A CCG virtual system for big data application communication costs analysis

Network topology and routing are two important factors in determining the communication costs of big data applications at large scale. As for a given Cluster, Cloud, or Grid system, the network topology is fixed and static or dynamic routing protocols are preinstalled to direct the network traffic. Users cannot change them once the system is deployed. Hence, it is hard for application developers to identify the optimal network topology and routing algorithm for their applications with distinct communication patterns. In this study, we design a CCG virtual system (CCGVS), which first uses container-based virtualization to allow users to create a farm of lightweight virtual machines on a single host. Then, it uses software-defined networking (SDN) technique to control the network traffic among these virtual machines. Users can change the network topology and control the network traffic programmingly, thereby enabling application developers to evaluate their applications on the same system with different network topologies and routing algorithms. The preliminary experimental results through both synthetic big data programs and NPB benchmarks have shown that CCGVS can represent application performance variations caused by network topology and routing algorithm.

Byzantine-resilient secure software-defined networks with multiple controllers

Software-defined network (SDN) is the next generation of networking architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications. In SDN, network management is facilitated through software rather than low-level device configurations. However, the centralized control plane introduced by SDN imposes a great challenge for the network security. In this paper, we present a secure SDN structure, in which each device is managed by multiple controllers rather than a single one as in a traditional manner. It can resist Byzantine attacks on controllers and the communication links between controllers and SDN switches. Furthermore, we design a cost-efficient controller assignment algorithm to minimize the number of required controllers for a given set of switches. Extensive simulations have been conducted to show that our proposed algorithm significantly outperforms random algorithms. © 2014 IEEE.

Joint optimization of rule placement and traffic engineering for QoS provisioning in software defined network

Software-Defined Network (SDN) is a promising network paradigm that separates the control plane and data plane in the network. It has shown great advantages in simplifying network management such that new functions can be easily supported without physical access to the network switches. However, Ternary Content Addressable Memory (TCAM), as a critical hardware storing rules for high-speed packet processing in SDN-enabled devices, can be supplied to each device with very limited quantity because it is expensive and energy-consuming. To efficiently use TCAM resources, we propose a rule multiplexing scheme, in which the same set of rules deployed on each node apply to the whole flow of a session going through but towards different paths. Based on this scheme, we study the rule placement problem with the objective of minimizing rule space occupation for multiple unicast sessions under QoS constraints. We formulate the optimization problem jointly considering routing engineering and rule placement under both existing and our rule multiplexing schemes. Via an extensive review of the state-of-the-art work, to the best of our knowledge, we are the first to study the non-routing-rule placement problem. Finally, extensive simulations are conducted to show that our proposals significantly outperform existing solutions.

Controle de mobilidade infraestruturado e orientado à qualidade para maximização de admissões em sistemas WiNeMO: uma abordagem definida por software

The spread of wireless networks and growing proliferation of mobile devices require the development of mobility control mechanisms to support the different demands of traffic in different network conditions. A major obstacle to developing this kind of technology is the complexity involved in handling all the information about the large number of Moving Objects (MO), as well as the entire signaling overhead required to manage these procedures in the network. Despite several initiatives have been proposed by the scientific community to address this issue they have not proved to be effective since they depend on the particular request of the MO that is responsible for triggering the mobility process. Moreover, they are often only guided by wireless medium statistics, such as Received Signal Strength Indicator (RSSI) of the candidate Point of Attachment (PoA). Thus, this work seeks to develop, evaluate and validate a sophisticated communication infrastructure for Wireless Networking for Moving Objects (WiNeMO) systems by making use of the flexibility provided by the Software-Defined Networking (SDN) paradigm, where network functions are easily and efficiently deployed by integrating OpenFlow and IEEE 802.21 standards. For purposes of benchmarking, the analysis was conducted in the control and data planes aspects, which demonstrate that the proposal significantly outperforms typical IPbased SDN and QoS-enabled capabilities, by allowing the network to handle the multimedia traffic with optimal Quality of Service (QoS) transport and acceptable Quality of Experience (QoE) over time.

Extensões na arquitetura SDN para o provisionamento de QoS através do monitoramento e uso de múltiplos caminhos

The substantial increase in the number of applications offered through the computer networks, as well as in the volume of traffic forwarded through the network, have hampered to assure adequate service level to users. The Quality of Service (QoS) offer, honoring specified parameters in Service Level Agreements (SLA), established between the service providers and their clients, composes a traditional and extensive computer networks’ research area. Several schemes proposals for the provision of QoS were presented in the last three decades, but the acting scope of these proposals is always limited due to some factors, including the limited development of the network hardware and software, generally belonging to a single manufacturer. The advent of Software Defined Networking (SDN), along with the maturation of its main materialization, the OpenFlow protocol, allowed the decoupling between network hardware and software, through an architecture which provides a control plane and a data plane. This eases the computer networks scenario, allowing that new abstractions are applied in the hardware composing the data plane, through the development of new software pieces which are executed in the control plane. This dissertation investigates the QoS offer through the use and extension of the SDN architecture. Based on the proposal of two new modules, one to perform the data plane monitoring, SDNMon, and the second, MP-ROUTING, developed to determine the use of multiple paths in the forwarding of data referring to a flow, we demonstrated in this work that some QoS metrics specified in the SLAs, such as bandwidth, can be honored. Both modules were implemented and evaluated through a prototype. The evaluation results referring to several aspects of both proposed modules are presented in this dissertation, showing the obtained accuracy of the monitoring module SDNMon and the QoS gains due to the utilization of multiple paths defined by the MP-Routing, when forwarding data flow through the SDN.

