A Study of Partitioning and Parallel UDF Execution with the SAP HANA Database

Große, Philipp, May, Norman, Lehner, Wolfgang

08 July 2014

Large-scale data analysis relies on custom code both for preparing the data for analysis as well as for the core analysis algorithms. The map-reduce framework offers a simple model to parallelize custom code, but it does not integrate well with relational databases. Likewise, the literature on optimizing queries in relational databases has largely ignored user-defined functions (UDFs). In this paper, we discuss annotations for user-defined functions that facilitate optimizations that both consider relational operators and UDFs. We believe this to be the superior approach compared to just linking map-reduce evaluation to a relational database because it enables a broader range of optimizations. In this paper we focus on optimizations that enable the parallel execution of relational operators and UDFs for a number of typical patterns. A study on real-world data investigates the opportunities for parallelization of complex data flows containing both relational operators and UDFs.

UDF

Datenbanken

Optimierung

SAP HANA

benutzerdefinierte Funktionen

UDF

Database

Optimization

SAP HANA

user-defined functions

ddc:004

rvk:SS 5514

MULTIPLE CHANNEL COHERENT AMPLITUDE MODULATED (AM) TIME DIVISION MULTIPLEXING (TDM) SOFTWARE DEFINED RADIO (SDR) RECEIVER

Alluri, Veerendra Bhargav

01 January 2008

It is often required in communication and navigation systems to be able to receive signals from multiple stations simultaneously. A common practice to do this is to use multiple hardware resources; a different set of resources for each station. In this thesis, a Coherent Amplitude Modulated (AM) receiver system was developed based on Software Defined Radio (SDR) technology enabling reception of multiple signals using hardware resources needed only for one station. The receiver system architecture employs Time Division Multiplexing (TDM) to share the single hardware resource among multiple streams of data. The architecture is designed so that it can be minimally modified to support any number of stations. The Verilog Hardware Description Language (HDL) was used to capture the receiver system architecture and design. The design and architecture are initially validated using HDL post-synthesis and post-implementation simulation. In addition, the receiver system architecture and design were implemented to a Xilinx Field Programmable Gate Array (FPGA) technology prototyping board for experimental testing and final validation.

Physical Layer Approach for Securing RFID Systems

Kaleem, Muhammad Khizer

January 2013

Radio Frequency IDentification (RFID) is a contactless, automatic identification wireless technology primarily used for identifying and tracking of objects, goods and humans. RFID is not only limited to identification and tracking applications. This proliferating wireless technology has been deployed in numerous securities sensitive applications e.g. access control, e-passports, contactless payments, driver license, transport ticking and health cards. RFID inherits all the security and privacy problems that are related to wireless technology and in addition to those that are specific to RFID systems. The security and privacy protection schemes proposed in literature for wireless devices are mostly secured through symmetric/asymmetric keys encryption/decryption and hash functions. The security of all these cryptographic algorithms depends on computationally complex problems that are hard to compute using available resources. However, these algorithms require cryptographic operations on RFID tags which contradict the low cost demand of RFID tags. Due to limited number of logic gates in tags, i.e., 5K-10K, these methods are not practical. Much research effort has done in attempt to solve consumer's privacy and security problem. Solutions that prevent clandestine inventory are mostly application layer techniques. To solve this problem, a new RFID physical layer scheme has been proposed namely Direct Sequence Backscatter Encryption (DSB Enc). The proposed scheme uses level generator to produce different levels before transmitting the signal to the tag. The tag response to the signal sent by the reader using backscatter communications on the same signal which looks random to the eavesdropper. Therefore eavesdropper cannot extract the information from reader to tag and tag to reader communication using passive eavesdropping. As reader knows the different generated levels added to the carrier signal, it can remove the levels and retrieve the tag's messages. We proposed a lightweight, low-cost and practically secure physical layer security to the RFID system, for a supply chain processing application, without increasing the computational power and tag's cost. The proposed scheme was validated by simulations on GNU Radio and experimentation using SDR and a WISP tag. Our implementation and experimental results validate that DSB Enc is secure against passive eavesdropping, replay and relay attacks. It provides better results in the presence of AWGN channel.

