Uma arquitetura baseada em políticas para o provimento de QoS utilizando princípios de Autonomic Computing / A policy-based architecture for QoS provisioning using autonomic computing principles

Franco, Theo Ferreira

January 2008

Sistemas corporativos modernos cada vez mais dependentes da rede e a integração de serviços entorno do modelo TCP/IP elevam a exigência de Qualidade de Serviço da infraestrutura de TI. Neste cenário, o dinamismo das redes atuais em conjunto com os novos requisitos de QoS exigem que a infra-estrutura de TI seja mais autônoma e confiável. Para tratar esta questão, o modelo de Gerenciamento de Redes Baseado em Políticas, proposto pelo IETF, vem se consolidando como uma abordagem para controlar o comportamento da rede através do controle das configurações dos seus dispositivos. Porém, o foco deste modelo é o gerenciamento de políticas internas a um domínio administrativo. Esta característica faz com que o modelo possua algumas limitações, tais como a incapacidade de estabelecer qualquer tipo de coordenação entre diferentes PDPs e a impossibilidade de reagir a eventos externos. Visando agregar autonomia ao modelo de gerenciamento baseado em políticas, este trabalho propõe uma arquitetura em camadas que empregue os conceitos de Autonomic Computing relacionados a: i) adaptação dinâmica dos recursos gerenciados em resposta às mudanças no ambiente, ii) integração com sistemas de gerenciamento de outros domínios através do recebimento de notificações destes, iii) capacidade de planejar ações de gerenciamento e iv) promoção de ações de gerenciamento que envolvam mais de um domínio administrativo, estabelecendo uma espécie de coordenação entre PDPs. Para a implementação destes conceitos, a arquitetura prevê o uso de uma camada peerto- peer (P2P) sobre a plataforma de políticas. Desta forma, a partir de uma notificação recebida, a camada P2P planeja ações visando adaptar o comportamento da rede aos eventos ocorridos na infra-estrutura de TI. As ações planejadas traduzem-se em inclusões ou remoções de políticas da plataforma de políticas responsável por gerenciar a configuração dos dispositivos de rede. Para notificações que envolvam recursos de mais de um domínio administrativo, os peers de gerenciamento agem de forma coordenada para implantar as devidas ações em cada domínio. A arquitetura proposta foi projetada com foco em prover QoS em uma rede com suporte à DiffServ, embora acredite-se que a sua estrutura seja genérica o bastante para ser aplicada a outros contextos. Como estudo de caso, foi analisado o emprego da arquitetura em resposta a eventos gerados por uma grade computacional. Foi elaborado ainda um protótipo da arquitetura utilizando o Globus Toolkit 4 como fonte de eventos. / Modern corporative systems becoming more dependent of the network and the integration of services around the TCP/IP model increase the requirement of Quality of Service (QoS) of the IT infrastructure. In this scene, the dynamism of current networks together with the new requirements of QoS demands a more autonomous and reliable IT infrastructure. To address this issue, the model of Police Based Network Management, proposed by IETF, has been consolidated as an approach to control the behavior of the network through the control of the configurations of its devices. However, the focus of this model is the management of the policies internal to an administrative domain. This feature brings some limitations to the model, such as the incapacity to establish any kind of coordination between different PDPs and the impossibility to react to external events. Aiming at to add autonomy to the model of Policy Based Network Management, this work proposes a layered architecture based on the concepts of Autonomic Computing related to: i) the dynamic adaptation of the managed resources in response to changes in the environment, ii) integration with management systems of other domains through the reception of notifications of these systems, iii) ability of planning the management actions and iv) execution of multi-domain management actions, establishing a kind of coordination between PDPs. To implement these concepts, the architecture was designed with a peer-to-peer layer above the policy platform. Thus, from a received notification, the P2P layer plans actions aiming to adapt the network behavior in response to the events occurred in the IT infrastructure. The planned actions are, actually, inclusions or removals of policies in the policy platform responsible for the management of the network devices configuration. For notifications related with resources of more than one administrative domain, the management peers act in a coordinated way in order to establish the suitable actions in each domain. The proposed architecture was designed with focus in providing QoS in a network with support to DiffServ, although we believe that its structure is generic enough to be applied to other contexts. As case study, it was analyzed the use of the architecture in response to events generated by a computational grid. Additionally, a prototype of the architecture was build making use of Globus Toolkit 4 as an event source.