Intrusion Detection Systems in SDN-based Self-Healing PMU Networks

Nowadays, Power grids are critical infrastructures on which everything else relies, and their correct behavior is of the highest priority. New smart devices are being deployed to be able to manage and control power grids more efficiently and avoid instability. However, the deployment of such smart devices like Phasor Measurement Units (PMU) and Phasor Data Concentrators (PDC), open new opportunities for cyber attackers to exploit network vulnerabilities. If a PDC is compromised, all data coming from PMUs to that PDC is lost, reducing network observability. Our approach to solve this problem is to develop an Intrusion detection System (IDS) in a Software-defined network (SDN). allowing the IDS system to detect compromised devices and use that information as an input for a self-healing SDN controller, which redirects the data of the PMUs to a new, uncompromised PDC, maintaining the maximum possible network observability at every moment. During this research, we have successfully implemented Self-healing in an example network with an SDN controller based on Ryu controller. We have also assessed intrinsic vulnerabilities of Wide Area Management Systems (WAMS) and SCADA networks, and developed some rules for the Intrusion Detection system which specifically protect vulnerabilities of these networks. The integration of the IDS and the SDN controller was also successful. \\To achieve this goal, the first steps will be to implement an existing Self-healing SDN controller and assess intrinsic vulnerabilities of Wide Area Measurement Systems (WAMS) and SCADA networks. After that, we will integrate the Ryu controller with Snort, and create the Snort rules that are specific for SCADA or WAMS systems and protocols.

OperationCheckpoint: SDN Application Control

One of the core properties of Software Defined Networking (SDN) is the ability for third parties to develop network applications. This introduces increased potential for innovation in networking from performance-enhanced to energy-efficient designs. In SDN, the application connects with the network via the SDN controller. A specific concern relating to this communication channel is whether an application can be trusted or not. For example, what information about the network state is gathered by the application? Is this information necessary for the application to execute or is it gathered for malicious intent? In this paper we present an approach to secure the northbound interface by introducing a permissions system that ensures that controller operations are available to trusted applications only. Implementation of this permissions system with our Operation Checkpoint adds negligible overhead and illustrates successful defense against unauthorized control function access attempts.

SDN Security: A Survey

The pull of Software-Defined Networking (SDN) is magnetic. There are few in the networking community who have escaped its impact. As the benefits of network visibility and network device programmability are discussed, the question could be asked as to who exactly will benefit? Will it be the network operator or will it, in fact, be the network intruder? As SDN devices and systems hit the market, security in SDN must be raised on the agenda. This paper presents a comprehensive survey of the research relating to security in software-defined networking that has been carried out to date. Both the security enhancements to be derived from using the SDN framework and the security challenges introduced by the framework are discussed. By categorizing the existing work, a set of conclusions and proposals for future research directions are presented.

Evolving Future Internet clean-slate Entity Title Architecture with quality-oriented control-plane extensions

A Internet atual vem sofrendo vários problemas em termos de escalabilidade, desempenho, mobilidade, etc., devido ao vertiginoso incremento no número de usuários e o surgimento de novos serviços com novas demandas, propiciando assim o nascimento da Internet do Futuro. Novas propostas sobre redes orientadas a conteúdo, como a arquitetura Entidade Titulo (ETArch), proveem novos serviços para este tipo de cenários, implementados sobre o paradigma de redes definidas por software. Contudo, o modelo de transporte do ETArch é equivalente ao modelo best-effort da Internet atual, e vem limitando a confiabilidade das suas comunicações. Neste trabalho, ETArch é redesenhado seguindo o paradigma do sobreaprovisionamento de recursos para conseguir uma alocação de recursos avançada integrada com OpenFlow. Como resultado, o framework SMART (Suporte de Sessões Móveis com Alta Demanda de Recursos de Transporte), permite que a rede defina semanticamente os requisitos qualitativos das sessões para assim gerenciar o controle de Qualidade de Serviço visando manter a melhor Qualidade de Experiência possível. A avaliação do planos de dados e de controle teve lugar na plataforma de testes na ilha do projeto OFELIA, mostrando o suporte de aplicações móveis multimídia com alta demanda de recursos de transporte com QoS e QoE garantidos através de um esquema de sinalização restrito em comparação com o ETArch legado

Software Defined Networks: alcuni casi di studio

In questo elaborato si descrive l'emergente approccio alle reti, il Software Defined Network, ed i suoi benefici. Successivamente viene preso in considerazione un importante componente di questa nuova architettura: il protocollo OpenFlow; si spiega che cos'è e si elencano i benefici che può apportare ad un'architettura SDN a sostegno di questi vengono mostrati quattro differenti casi d'uso di OF, comparati poi ad altri scenari equivalenti che non usano questo protocollo. Infine si è pensato ad alcuni possibili studi e sviluppi circa quest'architettura.

