Eastern-European Journal of Enterprise Technologies ISSN 1729-3774 5/9 ( 113 ) 2021

UDC 004.056.5
A Software-Defined Network (SDN) on
DOI: 10.15587/1729-4061.2021.242993
a Wide Area Network (WAN) is a computer
network that is controlled and created by
software.
SD-WAN is an emerging research area ANALYSIS OF NETWORK
that has received a lot of attention from
industry and government. This technology
offers tremendous opportunities to support
SECURITY ORGANIZATION
the creation of consolidated data centers
and secure networks. This is an innovation BASED ON SD-WAN
that allows the network to be monitored
and programmed so that it can respond to
network events caused by security breaches.
TECHNOLOGY
This solution provides network security,
offers a single network management Gulzinat Ordabayeva
console, and provides complete control over Corresponding author
the network architecture. Also controls Senior Teacher
security in the cloud software-defined
infrastructure (SDI), such as dynamically
Department of Information Systems
changing the network configuration when Al-Farabi Kazakh National University
forwarding packets, blocking, redirecting, Al-Farabi ave., 71, Almaty, Republic of Kazakhstan, 050040
changing Media Access Control (MAC) or E-mail: gulzi200988@mail.ru
Internet Protocol (IP) addresses, limiting the
packet flow rate etc. Abdizhapar Saparbayev
Using SD-WAN technology, it is possible Doctor of Economic Sciences, Professor, Vice-rector for Science
to reduce the cost of dedicated bandwidth Department of Economics and Business
channels, achieve a high-quality Virtual
Kainar Academy
Private Network (VPN), and the ability to
automatically select a channel for certain Satpayev str., 7A, Almaty, Republic of Kazakhstan, 050013
channels. Bibinur Kirgizbayeva
The main advantages of SD-WAN are PhD, Professor
the management of an unlimited number of
devices from a single center, reducing the
Department of «IT technology and automation»
cost of deploying branch infrastructure. Kazakh National Agrarian Research University
According to the results of the survey, Abai ave., 8, Almaty, Republic of Kazakhstan, 050010
7 % of respondents use SD-WAN for security
solutions, 14 % at the piloting stage.
Gulzat Dzhsupbekova
As a result of the research, it was PhD
revealed that by 2024, to increase the Department of Information Technology
flexibility and support of cloud applications, M. Auezov South Kazakhstan*
more than 60 % of SD-WAN customers will
implement the SASE (Secure Access Service
Nazira Rakhymbek
Edge) architecture, which is 30 % more than Senior Teacher
in 2020 and the main concept – application Department of Information Technology
security and cloud functions M. Auezov South Kazakhstan*
Keywords: OpenFlow, Software defined
*State University
wide area network (SD-WAN), architecture,
DDoS attack, WAN network Tauke khan ave., 5, Shyment, Republic of Kazakhstan, 160012

Received date 23.08.2021 How to Cite: Оrdabayeva, G., Saparbayev, A., Kirgizbayeva, B., Dzhsupbekova, G., Rakhymbek, N. Analysis of network security
Accepted date 17.10.2021 organization based on sd-wan technology. Eastern-European Journal of Enterprise Technologies, 5 (9 (113)), 56-69.
Published date 29.10.2021 doi: https://doi.org/10.15587/1729-4061.2021.242993

1.Introduction – high reliability of automation of low-level network

management operations;
Deploying SD WAN is an important task to ensure net- – centralized network statistics and integration with
work management. This technology is becoming popular in network analytics.
the problem of security and in determining the vulnerability SD-WAN has grown in popularity over the past few
of networks. years, but the ideas for this technology have been evolving
In the study [1], the possibilities of testing SDN in for twenty years or more. This network separates the con-
laboratory conditions on the graphical network simulator trol and data layers, controlling the network infrastructure
Graphical Network Simulator 3 (GNS3) and the advantages through application programming interfaces (API – Appli-
of the technology are considered: cation Programming Interface). The SD-WAN architecture
– low costs of the functionality of network devices; consists of the following components:
– minimal operating costs due to the configuration of 1) application layer – intrusion detection and preven-
services from one point of management; tion systems (Intrusion Detection System, IDS/Intrusion

56

Copyright © 2021, Authors. This is an open access article under the Creative Commons CC BY license
Information and controlling system