Redes : Computadores

Gerencia : Redes : Computadores

Network management

Autonomic computing

Peer-to-peer networks

Policy based network management

Grid computing

Uma arquitetura baseada em políticas para o provimento de QoS utilizando princípios de Autonomic Computing / A policy-based architecture for QoS provisioning using autonomic computing principles

Franco, Theo Ferreira

January 2008

Sistemas corporativos modernos cada vez mais dependentes da rede e a integração de serviços entorno do modelo TCP/IP elevam a exigência de Qualidade de Serviço da infraestrutura de TI. Neste cenário, o dinamismo das redes atuais em conjunto com os novos requisitos de QoS exigem que a infra-estrutura de TI seja mais autônoma e confiável. Para tratar esta questão, o modelo de Gerenciamento de Redes Baseado em Políticas, proposto pelo IETF, vem se consolidando como uma abordagem para controlar o comportamento da rede através do controle das configurações dos seus dispositivos. Porém, o foco deste modelo é o gerenciamento de políticas internas a um domínio administrativo. Esta característica faz com que o modelo possua algumas limitações, tais como a incapacidade de estabelecer qualquer tipo de coordenação entre diferentes PDPs e a impossibilidade de reagir a eventos externos. Visando agregar autonomia ao modelo de gerenciamento baseado em políticas, este trabalho propõe uma arquitetura em camadas que empregue os conceitos de Autonomic Computing relacionados a: i) adaptação dinâmica dos recursos gerenciados em resposta às mudanças no ambiente, ii) integração com sistemas de gerenciamento de outros domínios através do recebimento de notificações destes, iii) capacidade de planejar ações de gerenciamento e iv) promoção de ações de gerenciamento que envolvam mais de um domínio administrativo, estabelecendo uma espécie de coordenação entre PDPs. Para a implementação destes conceitos, a arquitetura prevê o uso de uma camada peerto- peer (P2P) sobre a plataforma de políticas. Desta forma, a partir de uma notificação recebida, a camada P2P planeja ações visando adaptar o comportamento da rede aos eventos ocorridos na infra-estrutura de TI. As ações planejadas traduzem-se em inclusões ou remoções de políticas da plataforma de políticas responsável por gerenciar a configuração dos dispositivos de rede. Para notificações que envolvam recursos de mais de um domínio administrativo, os peers de gerenciamento agem de forma coordenada para implantar as devidas ações em cada domínio. A arquitetura proposta foi projetada com foco em prover QoS em uma rede com suporte à DiffServ, embora acredite-se que a sua estrutura seja genérica o bastante para ser aplicada a outros contextos. Como estudo de caso, foi analisado o emprego da arquitetura em resposta a eventos gerados por uma grade computacional. Foi elaborado ainda um protótipo da arquitetura utilizando o Globus Toolkit 4 como fonte de eventos. / Modern corporative systems becoming more dependent of the network and the integration of services around the TCP/IP model increase the requirement of Quality of Service (QoS) of the IT infrastructure. In this scene, the dynamism of current networks together with the new requirements of QoS demands a more autonomous and reliable IT infrastructure. To address this issue, the model of Police Based Network Management, proposed by IETF, has been consolidated as an approach to control the behavior of the network through the control of the configurations of its devices. However, the focus of this model is the management of the policies internal to an administrative domain. This feature brings some limitations to the model, such as the incapacity to establish any kind of coordination between different PDPs and the impossibility to react to external events. Aiming at to add autonomy to the model of Policy Based Network Management, this work proposes a layered architecture based on the concepts of Autonomic Computing related to: i) the dynamic adaptation of the managed resources in response to changes in the environment, ii) integration with management systems of other domains through the reception of notifications of these systems, iii) ability of planning the management actions and iv) execution of multi-domain management actions, establishing a kind of coordination between PDPs. To implement these concepts, the architecture was designed with a peer-to-peer layer above the policy platform. Thus, from a received notification, the P2P layer plans actions aiming to adapt the network behavior in response to the events occurred in the IT infrastructure. The planned actions are, actually, inclusions or removals of policies in the policy platform responsible for the management of the network devices configuration. For notifications related with resources of more than one administrative domain, the management peers act in a coordinated way in order to establish the suitable actions in each domain. The proposed architecture was designed with focus in providing QoS in a network with support to DiffServ, although we believe that its structure is generic enough to be applied to other contexts. As case study, it was analyzed the use of the architecture in response to events generated by a computational grid. Additionally, a prototype of the architecture was build making use of Globus Toolkit 4 as an event source.

