Resource Management for Efficient, Scalable and Resilient Network Function Chains

Kulkarni, Sameer G.

04 July 2018

No description available.

510

Network Function Virtualization (NFV)

Software Defined Networking (SDN)

Service Function Chains (SFC)

Middleboxes

Network Resiliency

Fault-Tolerance

Network Softwarization

Cloud computing

Informatik (PPN619939052)

A one-class NIDS for SDN-based SCADA systems / Um NIDS baseado em OCC para sistemas SCADA baseados em SDN

Silva, Eduardo Germano da

January 2007

Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo. / Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices.

Redes : Computadores

Seguranca : Redes : Computadores

Supervisory control and data acquisition

Software-defined networking

Smart grids

Network-based intrusion detection system

One-class classification

Openvisor – framework para redes de experimentação Openflow / Openvisor – framework para ambientes de experimentação openflow com redes overlay tolerante à falhas

Powaczuk, Lucas

20 December 2016

OpenFlow-based testbeds have been established as an emerging field of research in order to create experimental environments that enable the development of new technologies on real network infrastructures. The bibliographic review showed that existing experimentation networks still lack mechanisms to guarantee users simplified operational forms, decoupled from the physical substrate and that are resilient. In this context, the research problem is: how to guarantee the users of OpenFlow experimentation networks an environment that allows creating virtual networks with low complexity in operation, flexible and resilient to link failures. The hypothesis that guided the study is that by integrating the tools OpenVirteX and FlowVisor and, consequently of its functionalities, the resulting framework would allow to achieving this purpose. OpenVirteX and FlowVisor are network hypervisors with distinct functionalities where the former has the use of virtual and arbitrary topologies, connectivity failure recovery, and absolute control. The FlowVisor has its main contribution in providing a wide flexibility in the definition of virtual networks. Therefore, the objective of this study was to develop a framework for OpenFlow experimentation networks, aiming to provide flexible virtual networks to users, with low complexity of the operation, having absolute control and resilient to failures. The study methodology is characterized by the hypothetical-deductive method. The procedures used to develop the proposal were: create the experimentation context, individual testing of the OpenVirteX and FlowVisor hypervisors, integration of the tools, evaluation of the framework and, finally, analysis and discussion of the results. The study confirmed some of the guiding hypothesis of the proposal since the framework was: Flexible, allowing to use any metrics of the OpenFlow header for the segmentation of virtual networks; Low complexity, because it allows to use a virtual and arbitrary topology composed of a single virtual switch corresponding to the entire physical network; Resilient to connectivity failures, because the tool was able to redefine the communication through of alternative routes. Regarding absolute control, the results refute the presence of this functionality. It was observed that providing total control of the network to the user has the impact of weakening the flexibility of the experimentation environment. / As redes de experimentação (testbeds) baseadas em OpenFlow tem-se constituído em um campo de investigação emergente, tendo em vista a necessidade de criar ambientes de experimentação que viabilizem o desenvolvimento de novas tecnologias sobre infraestruturas de redes reais. A revisão bibliográfica evidenciou que as redes de experimentação existentes, ainda, carecem de mecanismos que garantam aos usuários formas operacionais simplificadas, desacopladas do substrato físico e que sejam resilientes. Neste contexto, a problemática da investigação é: como garantir aos usuários de redes de experimentação OpenFlow um ambiente que possibilite criar redes virtuais de baixa complexidade de operação, flexíveis e resiliente a rupturas de enlaces? A hipótese que direcionou o estudo é que através da integração das ferramentas OpenVirteX e FlowVisor e, consequentemente de suas funcionalidades, o framework resultante possibilitaria atingir tal propósito. O OpenVirteX e FlowVisor são hypervisors de rede com funcionalidades distintas onde o primeiro dispõe da utilização de topologias virtuais e arbitrárias, recuperação de falhas de conectividade e controle absoluto. Já o FlowVisor tem sua principal contribuição em fornecer uma ampla flexibilidade na definição das redes virtuais. Logo, o objetivo deste estudo foi desenvolver um framework para redes de experimentação OpenFlow, objetivando proporcionar aos usuários redes virtuais flexíveis, de baixa complexidade de operacionalização, dispondo de controle absoluto e resiliente a falhas. A metodologia do estudo caracteriza-se pelo método hipotético-dedutivo. Os procedimentos aplicados para o desenvolvimento da proposta foram: a criação do contexto da experimentação, testes individuais dos hypervisors OpenVirteX e FlowVisor, integração das ferramentas, avaliação do Framework e, finalmente a análise e discussões dos resultados. O estudo realizado confirmou parte da hipótese norteadora da proposta uma vez que o framework se mostrou: Flexível, ao permitir utilizar quaisquer métricas do cabeçalho OpenFlow para a segmentação das redes virtuais; Baixa complexidade, pois permite utilizar uma topologia virtual e arbitrária composta por um único switch virtual correspondendo a totalidade da rede física; Resiliente a falhas de conectividade, pois a ferramenta se mostrou capaz de redefinir a comunicação através de rotas alternativas. No que se refere ao controle absoluto, os resultados refutam a presença dessa funcionalidade. Observou-se que disponibilizar o controle total da rede para o usuário tem o impacto de fragilizar a flexibilidade do ambiente de experimentação.

