Global ETD Search

21	An Evaluation of SDN Based Network Virtualization Techniques January 2016 (has links) abstract: With the software-defined networking trend growing, several network virtualization controllers have been developed in recent years. These controllers, also called network hypervisors, attempt to manage physical SDN based networks so that multiple tenants can safely share the same forwarding plane hardware without risk of being affected by or affecting other tenants. However, many areas remain unexplored by current network hypervisor implementations. This thesis presents and evaluates some of the features offered by network hypervisors, such as full header space availability, isolation, and transparent traffic forwarding capabilities for tenants. Flow setup time and throughput are also measured and compared among different network hypervisors. Three different network hypervisors are evaluated: FlowVisor, VeRTIGO and OpenVirteX. These virtualization tools are assessed with experiments conducted on three different testbeds: an emulated Mininet scenario, a physical single-switch testbed, and also a remote GENI testbed. The results indicate that network hypervisors bring SDN flexibility to network virtualization, making it easier for network administrators to define with precision how the network is sliced and divided among tenants. This increased flexibility, however, may come with the cost of decreased performance, and also brings additional risks of interoperability due to a lack of standardization of virtualization methods. / Dissertation/Thesis / Masters Thesis Engineering 2016 Computer engineering Computer science network hypervisor network virtualization OpenFlow SDN
22	Seamless Application Delivery Using Software Defined Exchanges Bhat, Divyashri 23 March 2016 (has links) One of the main challenges in delivering content over the Internet today is the absence of a centralized monitoring and control system [38]. Software Defined Networking has paved the way to provide a much needed control over network traffic. OpenFlow is now being standardized as part of the Open Networking Foundation, and Software Defined Exchanges (SDXes) provide a framework to use OpenFlow for multi-domain routing. Prototype deployments of Software Defined Exchanges have recently come into existence as a platform for Future Internet Architecture to eliminate the need for core routing technology used in today’s Internet. In this work, we look at how application delivery, in particular, Dynamic Adaptive Streaming over HTTP (DASH) and Nowcasting take advantage of a Software Defined Exchange. We compare unsophisticated controllers to more sophisticated ones which we call a ”load balancer” and find that implementing a good controller for inter-domain routing can result in better network utilization and application performance. We then design, develop and evaluate a prototype for a Content Distribution Network (CDN) that uses resources at SDXes to provide higher quality bitrates for a DASH client. SDN adaptive streaming OpenFlow content delivery Systems and Communications
23	Tvorba virtuálních síťových topologií pomocí softwarově definovaných sítí / Virtual network topology design based on software defined networks Moravcová, Klára January 2018 (has links) This Diploma thesis deals with virtualization of data networks, but mainly with concept of software-defined networking. Architecture, security risks and differences besides traditional networks are described within SDN framework. Description includes protocol OpenFlow, which is integral part of SDN concept. Brief summary mentions also NFV concept. The goal of this thesis is to determine available solutions, invent laboratory task and compile laboratory manual. Tables with currently available controllers and commutators for SDN were created and pattern of laboratoral task was realized within Mininet emulator and OpenDaylight controller. Laboratoral task itself is designed with aim to apprize students of subject of Network architecture with SDN concept and its real implementation.
