• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 4
  • 1
  • Tagged with
  • 9
  • 9
  • 4
  • 3
  • 3
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

ASSESSMENT OF DISAGGREGATING THE SDN CONTROL PLANE

Adib Rastegarnia (7879706) 20 November 2019 (has links)
Current SDN controllers have been designed based on a monolithic approach that integrates all of services and applications into one single, huge program. The monolithic design of SDN controllers restricts programmers who build management applications to specific programming interfaces and services that a given SDN controller provides, making application development dependent on the controller, and thereby restricting portability of management applications across controllers. Furthermore, the monolithic approach means an SDN controller must be recompiled whenever a change is made, and does not provide an easy way to add new functionality or scale to handle large networks. To overcome the weaknesses inherent in the monolithic approach, the next generation of SDN controllers must use a distributed, microservice architecture that disaggregates the control plane by dividing the monolithic controller into a set of cooperative microservices. Disaggregation allows a programmer to choose a programming language that is appropriate for each microservice. In this dissertation, we describe steps taken towards disaggregating the SDN control plane, consider potential ways to achieve the goal, and discuss the advantages and disadvantages of each. We propose a distributed architecture that disaggregates controller software into a small controller core and a set of cooperative microservices. In addition, we present a software defined network programming framework called Umbrella that provides a set of abstractions that programmers can use for writing of SDN management applications independent of NB APIs that SDN controllers provide. Finally, we present an intent-based network programming framework called OSDF to provide a high-level policy based API for programming of network devices using SDN. <br>
2

WASP : Lightweight Programmable Ephemeral State on Routers to Support End-to-End Applications

Martin, Sylvain 07 November 2007 (has links)
We present WASP (World-friendly Active packets for ephemeral State Processing), a novel active networks architecture that enables ephemeral storage of information on routers in order to ease distributed application synchronisation and co-operation. We aimed at a design compatible with modern routers hardware and with network operators' goals. Our solution has to scale with the number of interfaces of the device and to support throughput of several Gbps. Throughout this thesis we searched for the best trade-off between features (platform exibility) and guarantees (platform safety), with as little performance sacri ce as possible. We picked the Ephemeral State Processing (ESP) router, developed by K. Calvert's team at University of Kentucky, as a starting point and extended it with our own virtual processor (VPU) to offer higher exibility to the network programmer. The VPU is a minimalist bytecode interpreter that manipulates the content of the "ephemeral state store" of the router according to a microprogram present in packets. It ultimately allows the microprogram to drop or forward the packet on any router, acting as remotely programmable filters around unmodified IP routing cores. We developed two implementations of WASP: a "reference" module for the Linux kernel, and, based on that prototype experience, a WASP filter application for the IXP2400 network processor that proves feasibility of our platform at higher speed. We extensively tested those two implementations against their ESP counterpart in order to estimate the overhead of our approach. High speed tests on the IXP were also performed to ensure WASP's robustness, and were actually rich in lessons for future development on programmable network devices. The nature of WASP makes it a platform of choice to detect properties of the network along a given path. Thanks to per-flow variables (even if ephemeral) and its ability to sustain custom processing at wire-speed, we can for instance implement lightweight measurement of QoS parameters or enforce application-specific congestion control. We have however opted -- in the context of this thesis -- for a focus on another use of the platform: using the ephemeral state to advertise and detect members of distributed applications (e.g. grid computing or peer-to-peer systems) in a purely decentralised way. To evaluate the benefits of this approach, we propose a model of a peer-to-peer community where peers try and join former neighbours, and we show through simulations how efficiency and quality of user experience evolve with the presence of more WASP routers in the network.
3