DSB Enc

RFID

USRP

SDR

GNU Radio

Level generator

Physical layer encryption

Software Defined Radio

Intel WISP tag

GRC

Security

Security challenges within Software Defined Networks

Sund, Gabriel, Ahmed, Haroon

January 2014

A large amount of today's communication occurs within data centers where a large number of virtual servers (running one or more virtual machines) provide service providers with the infrastructure needed for their applications and services. In this thesis, we will look at the next step in the virtualization revolution, the virtualized network. Software-defined networking (SDN) is a relatively new concept that is moving the field towards a more software-based solution to networking. Today when a packet is forwarded through a network of routers, decisions are made at each router as to which router is the next hop destination for the packet. With SDN these decisions are made by a centralized SDN controller that decides upon the best path and instructs the devices along this path as to what action each should perform. Taking SDN to its extreme minimizes the physical network components and increases the number of virtualized components. The reasons behind this trend are several, although the most prominent are simplified processing and network administration, a greater degree of automation, increased flexibility, and shorter provisioning times. This in turn leads to a reduction in operating expenditures and capital expenditures for data center owners, which both drive the further development of this technology. Virtualization has been gaining ground in the last decade. However, the initial introduction of virtualization began in the 1970s with server virtualization offering the ability to create several virtual server instances on one physical server. Today we already have taken small steps towards a virtualized network by virtualization of network equipment such as switches, routers, and firewalls. Common to virtualization is that it is in early stages all of the technologies have encountered trust issues and general concerns related to whether software-based solutions are as rugged and reliable as hardware-based solutions. SDN has also encountered these issues, and discussion of these issues continues among both believers and skeptics. Concerns about trust remain a problem for the growing number of cloud-based services where multitenant deployments may lead to loss of personal integrity and other security risks. As a relatively new technology, SDN is still immature and has a number of vulnerabilities. As with most software-based solutions, the potential for security risks increases. This thesis investigates how denial-of-service (DoS) attacks affect an SDN environment and a single-threaded controller, described by text and via simulations. The results of our investigations concerning trust in a multi-tenancy environment in SDN suggest that standardization and clear service level agreements are necessary to consolidate customers’ confidence. Attracting small groups of customers to participate in user cases in the initial stages of implementation can generate valuable support for a broader implementation of SDN in the underlying infrastructure. With regard to denial-of-service attacks, our conclusion is that hackers can by target the centralized SDN controller, thus negatively affect most of the network infrastructure (because the entire infrastructure directly depends upon a functioning SDN controller). SDN introduces new vulnerabilities, which is natural as SDN is a relatively new technology. Therefore, SDN needs to be thoroughly tested and examined before making a widespread deployment. / Dagens kommunikation sker till stor del via serverhallar där till stor grad virtualiserade servermiljöer förser serviceleverantörer med infrastukturen som krävs för att driva dess applikationer och tjänster. I vårt arbete kommer vi titta på nästa steg i denna virtualiseringsrevolution, den om virtualiserade nätverk. mjukvarudefinierat nätverk (eng. Software-defined network, eller SDN) kallas detta förhållandevis nya begrepp som syftar till mjukvarubaserade nätverk. När ett paket idag transporteras genom ett nätverk tas beslut lokalt vid varje router vilken router som är nästa destination för paketet, skillnaden i ett SDN nätverk är att besluten istället tas utifrån ett fågelperspektiv där den bästa vägen beslutas i en centraliserad mjukvaruprocess med överblick över hela nätverket och inte bara tom nästa router, denna process är även kallad SDN kontroll. Drar man uttrycket SDN till sin spets handlar det om att ersätta befintlig nätverksutrustning med virtualiserade dito. Anledningen till stegen mot denna utveckling är flera, de mest framträdande torde vara; förenklade processer samt nätverksadministration, större grad av automation, ökad flexibilitet och kortare provisionstider. Detta i sin tur leder till en sänkning av löpande kostnader samt anläggningskostnader för serverhallsinnehavare, något som driver på utvecklingen. Virtualisering har sedan början på 2000-talet varit på stark frammarsch, det började med servervirtualisering och förmågan att skapa flertalet virtualiserade servrar på en fysisk server. Idag har vi virtualisering av nätverksutrustning, såsom switchar, routrar och brandväggar. Gemensamt för all denna utveckling är att den har i tidigt stadie stött på förtroendefrågor och överlag problem kopplade till huruvida mjukvarubaserade lösningar är likvärdigt robusta och pålitliga som traditionella hårdvarubaserade lösningar. Detta problem är även något som SDN stött på och det diskuteras idag flitigt bland förespråkare och skeptiker. Dessa förtroendefrågor går på tvären mot det ökande antalet molnbaserade tjänster, typiska tjänster där säkerheten och den personliga integriten är vital. Vidare räknar man med att SDN, liksom annan ny teknik medför vissa barnsjukdomar såsom kryphål i säkerheten. Vi kommer i detta arbete att undersöka hur överbelastningsattacker (eng. Denial-of-Service, eller DoS-attacker) påverkar en SDN miljö och en singel-trådig kontroller, i text och genom simulering. Resultatet av våra undersökningar i ämnet SDN i en multitenans miljö är att standardisering och tydliga servicenivåavtal behövs för att befästa förtroendet bland kunder. Att attrahera kunder för att delta i mindre användningsfall (eng. user cases) i ett inledningsskede är också värdefullt i argumenteringen för en bredare implementering av SDN i underliggande infrastruktur. Vad gäller DoS-attacker kom vi fram till att det som hackare går att manipulera en SDN infrastruktur på ett sätt som inte är möjligt med dagens lösningar. Till exempel riktade attacker mot den centraliserade SDN kontrollen, slår man denna kontroll ur funktion påverkas stora delar av infrastrukturen eftersom de är i ett direkt beroende av en fungerande SDN kontroll. I och med att SDN är en ny teknik så öppnas också upp nya möjligheter för angrepp, med det i åtanke är det viktigt att SDN genomgår rigorösa tester innan större implementation.