Prevention System, IPS), quality of service (QoS) function, uration Protocol Guard feature (DHCPguard). According
other proxy server that determine the behavior of the net- to a study, DHCPguard increased throughput by up to 94 %
work are implemented; and reduced CPU utilization by up to 92 %.
2) control level – the main element is the SDN controller, SDN provides a flexible way to manage traffic on networks.
which coordinates the network devices located at the infra- The deep Reinforcement Learning (DRL) algorithm was used
structure level; to determine the traffic management method for QoS optimi-
3) infrastructure layer – provides processing and for- zation in hybrid SDN. The simulation results showed that the
warding of packets based on the received instructions from method of this work can lead to a significant improvement in
the control layer; the optimization of the network QoS performance [8].
4) north APIs – allow applications to use network secu- SD-WAN for Internet of Things (IoT) devices provides
rity services, load balancing, traffic management, quality of robust security solutions. IoT and SD-WAN edge devices
service and dynamically configure the network; communicate with a common controller. The cloud controller,
5) southern APIs – provide efficient network management; in turn, informs and allows IoT and SD-WAN edge devices to
6) East/West interfaces – provide communication be- take action to provide protection, especially at the edge of the
tween objects of the control level and exchange of informa- enterprise, where large datasets are aggregated [9].
tion for processing traffic at the level of infrastructures [2]. In [10], the Fake Link Layer Discovery Protocol (LLDP)
An important component of the SD-WAN architecture Injection and LLDP replay methods are considered, which
is a controller that centralizes and monitors the state of the are used to create fake links on the controller. The results re-
network. Main characteristics of the controller: vealed that the Floodlight controller is vulnerable to attacks
– performance – the number of threads processed by the based on the use of LLDP. When receiving invalid routes,
controller per unit of time (threads/s); access to the network is lost and the network performance
– processing time – the amount of time spent by the con- is underestimated.
troller to process the request from the switch (c); In [11], the results of studies of a Distributed Denial of
– reliability – the number of failures at a given load profile; Service (DDoS) attack in SDN, detected using machine
– resource intensity – utilization of the physical server’s learning-based models, are presented. Feature selection
RAM by the controller, and the load on the processor cores; methods are shown to be preferable for simplifying mod-
– scalability – multithreading support by the controller [3]. els and providing shorter training times. Classification
SD-WAN is based on the L2/L3 architecture, in which models were built for Support Vector Machine (SVM),
a centralized controller controls the data transfer of a set of Naive Bayes (NB), Artificial neural network (ANN), and
distributed switches using a control protocol, for example, K-Nearest Neighbors (KNN). Based on the test results, it
OpenFlow. OpenFlow is an open standard that allows de- was shown that the use of the shell function selection with
velopers to work with experimental protocols on a local area the KNN classifier allowed to achieve the highest level of
network [4–6]. accuracy (98.3 %) in detecting DDoS attacks.
Leading companies are moving to virtualized environ- [12] describes a security architecture for the Internet of
ments, so network architectures are needed that integrate Things (IoT) based on software-defined networks (SDN)
seamlessly with SD-WAN controllers. One of the leading and discusses a new architecture of the IoT system. But
vendors in the implementation of SD-WAN technology is there are still unresolved issues related to the analysis of
Juniper Networks (Sunnyvale, USA), which ensures full the organization of network security based on SD-WAN
compatibility of the network infrastructure with existing technology.
resources. The work [13] considers the preservation of the tradi-
SD-WAN is designed to address constraints such as tional network infrastructure and the gradual upgrade of
high bandwidth costs, the cost of adding new nodes to the this infrastructure to a hybrid SDN (hybrid SDN, hSDN).
network, the cost of changing security policies, and the lack The authors examined hSDN models in the control and data
of network management automation. More than 90 % of planes, considered the optimization of the control plane of
enterprises will be using SD-WAN technology by the end of placement, scalability and security issues, privacy, as well as
2023, according to Gartner’s analysis. existing vulnerabilities and threats. An option to overcome
The developed models of SD-WAN technology indicate the corresponding difficulties may be to update the network
the relevance of research on methods of mathematical anal- in both the outdated and SDN settings. This is the approach
ysis for the classification of processing time of flows and used in [13], however, modeling tools and public test benches
rational planning of the placement of network elements at are a completely undisclosed topic. All this suggests that it
the stage of deployment and scaling. is advisable to conduct a study on the use of hSDN in 5G
mobile networks, cloud and data centers, IoT connectivity,
blockchain, SD-WAN and SD-Branch. In addition, network
2. Literature review and problem statement reliability, resiliency and load balancing are also investigated.
Study [14] discusses SD-WAN Flood Tracer to facilitate
The work [7] analyzed the security of embedded Dy- tracking of DDoS attacks on SD-WAN. Also, to track and
namic Host Configuration Protocol (DHCP) services on prevent other sources of anomalies on legitimate traffic, the
three popular SDN controllers: Python and Apache licensed tracing scheme is divided into two parts. This scheme effec-
(POX), Open Network Operating System (ONOS) and tively monitors internal, external anomalies and prevents
Floodlight (an Apache licensed, Java-based OpenFlow con- damage to communications in the network.
troller). Vulnerabilities have been identified for overloading The growth in the volume of network traffic, the need
controllers when launching denial-of-service attacks. Study- to configure large-scale data transmission networks and the
ing modern methodologies, a DHCP security module on the analysis of the above materials suggest that conducting a
POX controller was developed, the Dynamic Host Config- study on SD-WAN technology is promising.

57
Eastern-European Journal of Enterprise Technologies ISSN 1729-3774 5/9 ( 113 ) 2021

3. The aim and objectives

of research

The aim of research is to ana-

lyze the organization of network
security based on SD-WAN tech-
nology.
To achieve this aim, the follow-
ing objectives are being solved:
– investigate methods and al-
gorithms for complex protection
against threats based on SD-WAN
technology;
– create an algorithm that pro-
vides protection against threats
without sacrificing bandwidth,
taking into account the possibility
of protection against various types
of attacks;
– create a testing algorithm
to optimize the network security
system based on SD-WAN tech- Fig. 1. Basic Service Model SD-WAN [16]
nology;
– analyze the implementation SD-WAN is an integral part of cloud services because
of SD-WAN technology. it provides flexible management capabilities for monitoring
and analyzing network traffic using programmable objects.
The main vulnerability of SD-WAN is a distributed denial
4. Materials and methods of research of service (DDoS) attack. The work [17] proposes a scheme
for detecting and protecting DDoS attacks using time series
The SD-WAN architecture consists of the following analysis for SD-WAN (Fig. 2). The obtained experimental
planes: data plane, control plane and application. The result showed that the obtained algorithm has a high detec-
transmitted data packet is processed in the control plane tion rate and a low false alarm.
of the router and goes to the second level. The packet In [18], the main design principle of the proposed method
travels along this route to the output port. All operations is to extract embedded OpenFlow messages in SDN to repre-
performed on packet transmission are embedded in the sent the state of the network and further detect the network
router [15]. anomaly. This method does not need to collect and add addi-
The study [16] shows the basic model of SD-WAN tional messages from the core switches. The results of attacks
service using the D-CPI (Data-Control Plane Interface) assessment (DDoS, Worm, Port Scan) show that the proposed
interface, the application and control plane – the A-CPI method for detecting network anomalies can provide high de-
(Application-Control Plane Interface) interface (Fig. 1). tection accuracy and reduce SDN controller overhead (Fig. 3).

