Global ETD Search

81	Mitigation of inter-domain Policy Violations at Internet eXchange Points Raheem, Muhammad January 2019 (has links) Economic incentives and the need to efficiently deliver Internet have led to the growth of Internet eXchange Points (IXPs), i.e., the interconnection networks through which a multitude of possibly competing network entities connect to each other with the goal of exchanging traffic. At IXPs, the exchange of traffic between two or more member networks is dictated by the Border gateway Protocol (BGP), i.e., the inter-domain routing protocol used by network operators to exchange reachability information about IP prefix destinations. There is a common “honest-closed-world” assumption at IXPs that two IXP members exchange data traffic only if they have exchanged the corresponding reachability information via BGP. This state of affairs severely hinders security as any IXP member can send traffic to another member without having received a route from that member. Filtering traffic according to BGP routes would solve the problem. However, IXP members can install filters but the number of filtering rules required at a large IXP can easily exceed the capacity of the network devices. In addition, an IXP cannot filter this type of traffic as the exchanged BGP routes between two members are not visible to the IXP itself. In this thesis, we evaluated the design space between reactive and proactive approaches for guaranteeing consistency between the BGP control-plane and the data-plane. In a reactive approach, an IXP member operator monitors, collects, and analyzes the incoming traffic to detect if any illegitimate traffic exists whereas, in a proactive approach, an operator configures its network devices to filter any illegitimate traffic without the need to perform any monitoring. We focused on proactive approaches because of the increased security of the IXP network and its inherent simplified network management. We designed and implemented a solution to this problem by leveraging the emerging Software Defined Networking (SDN) paradigm, which enables the programmability of the forwarding tables by separating the control- and data-planes. Our approach only installs rules in the data-plane that allow legitimate traffic to be forwarded, dropping anything else. As hardware switches have high performance but low memory space, we decided to make also use of software switches. A “heavy-hitter” module detects the forwarding rules carrying most of the traffic and installs them into the hardware switch. The remaining forwarding rules are installed into the software switches. We evaluated the prototype in an emulated testbed using the Mininet virtual network environment. We analyzed the security of our system with the help of static verification tests, which confirmed compliance with security policies. The results reveal that with even just 10% of the rules installed in the hardware switch, the hardware switch directly filterss 95% of the traffic volume with non-uniform Internet-like traffic distribution workloads. We also evaluated the latency and throughput overheads of the system, though the results are limited by the accuracy of the emulated environment. The scalability experiments show that, with 10K forwarding rules, the system takes around 40 seconds to install and update the data plane. This is due to inherent slowness of the emulated environment and limitations of the POX controller, which is coded in Python. / Ekonomiska incitament och behovet av att effektivt leverera Internet har lett till tillväxten av Internet eXchange Points (IXP), dvs de sammankopplingsnät genom vilka en mängd möjligen konkurrerande nätverksenheter förbinder varandra med målet att utbyta trafik. Vid IXPs dikteras utbytet av trafik mellan två eller flera medlemsnät av gränsgatewayprotokollet (BGP), dvs det inter-domänroutingprotokollet som används av nätoperatörer för att utbyta tillgänglighetsinformation om IP-prefixdestinationer. Det finns ett gemensamt antagande om "honest-closed-world" vid IXP, att två IXP-medlemmar endast utbyter datatrafik om de har bytt ut motsvarande tillgänglighetsinformation via BGP. Detta tillstånd försvårar allvarligt säkerheten eftersom varje IXP-medlem kan skicka trafik till en annan medlem utan att ha mottagit en rutt från den medlemmen. Filtrering av trafik enligt BGP-vägar skulle lösa problemet. IXPmedlemmar kan dock installera filter men antalet filtreringsregler som krävs vid en stor IXP kan enkelt överskrida nätverksenheternas kapacitet. Dessutom kan en IXP inte filtrera denna typ av trafik eftersom de utbytta BGP-vägarna mellan två medlemmar inte är synliga för IXP-enheten själv. I denna avhandling utvärderade vi utrymmet mellan reaktiva och proaktiva metoder för att garantera överensstämmelse mellan BGP-kontrollplanet och dataplanet. I ett reaktivt tillvägagångssätt övervakar, samlar och analyserar en inkommande trafik en IXP-medlem för att upptäcka om någon obehörig trafik finns, medan en operatör konfigurerar sina nätverksenheter för att filtrera någon obehörig trafik utan att behöva övervaka. Vi fokuserade på proaktiva tillvägagångssätt på grund av den ökade säkerheten för IXP-nätverket och dess inneboende förenklad nätverkshantering. Vi konstruerade och genomförde en lösning på detta problem genom att utnyttja det nya SDN-paradigmet (Software Defined Networking), vilket möjliggör programmerbarheten hos vidarebefordringsborden genom att separera kontroll- och dataplanerna. Vårt tillvägagångssätt installerar bara regler i dataplanet som tillåter legitim trafik att vidarebefordras, släppa allt annat. Eftersom hårdvaruomkopplare har hög prestanda men lågt minne, bestämde vi oss för att även använda programvaruomkopplare. En "heavy-hitter" -modul detekterar vidarebefordringsreglerna som transporterar större delen av trafiken och installerar dem i hårdvaruomkopplaren. De återstående spolningsreglerna installeras i programvaruomkopplarna. Vi utvärderade prototypen i en emulerad testbädd med hjälp av virtuella nätverksmiljö Mininet. Vi analyserade säkerheten för vårt system med hjälp av statiska verifieringsprov, vilket bekräftade överensstämmelse med säkerhetspolicyerna. Resultaten visar att med bara 10% av de regler som installerats i hårdvaruomkopplaren filtrerar hårdvaruomkopplaren direkt 95% av trafikvolymen med ojämn Internetliknande trafikfördelningsarbete. Vi utvärderade också latens- och genomströmningsomkostnaderna för systemet, även om resultaten begränsas av noggrannheten hos den emulerade miljön. Skalbarhetsexperimenten visar att med 10K-vidarebefordringsregler tar systemet cirka 40 sekunder för att installera och uppdatera dataplanet. Detta beror på inneboende långsamma emulerade miljöer och begränsningar av POX-kontrollern, som kodas i Python. IXP Computer Networks Distributed Systems SDN OpenFlow BGP Open vSwitch Security Firewall Monitoring IXP Datornätverk Distribuerade System SDN OpenFlow BGP Open vSwitch Säkerhet Brandvägg Övervakning Communication Systems Kommunikationssystem