Proposal of a model for the management of active networks based on policies

Vivero Millor, Julio 12 December 2003 (has links)
Les expectatives dels usuaris en relació a la quantitat i qualitat del serveis de xarxa estan creixent ràpidament. En canvi, desenvolupar e implantar nous serveis de xarxa (serveis que operen a nivell de xarxa) seguint el procés d'estandardització és massa lent i no pot satisfà les expectatives.Les xarxes actives i programables van ser proposades per acomodar la ràpida evolució de noves tecnologies i accelerar la implantació de serveis sofisticats. Les xarxes actives permeten que tercers (usuaris finals, operadors i proveïdors de servei) introdueixin serveis específics per aplicacions (en forma de codi) dins la xarxa. D'aquesta manera, les aplicacions poden fer servir aquests serveis per obtenir el suport necessari de la xarxa en termes de comportament per exemple.Tanmateix, les tecnologies de xarxes actives i programables introdueixen una complexitat addicional als elements de xarxa que ha de ser tractada pel sistema de gestió. Alguns exemples d'aquesta complexitat addicional són la necessitat de suportar nous serveis introduïts dinàmicament a la xarxa o la gestió de xarxes actives virtuals. Aquestes xarxes poden ser creades dins una infrastructura de xarxa programable per satisfer les creixents necessitats de control i particularització que els clients imposen a les xarxes. A més, la probable implantació progressiva de les xarxes actives i programables dins les xarxes IP actuals afegeix un altre requisit important al pla de gestió: aquest ha de ser capaç de suportar tecnologies de xarxa heterogènies (passives, actives i programables).La solució proposada en aquesta tesi millora els sistemes de gestió basats en polítiques amb conceptes de les tecnologies de xarxes actives i programables per satisfer tots els requisits abans esmentats; assolint, d'aquesta manera, una solució sòlida per la gestió de xarxes actives i programables.Finalment, l'arquitectura per la gestió de xarxes actives basada en polítiques (MANBoP) que proposem ha estat dissenyada per poder ser instanciada a qualsevol nivell de gestió (xarxa, sub-xarxa o element). A més, diferents instàncies es poden agrupar fàcilment per crear una infrastructura de gestió. Per exemple, una instància MANBoP de nivell de xarxa pot treballar sobre instàncies de nivell de element, o vàries instàncies de nivell de sub-xarxa poden ser creades per treballar en paral·lel, cadascuna gestionant una regió geogràfica de la xarxa diferent. L'objectiu d'aquest atribut de l'arquitectura és facilitar la tasca de creació d'una infrastructura de gestió. D'aquesta manera, els operadors de xarxa poden crear la infrastructura de gestió que més els convingui segons els seus objectius de negoci i reduir així els costs de gestió. / -RESUMENLas expectativas de los usuarios en relación con la cantidad y calidad de los servicios de red están creciendo rápidamente. En cambio, desarrollar e implantar nuevos servicios de red (servicios que operan al nivel de red) siguiendo los procesos de estandarización es demasiado lento y no colma las expectativas.Las redes activas y programables fueron propuestas para acomodar la rápida evolución de las nuevas tecnologías y acelerar la implantación de nuevos servicios más sofisticados. Las redes activas permiten que terceros (usuarios finales, operadores o proveedores de servicio) introduzcan servicios específicos para aplicaciones (en forma de código) dentro de la red. De esta forma, las aplicaciones pueden utilizar estos servicios para obtener el soporta que necesitan de la red en términos, por ejemplo, de comportamiento.Sin embargo, las tecnologías de redes activas y programables introducen una complejidad adicional en los elementos de red que debe ser tratada por el sistema de gestión. Algunos ejemplos de esta complejidad adicional son la necesidad de soportar nuevos servicios introducidos dinámicamente en la red o la gestión de redes activas virtuales. Éstas pueden ser creadas dentro de una infraestructura de red programable para satisfacer las necesidades crecientes de control y particularización que los clientes imponen sobre las redes. Además, la probable progresiva implantación de la redes activas y programables en la redes IP actuales añade otro importante requisito al plano de gestión: éste tiene que ser capaz de soportar tecnologías de red heterogéneas (pasivas, activas y programables).La solución propuesta en esta tesis mejora los sistemas de gestión basados en políticas con conceptos de las tecnologías de redes activas y programables para satisfacer todos los requisitos enumerados anteriormente, consiguiendo, de esta forma, una solución sólida para la gestión de redes activas y programables.Finalmente, la arquitectura de gestión de redes activas basada en políticas (MANBoP) que proponemos ha sido diseñada para poder ser instanciada en cualquier nivel de gestión (red, sub-red o elemento). Además, diferentes instancias pueden ser agrupadas fácilmente para crear una infraestructura de gestión. Por ejemplo, una instancia MANBoP de nivel de red puede trabajar sobre instancias de nivel de elemento, o varias instancias de nivel de sub-red pueden ser creadas para trabajar en paralelo sobre diferentes regiones geográficas de la red. El objetivo de esta característica de la arquitectura es facilitar la creación de una infraestructura de gestión para que los operadores de red puedan crear la que más les convenga según sus objetivos de negocio, reduciendo así los costes de gestión. / User expectations of the range and quality of network services are growing rapidly. However, developing and deploying new network services (i.e. services that operate on the network layer), through best practice and standardization, is too slow and cannot match the steps of expectations. Active and programmable networks were proposed to accommodate the rapid evolution of new technologies and accelerate the deployment of new sophisticated services. Active networks (AN) enable third parties (end users, operators, and service providers) to inject application-specific services (in the form of code) into the network. Applications are thus able to utilize these services to obtain required network support in terms of, e.g. performance; that is, applications are now becoming network-aware. Nonetheless, active and programmable networking technologies introduce additional complexity in network elements that must be handled by the management architecture. Examples of this additional complexity are the need of coping with new services dynamically introduced in the network, or the management of virtual active networks (VANs). VANs might be created over a programmable network infrastructure to satisfy increasing requirements for the control and customization of resources that customers impose on networks. Furthermore, the likely progressive deployment of active and programmable routers in today's IP networks introduces another important requirement in the management plane; that is, it has to be able to cope with heterogeneous network technologies, i.e., passive, active and programmable.The solution proposed in this thesis enhances a policy-based management system with active networking technology concepts to fulfill the above-mentioned requirements, thus achieving a sound solution for the management of active and programmable networks.In addition, the Management of Active Networks Based on Policies (MANBoP) framework proposed is designed to be instantiated at any management level (i.e. network, sub-network or element). Moreover, different instances can be easily set up jointly to create a management infrastructure, e.g., a network-level MANBoP instance can be set up over element-level instances, or several subnetwork-level instances can work in parallel each one managing a different geographical region of the network, etc. The aim of this framework property is to ease the management infrastructure creation task, thus allowing network operators to adapt the management infrastructure to their business needs, resulting in a reduction of management costs.
4