Redes definidas por software

Redes de experimentação

Virtualização de redes

Software defined networking

Experimentation networks

Network virtualization

A one-class NIDS for SDN-based SCADA systems / Um NIDS baseado em OCC para sistemas SCADA baseados em SDN

Silva, Eduardo Germano da

January 2007

Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo. / Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices.

Redes : Computadores

Seguranca : Redes : Computadores

Supervisory control and data acquisition

Software-defined networking

Smart grids

Network-based intrusion detection system

One-class classification

Energy Efficient Traffic Engineering in Software Defined Networks / Ingénierie de trafic pour des réseaux énergétiquement efficaces

Carpa, Radu

26 October 2017

Ce travail a pour but d'améliorer l'efficacité énergétique des réseaux de cœur en éteignant un sous-ensemble de liens par une approche SDN (Software Defined Network). Nous nous différencions des nombreux travaux de ce domaine par une réactivité accrue aux variations des conditions réseaux. Cela a été rendu possible grâce à une complexité calculatoire réduite et une attention particulière au surcoût induit par les échanges de données. Pour valider les solutions proposées, nous les avons testées sur une plateforme spécialement construite à cet effet.Dans la première partie de cette thèse, nous présentons l'architecture logicielle ``SegmenT Routing based Energy Efficient Traffic Engineering'' (STREETE). Le cœur de la solution repose sur un re-routage dynamique du trafic en fonction de la charge du réseau dans le but d'éteindre certains liens peu utilisés. Cette solution utilise des algorithmes de graphes dynamiques pour réduire la complexité calculatoire et atteindre des temps de calcul de l'ordre des millisecondes sur un réseau de 50 nœuds. Nos solutions ont aussi été validées sur une plateforme de test comprenant le contrôleur SDN ONOS et des commutateurs OpenFlow. Nous comparons nos algorithmes aux solutions optimales obtenues grâce à des techniques de programmation linéaires en nombres entiers et montrons que le nombre de liens allumés peut être efficacement réduit pour diminuer la consommation électrique tout en évitant de surcharger le réseau.Dans la deuxième partie de cette thèse, nous cherchons à améliorer la performance de STREETE dans le cas d’une forte charge, qui ne peut pas être écoulée par le réseau si des algorithmes de routages à plus courts chemins sont utilisés. Nous analysons des méthodes d'équilibrage de charge pour obtenir un placement presque optimal des flux dans le réseau.Dans la dernière partie, nous évaluons la combinaison des deux techniques proposées précédemment : STREETE avec équilibrage de charge. Ensuite, nous utilisons notre plateforme de test pour analyser l'impact de re-routages fréquents sur les flux TCP. Cela nous permet de donner des indications sur des améliorations à prendre en compte afin d'éviter des instabilités causées par des basculements incontrôlés des flux réseau entre des chemins alternatifs. Nous croyons à l'importance de fournir des résultats reproductibles à la communauté scientifique. Ainsi, une grande partie des résultats présentés dans cette thèse peuvent être facilement reproduits à l'aide des instructions et logiciels fournis. / This work seeks to improve the energy efficiency of backbone networks by automatically managing the paths of network flows to reduce the over-provisioning. Compared to numerous works in this field, we stand out by focusing on low computational complexity and smooth deployment of the proposed solution in the context of Software Defined Networks (SDN). To ensure that we meet these requirements, we validate the proposed solutions on a network testbed built for this purpose. Moreover, we believe that it is indispensable for the research community in computer science to improve the reproducibility of experiments. Thus, one can reproduce most of the results presented in this thesis by following a couple of simple steps. In the first part of this thesis, we present a framework for putting links and line cards into sleep mode during off-peak periods and rapidly bringing them back on when more network capacity is needed. The solution, which we term ``SegmenT Routing based Energy Efficient Traffic Engineering'' (STREETE), was implemented using state-of-art dynamic graph algorithms. STREETE achieves execution times of tens of milliseconds on a 50-node network. The approach was also validated on a testbed using the ONOS SDN controller along with OpenFlow switches. We compared our algorithm against optimal solutions obtained via a Mixed Integer Linear Programming (MILP) model to demonstrate that it can effectively prevent network congestion, avoid turning-on unneeded links, and provide excellent energy-efficiency. The second part of this thesis studies solutions for maximizing the utilization of existing components to extend the STREETE framework to workloads that are not very well handled by its original form. This includes the high network loads that cannot be routed through the network without a fine-grained management of the flows. In this part, we diverge from the shortest path routing, which is traditionally used in computer networks, and perform a particular load balancing of the network flows. In the last part of this thesis, we combine STREETE with the proposed load balancing technique and evaluate the performance of this combination both regarding turned-off links and in its ability to keep the network out of congestion. After that, we use our network testbed to evaluate the impact of our solutions on the TCP flows and provide an intuition about the additional constraints that must be considered to avoid instabilities due to traffic oscillations between multiple paths.