24	SD-MCAN: A Software-Defined Solution for IP Mobility in Campus Area Networks Calabrigo, Adam Chase 01 December 2017 (has links) Campus Area Networks (CANs) are a subset of enterprise networks, comprised of a network core connecting multiple Local Area Networks (LANs) across a college campus. Traditionally, hosts connect to the CAN via a single point of attachment; however, the past decade has seen the employment of mobile computing rise dramatically. Mobile devices must obtain new Internet Protocol (IP) addresses at each LAN as they migrate, wasting address space and disrupting host services. To prevent these issues, modern CANs should support IP mobility: allowing devices to keep a single IP address as they migrate between LANs with low-latency handoffs. Traditional approaches to mobility may be difficult to deploy and often lead to inefficient routing, but Software-Defined Networking (SDN) provides an intriguing alternative. This thesis identifies necessary requirements for a software-defined IP mobility system and then proposes one such system, the Software-Defined Mobile Campus Area Network (SD-MCAN) architecture. SD-MCAN employs an OpenFlow-based hybrid, label-switched routing scheme to efficiently route traffic flows between mobile hosts on the CAN. The proposed architecture is then implemented as an application on the existing POX controller and evaluated on virtual and hardware testbeds. Experimental results show that SD-MCAN can process handoffs with less than 90 ms latency, suggesting that the system can support data-intensive services on mobile host devices. Finally, the POX prototype is open-sourced to aid in future research. SDN Networks IP Mobility OpenFlow Digital Communications and Networking
25	Vyvažování zátěže v sítích OpenFlow / Load Balancing in OpenFlow Networks Marciniak, Petr January 2013 (has links) The aim of this thesis is to develop a load balancing tool for OpenFlow networks. Software-defined networking (SDN) principles are introduced (OpenFlow protocol used as an example) and compared to the legacy routing and switching technology. Openflow is the first protocol/API enabling communication between the control and infrastructure planes of the software-defined networking model. Key features of the protocol are described and several OpenFlow controllers are introduced. Current best practices in computer networks load balancing are discussed as well. The load balancing application development process is described including the test laboratory setups - Mininet (SW) and OFELIA (HW). The application test results are evaluated and possible further enhancements to the program are discussed.
26	Performance and Reliability in Open Router Platforms for Software-Defined Networking Tanyingyong, Voravit January 2014 (has links) The unprecedented growth of the Internet has brought about such an enormous impact on our daily life that it is regarded as indispensable in modern era. At the same time, the underlying Internet architecture is still underpinned by principles designed several decades ago. Although IP networking has been proven very successful, it has been considered as the cause to network ossification creating barriers to entry for new network innovations. To support new demands and requirements of the current and the future Internet, solutions for new and improved Internet architectures should be sought. Software-defined networking (SDN), a new modularized network architecture that separates the control plane from the data plane, has emerged as a promising candidate for the future Internet. SDN can be described as flow-based networking, which provides finer granularity while maintaining backward compatibility with traditional IP networking. In this work, our goal is to investigate how to incorporate flow-based networking into open router platforms in an SDN context. We investigate performance and reliability aspects related to SDN data plane operation in software on open source PC-based routers. Our research methodology is based on design, implementation, and experimental evaluation. The experimental platform consists of PC-based routers running open source software in combination with commodity-off-the-shelf (COTS) hardware components. When it comes to performance aspects, we demonstrate that by offloading the lookup from a CPU to a network interface card, the overall performance is improved significantly. For enhanced reliability, we investigate bidirectional forwarding detection (BFD) as a component to realize redundancy with fast failover. We demonstrate that BFD becomes unreliable under high traffic load and propose a solution to this problem by allocating dedicated system resources for BFD control messages. In line with this solution, we extend our architecture for next-generation PC-based routers with OpenFlow support by devising a strategy to efficiently map packet forwarding and application processing tasks onto the multi-core architecture on the PC-based router. This extension would make it possible to integrate BFD effectively into the router platform. Our work demonstrates the potentials of open router platforms for SDN. Our prototypes offer not only high performance with good reliability but also flexibility to adopt new software extensions. Such platforms will play a vital role in advancing towards the future Internet. / <p>QC 20140416</p> performance reliability OpenFlow software-defined networking (SDN) Communication Systems Kommunikationssystem
