SDN OpenFlow Switch上效能評測 / Performance Evaluation of SDN OpenFlow Switch

蔡明志, Tsai, Ming Chih

Unknown Date

SDN軟體定義網路，是一種新的以軟體為基礎的網路架構及技術。最大的特點為將傳統二、三層網路設備的控制功能與設備本身數據轉發功能進行分離。由於分離後的控制功能集中統一管理，且其具有軟體設計的靈活性，因此，網路管理人員對底層設備的資源控制變得更加容易，進而大大提升網路自動化管理能力，並有效解決目前網路系統所面臨的如網路拓樸的靈活性差，規模擴充受限等問題。 近年來隨著寬頻上網，物聯網，雲端計算，移動裝置等新技術及新業務的快速發展，在愈來愈多各種型態連網裝置快速增加的情況下，同時也使人們對IP位址的需求日增。然而目前IPv4卻無法針對此需求，提供一個相對大量的位址，也因此對於IPv4到IPv6網路的升級有其迫切性與必要性。IPv4過渡到IPv6網路目前提出的方法有三種：Dual Stack、Tunneling以及Translation。Tunneling及Translation皆有其效能上的瓶頸，為過渡期間的應用技術。目前主要推動的技術為Dual Stack，在Dual Stack模式下，可以由IPv4網路逐步演進成IPv4與IPv6共存互通，最後再形成以IPv6為主的網路。現階段愈來愈多的IPv6設備與節點，為順利的連接舊的IPv4與新的IPv6網路，藉由具有Dual Stack能力的SDN交換機網路設備，將是個有效的解決方案，也將使得IPv6網路的管理及升級更具有彈性。SDN、IPv6為現今幾個熱門的研究議題，看似不同領域的電腦相關技術，然而若使上述幾種技術相互連結使用，將使得未來之網路環境更具備可擴充性、可管理性、靈活性與敏捷性。 為了解SDN交換機上的效能，本論文提出一個測試平台架構。利用Linux系統做為待測網路設備，並在待測網路設備上模擬Bridge、Router、Open vSwitch SDN交換機等不同環境。測試端為Linux系統，並使用Iperf測試軟體，透過對待測網路設備不同模擬環境下發送不同大小的封包做效能測試。實驗中同時也量測IPv4網路協定，以作為和傳統網路效能的比較。另外，也量測了SDN交換機同時在IPv4及IPv6雙協定的負載下，和單獨的IPv4協定或IPv6協定做效能上的差異比較。最後，也模擬同時在多主機下對待測網路設備進行封包的發送與接收，以測試SDN交換機在多主機下的負載狀況。 經由測量的數據分析，IPv6在Open vSwitch SDN交換機上運行效能幾乎等同於傳統的IPv4，也驗證IPv6在交換機上的可行性。此外，當SDN交換機同時運行在IPv4和IPv6雙協定環境下，在整體效能的表現上和單獨運行單協定相比幾近相同，也證明SDN交換機同時運行在雙協定下的可行性。由多主機負載的實驗數據分析，在以UDP協定做資料傳送時，愈多的主機因為資源的競爭問題愈大外，間接也會造成愈多packet loss。並且對較大的封包，packet loss的問題也愈嚴重，但相對來看，在以TCP協定做資料傳送時，total throughput的瓶頸則決定於網路卡的效能，即效能愈好的網路卡，愈能提升多主機環境下的total throughput。 / Software Defined Network (SDN) is a new software-based network architecture and technique. The main characteristic is to separate the control functions and the data forwarding functions of the traditional layer 2 or layer 3 network devices. Since the separated control functions can be centralized management with software design flexibility, thus network managers can control the underlying resource device easier, which greatly enhances the ability to automate network management as well as effectively resolves the problems confronted by conventional network system, such as lack of network topology flexibility, limited network scalability. In recent decades, along with broadband Internet access, Internet of Things, cloud computing, the rapid development of new technologies and the rapid increase of network devices, it has increased the demand for IP address to a great extent. While IPv4 can not meet the current demand to offer a relatively large number of addresses and thus it is urgent and essential to upgrade IPv4 to IPv6 network. Transition from IPv4 to IPv6 network currently is proposed in these three ways which respectively named Dual Stack, Tunneling, and Translation. Tunneling and Translation have their performance bottlenecks and only Dual Stack mode can be gradually evolved from IPv4 to IPv4 and IPv6 coexistence network, eventually toward the IPv6-based network. There are increasing numbers of IPv6 devices and nodes with the aim to connect IPv4 network to IPv6 network, through SDN switch with Dual Stack network which would be an effective solution. It makes the IPv6 network management and maintenance more flexible. IPv6 and SDN are two hot researching issues currently. If they can be linked with each other, it will be more scalable and flexible for the network environment in the future. In order to understand the effectiveness of the SDN switch, this paper presents a test platform architecture. Using Linux systems as a Device under Testing, we simulate Bridge, Router, Open vSwitch SDN switch network equipment on it. Test end is Linux system, and Iperf serves as a test software. Through simulation of the Device under Testing in different scenarios, we have performed many tests on different sizes of packets. The experiment also measures IPv4 network protocol and compares with traditional network. In order to compare with the performance of separate IPv4 or IPv6 protocol, the loading of SDN switch running both of IPv4 and IPv6 dual protocol is measured. Finally, simulation on multi-host is tested under Device under Testing in sending and receiving packet which is to test SDN switch under a multi-host loading conditions. Through the analysis of the measured data, the performance of IPv6 running on the Open Switch SDN switch is equivalent to that of the traditional IPv4. It also proves the feasibility and efficiency of IPv6 on the switch. In addition, when SDN switch running in IPv4 and IPv6 Dual Stack mode simultaneously, the overall performance is almost exactly the same as single IPv4 or IPv6 protocol, which proves the feasibility of SDN switch in Dual Stack mode. Based on the analysis of multiple-host loading, UDP protocols were used during data transfer. Apart from multi-hosts with more competition for resourcing issue, a packet loss will be aroused indirectly. We observed that larger packets can cause more packet loss. However, with TCP protocols during data transfer, total throughput bottleneck is determined by the effectiveness of the network card. Therefore, the better the effectiveness of the network card is, the higher total throughput can be provided in multi-host environment.