Fig. 2. Proposed DDoS detection and protection model for SDN [17]

58
 Information and controlling system

One of the areas of SDN security is the use

of blockchain for solving forensic problems.
Blockchain is a distributed peer-to-peer net-
work that can be used in SDN-based Internet
of Things (IoT) environments for security.
In [19], event logs are stored in the blockchain
of the SDN-IoT architecture. Based on the
results of the evaluation, the performance
gains were derived from latency caused by
the increase in the number of devices and
requests (Fig. 4).
Comparison of latencies shows that Foren-
sic SDN-IoT has the lowest latency, SDN-Fog
latency variation is 0.2 milliseconds. The laten-
cy value gradually increases as the number of
devices increases.

100 100 100

80 80

True positive rate/ %

True positive rate/ %
True positive rate/ %

a
80
60 60

40 40
60
PNAD PNAD PNAD
FENAD 20 FENAD 20 FENA
LNAD LNAD LNAD
0 0
0 10 20 30 40 0 10 20 30 40 0 10 20 30 40
False positive False positive False positive
a
100 100

80 80
True positive rate/ %
True positive rate/ %

60 60

40 40
PNAD PNAD PNAD
FENAD 20 FENAD 20 FENAD
LNAD LNAD bLNAD
0 0
0 40 0 10 20 30 40 0 10 20 30 40
itive False positive Fig. 4. The results of False
the delay: a
positive – an increase in the number of devices;
b – an increase in the number of requests [19]
b
100
5. Results of the study of the SD-WAN technology
80 testing algorithm
True positive rate/ %

60 5. 1. Research of methods and algorithms for complex

protection against threats based on SD-WAN technology
40 The Open Network Foundation (ONF), a nonprofit orga-
nization, has developed a standards compliance certification
PNAD PNAD program to advance the SDN vision. The main goal of SDN
FENAD 20 FENAD is to provide open software development interfaces for con-
LNAD LNAD trolling the flow of network traffic with the ability to check
0
40 0 10 20 30 40 and modify the network (Fig. 5) [20].
ive False positive SDN has been researched in the field of road engineering
and the following benefits have been identified:
c – a global controller that has an idea of the topology and
state of the network, as well as the requirements for applications;
Fig. 3. Results of attacks assessment: – programmability – the data plane can be programmed
a – DDoS; b – Worm; c – Port Scan [18] to improve the allocation of network resources;

59
Eastern-European Journal of Enterprise Technologies ISSN 1729-3774 5/9 ( 113 ) 2021

– openness – the controller and forwarding devices do

not depend on the device suppliers (Fig. 6) [21].

Fig. 6. Deployment of control planes and data

transmission in traditional networks and SDN [21]

In the study [22], the DELTA tool is proposed

for disclosing SDN vulnerabilities. Based on the
testing results, the authors identified 26 known
attack scenarios on SDN controllers, as well as 9
new attacks for SDN applications.
The work [23] examines the development of
SDN, as well as the introduction of this tech-
Fig. 5. The main components of the nology over the years in companies – Google,
Software-Defined Network (SDN) [20] Cisco (Table 1).

Fig. 7. SD-WAN Market [24]

60
Information and controlling system

Table 1 5. 2. Development of an algorithm for throughput,

SDN development [23] taking into account the possibility of protection against
various types of attacks
Years Technology Description The formulas of mathematical statistics determine the
Movement to separate control and for- characteristics of time intervals. In the study [26], statistics
2011 SDN
warding planes to drive innovation up to the third order were used, which allow one to judge the
OPEN The first standard interface for separating nature of the distribution of intervals.
2012
FLOW the network and data control layers. The calculation of the average value of the packet inter-
Leading Open Source SDN Controller for val is carried out according to the formula:
2014 ONOS
Operators
Edge Cloud Solution: 70 % of carriers 1 N