82	Redes definidas por software na flexibilização de centrais de dados para sistemas de computação em nuvem Lopes, Robson Ferreira January 2014 (has links) Orientadora: Profª. Drª. Christiane Marie Schweitzer / Dissertação (mestrado) - Universidade Federal do ABC, Programa de Pós-Graduação em Engenharia da Informação, 2014. / Os sistemas em nuvem representam uma nova solução para provedores de serviços de rede para empresas de pequeno e médio porte. Esses provedores possuem centrais de dados com grande quantidade de servidores, instalados sobre uma estrutura virtualizada e que permite a alocação dos espaços para diversas empresas que tem necessidade de hospedagem de serviços e dados e não possuem recursos financeiros para sua própria central de dados. Por meio das Redes Definidas por Software (Software Defined Networks - SDN) o plano de controle está separadodo plano de dados fazendo surgir uma nova solução de operação e gerenciamento das redes. Oplano de dados é composto por switches, roteadores e hosts, responsável pelo tráfego dainformação através de seus fluxos, enquanto o plano de controle é implementado emsoftwaree é responsável pelo roteamento de pacotes e arquitetura. Os controladores são responsáveispela manutenção dos fluxos. Atualmente os controladores disponíveis para utilização e decódigo aberto, são: NOX, POX, Maestro, Beacon e Floodlight. Assim, o uso de SDN emsistemas de computação em nuvem, permite uma flexibilização da operação e gerenciamentode centrais de dados. Neste sentido, este trabalho procurou avaliar a resistência de controladoresSDNs diante de ataques de negação de serviço, que possam interromper seu funcionamento,comprometendo a segurança da rede, por meio de testes constatou-se que o controlador NOXapresentou um comportamento bastante satisfatório, mantendo as conexões de rede ativas sobstress. Além disso, diante do problema que administradores de centrais de dados se defrontamquando precisam alocar ou aumentar as máquinas virtuais no conjunto de servidores da nuvem,nem sempre é possível alocar máquinas virtuais próximas umas das outras no mesmo servidor,interferindo na vazão da rede, foi investigada uma solução para permitir esta reorganização.Esta solução foi chamada de desfragmentador de redes e permite o deslocamento das máquinasvirtuais, fazendo com que sejam alocadas em um único conjunto físico de servidores. Estareorganização é feita sob demanda e em tempo real, e os resultados apresentados são bastante interessantes mostrando a viabilidade da solução. / Cloud systems represent a new solution for network service providers for small and mid-sized companies. These providers have datacenters with large amount of servers, installed on a virtualized structure and allowing the allocation of spaces for several companies that have needof hosting services and data and they do not have the financial resources to your own datacenter. In the Software Defined Networks (SDNs), the control plane is separated from the data plan making a new solution of networks operation and management. The data plan is composed of switches, routers and hosts, responsible for the traffic information through its streams, while the control plan is implemented in software and is responsible for the architecture and routing of packets. Controllers are responsible for the management of the streams. Currently, the available controllers, for use and open source, are: NOX, POX, Maestro, Beacon and Floodlight. Thus, the use of SDN, in cloud computing systems, allows a flexibility of operation and management of datacenters. In this sense, this work sought to evaluate the resistance of SDNs controllers in front of denial-of-service attacks that can disruptits operation, compromising network security, by testing it was found that the NOX controllerpresented a quite satisfying behavior, keeping active network connections under stress.Moreover, faced with the problem that datacenter administrators when they need to allocate orincrease the virtual machines in the cloud servers, it is not always possible to allocate virtualmachines near to each other on the same server, interfering with network flow, was investigateda solution to allow this reorganization. This solution was called the network defragmenter and allows the movement of virtual machines, which are allocated on a single set of physical servers. This reorganisation is made on demand and in real time, and the results are quite interesting, showing the viability of the solution. REDES DEFINIDAS POR SOFTWARE (SDN) SISTEMAS DE COMPUTAÇÃO EM NUVEM DESFRAGMENTAÇÃO SOFTWARE DEFINED NETWORK (SDN) CLOUD COMPUTING DEFRAGMENTATION