27	Network AIS-based DDoS attack detection in SDN environments with NS-3 Jevtic, Stefan G. 21 July 2017 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / With the ever increasing connectivity of and dependency on modern computing systems, our civilization is becoming ever more susceptible to cyberattack. To combat this, identifying and disrupting malicious traffic without human intervention becomes essential to protecting our most important systems. To accomplish this, three main tasks for an effective intrusion detection system have been identified: monitor network traffic, categorize and identify anomalous behavior in near real time, and take appropriate action against the identified threat. This system leverages distributed SDN architecture and the principles of Artificial Immune Systems and Self-Organizing Maps to build a network-based intrusion detection system capable of detecting and terminating DDoS attacks in progress. DDoS SDN Software Defined Networking NS-3 OpenFlow
28	Gestion d'une architecture hétérogène distribuée à l'aide du SDN / Management of a heterogeneous distributed architecture with the SDN Gonzalez santamaria, Carlos 19 December 2017 (has links) Les acteurs majeurs d'Internet ont mis en place dans leurs datacenters de plus en plus de virtualisation pour permettre de faire fonctionner plusieurs systèmes d'exploitation simultanément sur un même serveur physique. Cette technologie a permis de faire des économies énergétiques et financières importantes. Elle utilise également au niveau de la recherche depuis peu de temps, en particulier dans le domaine des réseaux. Traditionnellement, ce sont des équipements physiques tels que des commutateurs ou des routeurs qui se chargent du transfert de l'information, à la suite d'une programmation effectuée par les administrateurs. Dorénavant, ces équipements sont également virtualisés et la décision prise pour l'acheminement de l'information se fait de manière logiciel. Des expérimentations de cette technologie de virtualisation du réseau, aussi appelé Software-Defined Network (SDN), ont été mise en place par Google pour relier ses principaux datacenters [1], au travers le monde.Dans le cadre de ce projet, nous présentons une nouvelle architecture basée sur les concepts du SDN, pour les réseaux avec ou sans infrastructure. Cette architecture est composée de réseaux filaires, sans fil et ad-hoc. Elle est ensuite proposée pour intégrer des objets communicants dans un domaine du réseau SDN. Différents domaines sont alors interconnectés pour que la gestion du réseau soit distribuée, sans toutefois réduire le niveau de sécurité. Cette étude propose une nouvelle architecture sécurisée et distribuée pour l'IoT (Internet des Objets). / Recently, the giants of the Internet are adopting every day more and more the benefits of virtualization within the data center. Each virtualized application and its operating system can run simultaneously from one physical device. This technology reduces significantly power consumption, energy consumption, as well as operational cost. Furthermore, not long ago, this promising solution is studied by the research communities to be extended for network virtualization deployment. In traditional network physical device like routers and/or switches are responsible to transfer the information from one point to another, following the instructions previously programmed by a network administrator. At this time, the physical networking devices can be virtualized, providing an intelligent abstraction via virtual network software that makes easy to deploy and manage network resources. The search giant Google has deployed SDN to experiment with the inter-connection between their data center around the world [1].With the exponential growth of devices connected to the Internet, security network is one of the hardest challenge for network managers. Maintaining and securing such large scale and heterogeneous network is a challenging task. In this context, the new networking paradigm, the Software Defined Networking (SDN), introduces many opportunities and provides the potential to overcome those challenges. In our approach, we first propose a new SDN based architecture for networking with or without infrastructure, that we call an SDN domain. This domain includes wired network, wireless network and Ad-Hoc networks. Next, a second architecture includes sensor networks in an SDN-based network and in a domain. Third, interconnecting multiple domains and we describe how we can enhance the security of each domain and how to distribute the security rules in order not to compromise the security of one domain. Finally, we present a new secure and distributed architecture for ad-hoc networks and IoT (Internet of Things). Réseaux ad-Hoc Sdn Openflow Sécurité informatique Cluster Routage Sdn Openflow Grid of Security Network ad-Hoc Cluster Routing 004.6