2017 CORD plan to deploy CORD to transform their τ=

N
∑ (t
k =0
k +1 − tk ) , (3)
networks

where, tk – time of packet arrival, N – the number of ana-

Gartner estimates that there are about 80 vendors pro- lyzed intervals.
viding technology solutions based on SD-WAN (Fig. 7) [24]. The sample variance is:
According to Gartner researchers, the main leaders of
SD-WAN are VMware (Palo Alto, USA), Fortinet (Sunny- Dв = t 2 − τ 2 , (4)
vale, USA), Citrix (Fort Lauderdale, USA), HPE (Aruba)
2
(Sunnyvale, USA), Huawei (Shenzhen, China) and others. where t – the second initial moment.
SD-WAN product differentiation is based on security, appli-
N
1
cation performance optimization and cloud functions.
In a study [25], to achieve robustness and low cost
t2 =
N
∑ (t
k =0
k +1 − tk ) . (5)

in controllers, RetroFlow is proposed, which maintains

flow programmability in the event of failures. Simulations The coefficient of variation
show that RetroFlow reduces communication costs by
up to 52.6 % during moderate controller failure. Also, σв
c= , (6)
it recovers 90 % of the traffic from standalone switches, τ
reducing costs by up to 61.2 % in the event of a severe
controller failure. where σ в = Dв .
Switches with OpenFlow support provide SNMP pro-
tocol operation and also support local controller operation. Asymmetry is calculated:
The following information is defined for routing and
network management:
– the number of packets passed through the port;
A =
( t − 3t ⋅ τ + 2 τ ) ,
3 2 3

(7)
σ 3в
s
– the number of bytes transmitted through the port;
– average speed in packets/s;
3
– average speed in bytes/s; where t – the third initial moment
– load of the processor and memory of the switch;
N
– port queue lengths [26]. 1
∑ (t − tk ) .
3
t3 = k +1 (8)
Calculating the average time between packets is needed N k =0
for routing and network management:
Using the above formulas, certain data showed the dif-
t ference between the analyzed traffic and the Poisson one,
τ= , (1)
N since the coefficient of variation c>1, and the asymmetry
value As>2. Taking into account the ratio of the lengths
where t – observation time; N – average number of pack- of the packets of reverse requests (64 bytes) and the main
ages. packets (1500 bytes), reverse requests increase the load on
Calculating variance for the distribution of time between the channels by about 4 %.
packets:
5. 3. Development of a testing algorithm to optimize
τ3 the network security system based on SD-WAN tech-
Dτ = DN ⋅ . (2)
t nology
In the study [16], applying the Poisson distribution
Using the above formulas, the number of packets per formula over the time interval [T0, Tf]=mTi to estimate the
stream is calculated accurately, but according to manufac- probability of k-requests from the switch to the controller,
turers, it can differ from reality by up to 20 %. we obtained:
Research data on SD-WAN technology methods and
algorithms improves performance that accelerates security
Pd τ NF =
( λmTi ) e − λmT i
. (9)
and network connectivity tasks. The cost-effectiveness of k!
SD-WAN technologies is a key driver for the development
of the network structure and provides a quick return on The probability of n events on the switch is determined
investment. by the formula:

61
Eastern-European Journal of Enterprise Technologies ISSN 1729-3774 5/9 ( 113 ) 2021

Pdr = 1 − Pd τ NF . (10) was: processor – 31 %, RAM – 514 Mb, response time –

less than 1 ms.
The total delay D, according to [9], is calculated by the
formula: Begin

D = l ⋅ d τ NF + n ⋅ d τ, (11)

where l and n are the number of time intervals. Traffic scanning

The network administrator who needs to upgrade the
hardware in the SD-WAN can obtain specific packet pro-
cessing times based on the latency formula.
The use of SD-WAN allows to more efficiently and eco-
nomically use all available resources of traditional WAN Start nexpose
networks within geographically distributed enterprises and (nmap, openvas)
optimize business processes. The optimal solution for corpo-
rate SD-WANs must align with security priorities.
The main types of security architecture for SD-WAN
technologies: Have all the
– SD-WAN with built-in firewall; Yes parameters of
– firewall with integrated SD-WAN facilities; the
– SD-WAN and next generation firewall from indepen- vulnerability
dent vendors; Start Wireshark
– SD-WAN with cloud security services [27].
To develop a testing algorithm to optimize the network
security system based on SD-WAN technology, the Ubuntu
distribution kit (South Africa) was chosen as the operating Analysis
system for the server whose security is required. This oper-
ating system belongs to the Linux operating system family No
and consists of free and open source software. The server has
Outputting the result
the latest current version of this operating system – Ubuntu
to a * .csv file 
20.04.3 LTS, obtained from the official repository. Recom-
mended system requirements: 2 GHz dual-core processor,
4 GB of system memory, 25 GB of free hard disk space,
Internet access (Fig. 8–11).
Plotting a graph
Based on the data obtained from the access.log files,
scripts were created for carrying out load tests, which are
reduced copies of real DDoS attacks. Before starting the
experiments, the values of the resources used were fixed.
At zero load, that is, in the absence of active connections End
with the server, the processor load was about 0 %, the
memory use was 457 Mb, the response time was less than
1 ms. With an average daily load, the resource utilization Fig. 8. Testing algorithm

Fig. 9. Output of the result

62
Information and controlling system

Fig. 10. Length of incoming packets generated by Wireshark

Fig. 11. Length of outgoing packets generated by Wireshark

63
Eastern-European Journal of Enterprise Technologies ISSN 1729-3774 5/9 ( 113 ) 2021

5. 4. Analysis of the implementation of SD-WAN shown that the approach successfully demonstrates robust-
technology ness and efficiency through the use of SDN programmability
SD-WAN is a new paradigm in network design and for the global network [30, 31].
management that enables network programmability and Using the Hurst coefficient, the regularities of the length
separation of control planes. of transmitted packets in our network are determined.
The research paper [28] deals with the Controller Place- First, the average mathematical expectation of the pack-
ment Problem (CPP) and defines the Quality of Service et length is calculated:
(QoS) requirements. The proposed algorithms use graph the-
N
ory to heuristically search for high-quality solutions. The SD- 1
WAN topology is represented by a connected graph G(V,E),
M=
N
∑X .
i =1
i (19)
V=S∪C, where S is a set of switches with OpenFlow support,
and C is controller locations, E is a set of weighted links. Calculation of the average standard deviation of the size
Weighted links are propagation delays between nodes of the packet length:
depending on their geographic location. Assuming the con- N
1
∑(X − M) .
2
trollers can be in the same location as the switches, the po- S= i (20)
tential controller locations are equal to the switch set (C=S). N i =1

