Global ETD Search

11	Encaminhamento por Hardware em Redes Definidas por Software: Avaliação Experimental Utilizando NETFPGA ELLER, A. C. E. 15 April 2016 (has links) Made available in DSpace on 2018-08-02T00:01:09Z (GMT). No. of bitstreams: 1 tese_8238_Dissertac?a?o - Oficial - Ana Carolina Eller.pdf: 6033912 bytes, checksum: 77955cf03532f9ba5a93ffa3a0fbb089 (MD5) Previous issue date: 2016-04-15 / As redes de computadores se tornaram parte essencial da infraestrutura de nossa sociedade, no entanto, o projeto inicial das redes tradicionais não poderia atender os requisitos de todas essas aplicações, pois muitas não foram sequer imaginadas. Como resultado, tem-se um ambiente de redes com pouco suporte e flexibilidade para anteder às novas exigências. Nesse contexto, surgiu, então, um conceito promissor de redes programáveis denominado Redes Definidas por Software (SDN Software Defined Network). SDN separa o plano de controle do plano de dados permitindo aos desenvolvedores programar a rede de acordo com as necessidades de suas aplicações. Além disso, tornou possível a implementação e testes em ambientes reais, inovações tecnológicas para o ambiente de redes sem, para isso, depender dos fabricantes de equipamentos. Este trabalho propõe a utilização de NetFPGAs como ferramenta de encaminhamento em SDN, controlada por um controlador OpenFlow a fim de diminuir o caminho percorrido por um pacote de sua origem ao seu destino. Além disso, propõese utilizar a NetFPGA com OpenFlow para uma implementação de múltiplos caminhos com balanceamento de cargas. Será avaliada, ainda, a influência de tabelas de fluxos na comutação de pacotes comparando um protocolo que utiliza tabelas para encaminhamento (OpenFlow) com um que não utiliza tabelas para este fim (KeyFlow). Redes Redes Definidas por Software OpenFlow KeyFlow
12	Analysis of Topology Poisoning Attacks in Software-Defined Networking Thanh Bui, Tien January 2015 (has links) Software-defined networking (SDN) is an emerging architecture with a great potentialto foster the development of modern networks. By separating the controlplane from the network devices and centralizing it at a software-based controller,SDN provides network-wide visibility and flexible programmability to networkadministrators. However, the security aspects of SDN are not yet fully understood.For example, while SDN is resistant to some topology poisoning attacks inwhich the attacker misleads the routing algorithm about the network structure,similar attacks by compromised hosts and switches are still known to be possible.The goal of this thesis is to thoroughly analyze the topology poisoning attacksinitiated by compromised switches and to identify whether they are a threat toSDN. We identify three base cases of the topology poisoning attack, in which theattack that requires a single compromised switch is a new variant of topologypoisoning. We develop proof-of-concept implementations for these attacks inemulated networks based on OpenFlow, the most popular framework for SDN.We also evaluate the attacks in simulated networks by measuring how muchadditional traffic the attacker can divert to the compromised switches. A widerange of network topologies and routing algorithms are used in the simulations.The simulation results show that the discovered attacks are severe in many cases.Furthermore, the seriousness of the attacks increases according to the number oftunnels that the attacker can fabricate and also depends on the distance betweenthe tunnel endpoints. The simulations indicate that network design can help tomitigate the attacks by, for example, shortening the paths between switches in thenetwork, randomizing regular network structure, or increasing the load-balancingcapability of the routing strategy. Software-defined networking OpenFlow Topology poisoning attack
13	Migração de redes tradicionais para SDN / Migration of traditional networks to SDN Barbosa, Renan Rodrigo 12 December 2018 (has links) Redes Definidas por Software são baseadas em características como separação entre plano de dados e plano de controle, programabilidade e monitoramento dos dispositivos, além de capacidade para teste e experimentação de novos protocolos. Embora boa parte dos conceitos dessas redes tenham sido propostos há mais de vinte e cinco anos, apenas recentemente houve um aumento no interesse pelo tópico. Esse aumento se deve principalmente ao maior poder computacional dos dispositivos e pelo surgimento do protocolo OpenFlow, proposto por um time de pesquisadores de Stanford em 2008 e considerado hoje em dia um padrão para a tecnologia. Embora o tema tenha nascido na academia, a indústria tem abraçado os conceitos e diversos fabricantes têm desenvolvido