Towards a Traffic-aware Cloud-native Cellular Core

Amit Kumar Sheoran (11184387)

26 July 2021

<div>Advances in virtualization technologies have revolutionized the design of the core of cellular networks. However, the adoption of microservice design patterns and migration of services from purpose-built hardware to virtualized hardware has adversely affected the delivery of latency-sensitive services.</div><div><br></div><div>In this dissertation, we make a case for cloud-native (microservice container packaged) network functions in the cellular core by proposing domain knowledge-driven, traffic-aware, orchestration frameworks to make network placement decisions. We begin by evaluating the suitability of virtualization technologies for the cellular core and demonstrating that container-driven deployments can significantly outperform other virtualization technologies such as Virtual Machines for control and data plane applications.</div><div><br></div><div>To support the deployment of latency-sensitive applications on virtualized hardware, we propose using Virtual Network Function (VNF) bundles (aggregates) to handle transactions. Specifically, we design Invenio to leverage a combination of network traces and domain knowledge to identify VNFs involved in processing a specific transaction, which are then collocated by a traffic-aware orchestrator. By ensuring that a user request is processed by a single aggregate of collocated VNFs, Invenio can significantly reduce end-to-end latencies and improve user experience.</div><div><br></div><div>Finally, to understand the challenges in using container-driven deployments in real-world applications, we develop and evaluate a novel caller-ID spoofing detection solution in Voice over LTE (VoLTE) calls. Our proposed solution, NASCENT, cross validates the caller-ID used during voice-call signaling with a previously authenticated caller-ID to detect caller-ID spoofing. Our evaluation with traditional and container-driven deployments shows that container-driven deployment can not only support complex cellular services but also outperform traditional deployments.</div><div><br></div>

Computer Communications Networks

Telecommunications

Network Functions Virtualization

Network Placement

Availability-Aware Resource Allocation for Containerized Network Functions

Huang, Zhuonan

31 May 2021

Deploying virtual network functions (VNFs) such as WAN accelerators, network address translators (NATs) and 5G functions at the network edge (NE) can significantly reduce the experienced latency of delay-ultrasensitive applications (e.g., autonomous vehicles and Internet of things). Nonetheless, a major challenge to their anticipated large-scale deployment is the ability to efficiently allocate and manage the scarce NE resources hosting these functions. In this thesis, we describe a novel containerized infrastructure manager (cIM) that extends current managers, such as Kubernetes, with the necessary building blocks to provide an accurate yet elastic resource allocation service to containerized VNFs at scale. The proposed cIM treats the main modules of the VNFs, i.e., the containerized VNF components (cNFCs), as atomic special-purpose functions that can be rapidly deployed to form complex network services. The main component of the proposed cIM, the resource reservation manager (RRM), employs concepts of risk pooling in the insurance industry to accurately reserve the needed resources for the hosting containers. More precisely, to meet anticipated cNFCs demand fluctuation, the RRM accurately reserves a quota of additional resources that are shared by the containerized functions collected together in clusters. The reserved quota of resources ensures the desired availability level of the cNFCs without over-provisioning the scarce resources of the NE. The RRM considers three different situations namely that of a cNFC instance, a cluster of cNFCs or multiple cNFC clusters sharing the reserved resources. Different allocation approaches are then presented for each of these three situations. Simulation experiments are conducted to evaluate the performance of our reservation schemes from different aspects. The corresponding experimental results demonstrate that our proposed cIM can significantly improve the performance of the cNFCs and guarantee their desired availability with minimal resource reservation. Optimal allocation solutions of the resource pools are further proposed considering the desired availability level and the limit of resource pools. The evaluation results demonstrate that our optimization models and solutions obtain the best performance of relevant testing parameters, e.g., availability.

