Global ETD Search

51	Framework para engenharia de tráfego em redes definidas por software utilizando network calculus. / Framework for traffic engineering on software defined networks using network calculus. Michael Pietro Hernández 29 May 2017 (has links) A demanda de eficiência no gerenciamento das redes aumenta atualmente devido ao rápido desenvolvimento da computação em nuvem e a implantação em grande escala de centros de dados. O controle da infraestrutura deve ser capaz de classificar os diversos tipos de tráfego para aplicações diferentes, e prover o atendimento adequado no menor tempo possível. Porém, devido ao dinamismo da rede, nem sempre podem ser garantidos os requisitos mínimos necessários na Internet. Os mecanismos propostos para a engenharia de tráfego até hoje, são baseados em arquiteturas inflexíveis com a camada de controle e dados fortemente integrados. Isto dificulta um atendimento diferenciado adaptável aos diversos padrões de tráfego das aplicações modernas. Para enfrentar os problemas de flexibilidade das redes tradicionais, as Redes Definidas por Software, apresentam um paradigma inovador que separa as camadas de controle e encaminhamento de pacotes de forma a garantir a utilização eficiente dos recursos disponíveis, e ao mesmo tempo maior flexibilidade de implementação. Este paradigma permite conhecer o estado da rede e a sua topologia em tempo real, o que faz possível a reconfiguração de rotas e alocação de recursos de forma dinâmica. Esta dissertação apresenta um framework para engenharia de tráfego em SDN que utiliza a teoria matemática Network Calculus como ferramenta para subsidiar a caracterização e o policiamento de fluxos de pacotes. Através desta teoria, as decisões de encaminhamento e a distribuição do tráfego são baseadas não só por valores obtidos monitorando a rede, como também por projeções determinísticas que descrevem o comportamento do tráfego. Os resultados obtidos nos experimentos, comprovaram a eficiência no balanceamento de carga da rede em termos de atraso, demonstrando ganhos em termos de vazão do sistema e possibilitando a diminuição da porcentagem de perda de pacotes dos fluxos trafegados. O framework proposto visa contribuir na solução dos desafios relacionados a se estabelecer Engenharia de Tráfego para SDN com a especificação de mecanismos de gerenciamento adaptáveis as mudanças topológicas da rede, as diferentes características dos fluxos e que sejam capazes de distribuir de forma equilibrada o tráfego na rede. / The demand for network management efficiency is currently boosted by the rapid development of cloud computing and the large-scale deployment of data centers. Infrastructure control should be able to classify the various types of traffic for different applications, and provide adequate service in the shortest time possible. However, due to the dynamism of the network, the necessary minimum requirements on the Internet can not always be guaranteed. The proposed mechanisms for traffic engineering to date are based on inflexible architectures with the control and data layer strongly integrated. This hinders a differentiated service adaptable to the different traffic patterns of modern applications. To address the flexibility problems of traditional networks, Software Defined Networks presents an innovative paradigm that separates packet control and datapath layers to ensure the ecient use of available resources while providing greater deployment flexibility. This paradigm allows to know the state of the network and its topology in real time, which makes it possible to reconfigure routes and allocate resources dynamically. This work presents a framework for SDN traffic engineering that uses the mathematical theory Network Calculus as a tool to subsidize the characterization and policing of packet flows. Through this theory, routing decisions and traffic distribution are based not only on values obtained by monitoring the network, but also on deterministic projections of traffic behavior. The results obtained in the experiments, proved the efficiency in the load balancing of the network based on flow delay, demonstrating gains in terms of total system throughput and enabling the reduction of the percentage of packet loss of the traffic flows. The framework proposed aims to contribute to the solution of the challenges related to establishing Traffic Engineering for SDN with specification of management mechanisms, adaptables to the topological changes of the network, the different characteristics of the flows and capable of distribute in a balanced way the traffic in the network. Engenharia de tráfego Frameworks Network calculus QoS SDN Traffic engineering