seus equipamentos com suporte ao OpenFlow. As vantagens trazidas com o OpenFlow como a pa- dronização do protocolo de comunicação entre os planos, capacidade de programação e coleta de métricas e suporte a criação de regras pró-ativas e reativas, por exemplo, fazem com que a migração de uma rede tradicional para esse novo paradigma se torne atraente. Entretanto, tal migração não é trivial. É necessário um planejamento prévio com análise dos riscos e benefícios, precisa haver acompanhamento de cada etapa da execução e validação posterior dos resultados apresentados pela rede migrada. Esta dissertação de mestrado apresenta um estudo sobre migração de tecnologias e protocolos de redes com foco na migração específica de redes tradicionais para SDN, utilizando o OpenFlow como protocolo. É apresentado um mecanismo que é capaz de analisar as configurações dos dispositivos da rede legada e convertê-las para regras de um controlador OpenFlow, possibi- litando a simulação de serviços e funcionalidades e facilitando as primeiras etapas da migração. Experimentos em ambiente de simulação mostram que uma SDN gerenciada pelo controlador confi- gurado com as regras dadas pelo mecanismo tem funcionamento equivalente àquele da rede original, não-SDN, de onde essa configuração foi extraída. / Software Defined Networks are based in characteristics such as detachment between the network data and control planes, network programmability and monitoring of the devices, as well as the ability to test and experiment new protocols. Although much of the concepts of these networks have been proposed more than twenty-five years ago, only recently has there been an interest increase for the topic. This increase is mainly due to the greater computing power of the devices and the emergence of the OpenFlow protocol, proposed by a team of Stanford researchers in 2008 and considered a standard for technology today. Although the theme was born in academia, the industry has embraced the concepts and several manufacturers have developed their equipment with OpenFlow support. The advantages of OpenFlow, such as the standardization of the communication protocol between planes, the ability to program and collect metrics, and the support for the creation of proactive and reactive rules, for example, mean that migration from a traditional network to new paradigm becomes attractive. However, such migration is not trivial. Prior planning is required with risk and benefit analysis, there must be monitoring of each stage of the execution and subsequent validation of the results presented by the migrated network. This dissertation presents a study on the migration of network technologies and protocols with focus on the specific migration of traditional networks to SDN, using OpenFlow as protocol. A mechanism is presented that is able to analyze the legacy network device settings and convert them to OpenFlow controller rules, enabling the simulation of services and features and facilitating the first steps of the migration. Experiments in the simulation environment show that a controller-managed SDN configured with the rules given by the mechanism has equivalent functionality to that of the original, non-SDN network from which this configuration was extracted from. Migração de protocolos de rede Network protocol migration OpenFlow OpenFlow Redes definidas por software Software defined networks
14	MultiFlow: uma solução para distribuição de subfluxos MPTCP em Redes OpenFlow / Multiflow: a solution for distribute MPTC subflows in OpenFlow networks Sandri, Marcus 10 June 2015 (has links) Made available in DSpace on 2016-06-02T19:07:10Z (GMT). No. of bitstreams: 1 SANDRI_Marcus_2015.pdf: 2702736 bytes, checksum: 227059d931183af24cbcab4cc7a1eb19 (MD5) Previous issue date: 2015-06-10 / Financiadora de Estudos e Projetos / This Master s thesis shows a solution for splitting MPTCP subflows in an Openflow network. MPTCP is a network protocol designed to branch a single TCP connection into many subflows. The main idea is to forward subflows th- rough disjointed paths. Commonly, ECMP protocol is adopted together to split flows through distinct paths. Nevertheless, there are many issues that shows that ECMP is not pareto-optimal, such as: ECMP can easily set two subflows from the same TCP connection on the same path and/or set a distinct forward and back forward route to the same subflow. To solve these issues, it is designed MultiFlow, a module which uses a controller for guarantee multipath routing by setting subflows from the same MPTCP connection so that such subflows are forwarded through distinct paths. MultiFlow is evaluated in experimentation where is analyzed throughput and resilience comparing