軟體定義網路

SDN

OpenFlow

Open vSwitch

IPv6

以SDN為基礎之具服務品質感知的智慧家庭頻寬管理架構 / SDN based QoS aware bandwidth management framework for smart homes

林建廷, Lin, Jian Ting

Unknown Date

隨著智慧家庭技術及物聯網的裝置大幅度地成長，智慧家庭的網路流量亦隨之升高。當大量成長的智慧家庭流量造成網路壅塞時，可能使緊急服務的警告機制失效，或是造成某些應用服務品質低劣而不堪使用。這些問題恐阻礙智慧家庭未來的發展性。 為改善上述問題，本文提出創新的物聯網智慧家庭頻寬配置管理架構。以ISP業者管理數以千計的物聯網智慧家庭為情境，針對智慧家庭多樣化的應用服務，利用具前瞻性的軟體定義網路，提供ISP業者對智慧家庭外部網路頻寬做最佳化的配置。 本研究依改良後的3GPP LTE QoS Class Identifier (QCI)，分類智慧家庭的服務，並考量服務的優先權及延遲程度，提出BASH演算法。透過本研究，ISP業者能依定義好的服務類別，將匯集後的智慧家庭服務流量藉由配置訊務流(traffic flow)的權重，計算出不同服務的最佳頻寬分配量，達到提升QoS及使用者QoE的目的。 為確認本論文所提出之方法的有效性，實驗設計是利用Linux伺服器架設OpenvSwitch、Ryu控制器及Mininet模擬器，建構SDN網路環境。實驗結果顯示，本研究所提出的BASH與ISP所用的傳統頻寬分配方法相比，能有效提高30%的throughput，降低159%的delay time及967%的 jitter time。 / With the increasing number of IoT (Internet of Things) devices and advance of smart home technology, the network traffic of smart home is also raising rapidly. When network congestion occurs due to massive traffic, some emergent alert mechanisms might become invalid or cause some application services performance degraded. All kinds of these will dramatically hamper the future development of smart homes. In order to resolve these problems, we propose an innovative bandwidth allocation smart home management framework for IoT enabled smart homes. The application scope of this research assumes a scenario that an ISP (Internet Service Provider) should support thousands of IoT enabled smart homes for a variety of services. The proposed bandwidth allocation framework is based on the promising software defined networking (SDN) architecture and is responsible for optimizing bandwidth allocation on external Internet traffic. We modify the 3GPP LTE QoS Class Identifier (QCI) to adaptive to the services suitable for smart homes. The proposed bandwidth allocation smart home (BASH) algorithm considers service priority and delay at the same time. With this framework, ISP is able to optimize bandwidth allocation by aggregating thousands of classified services of smart homes and thus effectively enhance Quality of Service (QoS) and user experience (QoE). In order to verify the proposed methods, we implement a SDN environment by using Linux Ubuntu servers with Mininet, Open vSwitch and Ryu controller. The experiment results show that BASH outperforms ISP traditional method in increasing the throughput by 30%, reducing delay and jitter by 159% and 967%, respectively.

