Organizations must safeguard network connections while avoiding complex routing and configuration. An organization’s distributed networks should be unified and able to connect each other securely. Transmission of data must be encrypted, as well as packet routing. In order to accomplish these objectives and join forces several networks in various locations into a single secured network, secure distributed switch was created. In other words, SDS combines various scattered networks into a single, solid LAN that uses Ethernet at layer 2 to interconnect together.
This technique is set up in a way that it is seen by users and network administrators as a switch device situated between two different LAN networks. Both the configuration and usage are straightforward. SDS node setup doesn’t require specialized knowledge. Anyone who has even a basic understanding of IP networks can assign an IP address for each node to establish direct connections between nodes (Peers). Once the network is up and running, every host in the underlying networks can communicate with every other host as if they were in the same subnet.
SDS consists of different encrypter devices as SDS Nodes. Each node controls incoming and outgoing traffic while being protected at the network’s edge.
In order to address the demands of businesses or organizations for safe and transparent network connections, safe Distributed Switch was created. Its features are:
- Building a secure tunnel between the nodes: All communication takes place through a tunnel that is encrypted.
- Authentication of nodes over overlay network: Adjacent nodes needs to be authenticated to establish a secured tunnel. This authentication method is exclusive.
- Secure control and management packet exchange: Node’s routing information is sent to adjacent nodes through a secured tunnel.
- Secure ARP protocol packet exchange: ARP protocol packets are routed to secure networks via secure tunnels. In this way, nodes can form MAC routing tables extensively.
- Automatic network topology construction: Although the network administrator identifies only adjacent nodes for each node, the nodes automatically identify the network topology and routing tables by exchanging control packets.
- Construction of cost-based routing tables: Node routing tables are built automatically based on the lowest cost.
- Transparency: Overlay network management is done automatically and distributed by sending management packets, and for each node, the network administrator identifies
- only adjacent nodes with IP address.
- Firewalling: Traffic passing through each encryption device is monitored and it is possible to apply transit policies to traffic.
- Scalability: Communication between node can be one-way or two-way direction. In one-way direction, node only adds peers to its table. But, if the direction is set two-way, node announce others to determine it as peer. This feature allows overlay network to expand easily by configuring and adding new nodes to the existing structure.
The unique design of SDS allows the nodes under this network to enjoy the following capabilities:
- Fault tolerance: Routing map are updating periodically. If one of the nodes goes down, the route will be replaced with a path through another nodes.
- Load balance: Multiple routes are used simultaneously.
- Quality of Service: the quality of communications is assured by dynamic overlay routing and considering link costs.