In [28], two binary variables are defined, namely yj and

x ij, to determine decisions about the location and assignment Calculation of deviations from the mathematical expec-
of controllers. tation:

∑y
j ÎC
i . (12)
i
Di = ∑X i − M . (21)
j =1

yi≥x ij,∀iÎS, jÎC. (13) Calculation of the range (amplitude) of the change in D
values:
∑x = r , ∀i Î S . (14)
R = max {D} − min {D} .
ij
j ÎC (22)

∑l ⋅ x
iÎS
i ij ≤ uc , ∀j ÎC . (15) Calculation of the Hurst coefficient:

 R
ln  
The specified limit (15) prevents the total load put on by S
H= . (23)
the switches on the controller from exceeding its uc band- ln ( N )
width.
The result of the calculation in PHP (Fig. 12)
d ij ⋅ x ij ≤ scmax , ∀i ÎS , ∀j ÎC . (16)

The constraint in (16) expresses that the prop-

agation delay between the switch and its assigned
controllers satisfies the scmax delay constraint.

d j ′j ′′ y j ′ y j ′′ ≤ ccmax , ∀j ′, j ′′ ÎC . (17)

The maximum allowable delay among open con-

trollers is provided by the constraint in (19).

x ij , y j Î{0,1} , ∀i ÎS , ∀j ÎC . (18)

(18) provides integrality constraints.

[29] defines SD-WAN tasks such as the topolo-
Fig. 12. The value of the Hurst coefficient
gy mechanism performed by the processor to obtain
appropriate routing information and the definition of
Internet Protocol Security (IPSec) tunnels among multiple The result of the testing algorithm showed that the most
network nodes. Non-limiting examples of routing information resource-intensive process is the web server process. This
might include information related to IPSec tunnels and Vir- process creates the main load when generating dynamic pag-
tual Local Area Network (VLAN) subnets. IPSec tunnels can es using the PHP language interpreter.
contain information such as tunnel name, tunnel source and According to analyzes, if the Hurst coefficient is greater
destination ID, cost, and role. In the example, the information than 0.5, it means that the process is self-sustaining, i.e. if
related to IPSec tunnels might contain information related to the value of the quantity increases over time, then after that
IPSec tunnels that are used for load balancing. it continues to increase.
SD-WAN provides real-time intelligent control and According to the results of Gartner (Fig. 7, Table 2), the
management to improve performance and efficient use of leading companies are VMware, Cisco, Fortinet, Palo Alto
network resources through management. Experiments have Networks, Huawei and Oracle.

64
Information and controlling system

An anonymous online survey was conducted among the

SD-WAN
employees of IT companies of the Republic of Kazakhstan.
As shown by its results, 34 % of respondents know the gener-
al principles of SD-WAN operation, have not heard – 45 %,
try to pilot –14 %, use – 7 % (Fig. 13).
According to expert analysis, SD-WAN implements
cases of guaranteed connection of many geographically dis- Improving
tributed points and is part of SASE (Secure Access Service system Digital
Edge) (Fig. 14). reliability transformation 
According to a report by analyst firm Dell’Oro Group,
the global SD-WAN market grew by 39 % in 2021.
Cisco is the leader in technology adoption, Fortinet is Fig. 14. SD-WAN Application Scenario
second, and VMware, Versa and HPE Aruba are also
in the top five [32]. A survey by vendors showed that For the experiment of implementing SD-WAN, a
21 % of respondents trusted Fortinet, Cisco was cho- laboratory bench from Cisco Viptela (San Jose, USA) is
sen by 18 %, VMware (13 %) and Oracle (11 %) ranked considered (Fig. 16).
third and fourth. Closing in the top five Palo Alto Net- Used for the software:
works (9 %) (Fig. 15). – SD-WAN controllers – vManage, vSmart, vBond,
version 20.1.1;
How familiar are you with SD‐WAN? – SD-WAN routers – CSR1000v, version 17.2.1r;
– WAN emulator – WANem, version 3.0;
7% – WMvare platform, version 16 Player.
According to analysis by Shin Umeda, Vice President
14% 34% at Dell’Oro Group, SD-WAN adoption in Europe and Asia
is growing strongly. In the first half of 2021, 70 % of the
market share was taken by the leading suppliers.
A subsidiary of Halyk Bank of Kazakhstan, Kaz-
45% teleport Joint Stock Company and a large innovative
construction holding BI Group are leaders in the im-
plementation of SD-WAN technology. According to
Kazteleport JSC, the introduction of SD-WAN tech-
nology has reduced the cost of dedicated channels with
a bandwidth of 5 Mbit/s 3 times, received savings in
administration and maintenance of the network.
As a result of the implementation of SD-WAN in the
знаю общие принципы SD‐WAN 
Know the general principles of SD‐WAN BI Group holding, the number of connection points has
не слышали
Did not hear doubled – from 80 to 150 objects. The use of this technolo-
gy is an indicator of high productivity growth and obtain-
Fig. 13. Result of the online survey ing a fault-tolerant network with wide scalability [33, 34].