it with Spanning-Tree (STP) and ECMP. The experiments were done by using Mininet: An OpenFlow emulator for experimenting with a set of topologies. / Esta dissertação apresenta uma solução para distribuir subfluxos Multipath-TCP (MPTCP) em redes OpenFlow. MPTCP é um protocolo desenvolvido para derivar um fluxo TCP em diversos subfluxos e estes serem roteados por caminhos disjuntos ao longo da rede. Convencionalmente, adota-se em conjunto o protocolo Equal-Cost Multipath (ECMP), do qual distribui fluxos de todos os tipos de protocolos ao longo de uma rede com múltiplos caminhos. Entretanto, existem diversas questões que mostram que o ECMP não é um protocolo altamente eficiente. Dentre elas, o ECMP comumente pode alocar dois subfluxos de uma mesma conexão em um mesmo caminho e/ou distribuir um caminho de ida diferente do caminho de volta. A fim de solucionar estes problemas, é desenvolvido o MultiFlow, um módulo para o controlador POX a fim de garantir que subfluxos pertencentes a uma mesma conexão MPTCP possam ser encaminhados em caminhos disjuntos, em uma rede OpenFlow. MultiFlow é validado em experimentos de desempenho onde são analisados taxa de transferência (throughput) e resiliência em experimentos comparativos com os protocolos Spanning-Tree (STP) e ECMP. Para isso, utilizamos o Mininet: Um emulador de rede OpenFlow que permite a criação de diferentes topologias para experimentação. MultiFlow MPTCP Multipath-TCP OpenFlow SDN MultiFlow SDN OpenFlow Multipath-MPTCP
15	Wi-Flow: uma arquitetura baseada em SDN para o gerenciamento e mobilidade em redes Wi-Fi com suporte à autenticação 802.1x ALBUQUERQUE JÚNIOR, Edivaldo Cavalcante de 30 August 2016 (has links) Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-04-19T14:37:00Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Proposta de dissertação - Completa - vFinal_entrega.pdf: 3978842 bytes, checksum: bfd74789ed1d6b8fb83c52919ed64fe3 (MD5) / Made available in DSpace on 2017-04-19T14:37:00Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Proposta de dissertação - Completa - vFinal_entrega.pdf: 3978842 bytes, checksum: bfd74789ed1d6b8fb83c52919ed64fe3 (MD5) Previous issue date: 2016-08-30 / As redes corporativas têm evoluído para um ambiente heterogêneo (rede sem fio e cabeada). Estas redes consideram a autenticação do usuário um elemento primordial para garantir níveis adequados de segurança no acesso aos serviços estratégicos da organização. Nas instituições de ensino e pesquisa, o sistema federado baseado na autenticação 802.1x chamado Eduroam (Education Roaming) permite que estudantes e pesquisadores obtenham conectividade sem fio utilizando as mesmas credenciais de suas instituições em qualquer lugar do mundo com suporte a este sistema. Contudo, a qualidade de serviço (QoS) percebida pelo usuário pode ser degradada quando da necessidade de mudança do ponto de acesso sem fio (handover) devido à mobilidade e necessidade de reautenticação de uma sessão em andamento. Apesar das inúmeras soluções existentes na literatura para o gerenciamento de mobilidade, o suporte à autenticação do usuário no processo de handover é um aspecto negligenciado. Esta dissertação propõe um arcabouço para o gerenciamento integrado de redes cabeadas e sem fio baseado em software de código aberto e de baixo custo. A proposta visa tornar o gerenciamento mais simples e centralizado utilizando o paradigma de redes definidas por software (SDN – Software Defined Networking) através do protocolo OpenFlow (OF). Via interface Web é possível obter informações da rede, gerenciar fluxos e controladores OF, criar slices de rede e aplicar políticas de QoS. No contexto do gerenciamento de mobilidade, a proposta implementa e avalia uma estratégia de cache de autenticação que otimiza a qualidade de experiência (QoE) durante o processo de handover e ambiente com autenticação 802.1x/Eduroam. A avaliação foi realizada num ambiente de experimentação e a proposta obteve como resultados os seguintes ganhos: 15,8% na vazão, 25% no atraso médio e 20,5% no PSNR em relação ao cenário de não utilização da proposta de cache de autenticação. Os resultados obtidos demonstram a aplicabilidade da proposta no gerenciamento mobilidade seguro, bem como sua eficácia no suporte aos requisitos de QoS/QoE para sessões de tráfego de vídeo de usuários móveis. / Corporate networks have evolved into a heterogeneous environment (wired and wireless networks). These networks consider user authentication as a key element to ensure adequate levels of security access to the organization's strategic services. In educational and research institutions, the federated system based on 802.1x authentication called Eduroam (Education Roaming) allows students and