Software Defined Networks (SDN)

network security

denial of service

distributed denial of service

multi-tenancy

mjukvarudefinierat nätverk

nätverkssäkerhet

överbelastningsattack

distribuerad överbelastningsattack

multitenans

Πειραματική αξιολόγηση μηχανισμού ανάκτησης ρυθμού συμβόλων για δορυφορικούς δέκτες

Παπαδήμα, Ελισσάβετ

03 October 2011

Η παρούσα διπλωματική εργασία αφορά στην πειραματική αξιολόγηση του μηχανισμού ανάκτησης ρυθμού συμβόλου για ψηφιακούς δέκτες τεχνολογίας SDR που λαμβάνουν δεδομένα μέσω δορυφόρου. Η ορολογία SDR/SR (Software Defined Radio/Software Radio) χρησιμοποιείται για να χαρακτηρίσει τους πομποδέκτες που μπορούν να καθορίζουν σημαντικές παραμέτρους τους και βασικές αρχές της λειτουργίας τους μέσω αναβάθμισης ή ενημέρωσης του λογισμικού τους. Ο μηχανισμός ανάκτησης του ρυθμού συμβόλου (Symbol Timing Recovery, STR) αναπτύχθηκε στα πλαίσια της διδακτορικής διατριβής του διδάκτορος Παναγιώτη Σαββόπουλου. Η παρούσα εργασία μελετά τη σύγκλιση του βρόχου υπό συνθήκες παραμένοντος σφάλματος συχνότητας καθώς επίσης και τον προσδιορισμό του λόγου σήματος προς θόρυβο στην έξοδο του βρόχου κάνοντας χρήση ενός νέου μεγέθους, metric, το οποίο έχει εισαχθεί στα πλαίσια της προαναφερθείσας διδακτορικής διατριβής, υπό συνθήκες λευκού Gaussian θορύβου. Το μέγεθος αυτό είναι σε θέση να δώσει αξιόπιστα αποτελέσματα στις ενδιάμεσες υπομονάδες του δέκτη υπό συνθήκες παραμένοντος σφάλματος συχνότητας. Στην παρούσα εργασία μελετώνται οι QPSK, 8PSK, 16-APSK και 32-APSK διαμορφώσεις διότι αυτές οι διαμορφώσεις χρησιμοποιούνται από το πρότυπο DVB-S2. / The purpose of this project is the experimental evaluation of a mechanism for the symbol timing recovery which is used in digital Software Defined Radio receivers. SDR/SR (Software Defined Radio/Software Radio) technology is used to characterise the transmitters and the receivers which are able to determine important parameters and basic primciples for their function through upgrade or briefing of their software. The symbol timing recovery mechanism (STR) was developped in terms of the doctora of dr Panagiotis Savopoylos. The precent project examines the loop’s convergence when there is frequency error as well as the signal to noise ratio in the output of STR with the use of a new size, metric, which was also developped in terms of the doctora which was mentioned before, when there is white Gaussian noise. The metric is able to give reliable results in the intermediate stages of the receiver when there is frequency error. In the precent project are examined the QPSK, 8PSK,16-APSK, 32-APSK modulations because these modulations are used in DVB-S2 standard.