Flexible access control for campus and enterprise networks

Nayak, Ankur Kumar 07 April 2010 (has links)
We consider the problem of designing enterprise network security systems which are easy to manage, robust and flexible. This problem is challenging. Today, most approaches rely on host security, middleboxes, and complex interactions between many protocols. To solve this problem, we explore how new programmable networking paradigms can facilitate fine-grained network control. We present Resonance, a system for securing enterprise networks , where the network elements themselves en- force dynamic access control policies through state changes based on both flow-level information and real-time alerts. Resonance uses programmable switches to manipulate traffic at lower layers; these switches take actions (e.g., dropping or redirecting traffic) to enforce high-level security policies based on input from both higher-level security boxes and distributed monitoring and inference systems. Using our approach, administrators can create security applications by first identifying a state machine to represent different policy changes and then, translating these states into actual network policies. Earlier approaches in this direction (e.g., Ethane, Sane) have remained low-level requiring policies to be written in languages which are too detailed and are difficult for regular users and administrators to comprehend. As a result, significant effort is needed to package policies, events and network devices into a high-level application. Resonance abstracts out all the details through its state-machine based policy specification framework and presents security functions which are close to the end system and hence, more tractable. To demonstrate how well Resonance can be applied to existing systems, we consider two use cases. First relates to "Network Admission Control" problem. Georgia Tech dormitories currently use a system called START (Scanning Technology for Automated Registration, Repair, and Response Tasks) to authenticate and secure new hosts entering the network [23]. START uses a VLAN-based approach to isolate new hosts from authenticated hosts, along with a series of network device interactions. VLANs are notoriously difficult to use, requiring much hand-holding and manual configuration. Our interactions with the dorm network administrators have revealed that this existing system is not only difficult to manage and scale but also inflexible, allowing only coarse-grained access control. We implemented START by expressing its functions in the Resonance framework. The current system is deployed across three buildings in Georgia Tech with both wired as well as wireless connectivities. We present an evaluation of our system's scalability and performance. We consider dynamic rate limiting as the second use case for Resonance. We show how a network policy that relies on rate limiting and traffic shaping can easily be implemented using only a few state transitions. We plan to expand our deployment to more users and buildings and support more complex policies as an extension to our ongoing work. Main contributions of this thesis include design and implementation of a flexible access control model, evaluation studies of our system's scalability and performance, and a campus-wide testbed setup with a working version of Resonance running. Our preliminary evaluations suggest that Resonance is scalable and can be potentially deployed in production networks. Our work can provide a good platform for more advanced and powerful security techniques for enterprise networks.
5