Virtual network functions

Containers

Resource reservation

Statistical modelling

Availability

Taming NFV orchestration using decentralised cognitive components / Orquestrador NFV descentralizado baseado em raciocínio BDI

Schardong, Frederico

January 2018

Network Functions Virtualisation (NFV) separa as funções de rede dos dispositivos físicos, simplificando a implantação de novos serviços. As típicas funções de rede, como firewalls, aceleradores de tráfego, sistemas de detecção de intrusão e sistemas de prevenção de intrusões, são tradicionalmente realizadas por equipamentos físicos proprietários, que devem ser instalados manualmente pelos operadores de rede. A implantação de equipamentos físicos é desafiadora porque eles têm requisitos específicos de encadeamento e ordenação. Ao contrário dos equipamentos físicos tradicionais, as funções de rede virtuais (VNFs) podem ser dinamicamente implementadas e reconfiguradas sob demanda, colocando desafios de gerenciamento rigorosos aos sistemas em rede. A seleção das VNFs mais apropriadas para atingir um objetivo específico e a decisão sobre onde implantar essas VNFs e por quais caminhos elas se comunicarão são responsabilidades de um orquestrador de NFV. Nesta dissertação, propomos orquestrar VNFs usando componentes cognitivos interativos estruturados com a arquitetura belief-desire-intention (BDI), levando a soluções emergentes para enfrentar os desafios da rede. A arquitetura BDI inclui um ciclo de raciocínio que fornece aos agentes um comportamento racional, permitindo que lidem com diferentes cenários nos quais o comportamento flexível e inteligente é necessário. Estendemos a arquitetura NFV substituindo seu orquestrador centralizado por agentes BDI. Nossa proposta inclui um protocolo de leilão reverso e uma nova heurística de licitação que permite que os agentes tomem decisões sobre as tarefas de orquestração. Por fim, nós fornecemos uma plataforma de testes que integra uma plataforma para o desenvolvimento de agentes BDI com um emulador de rede, permitindo que os agentes controlem as VNFs e percebam a rede. Essa plataforma de testes é usada para implementar VNFs e avaliar empiricamente nosso modelo teórico em um ataque de negação de serviço distribuído. Os resultados da avaliação mostram que uma solução para o ataque DDoS surge através da negociação de agentes, mitigando com sucesso o ataque. / Network Functions Virtualisation (NFV) decouples network functions from physical devices, simplifying the deployment of new services. Typical network functions, like firewalls, traffic accelerators, intrusion detection systems and intrusion prevention systems, are traditionally performed by proprietary physical appliances, which must be manually installed by network operators. Their deployment is challenging because they have specific chaining requirements. As opposed to traditional physical appliances, virtual network functions (VNFs) can be dynamically deployed and reconfigured on demand, posing strict management challenges to networked systems. The selection of the most appropriate VNFs to achieve a particular objective, the decision on where to deploy these VNFs and through which paths they will communicate are the responsibilities of an NFV orchestrator. In this dissertation, we propose to orchestrate VNFs using interacting cognitive components structured with the belief-desire-intention (BDI) architecture, leading to emergent solutions to address network challenges. The BDI architecture includes a reasoning cycle, which provides agents with rational behaviour, allowing agents to deal with different scenarios in which flexible and intelligent behaviour is needed. We extend the NFV architecture, replacing its centralised orchestrator with BDI agents. Our proposal includes a reverse auction protocol and a novel bidding heuristic that allow agents to make decisions regarding the orchestration tasks. Finally, we provide a testbed that integrates a platform for developing BDI agents with a network emulator, allowing agents to control VNFs and perceive the network. This testbed is used to implement VNFs and empirically evaluate our theoretical model in a distributed denial-of-service (DDoS) attack. The evaluation results show that a solution to the DDoS attack emerges through the negotiation of agents, successfully mitigating the attack.