researchers to gain wireless connectivity using the same credentials of their institutions anywhere in the world that supports this system. However, the quality of service (QoS) perceived by the user can be degraded when they need to change the wireless access point (handover) due to mobility and re-authenticate a session in progress. Despite numerous existing solutions in the literature for mobility management, support for user authentication in the handover process is a neglected aspect. This dissertation proposes a framework for the integrated management of wired and wireless networks based on low cost and open source software. The proposal aims to make simpler and centralized management using the SDN (Software Defined Networking) paradigm via OpenFlow protocol (OF). Through web interface is possible to obtain information from the network, manage flows and OF controllers, create network slices, and apply QoS policies. In the mobility management context, this proposal implements and evaluates a strategy that improves the quality of experience (QoE) environment with 802.1x authentication / Eduroam. In the evaluated experimental environments, the proposed technique achieved gains up to 15.8% on throughput, 25% on average delay and 20.5% on PSNR in comparison to the baseline scenario without authentication cache. Thus, the obtained results demonstrate the applicability of the integrated network management, as well as its effectiveness in supporting of QoS / QoE requirements for video traffic sessions of the mobile users. Gerenciamento de Rede Eduroam Handover OpenFlow SDN QoS QoE Network Manager Eduroam Handover OpenFlow SDN QoS QoE
16	Gestion dynamique et évolutive de règles de sécurité pour l'Internet des Objets / Dynamic and scalable management of security rules for the Internet of Things Mahamat charfadine, Salim 02 July 2019 (has links) Avec l'évolution exponentielle de l'Internet des Objets (IoT), assurer la sécurité des réseaux est devenue un grand défi pour les administrateurs réseaux. La sécurité des réseaux est basée sur de multiples équipements indépendants tels que Firewall, IDS/IPS, NAC dont le rôle principal est de contrôler les informations échangées entre le réseau de l'entreprise et l'extérieur. Or, l'administration de ces équipements peut s'avérer très complexe et fastidieuse si elle est réalisée manuellement, équipement après équipement. L'introduction du concept de Software Defined Networking (SDN) depuis ces dernières années, et du protocole OpenFlow, offre beaucoup d'opportunités pour l'amélioration de la sécurité des réseaux en proposant une administration centralisée et programmable.Dans le cadre de cette thèse, nous avons proposé une nouvelle approche de sécurisation des échanges dans un réseau en fonction des événements détectés et de manière automatisée. Cette solution basée sur l'approche SDN couplé avec un système de détection d'intrusion permet d’analyser, de détecter et de supprimer des menaces de sécurité dans un réseau et de manière automatisée. En implémentant cette solution, nous contribuons à faire évoluer la manière de sécuriser les échanges dans un réseau avec du SDN couplé avec un IDS à travers la mise en place d'une architecture réelle de cas d'usage. Ainsi, la gestion de la sécurité du réseau devient simplifiée, dynamique et évolutive. / With the exponential evolution of the Internet of Things (IoT), ensure the network security has become a big challenge for networkadministrators. Traditionally, the network security is based on multiple independent devices such as firewall, IDS/IPS, NAC where the main role is to monitor the information exchanged between the inside and the outside perimeters of the enterprises networks. However, the administration of these network devices can be complex and tedious with an independent manual configuration. Recently, with the introduction of the Software Defined Networking concept (SDN) and the OpenFlow protocol offers many opportunities by providing a centralized and programmable network administration.As part of this research work, we proposed a new approach to secure the network traffic flows exchanges based on a method of events detection, in an automated manner. This solution is based on the SDN approach coupled to an intrusion detection system which allows analyze, detect and remove security threats. With the implementation, we contribute to change the paradigm of secure the network traffic flows exchanges using the SDN principle, coupled with an IDS in a real use case architecture. In this way, the management of network security becomes simplified, dynamic and scalable. IoT Sdn Sécurité OpenFlow Firewall Ids/ips IoT Sdn Security OpenFlow Firewall Ids/ips 004.6
