Návrh laboratorních úloh v oblasti programovatelnosti sítí / Design of laboratory exercises in the field of network programmability

Dubovyi, Dmytro

January 2020

The aim of the graduation thesis is to evaluate the current development in the field of SDN and the possibility of programmability of SDN elements using the application programming interface. The first theoretical chapter describes the following: the basic architecture of SDN, the traffic within SDN between its individual layers, the communication protocols Southbound interface and Northbound interface. The second chapter of the thesis deals with the programmability of SDN elements with the help of API. The third theoretical chapter describes the current development in the field of SDN. The practical part of the thesis is devoted to creation of two laboratory tasks dealing with the programming of the SDN API. Laboratory tasks include BIG-IP programming from F5 Network and routers from Arista Network. Programming is done using Python via REST API for BIG-IP, or eAPI for Arista EOS. The Ansible setup tool is also used for the same purpose.

CoreLB: uma proposta de balanceamento de carga na rede com Openflow e SNMP

Dossa, Clebio Gavioli

18 August 2016

Submitted by Silvana Teresinha Dornelles Studzinski (sstudzinski) on 2016-11-01T15:35:45Z No. of bitstreams: 1 Clebio Dossa_.pdf: 1252617 bytes, checksum: 784b95c29ee09e2a922686b26cb7aa51 (MD5) / Made available in DSpace on 2016-11-01T15:35:45Z (GMT). No. of bitstreams: 1 Clebio Dossa_.pdf: 1252617 bytes, checksum: 784b95c29ee09e2a922686b26cb7aa51 (MD5) Previous issue date: 2016-08-18 / Nenhuma / Atualmente, muitos serviços distribuem a carga entre diversos nós computacionais direcionando as conexões com alguma estratégia de balanceamento para divisão da carga. O advento do uso de redes definidas por software (SDN) está mudando paradigmas da administração de redes, absorvendo serviços especializados, automatizando processos e gerando inteligência para regras estáticas com uma grande variedade de opções de implementação. O balanceamento de carga é um dos serviços especializados que pode usufruir dos conceitos de SDN, sem definições e processos estáticos como ocorre muitas vezes nos atuais modelos usados de balanceamento de carga. A definição dos protocolos que suportam SDN usualmente permitem soluções alternativas e eficientes para este problema, desta forma, neste trabalho, é apresentada uma proposta de metodologia para balanceamento de carga entre distintos servidores de um pool com a troca do destino de tráfego realizada pela rede. Esta solução é chamada Core-based load balance (CoreLB), pois o serviço especializado de balanceamento de carga é realizado pela rede onde a administração de pacotes é nativamente realizada. A metodologia faz uso do protocolo SNMP para análise de recursos dos servidores com o objetivo de avaliar a situação de carga de cada nó computacional e de estatísticas de consumo de rede através do protocolo OpenFlow. Este trabalho avaliou o balanceamento de carga em serviços Web e a união de estatísticas de rede e da carga dos servidores, para a tomada de decisão de balanceamento, mostra-se uma metodologia eficiente e com melhores tempos de resposta ao usuário comparado com outras metodologias de avaliadas. Também melhorou a distribuição de consumo de recursos entre os servidores. / Currently, most services balance the load between distinct hosts forwarding connections with a load balance strategy in front. Usually, a dedicated appliance is responsible to performthe balance and may be a fault point and become expensive. The new concepts of computer network architecture with Software-Defined Networking (SND) are changing the network management, absorving specialist services, automating process and building intelligence to statics rules with loads of delivery options. The load balance is a specialized service that can enjoy in a positive way of SDN concepts, with low costs, in a flexible way as per the process needs instead of a plastered process definitions that occurs in many actual models. The OpenFlow protocol definition allow us to use a new solution to address this issue. This work shows a load balance purpose between distinct hosts with the destination change of connections made by the network core. It calls Core-based load balance (CoreLB) because the specialized load balance service move to the network core where the package forwarding is naturally made. This solution intend to use the SNMP protocol to analyse the hosts resources to evaluate server’s load. Using the network forwarding statistics and OS load informations, an efficient solution of load balance, the metodology proved to be efficient with better users’ response times average of 19% than no balanced scenario as well as around 9% better than others load balance strategies and a properly balance consumption of resources from hosts side. This process can be inhered in distinct models, however, this research intend to evaluate Web Services.

Balanceamento de carga

Redes

Administração de redes de computadores

Carga de rede

Distribuição computacional

Arquitetura SDN

Roteamento de pacotes

Plano de controle

OpenFlow

SNMP

Load balance

Network

Computer network management

Network loads

Distributing computin

Resource distribution

SDN architecture

Packet forwarding

Control plane

Packet switching

Renforcement de la sécurité à travers les réseaux programmables

Abou El Houda, Zakaria

09 1900

La conception originale d’Internet n’a pas pris en compte les aspects de sécurité du réseau; l’objectif prioritaire était de faciliter le processus de communication. Par conséquent, de nombreux protocoles de l’infrastructure Internet exposent un ensemble de vulnérabilités. Ces dernières peuvent être exploitées par les attaquants afin de mener un ensemble d’attaques. Les attaques par déni de service distribué (Distributed Denial of Service ou DDoS) représentent une grande menace et l’une des attaques les plus dévastatrices causant des dommages collatéraux aux opérateurs de réseau ainsi qu’aux fournisseurs de services Internet. Les réseaux programmables, dits Software-Defined Networking (SDN), ont émergé comme un nouveau paradigme promettant de résoudre les limitations de l’architecture réseau actuelle en découplant le plan de contrôle du plan de données. D’une part, cette séparation permet un meilleur contrôle du réseau et apporte de nouvelles capacités pour mitiger les attaques par déni de service distribué. D’autre part, cette séparation introduit de nouveaux défis en matière de sécurité du plan de contrôle. L’enjeu de cette thèse est double. D’une part, étudier et explorer l’apport de SDN à la sécurité afin de concevoir des solutions efficaces qui vont mitiger plusieurs vecteurs d’attaques. D’autre part, protéger SDN contre ces attaques. À travers ce travail de recherche, nous contribuons à la mitigation des attaques par déni de service distribué sur deux niveaux (intra-domaine et inter-domaine), et nous contribuons au renforcement de l’aspect sécurité dans les réseaux programmables. / The original design of Internet did not take into consideration security aspects of the network; the priority was to facilitate the process of communication. Therefore, many of the protocols that are part of the Internet infrastructure expose a set of vulnerabilities that can be exploited by attackers to carry out a set of attacks. Distributed Denial-of-Service (DDoS) represents a big threat and one of the most devastating and destructive attacks plaguing network operators and Internet service providers (ISPs) in a stealthy way. Software defined networks (SDN), an emerging technology, promise to solve the limitations of the conventional network architecture by decoupling the control plane from the data plane. On one hand, the separation of the control plane from the data plane allows for more control over the network and brings new capabilities to deal with DDoS attacks. On the other hand, this separation introduces new challenges regarding the security of the control plane. This thesis aims to deal with various types of attacks including DDoS attacks while protecting the resources of the control plane. In this thesis, we contribute to the mitigation of both intra-domain and inter-domain DDoS attacks, and to the reinforcement of security aspects in SDN.

Tests d’intrusion (informatique)

Blockchains

Wide area networks (Computer networks)

Penetration testing (Computer security)

Supervised learning (Machine learning)

Blockchains