Spelling suggestions: "subject:"5oftware defined networking"" "subject:"5oftware defined etworking""
131 |
Resource Management for Efficient, Scalable and Resilient Network Function ChainsKulkarni, Sameer G. 04 July 2018 (has links)
No description available.
|
132 |
A one-class NIDS for SDN-based SCADA systems / Um NIDS baseado em OCC para sistemas SCADA baseados em SDNSilva, Eduardo Germano da January 2007 (has links)
Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo. / Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices.
|
133 |
Openvisor – framework para redes de experimentação Openflow / Openvisor – framework para ambientes de experimentação openflow com redes overlay tolerante à falhasPowaczuk, Lucas 20 December 2016 (has links)
OpenFlow-based testbeds have been established as an emerging field of research in order to create
experimental environments that enable the development of new technologies on real network
infrastructures. The bibliographic review showed that existing experimentation networks still lack
mechanisms to guarantee users simplified operational forms, decoupled from the physical substrate
and that are resilient. In this context, the research problem is: how to guarantee the users of OpenFlow
experimentation networks an environment that allows creating virtual networks with low complexity
in operation, flexible and resilient to link failures. The hypothesis that guided the study is that by
integrating the tools OpenVirteX and FlowVisor and, consequently of its functionalities, the resulting
framework would allow to achieving this purpose. OpenVirteX and FlowVisor are network
hypervisors with distinct functionalities where the former has the use of virtual and arbitrary
topologies, connectivity failure recovery, and absolute control. The FlowVisor has its main
contribution in providing a wide flexibility in the definition of virtual networks. Therefore, the
objective of this study was to develop a framework for OpenFlow experimentation networks, aiming
to provide flexible virtual networks to users, with low complexity of the operation, having absolute
control and resilient to failures. The study methodology is characterized by the hypothetical-deductive
method. The procedures used to develop the proposal were: create the experimentation context,
individual testing of the OpenVirteX and FlowVisor hypervisors, integration of the tools, evaluation of
the framework and, finally, analysis and discussion of the results. The study confirmed some of the
guiding hypothesis of the proposal since the framework was: Flexible, allowing to use any metrics of
the OpenFlow header for the segmentation of virtual networks; Low complexity, because it allows to
use a virtual and arbitrary topology composed of a single virtual switch corresponding to the entire
physical network; Resilient to connectivity failures, because the tool was able to redefine the
communication through of alternative routes. Regarding absolute control, the results refute the
presence of this functionality. It was observed that providing total control of the network to the user
has the impact of weakening the flexibility of the experimentation environment. / As redes de experimentação (testbeds) baseadas em OpenFlow tem-se constituído em um campo de
investigação emergente, tendo em vista a necessidade de criar ambientes de experimentação que
viabilizem o desenvolvimento de novas tecnologias sobre infraestruturas de redes reais. A revisão
bibliográfica evidenciou que as redes de experimentação existentes, ainda, carecem de mecanismos
que garantam aos usuários formas operacionais simplificadas, desacopladas do substrato físico e que
sejam resilientes. Neste contexto, a problemática da investigação é: como garantir aos usuários de
redes de experimentação OpenFlow um ambiente que possibilite criar redes virtuais de baixa
complexidade de operação, flexíveis e resiliente a rupturas de enlaces? A hipótese que direcionou o
estudo é que através da integração das ferramentas OpenVirteX e FlowVisor e, consequentemente de
suas funcionalidades, o framework resultante possibilitaria atingir tal propósito. O OpenVirteX e
FlowVisor são hypervisors de rede com funcionalidades distintas onde o primeiro dispõe da utilização
de topologias virtuais e arbitrárias, recuperação de falhas de conectividade e controle absoluto. Já o
FlowVisor tem sua principal contribuição em fornecer uma ampla flexibilidade na definição das redes
virtuais. Logo, o objetivo deste estudo foi desenvolver um framework para redes de experimentação
OpenFlow, objetivando proporcionar aos usuários redes virtuais flexíveis, de baixa complexidade de
operacionalização, dispondo de controle absoluto e resiliente a falhas. A metodologia do estudo
caracteriza-se pelo método hipotético-dedutivo. Os procedimentos aplicados para o desenvolvimento
da proposta foram: a criação do contexto da experimentação, testes individuais dos hypervisors
OpenVirteX e FlowVisor, integração das ferramentas, avaliação do Framework e, finalmente a análise
e discussões dos resultados. O estudo realizado confirmou parte da hipótese norteadora da proposta
uma vez que o framework se mostrou: Flexível, ao permitir utilizar quaisquer métricas do cabeçalho
OpenFlow para a segmentação das redes virtuais; Baixa complexidade, pois permite utilizar uma
topologia virtual e arbitrária composta por um único switch virtual correspondendo a totalidade da
rede física; Resiliente a falhas de conectividade, pois a ferramenta se mostrou capaz de redefinir a
comunicação através de rotas alternativas. No que se refere ao controle absoluto, os resultados refutam
a presença dessa funcionalidade. Observou-se que disponibilizar o controle total da rede para o usuário
tem o impacto de fragilizar a flexibilidade do ambiente de experimentação.