Agile Network Security for Software Defined Edge Clouds

Osman, Amr 07 March 2023 (has links)
Today's Internet is seeing a massive shift from traditional client-server applications towards real-time, context-sensitive, and highly immersive applications. The fusion between Cyber-physical systems, The Internet of Things (IoT), Augmented/Virtual-Reality (AR/VR), and the Tactile Internet with the Human-in-the-Loop (TaHIL) means that Ultra-Reliable Low Latency Communication (URLLC) is a key functional requirement. Mobile Edge Computing (MEC) has emerged as a network architectural paradigm to address such ever-increasing resource demands. MEC leverages networking and computational resource pools that are closer to the end-users at the far edge of the network, eliminating the need to send and process large volumes of data over multiple distant hops at central cloud computing data centers. Multiple 'cloudlets' are formed at the edge, and the access to resources is shared and federated across them over multiple network domains that are distributed over various geographical locations. However, this federated access comes at the cost of a fuzzy and dynamically-changing network security perimeter because there are multiple sources of mobility. Not only are the end users mobile, but the applications themselves virtually migrate over multiple network domains and cloudlets to serve the end users, bypassing statically placed network security middleboxes and firewalls. This work aims to address this problem by proposing adaptive network security measures that can be dynamically changed at runtime, and are decoupled from the ever-changing network topology. In particular, we: 1) use the state of the art in programmable networking to protect MEC networks from internal adversaries that can adapt and laterally move, 2) Automatically infer application security contexts, and device vulnerabilities, then evolve the network access control policies to segment the network in such a way that minimizes the attack surface with minimal impact on its utility, 3) propose new metrics to assess the susceptibility of edge nodes to a new class of stealthy attacks that bypasses traditional statically placed Intrusion Detection Systems (IDS), and a probabilistic approach to pro-actively protect them.:Acknowledgments Acronyms & Abbreviations 1 Introduction 1.1 Prelude 1.2 Motivation and Challenges 1.3 Aim and objectives 1.4 Contributions 1.5 Thesis structure 2 Background 2.1 A primer on computer networks 2.2 Network security 2.3 Network softwarization 2.4 Cloudification of networks 2.5 Securing cloud networks 2.6 Towards Securing Edge Cloud Networks 2.7 Summary I Adaptive security in consumer edge cloud networks 3 Automatic microsegmentation of smarthome IoT networks 3.1 Introduction 3.2 Related work 3.3 Smart home microsegmentation 3.4 Software-Defined Secure Isolation 3.5 Evaluation 3.6 Summary 4 Smart home microsegmentation with user privacy in mind 4.1 Introduction 4.2 Related Work 4.3 Goals and Assumptions 4.4 Quantifying the security and privacy of SHIoT devices 4.5 Automatic microsegmentation 4.6 Manual microsegmentation 4.7 Experimental setup 4.8 Evaluation 4.9 Summary II Adaptive security in enterprise edge cloud networks 5 Adaptive real-time network deception and isolation 5.1 Introduction 5.2 Related work 5.3 Sandnet’s concept 5.4 Live Cloning and Network Deception 5.5 Evaluation 5.6 Summary 6 Localization of internal stealthy DDoS attacks on Microservices 6.1 Introduction 6.2 Related work 6.3 Assumptions & Threat model 6.4 Mitigating SILVDDoS 6.5 Evaluation 6.6 Summary III Summary of Results 7 Conclusion 7.1 Main outcomes 7.2 Future outlook Listings Bibliography List of Algorithms List of Figures List of Tables Appendix
6