621.382 5

Symbol timing recovery (STR)

Previdência social : diagnósticos e impacto da nova previdência complementar dos servidores públicos federais no Brasil

Weber, Carlos Augusto Pereira

January 2016

O objetivo deste trabalho é verificar o impacto na alteração do regime previdenciário de repartição para um modelo misto, através da criação do fundo complementar previdenciário para os novos servidores federais no Brasil. O estudo apresenta os diagnósticos e os conceitos e modelos de previdência adotados no Brasil e sintetiza as experiências de países latino-americanos que reformaram seus respectivos regimes previdenciários com a finalidade de reduzir o déficit com os inativos. No caso brasileiro, após a promulgação da Constituição Federal de 1988 foram editadas duas Emendas Constitucionais (a de nº 20 de 1998 e a de nº 41 de 2003) que possibilitaram a criação, em 2012, da entidade fechada de previdência complementar, para os novos servidores públicos federais, chamada FUNPRESP. O estudo conclui que com o surgimento deste fundo, será possível equalizar os valores dos benefícios pagos entre os regimes geral e próprio. Nesse sentido, o teto dos benefícios de aposentadorias pagos do regime próprio dos servidores federais estará indexado ao valor do teto do regime geral de previdência social. Assim, caso o servidor decida suplementar ganhos acima deste teto, para fins de aposentadoria, ele deverá aderir ao fundo e contribuir, sobre o salário participação, em uma conta individualizada. Desta forma, o governo buscou garantir equidade nos pagamentos de benefícios entre os regimes de previdência geral e próprio, além de tentar reduzir o déficit das contas públicas previdenciárias no longo prazo. / The objective of the present paper is to check the impact on changing from the actual social security of federal pensions to a mixed model, through a creation of a defined contribution pension plan for new federal public employees in Brazil. The study show off diagnostics and exhibit the concepts of pension models adopted in Brazil and brief international experiences of countries that have altered their social pension schemes in Latin America, with object to reduce government deficits of inactive. In the Brazilian case, after the Federal Constitution of 1988, Constitutional Amendments were enacted (nº 20 of 1998 and nº 41 of 2003) which enabled the creation, in 2012, of a complementary retirement plan for new federal public employees, called FUNPRESP. The study concludes than with the emergence of this fund, it will be possible to equalize the amounts of benefits paid between pension schemes. Thereby, the remuneration limit of the benefits paid to the actual system of federal employees pensions will be indexed to the remuneration limit of the general social security. Therefore, if the public employee decides complement gains above this compensation limit, for pension purposes, they should choose to contribute with a quota to an individualized pension plan. So, the government tried to ensure equity in benefit payments between the pension schemes, as well as tried to reduce the deficit of the social security public finances in the long term.