52	Monitoramento de desempenho com middleboxes em redes definidas por software Gondim, Ethel Barreto 07 August 2015 (has links) Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência Da Computação, 2015. / O gerenciamento de desempenho de aplicações é frequentemente dificultado pela presença de middleboxes, por sua variedade e capacidade de alterar o tráfego que os atravessa. Com o advento das Redes Definidas por Software (do Inglês, Software-Defined Networking, SDN), surgem novas possibilidades para o gerenciamento de desempenho a partir da programabilidade dos dispositivos e do controle centralizado do tráfego. Este trabalho propõe uma arquitetura que objetiva mitigar os desafios impostos pelos middleboxes ao monitoramento de desempenho em SDN. Em particular, é apresentado e validado um protótipo que identifica o tempo de resposta, a disponibilidade e informações de conexões de aplicações na presença de quatro middleboxes: um balanceador de carga, um firewall, um sistema de prevenção de intrusões (do Inglês, Intrusion Prevention System, IPS) e um sistema de tradução de endereços de rede (do Inglês, Network Address Translation, NAT). Para os três primeiros middleboxes, foram desenvolvidas Interfaces de Programação de Aplicações (do Inglês, Application Programming Interfaces, APIs) específicas. / Application Performance management is frequently hampered by the presence of middleboxes, because of their variety and capacity of modifying the traffic that traverses them. With the advent of Software-Defined Networking (SDN), new possibilities for performance management arise from the programmability of devices and the centralized control of traffic. This work proposes an architecture that aims at mitigating the challenges posed by middleboxes in performance monitoring in SDN. In particular, it is presented and validated a prototype that identifies the response time, the availability and connection information of applications in the presence of four middleboxes: a load balancer, a firewall, an Intrusion Prevention System (IPS) and a Network Address Translation (NAT) system. For the first three middleboxes, specific Application Programming Interfaces (APIs) were developed. Gerenciamento de rede Gerenciamento de desempenho Redes Definidas por Software (SDN) Middlebox
53	Analysis and Management of Security State for Large-Scale Data Center Networks January 2018 (has links) abstract: With the increasing complexity of computing systems and the rise in the number of risks and vulnerabilities, it is necessary to provide a scalable security situation awareness tool to assist the system administrator in protecting the critical assets, as well as managing the security state of the system. There are many methods to provide security states' analysis and management. For instance, by using a Firewall to manage the security state, and/or a graphical analysis tools such as attack graphs for analysis. Attack Graphs are powerful graphical security analysis tools as they provide a visual representation of all possible attack scenarios that an attacker may take to exploit system vulnerabilities. The attack graph's scalability, however, is a major concern for enumerating all possible attack scenarios as it is considered an NP-complete problem. There have been many research work trying to come up with a scalable solution for the attack graph. Nevertheless, non-practical attack graph based solutions have been used in practice for realtime security analysis. In this thesis, a new framework, namely 3S (Scalable Security Sates) analysis framework is proposed, which present a new approach of utilizing Software-Defined Networking (SDN)-based distributed firewall capabilities and the concept of stateful data plane to construct scalable attack graphs in near-realtime, which is a practical approach to use attack graph for realtime security decisions. The goal of the proposed work is to control reachability information between different datacenter segments to reduce the dependencies among vulnerabilities and restrict the attack graph analysis in a relative small scope. The proposed framework is based on SDN's programmable capabilities to adjust the distributed firewall policies dynamically according to security situations during the running time. It apply white-list-based security policies to limit the attacker's capability from moving or exploiting different segments by only allowing uni-directional vulnerability dependency links between segments. Specifically, several test cases will be presented with various attack scenarios and analyze how distributed firewall and stateful SDN data plan can significantly reduce the security states construction and analysis. The proposed approach proved to achieve a percentage of improvement over 61% in comparison with prior modules were SDN and distributed firewall are not in use. / Dissertation/Thesis / Masters Thesis Computer Engineering 2018 Computer science Attack Graphs Distributed Firewall Scalability SDN