Exploring Software-Defined Networking Challenges in Sweden : IT Team Knowledge and Skills Gap / Utforska Software-Defined Networking Utmaningar i Sverige : IT-teamets kunskaps- och kompetensgap

Abdelhadi, Ahmed, Fadda, Mohammed Raoof January 2022 (has links)
Software-Defined Networking (SDN) is a new evolving approach within the networking domain. The concept is based on decoupling and abstracting the control and data plane of the traditional network devices. This separation facilitates the network operations with many benefits such as faster delivery, better segmentation, scalability, programmability, enhancing the quality of service and the quality of experience. Despite all the benefits, SDN has its own set of challenges.  The purpose of this study is to explore the main challenges in adopting SDN architecture in Swedish organizations. The focus is on the skills gap as one of the main challenges and how Swedish organizations were able to manage it. A qualitative approach has been chosen to conduct this research using semi-structured interviews to collect the data from seven different organizations, using a mixture of a purposive and snowball sampling selection. A thematic approach was then used to generate categories and themes from the collected data. The results are consistent with previous studies when it comes to technical, financial and security challenges. The technical challenges, however, were fewer in comparison with previous studies. A new way of working was presented as a new challenge when implementing SDN solutions. Furthermore, the knowledge gap was mentioned as a key challenge within Swedish organizations when implementing/operating SDN.  Finally, clear recommendations were made to overcome the knowledge gap challenge, from consulting a third-party expert, having a detailed plan, employing a multiphase process for SDN implementation, to having an online learning platform available to the IT team. / Software-Defined Networking (SDN) är en framväxande teknik inom nätverksdomänen. Konceptet är baserat på att frikoppla och abstrahera kontrollplan och dataplan för de traditionella nätverksenheterna. Separationen underlättar nätverksdrift och ger många fördelar såsom, snabbare leverans, bättre segmentering, skalbarhet, förbättrade kvalitet på tjänsten och kvalitet på upplevelsen. Trots många fördelar har SDN också utmaningar. Syftet med denna studie är att utforska de största utmaningarna med att implementera SDN-arkitektur i svenska organisationer. Fokus ligger på kunskapsklyftan som är en av de tidigare identifierade huvudutmaningarna, och hur svenska organisationer har hanterat dessa. En kvalitativ metod har valts för att genomföra denna studie med hjälp av semistrukturerade intervjuer för att samla in data från sju olika organisationer, med hjälp av en blandning av målinriktat och snöbollsurval. En tematisk metod användes sedan för att generera kategorier och teman från den insamlade datan. Resultaten överensstämmer med tidigare studier när det gäller tekniska, ekonomiska och säkerhetsmässiga utmaningar. De tekniska utmaningarna var dock färre jämfört med tidigare studier. Ett nytt arbetssätt presenterades som en ny utmaning vid implementering av en SDN-lösning. Dessutom, nämndes kunskapsklyftan som en central utmaning inom svenska organisationer vid implementering och drift av SDN. Slutligen presenterades tydliga rekommendationer för att övervinna utmaningen med kunskapsgapet, från att konsultera en tredje part, att ha en tydlig plan, använda en flerfasprocess för SDN-implementering samt att ha en digital utbildningsplattform tillgänglig för IT-teamet.
7