83	Valorisation biologique de co-produits de l'extraction de l'agar issu du Gelidium sesquipedale / Biological valorization of co-products of agar extraction from Gelidium sesquipedale Lebbar, Salim 17 July 2018 (has links) L’objectif de ce travail est la valorisation des molécules bioactives présentes initialement dans Gelidium sesquipedale. Les rhodophycées agarophytes dont Gelidium sesquipedale sont exploitées à l’échelle industrielle pour l’agar, un phycocolloïde aux propriétés gélifiantes, qu’elles contiennent en abondance. Une multitude de coproduits sont générés lors de l’extraction de l’agar. Ces derniers, peu étudiés, ne sont pas valorisés alors qu’ils constituent une source potentielle de molécules d’intérêts. En premier lieu, le process industriel d’extraction de l’agar a été adapté à l’échelle du laboratoire afin de récupérer ces co-produits dont l’analyse a montré la richesse en glucides. Ils ont par la suite été fractionnés pour isoler les oligosaccharides dont certains sont connus comme éliciteurs chez les plantes. Ainsi, plusieurs fractions oligosaccharidiques ont été obtenues avec un rendement estimé à 15,7% de Gelidium sesquipedale sec. Les fractions sélectionnées ont été caractérisées par CPG, ESI-MS, RMN et perméthylation ce qui a permis d’élucider les structures des oligosaccharides qu’elles contiennent et de révéler notamment la présence de dérivés de floridoside dont le Gal2glycérol, le Gal3glycérol et le Gal4glycérol qui sont des molécules originales chez Gelidium sesquipedale non décrites à ce jour chez les algues rouges. Une dernière partie a consisté en la mesure de l’activité élicitrice de ces fractions qui a pu être vérifiée sur des plantes de tomate à travers des mesures de marqueurs biochimiques relatifs à l’expression des réactions de défense chez la plante. En conclusion, les coproduits issus de l’extraction de l’agar représentent une source de pSDNs (phyto stimulateur des défenses naturelles chez la plante) ; ils offrent une nouvelle perspective de développement à l’industrie de l’agar. / This work aims at promoting the bioactive molecules initially present in Gelidium sesquipedale. The rhodophycea agarophytes, including Gelidium sesquipedale, are used for industrial extraction of agar, a phycocolloid with gelling properties, which they contain in abundance. A multitude of co-products are generated during the extraction of the agar. These co-products have only been studied a little, hence not valued, while they constitute a significant source of molecules of interest. Firstly, the industrial agar extraction process was adapted on a laboratory scale, in order to recover these coproducts, which were subsequently subjected to an analysis, which revealed the presence of carbohydrates as major components. They were submitted to a fractionation process to obtain oligosaccharidic fractions, with a potential of elicitor activity, and a yield estimated at 15.7% of dry Gelidium sesquipedale. Also, a follow-up of co-products from batches of Gelidium sesquipedale harvested in different years from 2014 to 2016, enabled the comparison of the composition of the various co-products, depending on the year of the harvest, and thus to evaluate the variability of the initial resource. In addition, the impact of an extraction factor, being the sodium concentration, and the comparison with an industrial co-product produced by this process, were carried out. The retained fractions were characterized by GPC, ESI-MS, NMR and permethylation that allowed the elucidation of the structures of the oligosaccharides they contain, and revealed in particular the presence of floridoside derivatives including Gal2glycerol, Gal3glycerol and Gal4glycerol, which are original molecules in Gelidium sesquipedale, not described to date in red algae. A final part consisted in measuring the activity of these fractions as elicitor that could be estimated on tomato plants through measurements of biochemical markers relating to the expression of defense reactions in the plant. In conclusion, the co-products from agar extraction represent a source of pSDNs (phyto stimulator of natural defense in the plant) and give a new perspective to the agar industry. Gelidium sesquipedale Éliciteur SDN Co-produit Galactosylglycérol Valorisation Oligosaccharide Rhodophycée Agarophyte Gelidium sesquipedale Elicitor SDN By-product Galactosylglycerol Valorization Oligosaccharide Rhodophycea Agarophyte 540
84	Une approche modulaire avec délégation de contrôle pour les réseaux programmables / Towards network softwarization : a modular approach for network control delegation Soni, Hardik 20 April 2018 (has links) Les opérateurs de réseau sont confrontés à de grands défis en termes de coût et de complexité pour intégrer les nouvelles technologies de communication (e.g., 4G, 5G, fibre optique) et pour répondre aux demandes croissantes des nouveaux services réseau adaptés aux nouveaux cas d’utilisation. La "softwarization" des opérations réseau à l'aide des paradigmes SDN (Software Defined Networking) et NFV (Network Function Virtualization) est en mesure de simplifier le contrôle et la gestion des réseaux et de fournir des services réseau de manière efficace. Les réseaux programmables SDN permettent de dissocier le plan de contrôle du plan de données et de centraliser le plan de contrôle pour simplifier la gestion du réseau et obtenir une vision globale. Cependant, ceci amène des problèmes de passage à l'échelle difficiles à résoudre. Par ailleurs, en dissociant la partie matérielle de la partie logicielle des routeurs, NFV permet d'implanter de manière flexible et à moindre coût toutes sortes de fonctions réseau. La contrepartie est une dégradation des performances due à l'implantation en logiciel des fonctions réseau qui sont déportées des routeurs. Pour aborder les problèmes de passage à l'échelle et de performance des paradigmes SDN/NFV, nous proposons dans la première partie de la thèse, une architecture modulaire de gestion et de contrôle du réseau, dans laquelle le contrôleur SDN délègue une partie de ses responsabilités à des fonctions réseau spécifiques qui sont instanciées à des emplacements stratégiques de l'infrastructure réseau. Nous avons choisi un exemple d'application de streaming vidéo en direct (comme Facebook Live ou Periscope) utilisant un service de multicast IP car il illustre bien les problèmes de passage à l'échelle des réseaux programmables. Notre solution exploite les avantages du paradigme NFV pour résoudre le problème de scalabilité du plan de contrôle centralisé SDN en délégant le traitement du trafic de contrôle propre au service multicast à des fonctions réseau spécifiques (appelées MNF) implantées en