Redes : Computadores

virtualização

Banco : Dados

Network Functions Virtualisation

BDI Architecture

Multi-agent Systems

Interactive visualizations for management of NFV-enabled networks / Visualizações interativas para gerenciamento de funções de rede virtualizada

Franco, Muriel Figueredo

January 2017

A Virtualização de Funções de Rede (Network Functions Virtualization - NFV) está mudando o paradigma das redes de telecomunicações. Esta nova tecnologia permite diversas oportunidades de inovações e possibilita o desenvolvimento de novos modelos de negócio. Em relação às redes NFV, os provedores de serviços têm a oportunidade de criar modelos de negócio que permitam aos clientes contratarem Funções de Rede Virtualizadas (Virtual Network Functions - VNFs) que proveem diferentes serviços de rede (e.g., Firewall, NAT e transcoders). Porém, nestes modelos, a quantidade de informações a serem gerenciadas cresce rapidamente. Baseado nisso, os operadores de rede devem ser capazes de entender e manipular uma grande quantidade de informação para gerenciar, de forma efetiva, as redes NFV. Para enfrentar esse problema, introduzimos uma plataforma de visualização denominada VISION, a qual tem como principal objetivo ajudar os operadores de rede na identificação da causa raiz de problemas em NFV. Para isso, propusemos: (i) uma abordagem para coleta e organização de dados do ambiente NFV gerenciado; (ii) cinco diferentes visualizações que auxiliam nas tarefas de gerenciamento de NFV como, por exemplo, no processo de identificação de problemas em VNFs e no planejamento de negócios e (iii) um modelo baseado em templates que suporta o desenvolvimento e o reuso de visualizações. Para fins de avaliação desta dissertação, foi desenvolvido um protótipo da plataforma VISION e de todas as visualizações propostas. Após, conduzimos um conjunto de casos de estudo para prover evidências sobre a viabilidade e utilidade de nossas visualizações. Os diferentes casos analisados, abordam por exemplo, a identificação de problemas na alocação de VNFs que estão impactando no desempenho do serviço oferecido e também na investigação de prioridades de investimento para suprir as demandas dos clientes da rede. Por fim, apresentamos uma avaliação de usabilidade realizada juntamente a especialistas em redes de computadores para avaliar os recursos e benefícios da plataforma VISION. Os resultados obtidos demonstram que nossas visualizações possibilitam ao operador de rede um rápido e fácil acesso às informações importantes para o gerenciamento de redes NFV, assim facilitando a obtenção de insights para a identificação de problemas complexos no contexto de redes NFV. Além disso, os resultados demonstram uma avaliação positiva por especialistas sobre os aspectos gerais de usabilidade do protótipo desenvolvido. / Network Functions Virtualization (NFV) is driving a paradigm shift in telecommunications networks and computer networks, by fostering new business models and creating innovation opportunities. In NFV-enabled networks, service providers have the opportunity to build a business model where tenants can purchase Virtual Network Functions (VNFs) that provide distinct network services and functions (e.g., Firewall, NAT, and transcoders). However, the amount of managed data grows in a fast pace. The network operator must understand and manipulate many data to effectively manage the network. To tackle this problem, we introduce VISION, a platform based on visualizations techniques to help network operators to determine the cause of not obvious problems. For this, we provide: (i) an approach to collect and organize data from the NFV environments; (ii) five distinct visualizations that can aid in NFV management tasks, such as in the process of identifying VNFs problems and planning of NFV-enabled businesses; and (iii) a template model that supports new visualization applications. To evaluate our work, we implemented a prototype of VISION platform and each of the proposed visualizations. We then conducted distinct case studies to provide evidence of the feasibility of our visualizations. These case studies cover different scenarios, such as the identification of misplacement of VNFs that are generating bottlenecks in a forwarding graph and the investigation of investment priorities to supply tenants demands. Finally, we present a usability evaluation with network operators to indicate the benefits of the VISION platform. The results obtained show that our visualizations allow the operator to access relevant information and have insights to identify not obvious problems in the context of NFV-enabled networks. In addition, we received positive feedback about general usability aspects related to our prototype.