Redes : Computadores

Gerencia : Redes : Computadores

Network management

Autonomic computing

Peer-to-peer networks

Policy based network management

Grid computing

Policy based network management of legacy network elements in next generation networks for voice services

Naidoo, Vaughn

January 2002

Magister Scientiae - MSc / Telecommunication companies, service providers and large companies are now adapting converged multi-service Next Generation Networks (NGNs). Network management is shifting from managing Network Elements (NE) to managing services. This paradigm shift coincides with the rapid development of Quality of Service (QoS) protocols for IP networks. NEs and services are managed with Policy Based Network Management (PBNM) which is most concerned with managing services that require QoS using the Common Open Policy Service (COPS) Protocol. These services include Voice over IP (VoIP), video conferencing and video streaming. It follows that legacy NEs without support for QoS need to be replaced and/or excluded from the network. However, since most of these services run over IP, and legacy NEs easily supports IP, it may be unnecessary to throw away legacy NEs if it can be made to fit within a PBNM approach. Our approach enables an existing PBNM system to include legacy NEs in its management paradigm. The Proxy-Policy Enforcement Point (P-PEP) and Queuing Policy Enforcement Point (Q-PEP) can enforce some degree of traffic shaping on a gateway to the legacy portion of the network. The P-PEP utilises firewall techniques using the common legacy and contemporary NE management protocol Simple Network Management Protocol (SNMP) while the Q-PEP uses queuing techniques in the form Class Based Queuing (CBQ) and Random Early Discard (RED) for traffic control. / South Africa

Common open policy service

Internet protocol

Legacy

Network element

Next generation network

Policy based network management

Quality of service

Simple network management protocol

Voice over internet protocol

Policy-driven autonomic cyberdefense using software-defined networking / Cyberdefense autonome pilotée par règles à l'aide d'un réseau défini par logiciel