Previdência social

Previdência complementar

Servidor público

Reforma previdenciária

Social security

Pension schemes

Defined contribution pension plan

FUNPRESP

SDN-aware framework for the management of cooperative WLANs/WMNs

Sajjadi Torshizi, Seyed Dawood

07 January 2019

Drastic growth and chaotic deployment of Wireless Local Area Networks (WLANs) in dense urban areas are some of the common issues of many Internet Service Providers (ISPs) and Wi-Fi users. These issues result in a substantial reduction of the throughput and impede the balanced distribution of bandwidth among the users. Most of these networks are using unmanaged consumer-grade Access Points (APs) and there is no cooperation among them. Moreover, the conventional association mechanism that selects APs with the strongest Received Signal Strength Indicator (RSSI) aggravates this situation. In spite of all these challenges, there is a great opportunity to build cooperative overlay networks among the APs that are owned by different ISPs, companies or individuals in dense urban areas. In fact, ISPs can distribute the resources among their customers in a cooperative fashion using a shared overlay platform which is constructed on top of the existing infrastructures. This approach helps the ISPs with efficient utilization of their resources and promoting the Quality of their Services (QoS). For instance, cooperative association control among the APs of different ISPs enables them to alleviate the drastic impact of interference in populated areas and improves the network throughput. Indeed, all Wi-Fi customers can associate to the APs from different ISPs and it leads to the construction of a large unified WLAN that expands the network coverage, significantly. Moreover, it results in a notable reduction of deployment costs and enhancement of customer satisfaction. Hence, as one of the key contributions of this dissertation, a cooperative framework for fine-grained AP association in dense WLANs is presented. On top of this framework, a thorough formulation and a heuristic solution to solve the aforementioned problems are introduced. The key enabler of the proposed solution is Software Defined Networking (SDN) which not only gives us an exceptional level of granularity but also empowers us to utilize high-performance computing resources and more sophisticated algorithms. Also, over the past few years, some of the largest cellular operators restricted their unlimited data plans and proposed tiered charging plans enforced by either strict throttling or large overage fees. While cellular operators are trying to guarantee the QoS of their services in a cost-effective and profitable manner, WLANs and Wi-Fi Mesh Networks (WMNs) as viable complements can be used to form a multihop backhaul connection between the access and the core networks. Indeed, the utilization of WMNs provides an opportunity to achieve a high network capacity and wide coverage by the employment of inexpensive commercial off-the-shelf products. Moreover, by bridging the WMNs and cellular networks, and the fine-grained traffic engineering of network flows, it is possible to provide a cost-effective Internet access solution for people who cannot afford the high cost of data plans. However, there are certain requirements in terms of QoS for different services over multi-hop backhaul networks. In addition, the process of service provisioning in WMNs incorporates tightly correlated steps, including AP association, gateway selection, and backhaul routing. In most of the prior studies, these steps were investigated as independent NP-hard problems and no unified formulation that considers all these steps (at different tiers of WMNs) has been presented. Hence, as another contribution of this dissertation, a structured and thorough scheme to address the demands of end-users over SDN-aware WMNs is introduced. In contrast to most of the former work, this scheme takes the key characteristics of wireless networks into account, especially for Multi-Channel Multi-Radio WMNs. The proposed solution can be applied to the large-scale scenarios and finds a near-optimal solution in polynomial time. Furthermore, since the presented solution may split the packets of a single flow among multiple paths for routing and there are non-trivial drawbacks for its implementation, a randomized single-path flow routing for SDN-aware WMNs is introduced. The randomized nature of the introduced solution avoids the complexities of implementing a multi-path flow routing and it presents a viable routing scheme that guarantees certain performance bounds. The functionality and performance of all the presented solutions have been assessed through extensive numerical results and real testbed experimentations as a proof of concept. It is important to note that the solutions presented in this dissertation can be utilized to provide a large variety of services for Wi-Fi users, while they guarantee different QoS metrics. / Graduate