Table 2
Comparison of SD-WAN solutions
The main characteristics
Manufac- Own hard- High-quality High qual- Subscription Flexible building of
turers Hypervisor Cloud Lack of
ware and documentation and ity service and perpetual configurations based
support support risks
virtual training system support licensing on templates
VMware √ √ √ √ √ √ √ √
Cisco √ √ √ √ √ √ √ √
Fortinet √ √ √ √ √ √ √ –
Palo Alto
√ √ √ √ √ √ √ –
Networks
Silver Peak – – √ – √ – – –
Aryaka √ √ √ √ – – – –
Nokia √ √ √ – √ √ – –
Versa Net-
√ – √ √ √ – √ √
works
Citrix √ √ √ √ √ √ √ –
Huawei √ √ √ √ √ √ √ √
Juniper √ √ √ √ √ √ √ –
Oracle √ √ √ √ √ √ √ √
Riverbed √ √ √ – √ – – –
Zyxel √ √ √ √ – – – –

65
Eastern-European Journal of Enterprise Technologies ISSN 1729-3774 5/9 ( 113 ) 2021

Your vendor choice - for SD-WAN implementation in your organizationи?

ORACLE
PALO ALTO…
CITRIX
HUAWEI
JUNIPER
RIVERBED
VERSA NETWORKS
VMWARE
FORTINET
CISCO
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

Fig. 15. Choosing a vendor for SD-WAN implementation

Fig. 16. Adding Controller Profile

The SD-WAN concept is a technology for distributing In the discussion, experts noted three SD-WAN security
network traffic over data network channels to automatical- models, such as SD-WAN with built-in security, SD-WAN
ly determine the most efficient route for traffic between an using a chain of services and cloud security, SD-WAN with
office and a data processing center (DPC). In the process, a corporate firewall [36].
the network administrator determines the appropriate se- The head of the BI Group holding reports that, since
curity policies. SD-WAN components are: the introduction of SD-WAN, the load on the information
– terminal devices that replace WAN routers; security department has dropped sharply, and this despite
– orchestrator – configuring traffic routing policy and the fact that there are more objects, also, the quality of the
security functionality; network has dramatically improved [34].
– Analytics tools are reports based on data collected One of the leading SD-WAN solution providers is For-
from endpoints, such as channel history, network application tinet, which has received Recommended status from NSS
history, and node availability. Labs for the implementation of the next generation firewall
The SD-WAN security solution for on-premises and (NGFW). NGFW provides ISO Level 3 through 7 security
cloud-based security includes the following categories: net- using its own security processor. The SD-WAN solution
work segmentation, corporate firewall, secure web gateway, also monitors firewall rules and policies and offers recom-
and DNS-compromised security [35]. mendations for optimizing the entire security system [36].

66
Information and controlling system

6. Discussion of the results of the study of the 7. Conclusions

throughput of controllers based on SD-WAN
technology 1. Results of research of methods and algorithms for com-
plex protection against threats based on SD-WAN technology
One of the main goals of SD-WAN is to provide robust allows to manage large-scale corporate networks without man-
network management. SD-WAN performance depends on ual configuration and high-security connections built-in secu-
the operation of centralized controllers, which, when one rity functions with the ability to redirect traffic to centralized
controller fails, reassign to other active controllers. protection services. This technology comprehensively solves
In this paper, methods and algorithms for complex the modernization of the network infrastructure of telecom
threat protection tools based on SD-WAN technology were operators, data centers and distributed corporate networks.
investigated. Also, the platform includes orchestration of network services,
A model for detecting and protecting against DDoS for organization of high-speed traffic processing and virtualization
SDN [17] is considered, as well as the basic principles of of network functions.
designing a network state [18]. 2. Development of a protection algorithm for bandwidth
The results of the testing algorithm can be used in traf- against various types of attacks optimized the use of commu-
fic control, when optimizing the network security system nication channels, increased resiliency and accelerated net-
based on SD-WAN technology. work reconfiguration. Based on the calculation results, it was
The unresolved issues in the analysis of the organiza- obtained: the Hurst coefficient is greater than 0.5. This proves
tion of network security based on SD-WAN technology that this process is self-sustaining.
are related to the choice of access policy. Since the imple- 3. The testing algorithm and the analyzes carried out re-
mentation of SD-WAN simplifies the connection of branch vealed the leaders of the SD-WAN market, and according to
offices and contributes to the growth of the overall network Dell’Oro Group research, in the first half of 2021, the global
security using the IPSec protocol. SD-WAN market grew by 39 % and the share of growth will
Implementation of SD-WAN improves control of access only increase. The application of SD-WAN technology to se-
rights to the network and applications, qualitatively mon- cure management of the cloud or on-premises environment can
itors the operations performed by the connected clients. be tailored to meet the following needs:
SD-WAN controllers – vManage, vSmart, vBond can – providing local access to the Internet at remote sites;
be deployed both in a corporate network and in a public – SSL inspection with high bandwidth;
cloud environment. – filtering web content for Internet security without using
The main characteristics of vBond: a separate Secure Web Gateway (SWG);
– provides connectivity between the planes of adminis- – IPSec encryption;
tration, control and data transfer; – centralized supervision and control of all internal, incom-
– starting point of authentication; ing and outgoing traffic.
– high resiliency; The developed algorithm showed that at zero load, that is,
– authorizes all control connections (“whitelisting” in the absence of active connections with the server, the pro-
model). cessor load was about 0 %, the memory use was 457 Mb, the
Key features of vManage: response time was less than 1 ms. With an average daily load,
– a single management console for operations Day0, the resource utilization was: processor – 31 %, RAM – 514 Mb,
Day1 and Day2 (deployment, configuration, operation); response time – less than 1 ms.
– the formation of policies and templates; Centralized policy-based management allows the network
– monitoring and troubleshooting. engineer to send more (or less) traffic over broadband links at
Key features of vSmart: any time, without having to reconfigure routers on an individ-
– provides discovery of devices in the factory; ual basis. Vendors are increasingly using security features to
– propagates control plane information to vEdge de- differentiate their SD-WAN solutions in a competitive market-
vices; place. Implementing SD-WAN improves performance, reduces
– applies control plane policies; the number of hardware devices in branch offices, and provides
– reduces the complexity of the control plane. secure Internet access.
In the work, an experimental test bench was developed 4. The SD-WAN is being implemented on the existing
as a corporate network for analyzing the organization of corporate network as part of the equipment upgrade. Initially,
network security over broadband Internet using SD-WAN. it is necessary to test the SD-WAN solution in a multi-site
To measure the performance of the proposed solution, pilot zone. Also, it is necessary to configure the exchange of
we used Cisco SD-WAN controllers – vManage, vSmart, information with the existing corporate network and multiple
vBond. terminal devices.