54	Facilitating dynamic network control with software-defined networking Kim, Hyojoon 21 September 2015 (has links) This dissertation starts by realizing that network management is a very complex and error-prone task. The major causes are identified through interviews and systematic analysis of network config- uration data on two large campus networks. This dissertation finds that network events and dynamic reactions to them should be programmatically encoded in the network control program by opera- tors, and some events should be automatically handled for them if the desired reaction is general. This dissertation presents two new solutions for managing and configuring networks using Software- Defined Networking (SDN) paradigm: Kinetic and Coronet. Kinetic is a programming language and central control platform that allows operators to implement traffic control application that reacts to various kinds of network events in a concise, intuitive way. The event-reaction logic is checked for correction before deployment to prevent misconfigurations. Coronet is a data-plane failure recovery service for arbitrary SDN control applications. Coronet pre-plans primary and backup routing paths for any given topology. Such pre-planning guarantees that Coronet can perform fast recovery when there is failure. Multiple techniques are used to ensure that the solution scales to large networks with more than 100 switches. Performance and usability evaluations show that both solutions are feasible and are great alternative solutions to current mechanisms to reduce misconfigurations. SDN Networking Computer networks Software-defined networking Network management
55	Morgondagens Nätverksadministratör Lööf, Mattias January 2018 (has links) Datornätverken håller på att förändras i grunden där det traditionella sättet med enheter som konfigureras en och en byts mot ett mer automatiserat sätt. Denna nya typ av nätverk benämns ofta ”Software Defined Network (SDN)” och använder sig av en centraliserad Controller som styr nätverket. För automatisering och användning av applikationer inom SDN används Application Programming Interface(API).Denna nya typ av nätverk förändrar kraven som ställs på nätverksadministratörer och skapar nya möjligheter. Några av dessa möjligheter skapas genom öppnande av API:er där applikationer nu kan integreras in i nätverket. Detta gör att nätverksadministratörer även behöver ha kunskap kring API:er och förstå vilka möjligheter de skapar i nätverket. Rapportens syfte var att redogöra för dessa genom följande frågeställningar: 1. Vilken kompetens kommer att krävas av morgondagens nätverksadministratör (två- till fyra-års sikt) 2. Hur kommer det programmerbara (API) nätverket att förändra sättet att etablera nya tjänster/applikationer i företagens nätverk? 3. Hur kan dessa applikationer implementeras på ett nytt och automatiserat sätt? För att besvara frågeställningarna användes en exempelteknik ”Cisco Software Defined Access (SDA)” som är en ny SDN-lösning släppt på marknaden under 2017.Resultatet från frågeställning ett visade att kunskap kring nya protokoll som implementeras för att lösa utmaningen kring segmentering, mobilitet och säkerhet i nätverk blir viktigt. Exempel på detta var protokollen LISP och VXLAN som tillsammans med ett overlay-lager skapar dessa möjligheter. Resultatet visade även att kunskap kring hur Northbound och Southbound Interfaces används för styrande av nätverksenheterna och integration mellan applikationer blir en viktig kompetens.Resultatet för frågeställning två visade hur API:er förenklar utvecklingen av tredjeparts applikationer, något som gör att användningen och utvecklingen av applikationer kommer öka i allt snabbare takt. Slutligen visade resultatet exempel på hur en brandväggsapplikation kan förenkla och effektivisera arbetet för en nätverksadministratör. SDN SDA API REST DNA-Center Telecommunications Telekommunikation
56	Secure Mobile SDN January 2015 (has links) abstract: The increasing usage of smart-phones and mobile devices in work environment and IT industry has brought about unique set of challenges and opportunities. ARM architecture in particular has evolved to a point where it supports implementations across wide spectrum of performance points and ARM based tablets and smart-phones are in demand. The enhancements to basic ARM RISC architecture allow ARM to have high performance, small code size, low power consumption and small silicon area. Users want their devices to perform many tasks such as read email, play games, and run other online applications and organizations no longer desire to provision and maintain individual’s IT equipment. The term BYOD (Bring Your Own Device) has come into being from demand of such a work setup and is one of the motivation of this research work. It brings many opportunities such as increased productivity and reduced costs and challenges such as secured data access, data leakage and amount of control by the organization. To provision such a framework we need to bridge the gap from both organizations side and individuals point of