logiciel et exécutées dans un environnement NFV localisé à la périphérie du réseau. Notre approche fournit une gestion flexible des groupes multicast qui passe à l'échelle. De plus, elle permet de bénéficier de la vision globale du contrôle centralisé apportée par SDN pour déployer de nouvelles politiques d'ingénierie du trafic comme L2BM (Lazy Load Balance Multicast) dans les réseaux de fournisseurs d’accès à Internet (FAI) programmables. L'évaluation de cette approche est délicate à mettre en œuvre car la communauté de recherche ne dispose pas facilement d'infrastructure SDN à grande échelle réaliste. Pour évaluer notre solution, nous avons élaboré l'outil DiG qui permet d'exploiter l'énorme quantité de ressources disponibles dans une grille de calcul, pour émuler facilement de tels environnements. DiG prend en compte les contraintes physiques (mémoire, CPU, capacité des liens) pour fournir un environnement d'évaluation réaliste et paramétrable avec des conditions contrôlées. La solution que nous proposons délègue le contrôle et la gestion du réseau concernant le service de multicast aux fonctions spécifiques MNF exécutées dans un environnement NFV. Idéalement, pour davantage d'efficacité, toutes ces fonctions spécifiques devraient être implantées directement au sein des routeurs avec du hardware programmable mais cela nécessite que ces nouveaux routeurs puissent exécuter de manière indépendante plusieurs fonctions réseau à la fois. Le langage de programmation P4 est une technologie prometteuse pour programmer le traitement des paquets de données dans les routeurs programmables (hardware et logiciels). / Network operators are facing great challenges in terms of cost and complexity in order to incorporate new communication technologies (e.g., 4G, 5G, fiber) and to keep up with increasing demands of new network services to address emerging use cases. Softwarizing the network operations using SoftwareDefined Networking (SDN) and Network Function Virtualization (NFV) paradigms can simplify control and management of networks and provide network services in a cost effective way. SDN decouples control and data traffic processing in the network and centralizes the control traffic processing to simplify the network management, but may face scalability issues due to the same reasons. NFV decouples hardware and software of network appliances for cost effective operations of network services, but faces performance degradation issues due to data traffic processing in software. In order to address scalability and performance issues in SDN/NFV, we propose in the first part of the thesis, a modular network control and management architecture, in which the SDN controller delegates part of its responsibilities to specific network functions instantiated in network devices at strategic locations in the infrastructure. We have chosen to focus on a modern application using an IP multicast service for live video streaming applications (e.g., Facebook Live or Periscope) that illustrates well the SDN scalability problems. Our solution exploits benefits of the NFV paradigm to address the scalability issue of centralized SDN control plane by offloading processing of multicast service specific control traffic to Multicast Network Functions (MNFs) implemented in software and executed in NFV environment at the edge of the network. Our approach provides smart, flexible and scalable group management and leverages centralized control of SDN for Lazy Load Balance Multicast (L2BM) traffic engineering policy in software defined ISP networks. Evaluation of this approach is tricky, as real world SDN testbeds are costly and not easily available for the research community. So, we designed a tool that leverages the huge amount of resources available in the grid, to easily emulate such scenarios. Our tool, called DiG, takes into account the physical resources (memory, CPU, link capacity) constraints to provide a realistic evaluation environment with controlled conditions. Our NFV-based approach requires multiple application specific functions (e.g., MNFs) to control and manage the network devices and process the related data traffic in an independent way. Ideally, these specific functions should be implemented directly on hardware programmable routers. In this case, new routers must be able to execute multiple independently developed programs. Packet-level programming language P4, one of the promising SDN-enabling technologies, allows applications to program their data traffic processing on P4 compatible network devices. In the second part of the thesis, we propose a novel approach to deploy and execute multiple independently developed and compiled applications programs on the same network device. This solution, called P4Bricks, allows multiple applications to control and manage their data traffic, independently. P4Bricks merges programmable blocks (parsers/deparsers and packet processing pipelines) of P4 programs according to processing semantics (parallel or sequential) provided at the time of deployment. Réseaux programmables SDN NFV Multicast Plan de données modulaire P4 Composition du programme réseau Network softwarization SDN NFV Multicast Data plane programming Modular data plane P4 Network program composition