SDN

WLAN

WMN

Wireless Networks

Software Defined Networking

Wireless Mesh Networks

AP Association

Flow Routing

Gateway Selection

Previdência social : diagnósticos e impacto da nova previdência complementar dos servidores públicos federais no Brasil

Weber, Carlos Augusto Pereira

January 2016

O objetivo deste trabalho é verificar o impacto na alteração do regime previdenciário de repartição para um modelo misto, através da criação do fundo complementar previdenciário para os novos servidores federais no Brasil. O estudo apresenta os diagnósticos e os conceitos e modelos de previdência adotados no Brasil e sintetiza as experiências de países latino-americanos que reformaram seus respectivos regimes previdenciários com a finalidade de reduzir o déficit com os inativos. No caso brasileiro, após a promulgação da Constituição Federal de 1988 foram editadas duas Emendas Constitucionais (a de nº 20 de 1998 e a de nº 41 de 2003) que possibilitaram a criação, em 2012, da entidade fechada de previdência complementar, para os novos servidores públicos federais, chamada FUNPRESP. O estudo conclui que com o surgimento deste fundo, será possível equalizar os valores dos benefícios pagos entre os regimes geral e próprio. Nesse sentido, o teto dos benefícios de aposentadorias pagos do regime próprio dos servidores federais estará indexado ao valor do teto do regime geral de previdência social. Assim, caso o servidor decida suplementar ganhos acima deste teto, para fins de aposentadoria, ele deverá aderir ao fundo e contribuir, sobre o salário participação, em uma conta individualizada. Desta forma, o governo buscou garantir equidade nos pagamentos de benefícios entre os regimes de previdência geral e próprio, além de tentar reduzir o déficit das contas públicas previdenciárias no longo prazo. / The objective of the present paper is to check the impact on changing from the actual social security of federal pensions to a mixed model, through a creation of a defined contribution pension plan for new federal public employees in Brazil. The study show off diagnostics and exhibit the concepts of pension models adopted in Brazil and brief international experiences of countries that have altered their social pension schemes in Latin America, with object to reduce government deficits of inactive. In the Brazilian case, after the Federal Constitution of 1988, Constitutional Amendments were enacted (nº 20 of 1998 and nº 41 of 2003) which enabled the creation, in 2012, of a complementary retirement plan for new federal public employees, called FUNPRESP. The study concludes than with the emergence of this fund, it will be possible to equalize the amounts of benefits paid between pension schemes. Thereby, the remuneration limit of the benefits paid to the actual system of federal employees pensions will be indexed to the remuneration limit of the general social security. Therefore, if the public employee decides complement gains above this compensation limit, for pension purposes, they should choose to contribute with a quota to an individualized pension plan. So, the government tried to ensure equity in benefit payments between the pension schemes, as well as tried to reduce the deficit of the social security public finances in the long term.

Previdência social

Previdência complementar

Servidor público

Reforma previdenciária

Social security

Pension schemes

Defined contribution pension plan

FUNPRESP

Network programming as a service : an innovation friendly business model / Programabilidade de redes como serviço : um modelo de negócios propício à inovação

