Implementation of a Click Based IDS on SDN-NFV Architecture and Performance Evaluation

Network Virtualization is a revolutionary concept that offers programmability and scalability, while providing open networking framework allowing dynamic orchestration. It allows the inclusion of various external virtual elements such as intrusion detection system (IDS), Network Address and Port Translation (NAPT), Load Balancer, IP Router etc. Such elements can be designed and implemented as per designers' requirements, on different Network Function Virtualization (NFV) and Software-defined networking (SDN) platforms. In this work, we have designed a Click-IDS which is a Click modular router-based Intrusion Detection System and analyzed its performance. At first the evaluation was done for single Click-IDS, and later two Click-IDS were integrated for packet supervision between hosts and web servers connected through a round robin load balancer. A PDX controller was used for integrating NFV and SDN on Mininet virtual environment, and the performance was assessed for different bandwidth conditions. Our tests showed that the inclusion of these middleware (Click-IDS) incurred deterioration in packet delivery ratio and yielded higher transmission delay (jitter) between the hosts and the destination web servers.