Réseaux verts

Efficacité énergétique

Réseaux programmables (SDN)

Ingénierie de trafic

Répartition de charge

Green networking

Energy efficiency

Software Defined Networking

Traffic engineering

Load balancing

Infraestrutura para operações de Offloading computacional em ambiente integrado Cloudlet-SDN com suporte a mobilidade

FRANÇA, Adriano Henrique de Melo

29 August 2016

Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-04-25T12:03:54Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertacao_AdrianoHenrique.pdf: 1956295 bytes, checksum: 38ce5d73db0d44416c8653e58120f11c (MD5) / Made available in DSpace on 2017-04-25T12:03:55Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertacao_AdrianoHenrique.pdf: 1956295 bytes, checksum: 38ce5d73db0d44416c8653e58120f11c (MD5) Previous issue date: 2016-08-29 / Apesar da grande evolução tecnológica nos hardwares dos dispositivos móveis e nas redes sem fio, ainda existem grandes limitações nesses dispositivos em termos de processamento, capacidade de armazenamento e autonomia de energia, quando comparados aos desktops e servidores. O paradigma de Computação em Nuvem Móvel (MCC – Mobile Cloud Computing) permite estender os recursos computacionais dos dispositivos móveis através da utilização das técnicas de offloading computacional possibilitando um melhor desempenho as aplicações e uma redução no consumo das baterias dos dispositivos. Entretanto, a técnica de offloading nem sempre traz benefícios para o dispositivo móvel em situações de constante mobilidade do usuário, já que cada mudança de rede requer que o processo de offloading seja refeito. Esta dissertação propõe uma solução para otimizar o consumo de energia e o tempo de resposta durante as operações de offloading computacional quando o dispositivo muda de ponto de acesso. A proposta considera um esquema de gerenciamento de mobilidade baseado em Software Defined Networking (SDN) e técnica de caching remoto, que permite ao usuário receber o resultado do offloading no próximo acesso à rede, mesmo que esse fique desconectado por um longo período. A solução foi implementada em um testbed WiFi, com acesso ao ambiente MCC utilizando cloudlet baseada na plataforma OpenStack e integrada ao controlador SDN OpenDaylight. O consumo de energia obtido pela proposta que utiliza SDN/OpenFlow para o gerenciamento de mobilidade chegou a ser 11,33 vezes menor e a velocidade de processamento foi 3,23 vezes maior que do ambiente tradicional. O sistema de caching remoto, apesar de se mostrar útil em relação à rápida entrega dos resultados já processados, elevou consideravelmente o consumo de energia da bateria. A técnica de caching remoto é indicada para os casos nos quais a aplicação envia à cloudlet um grande volume de dados para ser processado e o nível da bateria do dispositivo encontra-se em estado não crítico ou quando o usuário enfrenta um longo período sem comunicação com a cloudlet. / Although the great technological evolution in the mobile devices hardware and wireless networks, remains significant limitations of these devices regarding processing, storage, and energy, when compared to desktops and servers. The paradigm of Mobile Cloud Computing (MCC) allows to extend the computational resources of the mobile devices through the use of computational offloading techniques, achieving a better performance on the part of the applications and a reduction in the battery consumption of the devices. The offloading technique does not always bring benefits to a mobile device in situations of high mobility since each network change requires the execution of the offloading process. This dissertation proposes a solution to optimize energy consumption and response times during the computational offloading operations when the device change of access points (AP). To this end, the proposal considers for such, a mobility management scheme based on SDN (Software Defined Networking) and a remote caching technique, that allows the user to receive the result from offloading in the next AP, even if he stays disconnected for an extended period. The solution was implemented in one Wi-Fi testbed, with access to the MCC environment using cloudlet based on the OpenStack platform and integrated with the OpenDaylight SDN controller. The achieved reduction of energy consumption for the mobility management proposal arrived to be 11.33 times lower, and the processing speed was 3.23 times bigger that of the traditional environment. The remote caching system, although useful in fast delivering the already processed results, considerably raised the battery energy consumption. Thus, the applicability of remote caching limits it to the cases where the application sends to the cloudlet an enormous volume of data to be processed and the battery level of the device is not critical or when the user faces an extended period without communication with the cloudlet.