Jesus, Wanderson Paim de

January 2014

As redes de computadores têm evoluído para acomodar uma grande variedade de serviços, tais como streaming de vídeos de alta qualidade e entrega de conteúdo sensível a atrasos. Estes serviços têm aumentado a demanda por recursos não originalmente considerados na Internet. Com a promessa de atender novas demandas de rede rapidamente, pesquisadores propuseram Redes Programáveis, nas quais o comportamento dos dispositivos de rede pode ser alterado utilizando aplicativos. Entretanto, tal comportamento pode não ser um consenso entre usuários da rede. O surgimento de Redes Virtualizadas superou tal questão, ao permitir a coexistência de múltiplas redes virtuais sobre a mesma infraestrutura física. A fim de se obter redes virtuais isoladas com comportamento programável, foram propostas as Redes Virtuais Programáveis (RVP). Diante dessa nova realidade, os administradores de rede não estão mais olhando unicamente para dispositivos de rede. Eles estão olhando para um sistema composto de dispositivos e aplicativos de rede que definem o comportamento individual de cada rede virtual. Isso requer não apenas novas ferramentas e abordagens de gerenciamento, além disso, exige a revisão de conceitos tradicionais sobre redes. Implementações de RVP são encontradas principalmente em testbeds e ambientes de Computação em Nuvem. Testbeds são muito propícios à inovação, mas possuem fortes limitações no que diz respeito a migração de soluções experimentais para produção. Por outro lado, computação em nuvem é um ótimo ambiente de produção, mas possui restrições de flexibilidade e inovação, uma vez que as soluções de rede adotadas geralmente são proprietárias. Portanto, nesta dissertação introduz-se um novo modelo de negócio que permite a criação de soluções inovadoras em ambientes de produção, a Programabilidade de Redes como um Serviço (NPaaS). Diferente do modelo de negócio de redes tradicionais, onde os usuários finais são apenas consumidores dos serviços de rede já disponíveis, em NPaaS os usuários finais também são capazes de desenvolver e implantar novas soluções de rede. Para apoiar NPaaS, propõe-se uma plataforma de gerenciamento de rede virtual programável, chamada ProViNet. Essa plataforma fornece a arquitetura de software e estratégias necessárias para permitir a implantação e gestão NPaaS. Uma avaliação qualitativa do modelo de negócio NPaaS foi realizada, o resultado foi contrastado com alguns dos modelos de negócio praticados atualmente. Assim, enfatizando a singularidade do NPaaS. Enquanto isso, uma avaliação experimental foi realizada para demonstrar a viabilidade da plataforma ProViNet. Os resultados mostraram que NPaaS representa uma alternativa promissora para ambientes de rede virtual com acesso público, como as nuvens públicas. Além disso, uma avaliação quantitativa do protótipo da plataforma demonstrou a viabilidade técnica e provou que aplicativos de rede desenvolvidos usando BPMN são capazes de executar com desempenho aceitáveis. / Computer networks have evolved to accommodate a wide variety of services, such as streaming of high quality videos and delay-sensitive content delivery. These services have increased the demand for features not originally considered in the Internet. Aiming to address novel network demands quickly, some researchers proposed Programmable Networks, in which network devices behavior can be changed using applications. Notwithstanding, such behavior might not be a consensus between computer network stakeholders. The emergence of Virtualized Networks overcame this issue by allowing the coexistence of multiple virtual networks on the same physical infrastructure. Finally, the convergence of programmability and virtualization techniques are explored within a third concept, the Programmable Virtual Networks (PVN). Faced with this new reality, network administrators are no longer just looking at network devices. They are looking at a system made of virtual devices and applications that define each virtual network behavior. This requires not just new tools and management approaches, over and above that, requires new thinking. PVN deployments are found mostly in shared experimental facilities (also known as testbeds) and Cloud Computing environments. Testbeds are very innovation friendly, but with strong limitations in regards to taking experimental solutions to production. On the other hand, Cloud computing is a great production environment, but presents flexibility and innovation restrictions once network solutions adopted are usually proprietary. Therefore, in this dissertation it is introduced Network Programming as a Service (NPaaS), a new business model that aims to facilitate the conduct of innovative solutions for production environments. Different from traditional network business models, where end-users are just consumers of network services already available, in NPaaS, end-users are also able to develop and deploy novel network solutions. To support NPaaS, Programmable Virtual Network management platform is proposed. Such platform, named ProViNet, provides all architectural and technical features necessary to enable NPaaS deployment and management. A qualitative evaluation of the NPaaS business model was performed, and the result was contrasted with some of the current models, thus, emphasizing the singularity of NPaaS. In the meanwhile, an experimental evaluation was conducted to demonstrate the feasibility of ProViNet platform. Results have shown that NPaaS represent a promising alternative for virtual network environments with public access such as public clouds. Moreover, a quantitative evaluation of the platform prototype demonstrated the technical feasibility and proved that network applications developed using BPMN are able to run with acceptable performance rates.