29	Mitigation of inter-domain Policy Violations at Internet eXchange Points Raheem, Muhammad January 2019 (has links) Economic incentives and the need to efficiently deliver Internet have led to the growth of Internet eXchange Points (IXPs), i.e., the interconnection networks through which a multitude of possibly competing network entities connect to each other with the goal of exchanging traffic. At IXPs, the exchange of traffic between two or more member networks is dictated by the Border gateway Protocol (BGP), i.e., the inter-domain routing protocol used by network operators to exchange reachability information about IP prefix destinations. There is a common “honest-closed-world” assumption at IXPs that two IXP members exchange data traffic only if they have exchanged the corresponding reachability information via BGP. This state of affairs severely hinders security as any IXP member can send traffic to another member without having received a route from that member. Filtering traffic according to BGP routes would solve the problem. However, IXP members can install filters but the number of filtering rules required at a large IXP can easily exceed the capacity of the network devices. In addition, an IXP cannot filter this type of traffic as the exchanged BGP routes between two members are not visible to the IXP itself. In this thesis, we evaluated the design space between reactive and proactive approaches for guaranteeing consistency between the BGP control-plane and the data-plane. In a reactive approach, an IXP member operator monitors, collects, and analyzes the incoming traffic to detect if any illegitimate traffic exists whereas, in a proactive approach, an operator configures its network devices to filter any illegitimate traffic without the need to perform any monitoring. We focused on proactive approaches because of the increased security of the IXP network and its inherent simplified network management. We designed and implemented a solution to this problem by leveraging the emerging Software Defined Networking (SDN) paradigm, which enables the programmability of the forwarding tables by separating the control- and data-planes. Our approach only installs rules in the data-plane that allow legitimate traffic to be forwarded, dropping anything else. As hardware switches have high performance but low memory space, we decided to make also use of software switches. A “heavy-hitter” module detects the forwarding rules carrying most of the traffic and installs them into the hardware switch. The remaining forwarding rules are installed into the software switches. We evaluated the prototype in an emulated testbed using the Mininet virtual network environment. We analyzed the security of our system with the help of static verification tests, which confirmed compliance with security policies. The results reveal that with even just 10% of the rules installed in the hardware switch, the hardware switch directly filterss 95% of the traffic volume with non-uniform Internet-like traffic distribution workloads. We also evaluated the latency and throughput overheads of the system, though the results are limited by the accuracy of the emulated environment. The scalability experiments show that, with 10K forwarding rules, the system takes around 40 seconds to install and update the data plane. This is due to inherent slowness of the emulated environment and limitations of the POX controller, which is coded in Python. / Ekonomiska incitament och behovet av att effektivt leverera Internet har lett till tillväxten av Internet eXchange Points (IXP), dvs de sammankopplingsnät genom vilka en mängd möjligen konkurrerande nätverksenheter förbinder varandra med målet att utbyta trafik. Vid IXPs dikteras utbytet av trafik mellan två eller flera medlemsnät av gränsgatewayprotokollet (BGP), dvs det inter-domänroutingprotokollet som används av nätoperatörer för att utbyta tillgänglighetsinformation om IP-prefixdestinationer. Det finns ett gemensamt antagande om "honest-closed-world" vid IXP, att två IXP-medlemmar endast utbyter datatrafik om de har bytt ut motsvarande tillgänglighetsinformation via BGP. Detta tillstånd försvårar allvarligt säkerheten eftersom varje IXP-medlem kan skicka trafik till en annan medlem utan att ha mottagit en rutt från den medlemmen. Filtrering av trafik enligt BGP-vägar skulle lösa problemet. IXPmedlemmar kan dock installera filter men antalet filtreringsregler som krävs vid en stor IXP kan enkelt överskrida nätverksenheternas kapacitet. Dessutom kan en IXP inte filtrera denna typ av trafik eftersom de utbytta BGP-vägarna mellan två medlemmar inte är synliga för IXP-enheten själv. I denna avhandling utvärderade vi utrymmet mellan reaktiva och proaktiva metoder för att garantera överensstämmelse mellan BGP-kontrollplanet och dataplanet. I ett reaktivt tillvägagångssätt övervakar, samlar och analyserar en inkommande trafik en IXP-medlem för att