References

1. Laponina, O. R., Sizov, M. R. (2017). Laboratory bench for testing the integration capabilities of SDN networks and traditional
networks. International Journal of Open Information Technologies, 5 (9).
2. Mukhizi, S., Mutkhanna, A. S., Kirichek, R. V, Kucheriavii, A. E. (2019). Issledovanie modelei balansirovki nagruzki v programmno-
konfiguriruemykh setiakh. Elektrosviaz, 1, 23–29
3. Sallent, O., Perez-Romero, J., Ferrus, R., Agusti, R. (2017). On Radio Access Network Slicing from a Radio Resource Management
Perspective. IEEE Wireless Communications, 24 (5), 166–174. doi: http://doi.org/10.1109/mwc.2017.1600220wc

67
Eastern-European Journal of Enterprise Technologies ISSN 1729-3774 5/9 ( 113 ) 2021

4. OpenFlow Management and Configuration Protocol (OF-CONFIG 1.2). ONF TS-016. Available at: https://www.opennetworking.
org/wp-content/uploads/2013/02/of-config-1.2.pdf Last accessed: 15.08.2021
5. Google’s Inter-Datacenter WAN Using SDN and OpenFlow. Available at: https://opennetworking.org/sdn-resources/customer-
case-studies/google/
6. OpenFlow. Available at: https://lvk.cs.msu.su/~sveta/SDN_OpenFlow_basics_lecture1_v2.pdf Last accessed: 15.08.2021
7. Tok, M. S., Demirci, M. (2021). Security analysis of SDN controller-based DHCP services and attack mitigation with DHCPguard.
Computers & Security, 109, 102394. doi: http://doi.org/10.1016/j.cose.2021.102394
8. Huang, X., Zeng, M., Xie, K. (2021). Intelligent traffic control for QoS optimization in hybrid SDNs. Computer Networks,
189, 107877. doi: http://doi.org/10.1016/j.comnet.2021.107877
9. Pamplin, S. (2021). SD-WAN revolutionises IoT and edge security. Network Security, 2021 (8), 14–15. doi: http://doi.org/10.1016/
s1353-4858(21)00090-8
10. Tok, S., Demirci, M. (2021). An Investigation of Topology Poisoning Attacks in Software Defined Networks Through Exploiting
Link Layer Discovery Protocol, 589–608. Uludağ University Journal of The Faculty of Engineering, . doi: http://doi.org/10.17482/
uumfd.769939
11. Polat, H., Polat, O., Cetin, A. (2020). Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods
and Machine Learning Models. Sustainability, 12 (3), 1035. doi: http://doi.org/10.3390/su12031035
12. Olivier, F., Carlos, G., Florent, N. (2015). New Security Architecture for IoT Network. Procedia Computer Science, 52, 1028–1033.
doi: http://doi.org/10.1016/j.procs.2015.05.099
13. Khorsandroo, S., Sánchez, A. G., Tosun, A. S., Arco, J., Doriguzzi-Corin, R. (2021). Hybrid SDN evolution: A comprehensive survey
of the state-of-the-art. Computer Networks, 192, 107981. doi: http://doi.org/10.1016/j.comnet.2021.107981
14. Dayal, N., Srivastava, S. (2021). SD-WAN Flood Tracer: Tracking the entry points of DDoS attack flows in WAN. Computer
Networks, 186, 107813. doi: http://doi.org/10.1016/j.comnet.2021.107813
15. Smelianskii, R. L. (2014). Tekhnologii SDN i NFV: novye vozmozhnosti dlia telekommunikatsii. Vestnik Sviazi, 1, 43–47. Available
at: https://www.arccn.ru/media/1132/ Last accessed: 29.08.2021
16. Galich, S. V., Deogenov, M. S., Kartashevskii, V. G., Pasiuk, A. O., Semenov, E. S. (2016). Issledovanie proizvoditelnosti PKS-
kontrollera OpenDaylight na setiakh raznykh masshtabov. Izvestiia IUFU. Tekhnicheskie nauki, 9, 121–133.
17. Fouladi, R. F., Ermiş, O., Anarim, E. (2020). A DDoS attack detection and defense scheme using time-series analysis for SDN.
Journal of Information Security and Applications, 54, 102587. doi: http://doi.org/10.1016/j.jisa.2020.102587
18. Cui, Y., Qian, Q., Xing, H., Li, S. (2020). LNAD: Towards Lightweight Network Anomaly Detection in Software-Defined
Networking. 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th
International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/
DSS), 855–860. doi: http://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00113
19. Pourvahab, M., Ekbatanifard, G. (2019). An Efficient Forensics Architecture in Software-Defined Networking-IoT Using
Blockchain Technology. IEEE Access, 7, 99573–99588. doi: http://doi.org/10.1109/access.2019.2930345
20. ONF TR-502: SDN Architecture (2014). Open Networking Foundation. Available at: https://www.opennetworking.org/images/
stories/downloads/sdn-resources/technical-reports/TR_SDN_ARCH_1.0_06062014.pdf Last accessed: 20.08.2021
21. Queiroz, W., Capretz, M. A. M., Dantas, M. (2019). An approach for SDN traffic monitoring based on big data techniques. Journal
of Network and Computer Applications, 131, 28–39. doi: http://doi.org/10.1016/j.jnca.2019.01.016
22. Lee, S., Kim, J., Woo, S., Yoon, C., Scott-Hayward, S., Yegneswaran, V. et. al. (2020). A comprehensive security assessment framework
for software-defined networks. Computers & Security, 91, 101720. doi: http://doi.org/10.1016/j.cose.2020.101720
23. Rana, D. S., Dhondiyal, S. A., Chamoli, S. K. (2019). Software Defined Networking (SDN) Challenges, issues and Solution.
International Journal of Computer Sciences and Engineering, 7 (1), 884–889. doi: http://doi.org/10.26438/ijcse/v7i1.884889
24. Critical Capabilities for WAN Edge Infrastructure. Available at: https://www.gartner.com/doc/reprints?id=1-
1XWDQO33&ct=191210&st=sb Last accessed: 24.08.2021
25. Guo, Z., Feng, W., Liu, S., Jiang, W., Xu, Y., Zhang, Z.-L. (2019). RetroFlow: Maintaining Control Resiliency and Flow
Programmability for Software-Defined WANs. IEEE/ACM International Symposium on Quality of Service (IWQoS ’19). Phoenix,
New York. doi: http://doi.org/10.1145/3326285.3329036
26. Malakhov, S. V., Tarasov, V.N. (2015). Teoreticheskoe i eksperimentalnoe issledovanie zaderzhki v programmnogo-kofiguriruemykh
setiakh. Infokommunikatsionnye tekhnologii, 4, 409–413.
27. Maltsev, A. (2018). Postroenie zaschischennoi i adaptiruemoi seti SD-WAN. Available at: https://www.osp.ru/lan/2018/04/13054564
Last accessed: 29.08.2021
28. Tanha, M. (2019). Resilient Controller Placement Problems in Software Defined Wide-Area Networks. University of Victoria, 130.