|
134 |
A one-class NIDS for SDN-based SCADA systems / Um NIDS baseado em OCC para sistemas SCADA baseados em SDNSilva, Eduardo Germano da January 2007 (has links)
Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo. / Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices.
|
135 |
Energy Efficient Traffic Engineering in Software Defined Networks / Ingénierie de trafic pour des réseaux énergétiquement efficacesCarpa, Radu 26 October 2017 (has links)
Ce travail a pour but d'améliorer l'efficacité énergétique des réseaux de cœur en éteignant un sous-ensemble de liens par une approche SDN (Software Defined Network). Nous nous différencions des nombreux travaux de ce domaine par une réactivité accrue aux variations des conditions réseaux. Cela a été rendu possible grâce à une complexité calculatoire réduite et une attention particulière au surcoût induit par les échanges de données. Pour valider les solutions proposées, nous les avons testées sur une plateforme spécialement construite à cet effet.Dans la première partie de cette thèse, nous présentons l'architecture logicielle ``SegmenT Routing based Energy Efficient Traffic Engineering'' (STREETE). Le cœur de la solution repose sur un re-routage dynamique du trafic en fonction de la charge du réseau dans le but d'éteindre certains liens peu utilisés. Cette solution utilise des algorithmes de graphes dynamiques pour réduire la complexité calculatoire et atteindre des temps de calcul de l'ordre des millisecondes sur un réseau de 50 nœuds. Nos solutions ont aussi été validées sur une plateforme de test comprenant le contrôleur SDN ONOS et des commutateurs OpenFlow. Nous comparons nos algorithmes aux solutions optimales obtenues grâce à des techniques de programmation linéaires en nombres entiers et montrons que le nombre de liens allumés peut être efficacement réduit pour diminuer la consommation électrique tout en évitant de surcharger le réseau.Dans la deuxième partie de cette thèse, nous cherchons à améliorer la performance de STREETE dans le cas d’une forte charge, qui ne peut pas être écoulée par le réseau si des algorithmes de routages à plus courts chemins sont utilisés. Nous analysons des méthodes d'équilibrage de charge pour obtenir un placement presque optimal des flux dans le réseau.Dans la dernière partie, nous évaluons la combinaison des deux techniques proposées précédemment : STREETE avec équilibrage de charge. Ensuite, nous utilisons notre plateforme de test pour analyser l'impact de re-routages fréquents sur les flux TCP. Cela nous permet de donner des indications sur des améliorations à prendre en compte afin d'éviter des instabilités causées par des basculements incontrôlés des flux réseau entre des chemins alternatifs. Nous croyons à l'importance de fournir des résultats reproductibles à la communauté scientifique. Ainsi, une grande partie des résultats présentés dans cette thèse peuvent être facilement reproduits à l'aide des instructions et logiciels fournis. / This work seeks to improve the energy efficiency of backbone networks by automatically managing the paths of network flows to reduce the over-provisioning. Compared to numerous works in this field, we stand out by focusing on low computational complexity and smooth deployment of the proposed solution in the context of Software Defined Networks (SDN). To ensure that we meet these requirements, we validate the proposed solutions on a network testbed built for this purpose. Moreover, we believe that it is indispensable for the research community in computer science to improve the reproducibility of experiments. Thus, one can reproduce most of the results presented in this thesis by following a couple of simple steps. In the first part of this thesis, we present a framework for putting links and line cards into sleep mode during off-peak periods and rapidly bringing them back on when more network capacity is needed. The solution, which we term ``SegmenT Routing based Energy Efficient Traffic Engineering'' (STREETE), was implemented using state-of-art dynamic graph algorithms. STREETE achieves execution times of tens of milliseconds on a 50-node network. The approach was also validated on a testbed using the ONOS SDN controller along with OpenFlow switches. We compared our algorithm against optimal solutions obtained via a Mixed Integer Linear Programming (MILP) model to demonstrate that it can effectively prevent network congestion, avoid turning-on unneeded links, and provide excellent energy-efficiency. The second part of this thesis studies solutions for maximizing the utilization of existing components to extend the STREETE framework to workloads that are not very well handled by its original form. This includes the high network loads that cannot be routed through the network without a fine-grained management of the flows. In this part, we diverge from the shortest path routing, which is traditionally used in computer networks, and perform a particular load balancing of the network flows. In the last part of this thesis, we combine STREETE with the proposed load balancing technique and evaluate the performance of this combination both regarding turned-off links and in its ability to keep the network out of congestion. After that, we use our network testbed to evaluate the impact of our solutions on the TCP flows and provide an intuition about the additional constraints that must be considered to avoid instabilities due to traffic oscillations between multiple paths.