Redes : Computadores

Visualizacao : Software

Redes : Gerencia

Network functions virtualization

Network management

Information visualization

Interactive visualizations for management of NFV-enabled networks / Visualizações interativas para gerenciamento de funções de rede virtualizada

Franco, Muriel Figueredo

January 2017

A Virtualização de Funções de Rede (Network Functions Virtualization - NFV) está mudando o paradigma das redes de telecomunicações. Esta nova tecnologia permite diversas oportunidades de inovações e possibilita o desenvolvimento de novos modelos de negócio. Em relação às redes NFV, os provedores de serviços têm a oportunidade de criar modelos de negócio que permitam aos clientes contratarem Funções de Rede Virtualizadas (Virtual Network Functions - VNFs) que proveem diferentes serviços de rede (e.g., Firewall, NAT e transcoders). Porém, nestes modelos, a quantidade de informações a serem gerenciadas cresce rapidamente. Baseado nisso, os operadores de rede devem ser capazes de entender e manipular uma grande quantidade de informação para gerenciar, de forma efetiva, as redes NFV. Para enfrentar esse problema, introduzimos uma plataforma de visualização denominada VISION, a qual tem como principal objetivo ajudar os operadores de rede na identificação da causa raiz de problemas em NFV. Para isso, propusemos: (i) uma abordagem para coleta e organização de dados do ambiente NFV gerenciado; (ii) cinco diferentes visualizações que auxiliam nas tarefas de gerenciamento de NFV como, por exemplo, no processo de identificação de problemas em VNFs e no planejamento de negócios e (iii) um modelo baseado em templates que suporta o desenvolvimento e o reuso de visualizações. Para fins de avaliação desta dissertação, foi desenvolvido um protótipo da plataforma VISION e de todas as visualizações propostas. Após, conduzimos um conjunto de casos de estudo para prover evidências sobre a viabilidade e utilidade de nossas visualizações. Os diferentes casos analisados, abordam por exemplo, a identificação de problemas na alocação de VNFs que estão impactando no desempenho do serviço oferecido e também na investigação de prioridades de investimento para suprir as demandas dos clientes da rede. Por fim, apresentamos uma avaliação de usabilidade realizada juntamente a especialistas em redes de computadores para avaliar os recursos e benefícios da plataforma VISION. Os resultados obtidos demonstram que nossas visualizações possibilitam ao operador de rede um rápido e fácil acesso às informações importantes para o gerenciamento de redes NFV, assim facilitando a obtenção de insights para a identificação de problemas complexos no contexto de redes NFV. Além disso, os resultados demonstram uma avaliação positiva por especialistas sobre os aspectos gerais de usabilidade do protótipo desenvolvido. / Network Functions Virtualization (NFV) is driving a paradigm shift in telecommunications networks and computer networks, by fostering new business models and creating innovation opportunities. In NFV-enabled networks, service providers have the opportunity to build a business model where tenants can purchase Virtual Network Functions (VNFs) that provide distinct network services and functions (e.g., Firewall, NAT, and transcoders). However, the amount of managed data grows in a fast pace. The network operator must understand and manipulate many data to effectively manage the network. To tackle this problem, we introduce VISION, a platform based on visualizations techniques to help network operators to determine the cause of not obvious problems. For this, we provide: (i) an approach to collect and organize data from the NFV environments; (ii) five distinct visualizations that can aid in NFV management tasks, such as in the process of identifying VNFs problems and planning of NFV-enabled businesses; and (iii) a template model that supports new visualization applications. To evaluate our work, we implemented a prototype of VISION platform and each of the proposed visualizations. We then conducted distinct case studies to provide evidence of the feasibility of our visualizations. These case studies cover different scenarios, such as the identification of misplacement of VNFs that are generating bottlenecks in a forwarding graph and the investigation of investment priorities to supply tenants demands. Finally, we present a usability evaluation with network operators to indicate the benefits of the VISION platform. The results obtained show that our visualizations allow the operator to access relevant information and have insights to identify not obvious problems in the context of NFV-enabled networks. In addition, we received positive feedback about general usability aspects related to our prototype.