85	Model based testing techniques for software defined networks / Méthodes de test basées sur les modèles pour la validation des réseaux logiciels (SDN) Berriri, Asma 22 October 2019 (has links) Les réseaux logiciels (connus sous l'éppellation: Software Defined Networking, SDN), qui s'appuient sur le paradigme de séparation du plan de contrôle et du plan d'acheminement, ont fortement progressé ces dernières années pour permettre la programmabilité des réseaux et faciliter leur gestion. Reconnu aujourd'hui comme des architectures logicielles pilotées par des applications, offrant plus de programmabilité, de flexibilité et de simplification des infrastructures, les réseaux logiciels sont de plus en plus largement adoptés et graduellement déployés par l'ensemble des fournisseurs. Néanmoins, l'émergence de ce type d'architectures pose un ensemble de questions fondamentales sur la manière de garantir leur correct fonctionnement. L'architecture logicielle SDN est elle-même un système complexe à plusieurs composants vulnérable aux erreurs. Il est essentiel d'en assurer le bon fonctionnement avant déploiement et intégration dans les infrastructures.Dans la littérature, la manière de réaliser cette tâche n'a été étudiée de manière approfondie qu'à l'aide de vérification formelle. Les méthodes de tests s'appuyant sur des modèles n'ont guère retenu l'attention de la communauté scientifique bien que leur pertinence et l'efficacité des tests associés ont été largement demontrés dans le domaine du développement logiciel. La création d'approches de test efficaces et réutilisables basées sur des modèles nous semble une approche appropriée avant tout déploiement de réseaux virtuels et de leurs composants. Le problème abordé dans cette thèse concerne l'utilisation de modèles formels pour garantir un comportement fonctionnel correct des architectures SDN ainsi que de leurs composants. Des approches formelles, structurées et efficaces de génération de tests sont les principale contributions de la thèse. En outre, l'automatisation du processus de test est mis en relief car elle peut en réduire considérablement les efforts et le coût.La première contribution consiste en une méthode reposant sur l'énumération de graphes et qui vise le test fonctionnel des architectures SDN. En second lieu, une méthode basée sur un circuit logique est développée pour tester la fonctionnalité de transmission d'un commutateur SDN. Plus loin, cette dernière méthode est étendue pour tester une application d'un contrôleur SDN. De plus, une technique basée sur une machine à états finis étendus est introduite pour tester la communication commutateur-contrôleur.Comme la qualité d'une suite de tests est généralement mesurée par sa couverture de fautes, les méthodes de test proposées introduisent différents modèles de fautes et génèrent des suites de tests avec une couverture de fautes guarantie. / Having gained momentum from its concept of decoupling the traffic control from the underlying traffic transmission, Software Defined Networking (SDN) is a new networking paradigm that is progressing rapidly addressing some of the long-standing challenges in computer networks. Since they are valuable and crucial for networking, SDN architectures are subject to be widely deployed and are expected to have the greatest impact in the near future. The emergence of SDN architectures raises a set of fundamental questions about how to guarantee their correctness. Although their goal is to simplify the management of networks, the challenge is that the SDN software architecture itself is a complex and multi-component system which is failure-prone. Therefore, assuring the correct functional behaviour of such architectures and related SDN components is a task of paramount importance, yet, decidedly challenging.How to achieve this task, however, has only been intensively investigated using formal verification, with little attention paid to model based testing methods. Furthermore, the relevance of models and the efficiency of model based testing have been demonstrated for software engineering and particularly for network protocols. Thus, the creation of efficient and reusable model based testing approaches becomes an important stage before the deployment of virtual networks and related components. The problem addressed in this thesis relates to the use of formal models for guaranteeing the correct functional behaviour of SDN architectures and their corresponding components. Formal, and effective test generation approaches are in the primary focus of the thesis. In addition, automation of the test process is targeted as it can considerably cut the efforts and cost of testing.The main contributions of the thesis relate to model based techniques for deriving high quality test suites. Firstly, a method relying on graph enumeration is proposed for the functional testing of SDN architectures. Secondly, a method based on logic circuit is developed for testing the forwarding functionality of an SDN switch. Further on, the latter method is extended to test an application of an SDN controller. Additionally, a technique based on an extended finite state machine is introduced for testing the switch-to-controller communication. As the quality of a test suite is usually measured by its fault coverage, the proposed testing methods introduce different fault models and seek for test suites with guaranteed fault coverage that can be stated as sufficient conditions for a test suite completeness / exhaustiveness. Modèles formels Testing Réseaux logiciels (SDN) Model based testing Formal models Testing Software defined networking (SDN) Virtualized network functions
86	Conserve and Protect Resources in Software-Defined Networking via the Traffic Engineering Approach Li, Tao 13 October 2020 (has links) Software Defined Networking (SDN) is revolutionizing the architecture and operation of computer networks and promises a more agile and cost-efficient network management. SDN centralizes the network control logic and separates the control plane from the data plane, thus enabling flexible management of networks. A network based on SDN consists of a data plane and a control plane. To assist management of devices and data flows, a network also has an independent monitoring plane. These coexisting network planes have various types of resources, such as bandwidth utilized to transmit monitoring data, energy spent to power data forwarding devices and computational resources to control a network. Unwise management, even abusive utilization of these resources lead to the degradation of the network performance and increase the Operating Expenditure (Opex) of the network owner. Conserving and protecting limited network resources is thus among the key requirements for efficient networking. However, the heterogeneity of the network hardware and network traffic workloads expands the configuration space of SDN, making it a challenging task to operate a network efficiently. Furthermore, the