|
136 |
Infraestrutura para operações de Offloading computacional em ambiente integrado Cloudlet-SDN com suporte a mobilidadeFRANÇA, Adriano Henrique de Melo 29 August 2016 (has links)
Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-04-25T12:03:54Z
No. of bitstreams: 2
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
Dissertacao_AdrianoHenrique.pdf: 1956295 bytes, checksum: 38ce5d73db0d44416c8653e58120f11c (MD5) / Made available in DSpace on 2017-04-25T12:03:55Z (GMT). No. of bitstreams: 2
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
Dissertacao_AdrianoHenrique.pdf: 1956295 bytes, checksum: 38ce5d73db0d44416c8653e58120f11c (MD5)
Previous issue date: 2016-08-29 / Apesar da grande evolução tecnológica nos hardwares dos dispositivos móveis e
nas redes sem fio, ainda existem grandes limitações nesses dispositivos em termos
de processamento, capacidade de armazenamento e autonomia de energia, quando
comparados aos desktops e servidores. O paradigma de Computação em Nuvem
Móvel (MCC – Mobile Cloud Computing) permite estender os recursos
computacionais dos dispositivos móveis através da utilização das técnicas de
offloading computacional possibilitando um melhor desempenho as aplicações e
uma redução no consumo das baterias dos dispositivos. Entretanto, a técnica de
offloading nem sempre traz benefícios para o dispositivo móvel em situações de
constante mobilidade do usuário, já que cada mudança de rede requer que o
processo de offloading seja refeito. Esta dissertação propõe uma solução para
otimizar o consumo de energia e o tempo de resposta durante as operações de
offloading computacional quando o dispositivo muda de ponto de acesso. A proposta
considera um esquema de gerenciamento de mobilidade baseado em Software
Defined Networking (SDN) e técnica de caching remoto, que permite ao usuário
receber o resultado do offloading no próximo acesso à rede, mesmo que esse fique
desconectado por um longo período. A solução foi implementada em um testbed WiFi,
com acesso ao ambiente MCC utilizando cloudlet baseada na plataforma
OpenStack e integrada ao controlador SDN OpenDaylight. O consumo de energia
obtido pela proposta que utiliza SDN/OpenFlow para o gerenciamento de mobilidade
chegou a ser 11,33 vezes menor e a velocidade de processamento foi 3,23 vezes
maior que do ambiente tradicional. O sistema de caching remoto, apesar de se
mostrar útil em relação à rápida entrega dos resultados já processados, elevou
consideravelmente o consumo de energia da bateria. A técnica de caching remoto é
indicada para os casos nos quais a aplicação envia à cloudlet um grande volume de
dados para ser processado e o nível da bateria do dispositivo encontra-se em estado
não crítico ou quando o usuário enfrenta um longo período sem comunicação com a
cloudlet. / Although the great technological evolution in the mobile devices hardware and
wireless networks, remains significant limitations of these devices regarding
processing, storage, and energy, when compared to desktops and servers. The
paradigm of Mobile Cloud Computing (MCC) allows to extend the computational
resources of the mobile devices through the use of computational offloading
techniques, achieving a better performance on the part of the applications and a
reduction in the battery consumption of the devices. The offloading technique does
not always bring benefits to a mobile device in situations of high mobility since each
network change requires the execution of the offloading process. This dissertation
proposes a solution to optimize energy consumption and response times during the
computational offloading operations when the device change of access points (AP).