Redes : Computadores

Visualizacao : Software

Redes : Gerencia

Network functions virtualization

Network management

Information visualization

Interactive visualizations for management of NFV-enabled networks / Visualizações interativas para gerenciamento de funções de rede virtualizada

Franco, Muriel Figueredo

January 2017

A Virtualização de Funções de Rede (Network Functions Virtualization - NFV) está mudando o paradigma das redes de telecomunicações. Esta nova tecnologia permite diversas oportunidades de inovações e possibilita o desenvolvimento de novos modelos de negócio. Em relação às redes NFV, os provedores de serviços têm a oportunidade de criar modelos de negócio que permitam aos clientes contratarem Funções de Rede Virtualizadas (Virtual Network Functions - VNFs) que proveem diferentes serviços de rede (e.g., Firewall, NAT e transcoders). Porém, nestes modelos, a quantidade de informações a serem gerenciadas cresce rapidamente. Baseado nisso, os operadores de rede devem ser capazes de entender e manipular uma grande quantidade de informação para gerenciar, de forma efetiva, as redes NFV. Para enfrentar esse problema, introduzimos uma plataforma de visualização denominada VISION, a qual tem como principal objetivo ajudar os operadores de rede na identificação da causa raiz de problemas em NFV. Para isso, propusemos: (i) uma abordagem para coleta e organização de dados do ambiente NFV gerenciado; (ii) cinco diferentes visualizações que auxiliam nas tarefas de gerenciamento de NFV como, por exemplo, no processo de identificação de problemas em VNFs e no planejamento de negócios e (iii) um modelo baseado em templates que suporta o desenvolvimento e o reuso de visualizações. Para fins de avaliação desta dissertação, foi desenvolvido um protótipo da plataforma VISION e de todas as visualizações propostas. Após, conduzimos um conjunto de casos de estudo para prover evidências sobre a viabilidade e utilidade de nossas visualizações. Os diferentes casos analisados, abordam por exemplo, a identificação de problemas na alocação de VNFs que estão impactando no desempenho do serviço oferecido e também na investigação de prioridades de investimento para suprir as demandas dos clientes da rede. Por fim, apresentamos uma avaliação de usabilidade realizada juntamente a especialistas em redes de computadores para avaliar os recursos e benefícios da plataforma VISION. Os resultados obtidos demonstram que nossas visualizações possibilitam ao operador de rede um rápido e fácil acesso às informações importantes para o gerenciamento de redes NFV, assim facilitando a obtenção de insights para a identificação de problemas complexos no contexto de redes NFV. Além disso, os resultados demonstram uma avaliação positiva por especialistas sobre os aspectos gerais de usabilidade do protótipo desenvolvido. / Network Functions Virtualization (NFV) is driving a paradigm shift in telecommunications networks and computer networks, by fostering new business models and creating innovation opportunities. In NFV-enabled networks, service providers have the opportunity to build a business model where tenants can purchase Virtual Network Functions (VNFs) that provide distinct network services and functions (e.g., Firewall, NAT, and transcoders). However, the amount of managed data grows in a fast pace. The network operator must understand and manipulate many data to effectively manage the network. To tackle this problem, we introduce VISION, a platform based on visualizations techniques to help network operators to determine the cause of not obvious problems. For this, we provide: (i) an approach to collect and organize data from the NFV environments; (ii) five distinct visualizations that can aid in NFV management tasks, such as in the process of identifying VNFs problems and planning of NFV-enabled businesses; and (iii) a template model that supports new visualization applications. To evaluate our work, we implemented a prototype of VISION platform and each of the proposed visualizations. We then conducted distinct case studies to provide evidence of the feasibility of our visualizations. These case studies cover different scenarios, such as the identification of misplacement of VNFs that are generating bottlenecks in a forwarding graph and the investigation of investment priorities to supply tenants demands. Finally, we present a usability evaluation with network operators to indicate the benefits of the VISION platform. The results obtained show that our visualizations allow the operator to access relevant information and have insights to identify not obvious problems in the context of NFV-enabled networks. In addition, we received positive feedback about general usability aspects related to our prototype.