existing approaches usually lack the capability to automatically adapt network configurations to handle network dynamics and diverse optimization requirements. Addtionally, a centralized SDN controller has to run in a protected environment against certain attacks. This thesis builds upon the centralized management capability of SDN, and uses cross-layer network optimizations to perform joint traffic engineering, e.g., routing, hardware and software configurations. The overall goal is to overcome the management complexities in conserving and protecting resources in multiple functional planes in SDN when facing network heterogeneities and system dynamics. This thesis presents four contributions: (1) resource-efficient network monitoring, (2) resource-efficient data forwarding, (3) using self-adaptive algorithms to improve network resource efficiency, and (4) mitigating abusive usage of resources for network controlling. The first contribution of this thesis is a resource-efficient network monitoring solution. In this thesis, we consider one specific type of virtual network management function: flow packet inspection. This type of the network monitoring application requires to duplicate packets of target flows and send them to packet monitors for in-depth analysis. To avoid the competition for resources between the original data and duplicated data, the network operators can transmit the data flows through physically (e.g., different communication mediums) or virtually (e.g., distinguished network slices) separated channels having different resource consumption properties. We propose the REMO solution, namely Resource Efficient distributed Monitoring, to reduce the overall network resource consumption incurred by both types of data, via jointly considering the locations of the packet monitors, the selection of devices forking the data packets, and flow path scheduling strategies. In the second contribution of this thesis, we investigate the resource efficiency problem in hybrid, server-centric data center networks equipped with both traditional wired connections (e.g., InfiniBand or Ethernet) and advanced high-data-rate wireless links (e.g., directional 60GHz wireless technology). The configuration space of hybrid SDN equipped with both wired and wireless communication technologies is massively large due to the complexity brought by the device heterogeneity. To tackle this problem, we present the ECAS framework to reduce the power consumption and maintain the network performance. The approaches based on the optimization models and heuristic algorithms are considered as the traditional way to reduce the operation and facility resource consumption in SDN. These approaches are either difficult to directly solve or specific for a particular problem space. As the third contribution of this thesis, we investigates the approach of using Deep Reinforcement Learning (DRL) to improve the adaptivity of the management modules for network resource and data flow scheduling. The goal of the DRL agent in the SDN network is to reduce the power consumption of SDN networks without severely degrading the network performance. The fourth contribution of this thesis is a protection mechanism based upon flow rate limiting to mitigate abusive usage of the SDN control plane resource. Due to the centralized architecture of SDN and its handling mechanism for new data flows, the network controller can be the failure point due to the crafted cyber-attacks, especially the Control-Plane- Saturation (CPS) attack. We proposes an In-Network Flow mAnagement Scheme (INFAS) to effectively reduce the generation of malicious control packets depending on the parameters configured for the proposed mitigation algorithm. In summary, the contributions of this thesis address various unique challenges to construct resource-efficient and secure SDN. This is achieved by designing and implementing novel and intelligent models and algorithms to configure networks and perform network traffic engineering, in the protected centralized network controller. info:eu-repo/classification/ddc/004 ddc:004
87	Réseaux virtualisés de prochaine génération basés sur SDN / Next-generation SDN based virtualized networks Rifai, Myriana 25 September 2017 (has links) Les réseaux logiciels (Software Defined Network - SDN) permettent la programmation du réseau et facilitent sa configuration. Bien qu'SDN améliore les performances, il reste confronté à de multiples défis. Dans cette thèse, nous avons développé des solutions qui constituent un premier pas vers les réseaux SDN de prochaine génération. D’abord, nous présentons MINNIE qui permet la scalabilité des commutateurs SDN, qui ne supportent que quelques milliers de règles dans leur coûteuse mémoire TCAM. MINNIE comprime dynamiquement les règles de routage installées dans la TCAM, augmentant ainsi le nombre de règles pouvant être installées. Ensuite, nous abordons le problème de la dégradation de performance des flux courts avec un prototype d’ordonnancement qui exploite les statistiques des commutateurs pour diminuer leur délai de bout-en-bout. Puis, nous visons à diminuer l’intervalle de protection de 50ms qui n’est plus adapté aux applications modernes et réduit leur qualité d’expérience. Notre solution PRoPHYS s’appuie sur les statistiques des commutateurs dans les réseaux hybrides pour découvrir les pannes de liens plus vite que les solutions existantes. Enfin, nous abordons le problème de l’efficacité énergétique qui souvent mène à une dégradation de performance. Nous présentons SENAtoR, qui exploite les nœuds SDN en réseaux hybrides pour éteindre les nœuds réseau sans entraver la performance. Également, nous présentons SEaMLESS qui convertit le service fourni par une machine virtuelle inactive en une fonction de réseaux virtuelle pour permettre à l’administrateur d’utiliser les ressources bloquées tout en maintenant la disponibilité du service. / Software Defined Networking (SDN) was created to provide network programmability and ease complex configuration. Though SDN enhances network performance, it still faces multiple limitations. In this thesis, we