17	OpenFlow Switching Performance using Network Simulator - 3 Sriram Prashanth, Naguru January 2016 (has links) Context. In the present network inventive world, there is a quick expansion of switches and protocols, which are used to cope up with the increase in customer requirement in the networking. With increasing demand for higher bandwidths and lower latency and to meet these requirements new network paths are introduced. To reduce network load in present switching network, development of new innovative switching is required. These required results can be achieved by Software Define Network or Traditional layer-3 technologies.Objectives. In this thesis, the end to end (e2e) transmission performance of OpenFlow and Layer-3 switches and their dynamic characteristics are investigated using network simulation.Methods. To replicate real life network topology and evaluate e2e transmission performance, a simulation based test-bed is implemented for both OpenFlow switch and layer-3 switch. The test beds are implemented using Network Simulator-3 (NS3). A two-tire network topology is designed with specified components for performance evaluation.Results. The performance metrics like throughput, average delay, simulation time and Packet Delivery Ratio (PDR) are measured, results are analyzed statistically and are compared. The behavior of network traffic in both the topologies are understood using NS-3 and explained further in the thesis.Conclusions. The analytical and statistical results from simulation show that OpenFlow switching performs relatively better than layer-3 switching. OpenFlow switch. Layer-3 switch Network Simulator-3 SDN
18	Improving the performance of software-defined networks using dynamic flow installation and management techniques Isaia, Philippos January 2018 (has links) As computer networks evolve, they become more complex, introducing several challenges in the areas of performance and management. Such problems can lead to stagnation in network innovation. Software Defined Networks (SDN) framework could be one of the best candidates for improving and revolutionising networking by giving the full control to the network administrators to implement new management and performance optimisation techniques. This thesis examines performance issues faced in SDN due to the introduction of the SDN Controller. These issues include the extra delay due to the round-trip time between the switch and the controller as well as the fact that some packets arrive at the destination out-of-order. We propose a novel dynamic flow installation and management algorithm (OFPE) using the SDN protocol OpenFlow, which preserves the controller to a non-overloaded CPU state and allow it to dynamically add and adjust flow table rules to reduce packet delay and out-of-order packets. In addition, we propose OFPEX, an extension to OFPE algorithm that includes techniques for managing multi-switch environments as well as methods that make use of the packets interarrival time in categorising and serving packet flows. Such techniques allow topology awareness, helping the controller to install flow table rules in such a way to form optimal routes for high priority flows thus increasing network performance. For the performance evaluation of the proposed algorithms, both hardware testbed as well as emulation experiments have been conducted. The performance results indicate that OFPE algorithm achieves a significant enhancement in performance in the form of reduced delay by up to 92.56% (depending on the scenario), reduced packet loss by up to 55.32% and reduced out-of-order packets by up to 69.44%. Furthermore, we propose a novel placement algorithm for distributed Mininet implementations which uses weights in order to distribute the experiment components to the appropriately distributed machines. The proposed algorithm uses static code analysis in order to examine the experimental code as well as it measures the capabilities of physical components in order to create a weights table which is then used to distribute the experiment components properly. The performance results of the proposed algorithm evaluation indicated reductions in delay and packet loss of up to 65.51% and 86.35% respectively, as well as a decrease in the standard deviation of CPU usage by up to 88.63%. These results indicate that the proposed algorithm distributes the experiment components evenly across the available resources. Finally, we propose a series of Benchmarking tests that can be used to rate all the available SDN experimental platforms. These tests allow the selection of the appropriate experimental platform according to the scenario needs as well as they indicate the resources needed by each platform.