view. Mobile device users face issue of application delivery on multiple platforms. For instance having purchased many applications from one proprietary application store, individuals may want to move them to a different platform/device but currently this is not possible. Organizations face security issues in providing such a solution as there are many potential threats from allowing BYOD work-style such as unauthorized access to data, attacks from the devices within and outside the network. ARM based Secure Mobile SDN framework will resolve these issues and enable employees to consolidate both personal and business calls and mobile data access on a single device. To address application delivery issue we are introducing KVM based virtualization that will allow host OS to run multiple guest OS. To address the security problem we introduce SDN environment where host would be running bridged network of guest OS using Open vSwitch . This would allow a remote controller to monitor the state of guest OS for making important control and traffic flow decisions based on the situation. / Dissertation/Thesis / Masters Thesis Computer Science 2015 Computer science ARM BYOD KVM Mobile Network Security SDN
57	An Evaluation of SDN Based Network Virtualization Techniques January 2016 (has links) abstract: With the software-defined networking trend growing, several network virtualization controllers have been developed in recent years. These controllers, also called network hypervisors, attempt to manage physical SDN based networks so that multiple tenants can safely share the same forwarding plane hardware without risk of being affected by or affecting other tenants. However, many areas remain unexplored by current network hypervisor implementations. This thesis presents and evaluates some of the features offered by network hypervisors, such as full header space availability, isolation, and transparent traffic forwarding capabilities for tenants. Flow setup time and throughput are also measured and compared among different network hypervisors. Three different network hypervisors are evaluated: FlowVisor, VeRTIGO and OpenVirteX. These virtualization tools are assessed with experiments conducted on three different testbeds: an emulated Mininet scenario, a physical single-switch testbed, and also a remote GENI testbed. The results indicate that network hypervisors bring SDN flexibility to network virtualization, making it easier for network administrators to define with precision how the network is sliced and divided among tenants. This increased flexibility, however, may come with the cost of decreased performance, and also brings additional risks of interoperability due to a lack of standardization of virtualization methods. / Dissertation/Thesis / Masters Thesis Engineering 2016 Computer engineering Computer science network hypervisor network virtualization OpenFlow SDN
58	FIBREOSS: um sistema de gerência para o testbed FIBRE Farias, Vitor dos Santos 03 July 2017 (has links) Submitted by Patrícia Cerveira (pcerveira1@gmail.com) on 2017-06-13T16:42:58Z No. of bitstreams: 1 VITOR FARIAS_VS_Dissertacao_FINAL.pdf: 7493676 bytes, checksum: 8737be6711720e0101b59c0a980267f0 (MD5) / Approved for entry into archive by Biblioteca da Escola de Engenharia (bee@ndc.uff.br) on 2017-07-03T13:55:19Z (GMT) No. of bitstreams: 1 VITOR FARIAS_VS_Dissertacao_FINAL.pdf: 7493676 bytes, checksum: 8737be6711720e0101b59c0a980267f0 (MD5) / Made available in DSpace on 2017-07-03T13:55:19Z (GMT). No. of bitstreams: 1 VITOR FARIAS_VS_Dissertacao_FINAL.pdf: 7493676 bytes, checksum: 8737be6711720e0101b59c0a980267f0 (MD5) / A federação de testbeds para pesquisas rede de computadores trouxe um grande potencial de inovação criando um ambiente onde recursos são compartilhados entre pesquisadores ao redor do mundo. Porém, manter um laboratório distribuído de larga escala em funcionamento não é uma tarefa trivial. A existência de diversos domínios administrativos e a natureza heterogênea dos recursos torna a operação complexa. Este trabalho compartilha o conhecimento adquirido na operação e manutenção do testbed FIBRE e desenvolve uma solução de monitoração chamada FIBREOSS para auxiliar os administradores do testbed. Essa solução tem como objetivo auxiliar a detecção de falhas, fornecer um ponto centralizado de agregação de informações provenientes de monitoração e realizar um controle do nível de serviço testando as capacidades do testbed com uma profundidade e detalhamento que não são possíveis utilizando ferramentas tradicionais de monitoração. O sistema de monitoração proposto é aplicado ao FIBRE. O intuito do FIBREOSS é observar serviços e sistemas que não puderam ser monitorados com ferramentas tradicionais como: os serviços de experimentação OpenFlow, experimentação sem-fio e a disponibilidade dos serviços do testbed. Com essa adição à monitoração foi possível obter uma medição mais precisa