Interconexión de centros de datos mediante técnicas SDN

En este trabajo final de grado se ha contribuido a la interconexión de centros de datos distribuidos geográficamente, integrando para ello nuevas funcionalidades en la arquitectura Application-Based Network Operations (ABNO) y configurando los componentes software necesarios. ABNO engloba distintas tecnologías que recogen la información sobre los recursos disponibles en la red con el objetivo de proporcionar rutas específicas para el tráfico. La solución que se presenta en este trabajo se basa en las redes definidas por software (Software-Defined Networking, SDN), como solución innovadora para mejorar la gestión y el control de las infraestructuras que pertenecen a múltiples dominios administrativos, pero trabajan en colaboración en una federación común mejorando la calidad del servicio ofrecido. La conectividad entre los diferentes dominios es posible gracias a los Túneles GRE. Cada centro de datos supone un dominio administrativo diferenciado, disponiendo cada uno de ellos del software de gestión en la nube OpenStack para la creación de las máquinas virtuales (VM) que posteriormente serán interconectadas. Además, cada centro de datos también contará con el controlador Ryu SDN que se encargará del control de la conectividad, siendo también independiente para cada uno de estos dominios. Con el objetivo de mantener una visión integral de todos los recursos de la red disponibles, y de proporcionar una conectividad extremo a extremo (E2E) requerida por los centros de datos, la arquitectura ABNO ha tenido que ser modificada para soportar estas nuevas funcionalidades, así como validada en un escenario con infraestructuras multidominio.

SDN enabled dynamically reconfigurable high capacity optical access architecture for converged services

Dynamically reconfigurable time-division multiplexing (TDM) dense wavelength division multiplexing (DWDM) long-reach passive optical networks (PONs) can support the reduction of nodes and network interfaces by enabling a fully meshed flat optical core. In this paper we demonstrate the flexibility of the TDM-DWDM PON architecture, which can enable the convergence of multiple service types on a single physical layer. Heterogeneous services and modulation formats, i.e. residential 10G PON channels, business 100G dedicated channel and wireless fronthaul, are demonstrated co-existing on the same long reach TDM-DWDM PON system, with up to 100km reach, 512 users and emulated system load of 40 channels, employing amplifier nodes with either erbium doped fiber amplifiers (EDFAs) or semiconductor optical amplifiers (SOAs). For the first time end-to-end software defined networking (SDN) management of the access and core network elements is also implemented and integrated with the PON physical layer in order to demonstrate two service use cases: a fast protection mechanism with end-to-end service restoration in the case of a primary link failure; and dynamic wavelength allocation (DWA) in response to an increased traffic demand.

Performance analysis of software-defined network switch using M/Geo/1 model

The aim of this letter is to propose an analytical model to study the performance of Software-Defined Network (SDN) switches. Here, SDN switch performance is defined as the time that an SDN switch needs to process packet without the interaction of controller. We exploit the capabilities of queueing theory based M/Geo/1 model to analyze the key factors, flowtable size, packet arrival rate, number of rules, and position of rules. The analytical model is validated using extensive simulations. Our study reveals that these factors have significant influence on the performance of an SDN switch.

Control layer resource management in SDN-IoT networks using multi-objective constraint

Software Defined Networking (SDN) and Internet of Things (IoT) integration has thrown many critical challenges. Specifically, in heterogeneous SDN-IoT ecosystem, optimized resources utilization and effective management at the control layer is very difficult. This mainly affects the application specific Quality of Service (QoS) and energy consumption of the IoT network. Motivated from this, we propose a new Resource Management (RM) method at the control layer, in distributed SDN-IoT networks. This paper starts with reasons that why at control layer RM is more complex in the SDN-IoT ecosystem. After-that, we highlight motivated examples that necessitate to investigate new RM methods in SDN-IoT context. Further, we propose a novel method to compute controller performance. Theoretical analysis is conducted to prove that the proposed method is better than the existing methods.

Memory Cost Analysis for OpenFlow Multiple Table Lookup

Multiple Table Lookup architectures in Software Defined Networking (SDN) open the door for exciting new network applications. The development of the OpenFlow protocol supported the SDN paradigm. However, the first version of the OpenFlow protocol specified a single table lookup model with the associated constraints in flow entry numbers and search capabilities. With the introduction of multiple table lookup in OpenFlow v1.1, flexible and efficient search to support SDN application innovation became possible. However, implementation of multiple table lookup in hardware to meet high performance requirements is non-trivial. One possible approach involves the use of multi-dimensional lookup algorithms. A high lookup performance can be achieved by using embedded memory for flow entry storage. A detailed study of OpenFlow flow filters for multi-dimensional lookup is presented in this paper. Based on a proposed multiple table lookup architecture, the memory consumption and update performance using parallel single field searches are evaluated. The results demonstrate an efficient multi-table lookup implementation with minimum memory usage.