Sahay, Rishikesh

14 November 2017

Les attaques cybernétiques causent une perte importante non seulement pour les utilisateurs finaux, mais aussi pour les fournisseurs de services Internet (FAI). Récemment, les clients des FAI ont été la cible numéro un de cyber-attaques telles que les attaques par déni de service distribué (DDoS). Ces attaques sont favorisées par la disponibilité généralisée outils pour lancer les attaques. Il y a donc un besoin crucial de contrer ces attaques par des mécanismes de défense efficaces. Les chercheurs ont consacré d’énormes efforts à la protection du réseau contre les cyber-attaques. Les méthodes de défense contiennent d’abord un processus de détection, complété par l’atténuation. Le manque d’automatisation dans tout le cycle de détection à l’atténuation augmente les dégâts causés par les cyber-attaques. Cela provoque des configurations manuelles de périphériques l’administrateur pour atténuer les attaques affectent la disponibilité du réseau. Par conséquent, il est nécessaire de compléter la boucle de sécurité avec un mécanisme efficace pour automatiser l’atténuation. Dans cette thèse, nous proposons un cadre d’atténuation autonome pour atténuer les attaques réseau qui visent les ressources du réseau, comme par les attaques exemple DDoS. Notre cadre fournit une atténuation collaborative entre le FAI et ses clients. Nous utilisons la technologie SDN (Software-Defined Networking) pour déployer le cadre d’atténuation. Le but de notre cadre peut se résumer comme suit : d’abord, les clients détectent les attaques et partagent les informations sur les menaces avec son fournisseur de services Internet pour effectuer l’atténuation à la demande. Nous développons davantage le système pour améliorer l’aspect gestion du cadre au niveau l’ISP. Ce système effectue l’extraction d’alertes, l’adaptation et les configurations d’appareils. Nous développons un langage de politique pour définir la politique de haut niveau qui se traduit par des règles OpenFlow. Enfin, nous montrons l’applicabilité du cadre par la simulation ainsi que la validation des tests. Nous avons évalué différentes métriques QoS et QoE (qualité de l’expérience utilisateur) dans les réseaux SDN. L’application du cadre démontre son efficacité non seulement en atténuant les attaques pour la victime, mais aussi en réduisant les dommages causés au trafic autres clients du FAI / Cyber attacks cause significant loss not only to end-users, but also Internet Service Providers (ISP). Recently, customers of the ISP have been the number one target of the cyber attacks such as Distributed Denial of Service attacks (DDoS). These attacks are encouraged by the widespread availability of tools to launch the attacks. So, there is a crucial need to counter these attacks (DDoS, botnet attacks, etc.) by effective defense mechanisms. Researchers have devoted huge efforts on protecting the network from cyber attacks. Defense methodologies first contains a detection process, completed by mitigation. Lack of automation in the whole cycle of detection to mitigation increase the damage caused by cyber attacks. It requires manual configurations of devices by the administrator to mitigate the attacks which cause the network downtime. Therefore, it is necessary to close the security loop with an efficient mechanism to automate the mitigation process. In this thesis, we propose an autonomic mitigation framework to mitigate attacks that target the network resources. Our framework provides a collaborative mitigation strategy between the ISP and its customers. The implementation relies on Software-Defined Networking (SDN) technology to deploy the mitigation framework. The contribution of our framework can be summarized as follows: first the customers detect the attacks and share the threat information with its ISP to perform the on-demand mitigation. We further develop the system to improve the management aspect of the framework at the ISP side. This system performs the alert extraction, adaptation and device configurations. We develop a policy language to define the high level policy which is translated into OpenFlow rules. Finally, we show the applicability of the framework through simulation as well as testbed validation. We evaluate different QoS and QoE (quality of user experience) metrics in SDN networks. The application of the framework demonstrates its effectiveness in not only mitigating attacks for the victim, but also reducing the damage caused to traffic of other customers of the ISP

Cyberdéfense autonome

Réseau défini par logiciel

Attaques par déni de service

Gestion de réseau à base de règles

OpenFlow

Autonomic cyberdefense

Software defined networking

Denial of service attacks

Policy based network management

OpenFlow

New Challenges in Quality of Services Control Architectures in Next Generation Networks