da disponibilidade do testbed encontrando falhas que não eram observáveis antes da implantação do FIBREOSS. Como principais contribuições deste trabalho estão: uma comparação da monitoração com as ferramentas tradicionais com a monitoração do FIBREOSS, estatísticas de falhas do testbed e testes de escalabilidade do FIBREOSS. / Federated testbeds for computer network research brought a great innovation potential by creating an environment where resources are shared among researchers around the world. However, maintaining a distributed large-scale laboratory functional is not a trivial task. The operation becomes a complex task due to the existence of many different administrative domains and the heterogeneous nature of the resources. In this work we share operation and maintenance knowledge obtained with the FIBRE testbed and develop a monitoring solution named FIBREOSS to assist testbed administrators. This solution aims to help fault detection, providing a centralized point of aggregation of monitoring information and performs a service level control by testing the capabilities of testbed with a depth and detail that are not possible using traditional monitoring tools. We integrate the proposed monitoring system to FIBRE. The purpose of FIBREOSS is to observe services and systems that could not be monitored using traditional tools such as the OpenFlow experimentation services, wireless experimentation and the availability of services of the testbed. With this addition to monitoring it was possible to obtain a more accurate measurement of the availability of testbed finding flaws that were not observable before. Testbed Monitoração FIBRE SDN Sistema de telecomunicação Rede de computadores
59	Integrating IP Protocol Into Optical Networks by Using Software-defined Network (SDN) Al-Ani, Layth January 2015 (has links) The Internet, with cloud computing, offers amazing services that require a fast, intelligent, reliable network connection. Current networks, electrical or optical, need to work together to provide the user with a high-quality connection. The IP protocol as Layer 3 and an optical network as Layer 2 need to talk to each other and help each other instead of working separately. Therefore, this thesis proposes using software-defined network (SDN) technology for integrating the IP protocol into an optical network to fill the gap between the two layers and to give the network more intelligence and flexibility for new connection requests, choosing the best route, and monitoring the network. A two-layer SDN centralized controller design has been used. The Layer 1 SDN controller is the centralized controller that connects and updates all Layer 2 SDN controllers which control traffic in each domain. New connection requests are processed in the SDN controller and the traffic is forwarded by the optical network. SDN technology and the integration of IP into the optical network promise to enhance network connectivity. Software-Defined Network Optical Communication IP Protocol SDN
60	Making a Packet-value Based AQM on a Programmable Switch for Resource-sharing and Low Latency Toresson, Ludwig January 2021 (has links) There is a rapidly growing number of advanced applications running over the internet that requires ultra-low latency and high throughput. Bufferbloat is one of the most known problems which add delay in the form of packets being enqueued into large buffers before being transmitted. This has been solved with the developments of various Active Queue Management (AQM) schemes to control how large the queue buffers are allowed to grow. Another aspect that is important today is how the available bandwidth can be shared between applications with different priorities. The Per-Packet Value (PPV) concept has been presented as a solution for resource-sharing by marking packets according to predefined marking policies. The packet value will be taken into consideration to make drop/mark decisions, which leads to higher packet values being prioritized at bottleneck links. In this thesis, a design of a packet value-based AQM on a programmable Barefoot Tofino switch will be presented. It will use a combination of the Proportional Integral Controller (PIE) AQM scheme and the PPV concept to make drop decisions when queuing delay is discovered. Packet value statistics are collected through the P4 programmable data plane to maintain knowledge about the distribution of packet values. With the dropping probability calculated through the PIE AQM scheme, a decision can be made about which packets should be dropped. An evaluation shows that with the implemented PV AQM, a low queuing delay can be achieved by dropping an appropriate amount of packets. It also shows that the PV AQM controls the resource-sharing between different traffic flows according to a predefined marking policy. PPV PIE SDN AQM Resource-sharing Computer Engineering Datorteknik

Search results