Software-Defined Networking (SDN)-based IPsec Flow Protection

University of Murcia


This work has been standarised in IETF RFC 9061.

This research work seeks to establish an IPsec connection in a Software Defined Network (SDN) infrastructure. This project is motivated by the trend of new 5 generation network to centralise network architectures under a Controller, spliting the network into data-plane and control-plane. It considers two main well-known scenarios in IPsec: gateway-to-gateway and host-to-host.

My main contribution to this project is based on the "Centralised Configuration of IKE in various devices with SDNs" which was presented as final project dissertation where I obtained honors (A++).

Security is a basic need in SDN networks, which must mature and standardize. This work proposes a solution that allows network administrators to manage the IPsec security associations of their resources easier. The deployment of security is a complex task as the increase the amount of resources that need to be protected. This solution provides a simple model of security manipulation in a centralized way, installing, modifying and deleting IPsec security policies without the inconvenience of accessing resource by resource making it a tedious task with little tolerance to failures.


This project is standarised by the Internet Engineering Task Force (IETF).