Vallejo Blanxart, Àlex

16 November 2010

A mesura que Internet i les xarxes IP s'han anat integrant dins la societat i les corporacions, han anat creixent les expectatives de nous serveis convergents així com les expectatives de qualitat en les comunicacions. Les Next Generation Networks (NGN) donen resposta a les noves necessitats i representen el nou paradigma d'Internet a partir de la convergència IP. Un dels aspectes menys desenvolupats de les NGN és el control de la Qualitat del Servei (QoS), especialment crític en les comunicacions multimèdia a través de xarxes heterogènies i/o de diferents operadors. A més a més, les NGN incorporen nativament el protocol IPv6 que, malgrat les deficiències i esgotament d'adreces IPv4, encara no ha tingut l'impuls definitiu.Aquesta tesi està enfocada des d'un punt de vista pràctic. Així doncs, per tal de poder fer recerca sobre xarxes de proves (o testbeds) que suportin IPv6 amb garanties de funcionament, es fa un estudi en profunditat del protocol IPv6, del seu grau d'implementació i dels tests de conformància i interoperabilitat existents que avaluen la qualitat d'aquestes implementacions. A continuació s'avalua la qualitat de cinc sistemes operatius que suporten IPv6 mitjançant un test de conformància i s'implementa el testbed IPv6 bàsic, a partir del qual es farà la recerca, amb la implementació que ofereix més garanties.El QoS Broker és l'aportació principal d'aquesta tesi: un marc integrat que inclou un sistema automatitzat per gestionar el control de la QoS a través de sistemes multi-domini/multi-operador seguint les recomanacions de les NGN. El sistema automatitza els mecanismes associats a la configuració de la QoS dins d'un mateix domini (sistema autònom) mitjançant la gestió basada en polítiques de QoS i automatitza la negociació dinàmica de QoS entre QoS Brokers de diferents dominis, de forma que permet garantir QoS extrem-extrem sense fissures. Aquesta arquitectura es valida sobre un testbed de proves multi-domini que utilitza el mecanisme DiffServ de QoS i suporta IPv6.L'arquitectura definida en les NGN permet gestionar la QoS tant a nivell 3 (IP) com a nivell 2 (Ethernet, WiFi, etc.) de forma que permet gestionar també xarxes PLC. Aquesta tesi proposa una aproximació teòrica per aplicar aquesta arquitectura de control, mitjançant un QoS Broker, a les noves xarxes PLC que s'estan acabant d'estandarditzar, i discuteix les possibilitats d'aplicació sobre les futures xarxes de comunicació de les Smart Grids.Finalment, s'integra en el QoS Broker un mòdul per gestionar l'enginyeria del tràfic optimitzant els dominis mitjançant tècniques de intel·ligència artificial. La validació en simulacions i sobre un testbed amb routers Cisco demostra que els algorismes genètics híbrids són una opció eficaç en aquest camp.En general, les observacions i avenços assolits en aquesta tesi contribueixen a augmentar la comprensió del funcionament de la QoS en les NGN i a preparar aquests sistemes per afrontar problemes del món real de gran complexitat. / A medida que Internet y las redes IP se han ido integrando dentro de la sociedad y las corporaciones, han ido creciendo las expectativas de nuevos servicios convergentes así como las expectativas de calidad en las comunicaciones. Las Next Generation Networks (NGN) dan respuesta a las nuevas necesidades y representan el nuevo paradigma de Internet a partir de la convergencia IP. Uno de los aspectos menos desarrollados de las NGN es el control de la Calidad del Servicio (QoS), especialmente crítico en las comunicaciones multimedia a través de redes heterogéneas y/o de diferentes operadores. Además, las NGN incorporan nativamente el protocolo IPv6 que, a pesar de las deficiencias y agotamiento de direcciones IPv4, aún no ha tenido el impulso definitivo.Esta tesis está enfocada desde un punto de vista práctico. Así pues, con tal de poder hacer investigación sobre redes de prueba (o testbeds) que suporten IPv6 con garantías de funcionamiento, se hace un estudio en profundidad del protocolo IPv6, de su grado de implementación y de los tests de conformancia e interoperabilidad existentes que evalúan la calidad de estas implementaciones. A continuación se evalua la calidad de cinco sistemas operativos que soportan IPv6 mediante un test de conformancia y se implementa el testbed IPv6 básico, a partir del cual se realizará la investigación, con la implementación que ofrece más garantías.El QoS Broker es la aportación principal de esta tesis: un marco integrado que incluye un sistema automatitzado para gestionar el control de la QoS a través de sistemas multi-dominio/multi-operador siguiendo las recomendaciones de las NGN. El sistema automatiza los mecanismos