Redes Definidas por Software

Offloading computacional

Computação em Nuvem Móvel

Gerenciamento de Mobilidade

Cloudlet

Software Defined Networking

Computational offloading

Mobile Cloud Computing

Cloudlet

Mobility Management

Um serviço para anonimização em redes definidas por software

Bomfim, Leonardo Henrique da Silva

22 February 2017

This work has the goal to make an implementation of an anonymization service on Software-Defined Networks (SDN) with the goal to reduce the number of attacks. With an anonymization service is possible to hide the IP address from the network’s hosts, ensuring more protection against security attacks, which allows a more time availability. One of the biggest challenge on SDN architecture is the security issue. The separation of control and data planes allows o generated challenges on security, due to the network’s permissiveness to attacks such as “ Man in the Middle ”, Denial of Service and Saturation. The service developed in this work, named as BomIP, uses the micro-data anonymization technique of randomization of IP address of the hosts. The BomIP was added in the SDN controller RunOS, which was the responsible to make the management of the real and anonymized IP address. To validate this service it was developed two Case Studies with an environment simulating a Denial of Service attack. The first Case Study made a comparison between Crypto-Pan and BomIP. While the second Case Study made a comparison between a traditional network IP and a SDN one using BomIP, both under Denial of Service attack. The analysis of results showed that the service developed has an running time 65% more efficient than Crypto-Pan. The assintotic analysis shows that BomIP is an algorith with running time of quadratic order. The results also showed that the anonymized packets can be tracked and a mitigation of 80% from the attacks trials, ensuring that the services provided by the network remain available. / Este trabalho tem como objetivo implementar um servi¸co de anonimiza¸c˜ao em Redes Definidas por Software (SDN) com o objetivo de realizar a mitiga¸c˜ao de tentativas de ataque sofridas por uma rede. Atrav´es de um servi¸co de anonimiza¸c˜ao ´e poss´ıvel realizar a oculta¸c˜ao dos endere¸cos IP dos hosts da rede, garantindo maior prote¸c˜ao contra ataques `a seguran¸ca, permitindo um aumento de sua disponibilidade. Um dos maiores desafios da arquitetura SDN ´e a seguran¸ca. A separa¸c˜ao do controle e do plano de dados permite que desafios para garantir a seguran¸ca sejam gerados, devido `a permissividade da rede a ataques como “Homem no