Redes : Computadores

Computação em nuvem

Gerencia : Redes : Computadores

Network virtualization

Network programmability

Software defined networking

Cloud computing

Survivor : estratégias de posicionamento de controladores orientadas à sobrevivência em redes definidas por software / Survivor : enhanced controller placement strategies for improving sdn survivability

Müller, Lucas Fernando

January 2014

O paradigma SDN simplifica o gerenciamento da rede ao concentrar todas as tarefas de controle em uma única entidade, o controlador. Nesse modo de operação, os dispositivos de encaminhamento só funcionam de forma completa enquanto conectados a um controlador. Neste contexto, a literatura recente identificou questões fundamentais, como o isolamento de dispositivos em função de disrupções na rede e a sobrecarga de um controlador, e propôs estratégias de posicionamento do controlador para enfrentá-las. Contudo, as propostas atuais têm limitações cruciais: (i) a conectividade dispositivo-controlador é modelada usando um único caminho, ainda que na prática possam ocorrer múltiplas conexões concorrentes; (ii) alterações no comportamento da chegada de novos fluxos são manipulados sob demanda, assumindo que a rede em si pode sustentar altas taxas de requisição; e (iii) mecanismos de recuperação de falhas requerem informações pré-definidas, que, por sua vez, não são otimizadas. Esta dissertação apresenta Survivor, uma nova abordagem de posicionamento do controlador para redes WAN que visa enfrentar esses desafios. A abordagem trata três aspectos de forma explícita durante o projeto da rede: a conectividade, a capacidade e a recuperação. Além disso, tais aspectos são planejados para dois estados distintos da rede: pré e pós-disrupção. Em outras palavras, a rede é configurada da melhor forma tanto para operação normal, quanto para operação após eventos de disrupção. Para este fim, a abordagem é dividida em duas etapas. A primeira define o posicionamento de instâncias do controlador, enquanto a segunda especifica uma lista de controladores de backup para cada dispositivo na rede. Ademais, são desenvolvidas duas estratégias com base na abordagem Survivor. A primeira, implementada em Programação Linear Inteira, garante uma solução ótima a um custo computacional alto. A segunda, implementada através de heurísticas, fornece soluções sub-ótimas a um custo computacional muito mais baixo. Comparações com o estado-da-arte mostram que a abordagem Survivor provê ganhos significativos na sobrevivência (identificado na probabilidade mais baixa de perda de conectividade) e no estado convergente da rede através de mecanismos de recuperação mais inteligentes. / The SDN paradigm simplifies network management by focusing all control tasks into a single entity, the controller. In this way, forwarding devices can only operate correctly while connected to a logically centralized controller. Within this context, recent literature identified fundamental issues, such as device isolation due to disruptions in the network and controller overload, and proposed controller placement strategies to tackle them. However, current proposals have crucial limitations: (i) device-controller connectivity is modeled using single paths, yet in practice multiple concurrent connections may occur; (ii) peaks in the arrival of new flows are only handled on-demand, assuming that the network itself can sustain high request rates; and (iii) failover mechanisms require predefined information which, in turn, has been overlooked. This dissertation presents Survivor, a novel controller placement approach for WAN networks that addresses these challenges. The approach explicitly considers the following three aspects in the network design process: connectivity, capacity and recovery. Moreover, these aspects are planned for two distinct states of the network: pre and postdisruption. In other words, the network is configured optimally for both normal operation and for operation after disruption events. To this end, the approach is divided into two steps. The first defines the positioning of the controller instances, and the second specifies a list of backup controllers for each device on the network. Moreover, two strategies based on Survivor are developed. The first strategy, implemented with Integer Linear Programming, guarantees an optimal solution with a high computational cost. The second strategy, implemented using heuristics, provides sub-optimal solutions with a much lower computational cost. Comparisons to the state-of-the-art show that the Survivor approach provides significant increases in network survivability (identified with the lowest probability of connectivity loss) and converged network state through smarter recovery mechanisms.

Redes : Computadores

Gerencia : Redes : Computadores

Software defined networking

Controller placement problem

OpenFlow

Optimization

Algorithms

Resilient

Network survivability

Security