asociados a la configuración de la QoS dentro de un mismo dominio (sistema autónomo) mediante la gestión basada en políticas de QoS y automatiza la negociación dinámica de QoS entre QoS brokers de diferentes dominios, de forma que permite garantizar QoS extremo-extremo sin fisuras. Esta arquitectura se valida sobre un testbed de pruebas multi-dominio que utiliza el mecanismo DiffServ de QoS y soporta IPv6. La arquitectura definida en las NGN permite gestionar la QoS tanto a nivel 3 (IP) o como a nivel 2 (Ethernet, WiFi, etc.) de forma que permite gestionar también redes PLC. Esta tesis propone una aproximación teórica para aplicar esta arquitectura de control, mediante un QoS Broker, a las noves redes PLC que se están acabando de estandardizar, y discute las posibilidades de aplicación sobre las futuras redes de comunicación de las Smart Grids.Finalmente, se integra en el QoS Broker un módulo para gestionar la ingeniería del tráfico optimizando los dominios mediante técnicas de inteligencia artificial. La validación en simulaciones y sobre un testbed con routers Cisco demuestra que los algoritmos genéticos híbridos son una opción eficaz en este campo.En general, las observaciones y avances i avances alcanzados en esta tesis contribuyen a augmentar la comprensión del funcionamiento de la QoS en las NGN y en preparar estos sistemas para afrontar problemas del mundo real de gran complejidad. / The steady growth of Internet along with the IP networks and their integration into society and corporations has brought with it increased expectations of new converged services as well as greater demands on quality in communications. The Next Generation Networks (NGNs) respond to these new needs and represent the new Internet paradigm from the IP convergence. One of the least developed aspects in the NGNs is the Quality of Service (QoS) control, which is especially critical in the multimedia communication through heterogeneous networks and/or different operators. Furthermore, the NGNs natively incorporate the IPv6 protocol which, despite its shortcomings and the depletion of IPv4 addresses has not been boosted yet.This thesis has been developed with a practical focus. Therefore, with the aim of carrying out research over testbeds supporting the IPv6 with performance guarantees, an in-depth study of the IPv6 protocol development has been conducted and its degree of implementation and the existing conformance and interoperability tests that evaluate these implementations have been studied. Next, the quality of five implementations has been evaluated through a conformance test and the basic IPv6 testbed has been implemented, from which the research will be carried out. The QoS Broker is the main contribution to this thesis: an integrated framework including an automated system for QoS control management through multi-domain/multi-operator systems according to NGN recommendations. The system automates the mechanisms associated to the QoS configuration inside the same domain (autonomous system) through policy-based management and automates the QoS dynamic negotiation between peer QoS Brokers belonging to different domains, so it allows the guarantee of seamless end-to-end QoS. This architecture is validated over a multi-domain testbed which uses the QoS DiffServ mechanism and supports IPv6.The architecture defined in the NGN allows QoS management at level 3 (IP) as well as at level 2 (e.g. Ethernet, WiFi) so it also facilitates the management of PLC networks. Through the use of a QoS Broker, this thesis proposes a theoretical approach for applying this control architecture to the newly standardized PLC networks, and discusses the possibilities of applying it over the future communication networks of the Smart Grids.Finally, a module for managing traffic engineering which optimizes the network domains through artificial intelligence techniques is integrated in the QoS Broker. The validations by simulations and over a Cisco router testbed demonstrate that hybrid genetic algorithms are an effective option in this area.Overall, the advances and key insights provided in this thesis help advance our understanding of QoS functioning in the NGNs and prepare these systems to face increasingly complex problems, which abound in current industrial and scientific applications.

Policy-Based Network Management

Genetic Algorithms

Next Generation Networks

Algoritmos Genéticos

Quality of Service

Networking

Gestión de Redes Basada en Políticas

Redes de Nueva Generación

Redes

Calidad de servicio

Algorismes Genètics

Xarxes de Nova Generació

Gestió de Xarxes Basada en Polítiques

Xarxes

Qualitat del Servei

Les TIC i la seva Gestió

004

62

621.3