Privacy and Security Enhancements for Tor

Arushi Arora (18414417) 21 April 2024 (has links)
<p dir="ltr">Privacy serves as a crucial safeguard for personal autonomy and information, enabling control over personal data and space, fostering trust and security in society, and standing as a cornerstone of democracy by protecting against unwarranted interference. This work aims to enhance Tor, a volunteer-operated network providing privacy to over two million users, by improving its programmability, security, and user-friendliness to support wider adoption and underscore the importance of privacy in protecting individual rights in the digital age.</p><p dir="ltr">Addressing Tor's limitations in adapting to new services and threats, this thesis introduces programmable middleboxes, enabling users to execute complex functions on Tor routers to enhance anonymity, security, and performance. This architecture, called Bento, is designed to secure middleboxes from harmful functions and vice versa, making Tor more flexible and efficient.</p><p dir="ltr">Many of the attacks on Tor's anonymity occur when an adversary can intercept a user’s traffic; it is thus useful to limit how much of a user's traffic can enter potentially adversarial networks. We tackle the vulnerabilities of onion services to surveillance and censorship by proposing DeTor<sub>OS</sub>, a Bento function enabling geographic avoidance for onion services- which is challenging since no one entity knows the full circuit between user and onion service, providing a method to circumvent adversarial regions and enhance user privacy.</p><p dir="ltr">The final part focuses on improving onion services' usability and security. Despite their importance, these services face high latency, Denial of Service (DoS) and deanonymization attacks due to their content. We introduce CenTor, a Content Delivery Network (CDN) for onion services using Bento, offering replication, load balancing, and content proximity benefits. Additionally, we enhance performance with multipath routing strategies through uTor, balancing performance and anonymity. We quantitatively analyze how geographical-awareness for an onion service CDN and its clients could impact a user’s anonymity- performance versus security tradeoff. Further, we evaluate CenTor on the live Tor network as well as large-scale Shadow simulations.</p><p dir="ltr">These contributions, requiring no changes to the Tor protocol, represent significant advancements in Tor's capabilities, performance, and defenses, demonstrating potential for immediate benefits to the Tor community.</p>
8

[en] LINDAX.: A LANGUAGE FOR DESCRIBING ADAPTABLE COMMUNICATION SYSTEMS / [pt] LINDAX: UMA LINGUAGEM DE DESCRIÇÃO DE SISTEMAS DE COMUNICAÇÃO ADAPTÁVEIS

ANTONIO TADEU AZEVEDO GOMES 25 August 2005 (has links)
[pt] No cenário atual do setor de telecomunicações, percebe-se uma tendência crescente em direção ao uso de sistemas de comunicação que permitam a criação rápida e de baixo custo de serviços. Na busca por arquiteturas de rede que respondam a essa tendência, vários grupos têm centrado seus esforços em pesquisas na área de redes programáveis. O surgimento da tecnologia de processamento de rede no mercado de equipamentos de telecomunicações abriu ainda maior espaço para pesquisas nessa área. Nesse contexto, é imprescindível que os processos de criação de serviços sejam bem estruturados e, o quanto possível, sistemáticos. Esta tese, inserida em um projeto desenvolvido no Laboratório TeleMídia da PUC-Rio, adota uma abordagem de criação de serviços em que técnicas de Arquitetura de Software e de Desenvolvimento Baseado em Componentes são aplicadas consistentemente e de modo ubíquo, desde especificações de alto nível de serviços até a implementação de software básico em unidades programáveis de processamento de rede. Os objetivos principais são expressar a adaptabilidade de múltiplos aspectos nesses serviços e, simultaneamente, reduzir a sobrecarga cognitiva em projetistas e programadores, decorrente dessa multiplicidade de aspectos. Para isso, foi desenvolvida uma linguagem de especificação baseada em XML, chamada Lindax, que permite descrever arquiteturalmente diversos aspectos de sistemas de comunicação - por meio de um arcabouço sintático único para DSLs - e restrições de adaptação em cada aspecto particular - por meio de estruturas de estilos arquiteturais. Complementando o trabalho, um conjunto de ferramentas de manipulação de descrições arquiteturais em LindaX é definido. Essas ferramentas permitem o refinamento para diferentes linguagens formais ou a síntese de configurações e mecanismos de controle de adaptações para diversas plataformas. / [en] It is increasingly noticeable, in the current telecommunications market, a trend towards using communication systems that allow rapid and cheap deployment of new services. In pursuit of network architectures that keep up with such trend, significant research has been carried out on programmable networks. This field is set to gain further impetus from developments in network processor-based equipment. In this context, it is crucial that service creation processes be well structured and, as far as possible, systematic. This thesis, which is part of an ongoing project at the TeleMídia Laboratory, PUC-Rio, adopts a service creation approach in which techniques from Software Architecture and Component-Based Software Development are uniformly and ubiquitously applied at all levels of a communication system, ranging from high- level service specifications to low-level software implementation running in network processors. The main aim is to express adaptibility in cross-cutting service aspects and, meanwhile, cut down on the cognitive overhead usually imposed upon designers and programmers due to such multiplicity of concerns. For the sake of the aforementioned aim, an XML-based specification language, called LindaX, has been developed. Such language allows various system aspects to be architecturally described - by means of a single syntactic framework for DSLs - as well as adaptable in a constrained way - through style structures. Complementing the work, a toolset for handling LindaX architecture descriptions has been defined, which allows their refinement to different formal languages or their synthesis onto system configurations and adaptation controlling mechanisms for diverse platforms.
9