build solutions that form a first step towards creating next-generation SDN based networks. In the first part, we present MINNIE to scale the number of rules of SDN switches far beyond the few thousands rules commonly available in TCAM memory, which permits to handle typical data center traffic at very fine grain. To do so MINNIE dynamically compresses the routing rules installed in the TCAM, increasing the number of rules that can be installed. In the second part, we tackle the degraded performance of short flows and present a coarse grained scheduling prototype that leverages SDN switch statistics to decrease their end-to-end delay. Then, we aim at decreasing the 50ms failure protection interval which is not adapted to current broadband speeds and can lead to degraded Quality of Experience. Our solution PRoPHYS leverages the switch statistics in hybrid networks to anticipate link failures by drastically decreasing the number of packets lost. Finally, we tackle the greening problem where often energy efficiency comes at the cost of performance degradation. We present SENAtoR, our solution that leverages SDN nodes in hybrid networks to turn off network devices without hindering the network performance. Finally, we present SEaMLESS that converts idle virtual machines into virtual network functions (VNF) to enable the administrator to further consolidate the data center by turning off more physical servers and reuse resources (e.g. RAM) that are otherwise monopolized. SDN TCAM Scalabilité Réseaux hybrides Performance Ordonnancement Résilience Efficacité énergétique Disponibilité des services SDN TCAM Scalability Hybrid networks Performance Scheduling Resilience Energy efficiency Service availability
88	Introduktion till Software Defined Networking : Utvärdering av kontroller Nyberg, Tihmmy January 2020 (has links) Denna studie fokuserar på att samla information om Software Defined Networking, dess protokoll och dess kontroller. Det som jag har lärt mig under arbetet kommer att användas för att utvärdera två olika kontroller, POX och ONOS. Ett traditionellt nätverks kommer att sättas upp fysiskt och användas som en grund för att jämföra kontrollerna. Den traditionella lösningen använder två routrar och fyra switchar, och egenskaper som testas är bland annat lager 2 och lager 3 samt deras protokoll för redundans. Kontrollerna kommer sedan att användas för att se om de lever upp till samma krav. Resultaten av denna studie visar att varken POX eller ONOS kunde användas för varje testat scenario, inte med de moduler som kontrollerna kommer förinstallerade med. Det visade också att de egenskaper som de levde upp till var en hel del lättare att konfigurera och övervaka jämfört med dess traditionella motsvarigheter. Detta visar vikten av att lista ut vad som behövs och förväntas från nätverket innan man försöker hitta en passande lösning för att utföra detta. All information som samlats i denna studie används också för att skapa en laboration som ska introducera andra till koncepten kring SDN. Den undersöker hur Mininet kan användas för att virtualisera ett nätverk, hur flöden kan installeras med OpenFlow samt hur en kontroller kan användas för att förenkla administration av ett nätverk. / This study focuses on gathering information about Software Defined Networking, it's protocols ans it's controllers. What I have learned doing this will be used to evaluate two different controllers, POX and ONOS. A traditional network setup will be set up physically and serve as a base when it comes to comparing the controllers. The traditional setup includes two routers and four switches, and among the tested characteristics are layer 2 and 3 and it's redundancy protocols. The controllers will then be used to try and live up to the same characteristics. The result of this study shows that neither POX nor ONOS could be used for every scenario tested, not with the basic modules the controllers comes with. It also showed that the characteristics they did manage was a fair bit easier to setup and monitor compared to it's traditional counterparts, thus showing the importance of figuring out what is needed from a network before trying to find a fitting solution to how it needs to be set up. All the information gathered in this study is also used to create a lab instruction meant to introduce others to the concepts of SDN. It explores how to use Mininet to virtualise a network environment, how to install flows using OpenFlow and how to use a controller to simplify the management of the network. Software Defined Networking SDN controllers POX ONOS evaluation lab instruction Software Defined Networking SDN kontroller POX ONOS utvärdering laboration Computer Engineering Datorteknik
89	Performance Analysis of an SD-WAN Infrastructure Implemented Using Cisco System Technologies Moser, Gianlorenzo January 2021 (has links) Software-Defined Wide Area Networking (SD-WAN) is an emerging technology that has the potential to satisfy the increasing demand for reliable and efficient Wide Area Networks (WANs) in the enterprise-network market. This thesis focuses on the main features of an SD-WAN network and on the technical challenges facing the design and implementation of an SD-WAN infrastructure. It also provides a detailed comparison between the SD-WAN and the otherWANs solutions such as MultiProtocol Label Switching (MPLS). The thesis is based on the project that is about the migration of network infrastructure that uses the MPLS technology to a network infrastructure that uses the SD-WAN technology. The migration process includes many phases such as the analysis of the existing MPLS based infrastructure, identification of suitable appliances based on customer requests, and the design of the SD-WAN infrastructure that can be implemented without disrupting the network functioning during the transition stage. The thesis provides a detailed description of these steps and it discusses the trade-offs that were made during the design phase of the project. The results presented in the thesis are obtained through on-site tests performed for the new SD-WAN infrastructure. The