To this end, the proposal considers for such, a mobility management scheme based
on SDN (Software Defined Networking) and a remote caching technique, that allows
the user to receive the result from offloading in the next AP, even if he stays
disconnected for an extended period. The solution was implemented in one Wi-Fi
testbed, with access to the MCC environment using cloudlet based on the
OpenStack platform and integrated with the OpenDaylight SDN controller. The
achieved reduction of energy consumption for the mobility management proposal
arrived to be 11.33 times lower, and the processing speed was 3.23 times bigger that
of the traditional environment. The remote caching system, although useful in fast
delivering the already processed results, considerably raised the battery energy
consumption. Thus, the applicability of remote caching limits it to the cases where the
application sends to the cloudlet an enormous volume of data to be processed and
the battery level of the device is not critical or when the user faces an extended
period without communication with the cloudlet.
|
137 |
Um serviço para anonimização em redes definidas por softwareBomfim, Leonardo Henrique da Silva 22 February 2017 (has links)
This work has the goal to make an implementation of an anonymization service on
Software-Defined Networks (SDN) with the goal to reduce the number of attacks. With an
anonymization service is possible to hide the IP address from the network’s hosts, ensuring
more protection against security attacks, which allows a more time availability. One of the
biggest challenge on SDN architecture is the security issue. The separation of control and
data planes allows o generated challenges on security, due to the network’s permissiveness
to attacks such as “ Man in the Middle ”, Denial of Service and Saturation. The service
developed in this work, named as BomIP, uses the micro-data anonymization technique of
randomization of IP address of the hosts. The BomIP was added in the SDN controller
RunOS, which was the responsible to make the management of the real and anonymized
IP address. To validate this service it was developed two Case Studies with an environment
simulating a Denial of Service attack. The first Case Study made a comparison between
Crypto-Pan and BomIP. While the second Case Study made a comparison between a
traditional network IP and a SDN one using BomIP, both under Denial of Service attack.
The analysis of results showed that the service developed has an running time 65% more
efficient than Crypto-Pan. The assintotic analysis shows that BomIP is an algorith with
running time of quadratic order. The results also showed that the anonymized packets
can be tracked and a mitigation of 80% from the attacks trials, ensuring that the services
provided by the network remain available. / Este trabalho tem como objetivo implementar um servi¸co de anonimiza¸c˜ao em Redes
Definidas por Software (SDN) com o objetivo de realizar a mitiga¸c˜ao de tentativas de
ataque sofridas por uma rede. Atrav´es de um servi¸co de anonimiza¸c˜ao ´e poss´ıvel realizar a
oculta¸c˜ao dos endere¸cos IP dos hosts da rede, garantindo maior prote¸c˜ao contra ataques
`a seguran¸ca, permitindo um aumento de sua disponibilidade. Um dos maiores desafios
da arquitetura SDN ´e a seguran¸ca. A separa¸c˜ao do controle e do plano de dados permite
que desafios para garantir a seguran¸ca sejam gerados, devido `a permissividade da rede
a ataques como “Homem no Meio”, Nega¸c˜ao de Servi¸co e Satura¸c˜ao. O servi¸co aqui
desenvolvido, denominado de BomIP, utiliza a t´ecnica de anonimiza¸c˜ao de micro-dados
atrav´es da randomiza¸c˜ao dos endere¸cos IP dos hosts. O servi¸co BomIP foi adicionado ao
controlador RunOS, que ficou respons´avel por realizar o gerenciamento dos endere¸cos IP
reais e anonimizados. Para validar este servi¸co foram realizados dois Estudos de Caso
em um ambiente simulando um ataque de Nega¸c˜ao de Servi¸co. O primeiro Estudo de
Caso realizou a compara¸c˜ao do funcionamento do servi¸co de anonimiza¸c˜ao Crypto-Pan
com o BomIP. Enquanto que o segundo Estudo de Caso realizou a compara¸c˜ao de uma
rede IP tradicional sob ataque de Nega¸c˜ao de Servi¸co e uma SDN utilizando o BomIP.
