be verifi ed to identify which fl ow the packets adcast messages can be easily segregated based
belong to. on a MAC address and do not require extensive
use of VLANs (even if that methodology remains
When a packet matches one of the rules, the devi- applicable). STPs are not required anymore, and
ce will perform certain actions on the packet, such each single physical link can be kept active by in-
as dropping, forwarding, or fl ooding it. Depending creasing available bandwidth and maximizing the
on the rules provided by the controller applica- return of investment related with the costs of in-
tion, an OpenFlow device can behave like a router, stallation.
58 Impiantistica Italiana - Novembre-Dicembre 2023