tests were performed with the objective to evaluate some of the main SD-WAN functionalities such as load balancing, traffic shaping, and high availability. The obtained results show the effective functioning of the network infrastructure and illustrate some of the main advantages that the new SD-WAN infrastructure has over the old MPLS infrastructure. Finally, this thesis could be of interest to network professionals and employees who consider SD-WAN as a possible solution for their company’s business. / Software-Defined Wide Area Networking (SD-WAN) är en framväxande teknik som har potential att tillgodose den ökande efterfrågan på tillförlitliga och effektiva Wide Area Networks (WAN) på företagsnätverksmarknaden. Denna avhandling fokuserar på huvudfunktionerna i ett SD-WAN-nätverk och på de tekniska utmaningarna för design och implementering av en SD-WAN-infrastruktur. Det ger också en detaljerad jämförelse mellan SD-WAN och andra WAN-lösningar som MultiProtocol Label Switching (MPLS). Avhandlingen bygger på projektet som handlar om migrering av nätverksinfrastruktur som använder MPLS-tekniken till en nätverksinfrastruktur som använder SD-WAN-tekniken. Migreringsprocessen omfattar många faser, till exempel analys av befintlig MPLS-baserad infrastruktur, identifiering av lämpliga apparater baserat på kundförfrågningar och utformningen av SD-WAN-infrastrukturen som kan implementeras utan att nätverket fungerar under övergångssteget. Avhandlingen ger en detaljerad beskrivning av dessa steg och diskuterar de avvägningar som gjordes under projektets designfas. Resultaten som presenteras i avhandlingen erhålls genom test på plats för den nya SD-WAN-infrastrukturen. Testerna utfördes i syfte att utvärdera några av de viktigaste SD-WAN-funktionerna som lastbalansering, trafikformning och hög tillgänglighet. De erhållna resultaten visar att nätinfrastrukturen fungerar effektivt och illustrerar några av de största fördelarna som den nya SD-WAN-infrastrukturen har jämfört med den gamla MPLS-infrastrukturen. Slutligen kan denna avhandling vara av intresse för nätverkspersonal och anställda som anser SD-WAN som en möjlig lösning för företagets verksamhet. SD-WAN SDN MPLS Load Balancing Traffic Shaping SD-WAN SDN MPLS Load Balancing Traffic Shaping Computer and Information Sciences Data- och informationsvetenskap
90	An operating system for 5G Edge Clouds / Un système d'exploitation pour 5G Edge Clouds Manzalini, Antonio 08 July 2016 (has links) La technologie et les conducteurs socio-économiques créent les conditions d'une transformation profonde, appelée "Softwarization", du Telco et des TIC. Réseaux définis par logiciel et réseau Fonctions de virtualisation sont deux des principales technologies permettant ouvrant la voie à cette transformation. Softwarization permettra de virtualiser toutes les fonctions de réseau et de services d'une infrastructure de Telco et de les exécuter sur une plates-formes logicielles, entièrement découplés de l'infrastructure physique sous (presque basé sur du matériel standard). Tous les services seront fournis en utilisant un «continuum» des ressources virtuelles (traitement, de stockage et de communication) avec un investissement en capital initial pratiquement très limité et avec des coûts d'exploitation modestes. 5G sera la première exploitation de Softwarization. 5G sera une infrastructure distribuée massivement dense, intégrant le traitement, le stockage et (fixes et radio) des capacités de mise en réseau. En résumé, l'objectif général de cette thèse a étudié les défis techniques et les opportunités d'affaires apportées par le "Softwarization" et 5G. En particulier, la thèse propose que le 5G devra avoir une sorte de système d'exploitation (5GOS) capable de fonctionner les RAN et de base et les infrastructures fixes convergés. Les contributions de cette thèse ont été: 1) définir une vision pour les futures infrastructures 5G, des scénarios, des cas d'utilisation et les exigences principales: 2) définissant l'architecture fonctionnelle d'un système d'exploitation pour 5G; 3) la conception de l'architecture logicielle d'un 5GOS pour le "bord Cloud"; 4) comprendre les impacts technico-économiques de la vision et 5GOS, et les stratégies les plus efficaces pour l'exploiter / Technology and socio-economic drivers are creating the conditions for a profound transformation, called “Softwarization”, of the Telco and ICT. Software-Defined Networks and Network Functions Virtualization are two of the key enabling technologies paving the way towards this transformation. Softwarization will allow to virtualize all network and services functions of a Telco infrastructure and executing them onto a software platforms, fully decoupled from the underneath physical infrastructure (almost based on standard hardware). Any services will be provided by using a “continuum” of virtual resources (processing, storage and communications) with practically very limited upfront capital investment and with modest operating costs. 5G will be the first exploitation of Softwarization. 5G will be a massively dense distributed infrastructure, integrating processing, storage and (fixed and radio) networking capabilities. In summary, the overall goal of this thesis has been investigating technical challenges and business opportunities brought by the “Softwarization” and 5G. In particular, the thesis proposes that the 5G will have to have a sort of Operating System (5GOS) capable of operating the converged fixed and RAN and core infrastructures. Main contributions of this thesis have been: 1) defining a vision for future 5G infrastructures, scenarios, use-cases and main requirements; 2) defining the functional architecture of an Operating System for 5G; 3) designing the software architecture of a 5G OS for the “Edge Cloud”; 4) understanding the techno-economic impacts of the vision and 5GOS, and the most effective strategies to exploit it SDN NFV 5G Système d'exploitation Orchestration de services Softwarization Edge computing Fog Computing SDN NFV 5G Operating system Service orchestration Softwarization Edge computing Fog Computing

Search results