物聯網

智慧家庭

頻寬分配

軟體定義網路

Internet of things

Smart home

Bandwidth allocation

Software defined networking

以SDN為基礎之自動化防火牆：規則學習、入侵偵測與多路頻寬負載平衡器之實作 / SDN based Automatic Firewall for Rules Learning, IDS and Multi-WAN Load Balancer

王昌弘, Wang, Chang Hung

Unknown Date

防火牆是現今網路中的重要設備，負責區隔內部網路和公共網路，維護內部網路安全。然而防火牆也存在幾個重要的問題，首先，防火牆的規則是由網管人員設定，近年來隨著網路科技蓬勃發展、虛擬技術大量應用，此項工作已帶給網管人員龐大的負擔。其次，防火牆雖可隔離外部網路，阻擋有害流量，但對內部網路的防範卻毫無用武之地。目前市面上普遍使用入侵偵測系統(IDS)進行偵測，但僅能在發現攻擊行為後發出警告訊息，無法即時處理。最後，企業在連外網路部分，通常採用多條線路進行備援，並倚賴多路頻寬負載平衡器(Multi-WAN load balancer)增加頻寬的使用率，但在線路數量上卻受限於廠商所制定之規格，無法彈性調整。而在負載平衡演算法方面，也只能基於網路特徵(IP位置)、權重比例(weight)或是輪詢機制(round robin)，無法依據目前網路狀況做出更好判斷。 為改善上述問題，本論文在軟體定義網路(SDN)環境下，使用交換機取代傳統防火牆設備，透過封包分析與信任觀測區間達到規則學習，並整合Snort入侵偵測系統，透過特徵比對，找出危害網路環境之封包，即時阻擋該危險流量。本論文也提出基於隨需(on demand)概念，動態調整防火牆規則，降低管理人員負擔。最後利用交換機擁有多個實體通訊埠的概念 ，依需求可自由調整對外及對內線路數量，不再受限於廠商規格，取代傳統多路寬頻負載平衡器，建構更彈性的架構。並透過收集交換機上的實體埠與資料流表中的資訊，即時評估網路狀況，加強負載平衡。為驗證本論文所提出之⽅法的有效性，我們使用Linux伺服器架設KVM、OpenvSwitch以及POX控制器實際建構SDN網路環境，透過發送封包對防火牆提出請求，以驗證實驗方法的正確性。 根據實驗結果顯示，本論文所提出之概念均能正確運作，有效降低調整防火牆所需之人工作業。在多路寬頻負載平衡器部分，本研究所提出之負載平衡方法，與round robin負載平衡方法相較之下，在最佳情況下，能有效提升約25%平均頻寬使用率，並降低約17.5%封包遺失率。 / Firewall is an important device that is responsible for securing internal network by separating Internet from Intranet, but here are several existing issues about the firewall. First, the firewall rules are set by the network admistrator manually. Along with the vigorous development of Internet technologies and great amount of applications of virtual technology in recent years. This work burdens the network adminstrator with a heavy workload. Second, the firewall is able to isolate the external network from harmful traffic, however, it can do nothing to the internal network. The common situation is to use IDS to detect the harmful packet, but it can only send an alert message to the adminstrater, no more actions can be done. Finally, most companies use several ISP connections to assure fault tolerance and use Multi-WAN load balancer to integrate those connections to enhance bandwidth utilization. But the number of WAN/LAN ports is set by the manufacturer, and the load balance algorithm is also limited by the manufacturer. It offers only a few algorithms (network-based features, round-robin, etc.), and there is no other way to provide more efficient algorithms. In order to resolve the mentioned problems, we propose an automatic firewall based Software Defined Network (SDN). We use Openflow switches to replace traditional firewalls, the system is able to learn the rules automaticlly by packet analysis during an observation interval. We aslo integrate Snort Intrusion Detection System (IDS) to localize the dangerous packets and block them immediately. Next, we propose an on-demand based dynamic firewall rules adjustment mechanism which is able to reduce management workload. Finally, we implement a Multi-WAN load balancer architecture and provide a more efficient load balance algorithm by collecting port usage and firewall rule information. In order to verify the proposed methods, we implement a SDN environment by using Linux Ubuntu servers with KVM, Open vSwitch and POX controller. According to the experiment result, it proves that the proposed method is able to reduce the firewall configuration effectively. In the Multi-WAN load balancer, experiment results show that our method outperforms round-robin argrithom in terms of average bandwidth utilization and packet loss rate by 25% and 17.5%, respectively.