68
Information and controlling system

29. Kodavanty, V., Sen, S., Kamsetty, S., Arumugam, P. V. (2019). Pat. No. US 2019/0207844 A1 USA. Determining routing decisions
in a software – defined wide area network. Pub. Date: 04.07.2019.
30. Golani, K., Goswami, K., Bhatt, K., Park, Y. (2018). Fault Tolerant Traffic Engineering in Software-defined WAN. 2018 IEEE
Symposium on Computers and Communications (ISCC). doi: http://doi.org/10.1109/iscc.2018.8538606
31. Sarychev, D. (2021). Kak obespechit bezopasnost programmno-opredeliaemykh setei (SD-WAN). Available at: https://www.anti-
malware.ru/analytics/Technology_Analysis/Secure-SD-WAN Last accessed: 05.09.2021
32. SD-WAN Market Recorded 39 Percent Growth for 1H 2021, According to Dell’Oro Group. Available at: https://www.delloro.com/
news/sd-wan-market-recorded-39-percent-growth-for-1h-2021/ Last accessed: 05.09.2021
33. Galiev, A. (2021). Kak «Kazteleport» v razy sokratil izderzhki na vydelennye kanaly s pomoschiu SD-WAN. Available at:
https://profit.kz/articles/14657/Kak-AO-Kazteleport-v-razi-sokratil-izderzhki-na-videlennie-kanali-s-pomoschu-SD-WAN/
Last accessed: 05.09.2021
34. BI Group modernizirovala set s pomoschiu resheniia SD-WAN ot Fortinet (2021). Available at: https://profit.kz/articles/14700/
BI-Group-modernizirovala-set-s-pomoschu-resheniya-SD-WAN-ot-Fortinet/ Last accessed: 05.09.2021
35. Razbor rynka SD-WAN: kakie suschestvuiut resheniia i komu oni nuzhny (2019). Available at: https://safe.cnews.ru/
articles/2019-11-06_razbor_rynka_sdwan_kakie_sushchestvuyut Last accessed: 06.09.2021
36. Rukovodstvo po sredstvu zaschity SD-WAN dlia rukovoditelei v sfere setevykh tekhnologii. Available at: https://www.fortinet.com/
content/dam/fortinet/assets/white-papers/ru_ru/eBook-The-Network-Leaders-Guide-to-Secure-SD-WAN.pdf Last accessed:
06.09.2021

69