Redes : Computadores

Visualizacao : Software

Redes : Gerencia

Network functions virtualization

Network management

Information visualization

Network Resource Management Using Multi-Agent Deep Reinforcement Learning / マルチエージェント深層強化学習によるネットワーク資源管理

Suzuki, Akito

25 September 2023

京都大学 / 新制・課程博士 / 博士(情報学) / 甲第24940号 / 情博第851号 / 新制||情||142(附属図書館) / 京都大学大学院情報学研究科通信情報システム専攻 / (主査)教授 大木 英司, 教授 原田 博司, 教授 伊藤 孝行 / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DFAM

reinforcement learning

network resource management

network functions virtualization

virtual network allocation

task offloading

007

Efficient Scaling of a Web Proxy Cluster

Zhang, Hao

27 October 2017

With the continuing growth in network traffic and increasing diversity in web content, web caching, together with various network functions (NFs), has been introduced to enhance security, optimize network performance, and save expenses. In a large enterprise network with more than tens of thousands of users, a single proxy server is not enough to handle a large number of requests and turns to group processing. When multiple web cache proxies are working as a cluster, they talk with each other and share cached objects by using internet cache protocol (ICP). This leads to poor scalability. This thesis describes the development of a framework that provides the efficient management of a distributed web cache. A controller is introduced into the cluster of proxy servers and becomes responsible for managing objects shared within the cluster. By obtaining a knowledge of global states from the controller, proxy servers that are working in the group do not need to query its neighbors' storage. This reduces traffic in the cluster and saves the computing resources of associated proxy servers. The evaluation on a caching proxy benchmark has shown that our approach demonstrates a superior scalability in comparison to an ICP web caching cluster.

Distributed Web Cache

Computer Networks

Network Functions

Computer and Systems Architecture

Other Computer Engineering

Security Analysis of a Software Defined Wide Area Network Solution

Rajendran, Ashok

January 2016

Enterprise wide area network (WAN) is a private network that connects the computers and other devices across an organisation's branch locations and the data centers. It forms the backbone of enterprise communication. Currently, multiprotocol label switching (MPLS) is commonly used to provide this service. As a recent alternative to MPLS, software-dened wide area networking (SD-WAN) solutions are being introduced as an IP based cloud-networking service for enterprises. SD-WAN virtualizes the networking service and eases the complexity of conguring and managing the enterprise network by moving these tasks to software and a central controller. The introduction of new technologies causes concerns about their security. Also, this new solution is introduced as a replacement for MPLS, which has been considered secure and has been in use for more than 16 years. Thus, there is a need to analyze the security of SD-WAN, which is the goal of this thesis. In this thesis, we perform a security analysis of a commercial SD-WAN solution, by finding its various attack surfaces, associated vulnerabilities and design weaknesses. We choose Nuage VNS, an SD-WAN product provided by Nuage Networks, as the analysis target. As a result, many attack surfaces and security weaknesses were found and reported, especially in the Customer Premises Equipment (CPE). In particular, we found vulnerabilities in the CPE's secure bootstrapping method and demonstrated some attacks by exploiting them. Finally, we propose mitigation steps to avoid the attacks. The results of this thesis will help both the service provider and the SD-WAN solution vendor to know about the attack surfaces and weaknesses of SD-WAN before o ering it to their customers. We also help in implementing the temporary countermeasures to mitigate the attacks. The results have been presented to the service provider and the vendor of the SD-WAN product.

SD-WAN

Nuage VNS

virtual network functions

security

Engineering and Technology

Teknik och teknologier

Elektroteknik och elektronik

Model based testing techniques for software defined networks / Méthodes de test basées sur les modèles pour la validation des réseaux logiciels (SDN)