19	CloudMAC Frame Prioritization : QoS and routing of IEEE802.11 frames in a Opendaylight controlled network / CloudMAC Ram Prioritering : Prioritering and dirigering av IEEE802.11 ramar i ett OpenDaylight kontrolleratnätverk Joakim, Carlsson January 2015 (has links) Wireless networks are common in large organisations that can cover multiple floors and buildings. Wireless networks become expensive as they grow and more control and coordination is needed to operate and management them. This thesis describes how CloudMAC, a software defined networking solution (SDN), were implemented in OpenDaylight Hydrogen, a SDN controller. CloudMAC reduces complexity in large wireless local area networks. CloudMAC splits access points (AP) into, a physical (accesses the wireless medium) and a logical (handles the processing of data) part. These two part are then placed in different locations in a wired network. The parts are connected by making tunnels through the network. Some of the communications in wireless networks are time sensitive. Such time sensitive communication is easily disturbed during congestion. To improve CloudMAC, quality of service (QoS) was implemented. QoS was used both in the wired network and in accessing the wireless medium. Evaluations shows how to evaluate queues utilization and performance. IEEE 802.11 IEEE 802.11e IEEE 802.11ae CloudMAC OpenFlow OpenDaylight
20	EQUILIBRANDO ENERGIA, REDUNDÂNCIA E DESEMPENHO EM REDES DE CENTROS DE DADOS DEFINIDAS POR SOFTWARE Araújo, Antônio Cleber de Sousa 07 October 2017 (has links) Submitted by Diogo Barreiros (diogo.barreiros@ufba.br) on 2017-06-02T16:07:58Z No. of bitstreams: 1 Dissertação_Cleber_Final.pdf: 7551475 bytes, checksum: 81ec53d1cfbee023ecc28745db6472a1 (MD5) / Approved for entry into archive by Vanessa Reis (vanessa.jamile@ufba.br) on 2017-06-06T14:17:04Z (GMT) No. of bitstreams: 1 Dissertação_Cleber_Final.pdf: 7551475 bytes, checksum: 81ec53d1cfbee023ecc28745db6472a1 (MD5) / Made available in DSpace on 2017-06-06T14:17:04Z (GMT). No. of bitstreams: 1 Dissertação_Cleber_Final.pdf: 7551475 bytes, checksum: 81ec53d1cfbee023ecc28745db6472a1 (MD5) / Os grandes centros de dados atuais tipicamente adotam redund^ancia de servidores e equipamentos de comunica c~ao para aumento de sua con abilidade e disponibilidade. Infraestrutura altamente redundante, contudo, consiste num dos desa os da area devido ao alto consumo de energia. Esta disserta c~ao apresenta a BEEP, uma estrat egia energeticamente e ciente para redes de centro de dados de nidas por software, baseadas na topologia Fat-Tree. Nossa estrat egia, implementada atrav es de uma rede OpenFlow faz uso de m ultiplos caminhos, atrav es do MultiPath TCP { MPTCP e da vis~ao global oferecida por controladores de uma rede de nida por software, para equilibrar e ci^encia energ etica, n vel de redund^ancia dos equipamentos e ganho de desempenho no atendimento as demandas de tr afego. Para alcan car este equil brio, a BEEP procura fazer com que o tr afego de comunica c~ao seja enviado o mais r apido poss vel, utilizando-se da maior quantidade poss vel de caminhos distintos existentes entre a origem o destino de uma comunica c~ao. Desta forma, as interfaces dos comutadores permanecem em estado ocioso na maior parte do tempo e, assim, o consumo energ etico e reduzido. Resultados experimentais em variantes da topologia Fat-Tree demonstraram ganhos de e ci^encia energ etica com a estrat egia na ordem de 21% a 47%, em compara c~ao a outras estrat egias (ECO-RP e GreenCloud), al em de melhoria na utiliza c~ao da largura de banda dispon vel, conforme haja mais caminhos alternativos dispon veis em todos os cen arios avaliados. Al em de construir a BEEP, as demais contribui c~oes trazidas por esta disserta c~ao s~ao: i) o desenvolvimento de um ambiente de prototipa c~ao de aplica c~oes de TCP de m ultiplos caminhos em redes de nidas por software, capaz de mensurar e validar novas propostas para economia de energia baseada em elementos de uma rede de centro de dados; e ii) uma avalia c~ao experimental do TCP de m ultiplos caminhos implementado atrav es de redes de nidas por software para redes de centro de dados. Centro de Dados MultiPath TCP Redes Definidas por Software OpenFlow

Search results