A an´alise dos resultados mostrou que o servi¸co desenvolvido tem um tempo de execu¸c˜ao
65% mais eficiente que o Crypto-Pan. A an´alise de complexidade do algoritmo do BomIP
demonstrou que ´e de ordem quadr´atica. Os resultados tamb´em demonstraram que os
pacotes anonimizados permitem a rastreabilidade e a mitiga¸c˜ao de 80% das tentativas de
ataque, dando garantias que os servi¸cos providos pela rede continuem dispon´ıveis.
|
138 |
以SDN為基礎之具服務品質感知的智慧家庭頻寬管理架構 / SDN based QoS aware bandwidth management framework for smart homes林建廷, Lin, Jian Ting Unknown Date (has links)
隨著智慧家庭技術及物聯網的裝置大幅度地成長,智慧家庭的網路流量亦隨之升高。當大量成長的智慧家庭流量造成網路壅塞時,可能使緊急服務的警告機制失效,或是造成某些應用服務品質低劣而不堪使用。這些問題恐阻礙智慧家庭未來的發展性。
為改善上述問題,本文提出創新的物聯網智慧家庭頻寬配置管理架構。以ISP業者管理數以千計的物聯網智慧家庭為情境,針對智慧家庭多樣化的應用服務,利用具前瞻性的軟體定義網路,提供ISP業者對智慧家庭外部網路頻寬做最佳化的配置。
本研究依改良後的3GPP LTE QoS Class Identifier (QCI),分類智慧家庭的服務,並考量服務的優先權及延遲程度,提出BASH演算法。透過本研究,ISP業者能依定義好的服務類別,將匯集後的智慧家庭服務流量藉由配置訊務流(traffic flow)的權重,計算出不同服務的最佳頻寬分配量,達到提升QoS及使用者QoE的目的。
為確認本論文所提出之方法的有效性,實驗設計是利用Linux伺服器架設OpenvSwitch、Ryu控制器及Mininet模擬器,建構SDN網路環境。實驗結果顯示,本研究所提出的BASH與ISP所用的傳統頻寬分配方法相比,能有效提高30%的throughput,降低159%的delay time及967%的 jitter time。 / With the increasing number of IoT (Internet of Things) devices and advance of smart home technology, the network traffic of smart home is also raising rapidly. When network congestion occurs due to massive traffic, some emergent alert mechanisms might become invalid or cause some application services performance degraded. All kinds of these will dramatically hamper the future development of smart homes.
In order to resolve these problems, we propose an innovative bandwidth allocation smart home management framework for IoT enabled smart homes. The application scope of this research assumes a scenario that an ISP (Internet Service Provider) should support thousands of IoT enabled smart homes for a variety of services. The proposed bandwidth allocation framework is based on the promising software defined networking (SDN) architecture and is responsible for optimizing bandwidth allocation on external Internet traffic.
We modify the 3GPP LTE QoS Class Identifier (QCI) to adaptive to the services suitable for smart homes. The proposed bandwidth allocation smart home (BASH) algorithm considers service priority and delay at the same time. With this framework, ISP is able to optimize bandwidth allocation by aggregating thousands of classified services of smart homes and thus effectively enhance Quality of Service (QoS) and user experience (QoE).
In order to verify the proposed methods, we implement a SDN environment by using Linux Ubuntu servers with Mininet, Open vSwitch and Ryu controller. The experiment results show that BASH outperforms ISP traditional method in increasing the throughput by 30%, reducing delay and jitter by 159% and 967%, respectively.
|
139 |
Enhanced communication security and mobility management in small-cell networksNamal, S. (Suneth) 09 December 2014 (has links)
Abstract
Software-Defined Networks (SDN) focus on addressing the challenges of increased complexity and unified communication, for which the conventional networks are not optimally suited due to their static architecture.
This dissertation discusses the methods about how to enhance communication security and mobility management in small-cell networks with IEEE 802.11 backhaul. Although 802.11 has become a mission-critical component of enterprise networks, in many cases it is not managed with the same rigor as the wired networks. 802.11 networks are thus in need of undergoing the same unified management as the wired networks.