Cross-layer self-diagnosis for services over programmable networks / Auto-diagnostic multi-couche pour services sur réseaux programmables

Sánchez Vílchez, José Manuel 07 July 2016 (has links)
Les réseaux actuels servent millions de clients mobiles et ils se caractérisent par équipement hétérogène et protocoles de transport et de gestion hétérogènes, et des outils de gestion verticaux, qui sont très difficiles à intégrer dans leur infrastructure. La gestion de pannes est loin d’être automatisée et intelligent, ou un 40 % des alarmes sont redondantes et seulement un 1 ou 2% des alarmes sont corrélées au plus dans un centre opérationnel. Ça indique qu’il y a un débordement significatif des alarmes vers les adminis-trateurs humains, a comme conséquence un haut OPEX vue la nécessité d’embaucher de personnel expert pour accomplir les tâches de gestion de pannes. Comme conclusion, le niveau actuel d’automatisation dans les tâches de gestion de pannes dans réseaux télécoms n’est pas adéquat du tout pour adresser les réseaux programmables, lesquels promettent la programmation des ressources et la flexibilité afin de réduire le time-to-market des nouveaux services. L’automatisation de la gestion des pannes devient de plus en plus nécessaire avec l’arrivée des réseaux programmables, SDN (Software-Defined Networking), NFV (Network Functions Virtualization) et le Cloud. En effet, ces paradigmes accélèrent la convergence entre les domaines des réseaux et la IT, laquelle accélère de plus en plus la transformation des réseaux télécoms actuels en menant à repenser les opérations de gestion de réseau et des services, en particulier les opérations de gestion de fautes. Cette thèse envisage l’application des principes d’autoréparation en infrastructures basées sur SDN et NFV, en focalisant sur l’autodiagnostic comme facilitateur principal des principes d’autoréparation. Le coeur de cette thèse c’est la conception d’une approche de diagnostic qui soit capable de diagnostiquer de manière continuée les services dynamiques virtualisés et leurs dépendances des ressources virtuels (VNFs et liens virtuels) mais aussi les dépendances de ceux ressources virtuels de la infrastructure physique en-dessous, en prenant en compte la mobilité, la dynamicite, le partage de ressources à l’infrastructure en-dessous / Current networks serve billions of mobile customer devices. They encompass heterogeneous equipment, transport and manage-ment protocols, and vertical management tools, which are very difficult and costly to integrate. Fault management operations are far from being automated and intelligent, where around 40% of alarms are redundant only around 1-2% of alarms are correlated at most in a medium-size operational center. This indicates that there is a significant alarm overflow for human administrators, which inherently derives in high OPEX due to the increasingly need to employ high-skilled people to perform fault management tasks. In conclusion, the current level of automation in fault management tasks in Telcos networks is not at all adequate for programmable networks, which promise a high degree of programmability and flexibility to reduce the time-to-market. Automation on fault management is more necessary with the advent of programmable networks, led by with SDN (Software-Defined Networking), NFV (Network Functions Virtualization) and the Cloud. Indeed, the arise of those paradigms accelerates the convergence between networks and IT realms, which as consequence, is accelerating faster and faster the transformation of cur-rent networks leading to rethink network and service management and operations, in particular fault management operations. This thesis envisages the application of self-healing principles in SDN and NFV combined infrastructures, by focusing on self-diagnosis tasks as main enabler of self-healing. The core of thesis is to devise a self-diagnosis approach able to diagnose at run-time the dynamic virtualized networking services and their dependencies from the virtualized resources (VNFs and virtual links) but also the dependencies of those virtualized resources from the underlying network infrastructure, taking into account the mobility, dynamicity, and sharing of resources in the underlying infrastructure

Page generated in 0.0373 seconds