융합보안논문지 (Convergence Security Journal)

  • 제16권7호
  • /
  • Pages.3-11
  • /
  • 2016
  • /
  • 1598-7329(pISSN)
  • /
  • 2508-7460(eISSN)
한국융합보안학회 (Korea convergence Security Association)
권호 표지

국가연구망의 발전방향 및 차세대 국가연구망 보안

Developement Strategy for the National Research Network and Next Generation Network Security

  • 이명선 (한국과학기술정보연구원/첨단연구망서비스실) ;
  • 조부승 (한국과학기술정보연구원/첨단연구망서비스실) ;
  • 박형우 (한국과학기술정보연구원/첨단연구망서비스실) ;
  • 김현철 (남서울대학교/컴퓨터학과)
  • 투고 : 2016.10.27
  • 심사 : 2016.12.09
  • 발행 : 2016.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근 광네트워킹 기술의 급격한 발전, SDN (Software-Defined Network) 및 NFV (Network Function Virtualization)로 대두되는 네트워크의 소프트웨어화, 그리고 단순한 고성능연결서비스를 포함한 연구협업을 가능하게 하는 플랫폼으로써의 연구망 등 인터넷 서비스을 포함한 연구망에서는 급격한 변화가 진행되고 있다. 이에 슈퍼컴과 함께 국가과학기술경쟁력을 대표하는 국가연구망의 향후 발전방향을 선진 국가연구망의 비교분석 및 사회가 요구하는 연구망의 역할 변화에 맞추어 조망해본다. 또한 국가연구망 백본의 40Gbps 및 100Gbps급 초광대역 네트워크화, 대용량의 데이터를 고속으로 전송하기 위한 Science DMZ 기반의 망분리, 마지막으로 BRO 기반 프로그래머블 가능한 캠퍼스 네트워크 Lastmile 보안 환경 구축 방안을 제시한다.

With repid development of optical networking technology, Software-Defined Network (SDN) and Network Function Virtualization (NFV), high performance networking service, collaboration platform that enables collaborative research globally, drastically National Research Network (NRN) including Internet Service has changed. Therefore we compared and analyzed several world-class NRNs and took a view of future development strategy of the NRN. Also we suggest high speed security environment in super high bandwidth network with 40Gbps and 100Gbps optical transmission technology, network separation of NRN with Science DMZ to support high performance network transmission for science big data, building security environment for last-mile in campus network that supports programmability of IDS using BRO framework.

키워드

참고문헌

  1. McKeown, Nick, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Sc ott Shenker, and Jonathan Turner. "OpenFlow: enab ling innovation in campus networks." ACM SIGCO MM Computer Communication Review 38, no. 2, 2008
  2. Tony Hey, Stewart Tansley, Kristin Tolle, The Fourth Paradigm: Data-Intensive Scientific Discovery", Microsoft Research, 2009.10.16
  3. Internet2, http://www.internet2.edu/
  4. ESnet, http://es.net/
  5. CANARIE, https://www.canarie.ca/
  6. SURFnet, https://www.surf.nl/
  7. GEANT, http://www.geant.org/
  8. SINET, https://www.sinet.ad.jp/
  9. JGN-X, http://www.jgn.nict.go.jp/
  10. AARNET, https://www.aarnet.edu.au/
  11. KREONET, http://www.kreonet.net/
  12. GLIF, http://glif.is/
  13. GEANT Expert Group, "Knowledge without Borders-GEANT2020 as the European Communications Commons", European Commission, 2011.10
  14. NORDUnet, "The Role of NREN's in 2020", 2011
  15. Inder Monga, Eric Pouyoul, Chin Guok, "Software-Defined Networking for Big-Data Science - Architectural Models from Campus to the WAN", 2012 SC Companion: High Performance Computing, Networking, Storage and Analysis (SCC), 2012
  16. Kwangjong Cho, SeongHae Kim, HyeakRo Lee, "GLORIAD-KR and Its Advanced Applications", 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT), 2010
  17. Dart, Eli, Lauren Rotman, Brian Tierney, Mary Hester, and Jason Zurawski. "The science dmz: A network design pattern for data-intensive science." Scientific Programming 22, no. 2, 2014
  18. Edward Balas, AJ Ragusa, "SciPass: a 100Gbps capable secure Science DMZ using OpenFlow and Bro", Supercomputing 2014 conference (SC14), 2014
  19. SciPass https://github.com/GlobalNOC/SciPass
  20. Vern Paxson "Bro: A System for Detecting Network Intruders in Real-Time" Computer Networks, 31(23-24), pp. 2435-2463, 1999 https://doi.org/10.1016/S1389-1286(99)00112-7