This dissertation also addresses several new issues from the perspective of mobility management in 802.11 backhaul. Due to lack of built-in quality of service support, IEEE 802.11 experiences serious challenges in meeting the demands of modern services and applications. 802.11 networks require significantly longer duration in association compared to what the real-time applications can tolerate. To optimise host mobility in IEEE 802.11, an extension to the initial authentication is provided by utilising Host Identity Protocol (HIP) based identity attributes and Elliptic Curve Cryptography (ECC) based session key generation.
Finally, this dissertation puts forward the concept of SDN based cell mobility and network function virtualization, its counterpart. This is validated by introducing a unified SDN and cognitive radio architecture for harmonized end-to-end resource allocation and management presented at the end. / Tiivistelmä
Ohjelmisto-ohjatut verkot (SDN) keskittyvät ratkaisemaan haasteita liittyen kasvaneeseen verkkojen monimutkaisuuteen ja yhtenäiseen kommunikaatioon, mihin perinteiset verkot eivät staattisen rakenteensa vuoksi sovellu.
Väitöskirja käsittelee menetelmiä, joilla kommunikaation turvallisuutta ja liikkuvuuden hallintaa voidaan parantaa IEEE 802.11 langattomissa piensoluverkoissa. Vaikkakin 802.11 on muodostunut avainkomponentiksi yritysverkoissa, monissa tapauksissa sitä ei hallinnoida yhtä täsmällisesti kuin langallista verkkoa. 802.11 verkoissa on näin ollen tarve samantyyppiselle yhtenäiselle hallinnalle, kuin langallisissa verkoissa on.
Väitöskirja keskittyy myös moniin uusiin liikkuvuuden hallintaan liittyviin ongelmiin 802.11 verkoissa. Johtuen sisäänrakennetun yhteyden laatumäärittelyn (QoS) puuttumisesta, IEEE 802.11 verkoille on haasteellista vastata modernien palvelujen ja sovellusten vaatimuksiin. 802.11 verkot vaativat huomattavasti pidemmän ajan verkkoon liittymisessä, kuin reaaliaikasovellukset vaativat. Työssä on esitelty laajennus alustavalle varmennukselle IEEE 802.11-standardiin isäntälaitteen liikkuvuuden optimoimiseksi, joka hyödyntää Host Identity Protocol (HIP)-pohjaisia identiteettiominaisuuksia sekä elliptisten käyrien salausmenetelmiin (ECC) perustuvaa istunnon avaimen luontia.
Lopuksi työssä esitellään ohjelmisto-ohjattuihin verkkoihin pohjautuva solujen liikkuvuuden konsepti, sekä siihen olennaisesti liittyvä verkon virtualisointi. Tämä validoidaan esittelemällä yhtenäinen SDN:ään ja kognitiiviseen radioon perustuva arkkitehtuuri harmonisoidulle päästä päähän resurssien varaamiselle ja hallinnoinnille, joka esitellään lopussa.
|
140 |
VN Embedding in SDN-based Metro Optical Network for Multimedia ServicesZaman, Faisal Ameen January 2017 (has links)
Currently a growing number of users depend on the Edge Cloud Computing Paradigm in a Metro Optical Network (MON). This has led to increased competition among the Cloud Service Providers (CPs) to supply incentives for the user through guaranteed Quality of Service (QoS). If the CP fails to guarantee the QoS for the accepted request, then the user will move to another CP. Making an informed decision dynamically in such a sensitive situation demands that the CP knows the user's application requirements. The Software Defined Networking (SDN) paradigm enabled the CP to achieve such desired requirement. Therefore, a framework called Virtual Network Embedding on SDN-based Metro Optical Network (VNE-MON) is proposed in this Thesis. The use of SDN paradigm in the framework guarantees profit to the CP as well as QoS to the user.\par
The design concept of the SDN control plane, raises concerns regarding its scalability, reliability and performance compared to a traditionally distributed network. To justify concerns regarding the SDN, the performance of VNE-MON and its possible dependancy on the controller location is investigated. Several strategies are proposed and formulated using Integer Linear Programming to determine the controller location in a MON. Performance results from the assessment of the VNE-MON illustrates that it is more stable compare to GMPLS-based network. It is evident that the controller location's attributes have a significant effect on the efficacy of the accepted VN request.
|
Page generated in 0.0855 seconds