Berriri, Asma

22 October 2019

Les réseaux logiciels (connus sous l'éppellation: Software Defined Networking, SDN), qui s'appuient sur le paradigme de séparation du plan de contrôle et du plan d'acheminement, ont fortement progressé ces dernières années pour permettre la programmabilité des réseaux et faciliter leur gestion. Reconnu aujourd'hui comme des architectures logicielles pilotées par des applications, offrant plus de programmabilité, de flexibilité et de simplification des infrastructures, les réseaux logiciels sont de plus en plus largement adoptés et graduellement déployés par l'ensemble des fournisseurs. Néanmoins, l'émergence de ce type d'architectures pose un ensemble de questions fondamentales sur la manière de garantir leur correct fonctionnement. L'architecture logicielle SDN est elle-même un système complexe à plusieurs composants vulnérable aux erreurs. Il est essentiel d'en assurer le bon fonctionnement avant déploiement et intégration dans les infrastructures.Dans la littérature, la manière de réaliser cette tâche n'a été étudiée de manière approfondie qu'à l'aide de vérification formelle. Les méthodes de tests s'appuyant sur des modèles n'ont guère retenu l'attention de la communauté scientifique bien que leur pertinence et l'efficacité des tests associés ont été largement demontrés dans le domaine du développement logiciel. La création d'approches de test efficaces et réutilisables basées sur des modèles nous semble une approche appropriée avant tout déploiement de réseaux virtuels et de leurs composants. Le problème abordé dans cette thèse concerne l'utilisation de modèles formels pour garantir un comportement fonctionnel correct des architectures SDN ainsi que de leurs composants. Des approches formelles, structurées et efficaces de génération de tests sont les principale contributions de la thèse. En outre, l'automatisation du processus de test est mis en relief car elle peut en réduire considérablement les efforts et le coût.La première contribution consiste en une méthode reposant sur l'énumération de graphes et qui vise le test fonctionnel des architectures SDN. En second lieu, une méthode basée sur un circuit logique est développée pour tester la fonctionnalité de transmission d'un commutateur SDN. Plus loin, cette dernière méthode est étendue pour tester une application d'un contrôleur SDN. De plus, une technique basée sur une machine à états finis étendus est introduite pour tester la communication commutateur-contrôleur.Comme la qualité d'une suite de tests est généralement mesurée par sa couverture de fautes, les méthodes de test proposées introduisent différents modèles de fautes et génèrent des suites de tests avec une couverture de fautes guarantie. / Having gained momentum from its concept of decoupling the traffic control from the underlying traffic transmission, Software Defined Networking (SDN) is a new networking paradigm that is progressing rapidly addressing some of the long-standing challenges in computer networks. Since they are valuable and crucial for networking, SDN architectures are subject to be widely deployed and are expected to have the greatest impact in the near future. The emergence of SDN architectures raises a set of fundamental questions about how to guarantee their correctness. Although their goal is to simplify the management of networks, the challenge is that the SDN software architecture itself is a complex and multi-component system which is failure-prone. Therefore, assuring the correct functional behaviour of such architectures and related SDN components is a task of paramount importance, yet, decidedly challenging.How to achieve this task, however, has only been intensively investigated using formal verification, with little attention paid to model based testing methods. Furthermore, the relevance of models and the efficiency of model based testing have been demonstrated for software engineering and particularly for network protocols. Thus, the creation of efficient and reusable model based testing approaches becomes an important stage before the deployment of virtual networks and related components. The problem addressed in this thesis relates to the use of formal models for guaranteeing the correct functional behaviour of SDN architectures and their corresponding components. Formal, and effective test generation approaches are in the primary focus of the thesis. In addition, automation of the test process is targeted as it can considerably cut the efforts and cost of testing.The main contributions of the thesis relate to model based techniques for deriving high quality test suites. Firstly, a method relying on graph enumeration is proposed for the functional testing of SDN architectures. Secondly, a method based on logic circuit is developed for testing the forwarding functionality of an SDN switch. Further on, the latter method is extended to test an application of an SDN controller. Additionally, a technique based on an extended finite state machine is introduced for testing the switch-to-controller communication. As the quality of a test suite is usually measured by its fault coverage, the proposed testing methods introduce different fault models and seek for test suites with guaranteed fault coverage that can be stated as sufficient conditions for a test suite completeness / exhaustiveness.

Modèles formels

Testing

Réseaux logiciels (SDN)

Model based testing

Formal models

Testing

Software defined networking (SDN)

Virtualized network functions