upptäcka om någon obehörig trafik finns, medan en operatör konfigurerar sina nätverksenheter för att filtrera någon obehörig trafik utan att behöva övervaka. Vi fokuserade på proaktiva tillvägagångssätt på grund av den ökade säkerheten för IXP-nätverket och dess inneboende förenklad nätverkshantering. Vi konstruerade och genomförde en lösning på detta problem genom att utnyttja det nya SDN-paradigmet (Software Defined Networking), vilket möjliggör programmerbarheten hos vidarebefordringsborden genom att separera kontroll- och dataplanerna. Vårt tillvägagångssätt installerar bara regler i dataplanet som tillåter legitim trafik att vidarebefordras, släppa allt annat. Eftersom hårdvaruomkopplare har hög prestanda men lågt minne, bestämde vi oss för att även använda programvaruomkopplare. En "heavy-hitter" -modul detekterar vidarebefordringsreglerna som transporterar större delen av trafiken och installerar dem i hårdvaruomkopplaren. De återstående spolningsreglerna installeras i programvaruomkopplarna. Vi utvärderade prototypen i en emulerad testbädd med hjälp av virtuella nätverksmiljö Mininet. Vi analyserade säkerheten för vårt system med hjälp av statiska verifieringsprov, vilket bekräftade överensstämmelse med säkerhetspolicyerna. Resultaten visar att med bara 10% av de regler som installerats i hårdvaruomkopplaren filtrerar hårdvaruomkopplaren direkt 95% av trafikvolymen med ojämn Internetliknande trafikfördelningsarbete. Vi utvärderade också latens- och genomströmningsomkostnaderna för systemet, även om resultaten begränsas av noggrannheten hos den emulerade miljön. Skalbarhetsexperimenten visar att med 10K-vidarebefordringsregler tar systemet cirka 40 sekunder för att installera och uppdatera dataplanet. Detta beror på inneboende långsamma emulerade miljöer och begränsningar av POX-kontrollern, som kodas i Python. IXP Computer Networks Distributed Systems SDN OpenFlow BGP Open vSwitch Security Firewall Monitoring IXP Datornätverk Distribuerade System SDN OpenFlow BGP Open vSwitch Säkerhet Brandvägg Övervakning Communication Systems Kommunikationssystem
30	libfluid: a lightweight OpenFlow framework / libfluid: a lightweight OpenFlow framework Vidal, Allan 08 April 2015 (has links) Made available in DSpace on 2016-06-02T19:07:11Z (GMT). No. of bitstreams: 1 VIDAL_Allan_2015.pdf: 1070441 bytes, checksum: fc9fafb0854ce0973a039837066393af (MD5) Previous issue date: 2015-04-08 / Redes-definidas por software (SDN) introduzem um paradigma de controle de redes que é centralizado em um software controlador, que se comunica com dispositivos de rede através de protocolos padronizados para configurar suas políticas de encaminhamento. Implementações existentes de protocolos SDN (como OpenFlow) são geralmente construídas para uma plataforma de controlador ou dispositivo de rede e restringem escolhas como linguagem de programação, versões do protocolo a serem usadas e características suportadas. Uma arquitetura de software que permita controladores e dispositivos de rede usarem o protocolo OpenFlow (em versões existentes e futuras) pode beneficiar desenvolvedores de aplicações de redes e fabricantes, reduzindo o esforço de de desenvolvimento. Para este fim, apresentamos libfluid: um arcabouço leve (simples e minimalista) para adicionar suporte a OpenFlow onde ele for necessário. Construímos uma única base de código para implementar suporte ao protocolo de maneira portável, rápida e fácil de usar, um desafio que envolve escolhas de tecnologia, decisões arquiteturais e a definição de uma API mínimalística. A implementação foi testada com sucesso em todos os cenários propostos e contribui com o estado da arte através de alguns novos paradigmas para arcabouços OpenFlow. / Software-defined networking (SDN) introduces a network control paradigm that is centered in controller software that communicates with networking devices via standardized protocols in order to configure their forwarding behavior. Current SDN control protocol implementations (such as OpenFlow) are usually built for one controller or networking device platform, and restrict choices regarding programming languages, protocol versions and feature. A single software architecture that enables controllers and networking devices to use the OpenFlow protocol (for existing and future protocol versions) can benefit network application developers and manufacturers, reducing development effort. Towards this goal, we present libfluid: a lightweight (simple and minimalistic) framework for adding OpenFlow support wherever it is needed. We built a single code base for implementing protocol support in a portable, fast and easy to use manner, a challenge that involved technology choices, architectural decisions and the definition of a minimal API. The implementation was shown to work in all proposed scenarios and contributes to the state-of-the-art with a few novel paradigms for OpenFlow frameworks. computer networks software-defined networks OpenFlow protocol computer networks software-defined networks OpenFlow protocol rede de computador - protocolo Engenharia de software

Search results