軟體定義網路

防火牆

入侵偵測系統

多路頻寬負載平衡器

SDN

Firewall

IDS

Multi-WAN Load Balancer

智慧家庭中以SDN結合具服務品質感知排程演算法之效能研究 / Performance study on QoS aware scheduling with SDN for smart homes

王芝吟, Wang, Chin Yin

Unknown Date

隨著物聯網這個萬物連網的概念順勢推動智慧家庭在市場裡蓬勃發展，可預期未來ISP(Internet Service Provider)業者勢必面臨大量智慧家庭中各種不同應用服務互相競爭頻寬資源的情況，甚至遇到網路滿載壅塞時造成應用服務不堪使用的情形。 為改善上述問題，本文以ISP業者管理智慧家庭中眾多的物聯網設備為情境，透過軟體定義網路 (Software Defined Network，SDN)進行頻寬排程配置，排程演算法以可兼顧公平性(fairness)、時間延遲(delay)及應用服務優先權(service priority)的A-MLWDF (Adaptive Modified Largest Weighted Delay First) [7]演算法，確保優先配置頻寬給智慧家庭中優先權較高、時效較為急迫的流量，以降低應用服務的延遲來提升智慧家庭網路之服務品質(Quality of Service，QoS)。 本研究透過OMNet++模擬器建構SDN環境與傳統環境中有眾多物聯網設備之智慧家庭。家中物聯網設備包含M2M (Machine to Machine)和非M2M(non Machine to Machine)裝置，以提供各種智慧家庭應用服務。我們透過SDN架構進行頻寬配置，達到集中式管控家中的頻寬資源，其中排程演算法包括PF、MLWDF、A-MLWDF。實驗結果顯示，以上排程演算法雖然於SDN環境下在公平性與抖動率表現並不顯著，公平性約改善1.6%及抖動率約降低1%左右，但在產能與延遲方面表現較為顯著，能有效提高產能約52%，及降低延遲約 52%。 / With the concept of IoT (Internet of Things) spread rapidly, it is the opportunity to promote smart homes in the expanding market. We can see that the future ISP (Internet Service Provider) has to face a large number of smart homes having bandwidth competition in a variety of different applications and causing application services unavailable due to network congestion.     In order to resolve the above problems, we propose that each ISP (Internet Service Provider) has to manage a large number of IoT devices in a smart home to performs bandwidth scheduling through Software Defined Network (SDN). We choose to use A-MLWDF scheduling algorithm (Adaptive Modified Largest Weighted Delay First) [7] which considers fairness, delay and service priority. A-MLWDF is able to ensure services of higher priority and emergent traffic be allocated bandwidth earlier and greatly reduce delay and thus effectively enhance Quality of Service (QoS) of smart homes.     In this research, we implement a SDN environment by using OMNet++ to simulate the bandwidth competition among smart homes with IoT devices. The IoT devices consists of M2M (Machine to Machine) and non-M2M (non Machine to Machine) devices which offer a variety of intelligent home application services. We configure the bandwidth allocation under SDN control. The scheduling algorithms include PF, MLWDF and A-MLWDF. When the network traffic is congested, SDN can significantly increase throughput and reduce latency compared to traditional network management. The experimental results show that above scheduling algorithms using SDN environment having no significant performance improvements in fairness and jitter. The fairness increases around 1.6% and the jitter reduces around 1%. However, it shows significant improvement on throughout and delay. The throughput increases around 52% and the delay reduces around 52%.

智慧家庭

軟體定義網路

物聯網

頻寬分配

排程演算法

Smart home

Software defined networking (SDN)

Internet of things (IoT)

Resource allocation

Scheduling algorithm