Meio”, Nega¸c˜ao de Servi¸co e Satura¸c˜ao. O servi¸co aqui desenvolvido, denominado de BomIP, utiliza a t´ecnica de anonimiza¸c˜ao de micro-dados atrav´es da randomiza¸c˜ao dos endere¸cos IP dos hosts. O servi¸co BomIP foi adicionado ao controlador RunOS, que ficou respons´avel por realizar o gerenciamento dos endere¸cos IP reais e anonimizados. Para validar este servi¸co foram realizados dois Estudos de Caso em um ambiente simulando um ataque de Nega¸c˜ao de Servi¸co. O primeiro Estudo de Caso realizou a compara¸c˜ao do funcionamento do servi¸co de anonimiza¸c˜ao Crypto-Pan com o BomIP. Enquanto que o segundo Estudo de Caso realizou a compara¸c˜ao de uma rede IP tradicional sob ataque de Nega¸c˜ao de Servi¸co e uma SDN utilizando o BomIP. A an´alise dos resultados mostrou que o servi¸co desenvolvido tem um tempo de execu¸c˜ao 65% mais eficiente que o Crypto-Pan. A an´alise de complexidade do algoritmo do BomIP demonstrou que ´e de ordem quadr´atica. Os resultados tamb´em demonstraram que os pacotes anonimizados permitem a rastreabilidade e a mitiga¸c˜ao de 80% das tentativas de ataque, dando garantias que os servi¸cos providos pela rede continuem dispon´ıveis.

Ciência da computação

Programas de computador

Redes de computadores

Desenvolvimento de software

Tecnologia da informação

Redes definidas por software

Anonimização

OpenFlow

Software-defined networking

Anonymization

以SDN為基礎之具服務品質感知的智慧家庭頻寬管理架構 / SDN based QoS aware bandwidth management framework for smart homes

林建廷, Lin, Jian Ting

Unknown Date

隨著智慧家庭技術及物聯網的裝置大幅度地成長，智慧家庭的網路流量亦隨之升高。當大量成長的智慧家庭流量造成網路壅塞時，可能使緊急服務的警告機制失效，或是造成某些應用服務品質低劣而不堪使用。這些問題恐阻礙智慧家庭未來的發展性。 為改善上述問題，本文提出創新的物聯網智慧家庭頻寬配置管理架構。以ISP業者管理數以千計的物聯網智慧家庭為情境，針對智慧家庭多樣化的應用服務，利用具前瞻性的軟體定義網路，提供ISP業者對智慧家庭外部網路頻寬做最佳化的配置。 本研究依改良後的3GPP LTE QoS Class Identifier (QCI)，分類智慧家庭的服務，並考量服務的優先權及延遲程度，提出BASH演算法。透過本研究，ISP業者能依定義好的服務類別，將匯集後的智慧家庭服務流量藉由配置訊務流(traffic flow)的權重，計算出不同服務的最佳頻寬分配量，達到提升QoS及使用者QoE的目的。 為確認本論文所提出之方法的有效性，實驗設計是利用Linux伺服器架設OpenvSwitch、Ryu控制器及Mininet模擬器，建構SDN網路環境。實驗結果顯示，本研究所提出的BASH與ISP所用的傳統頻寬分配方法相比，能有效提高30%的throughput，降低159%的delay time及967%的 jitter time。 / With the increasing number of IoT (Internet of Things) devices and advance of smart home technology, the network traffic of smart home is also raising rapidly. When network congestion occurs due to massive traffic, some emergent alert mechanisms might become invalid or cause some application services performance degraded. All kinds of these will dramatically hamper the future development of smart homes. In order to resolve these problems, we propose an innovative bandwidth allocation smart home management framework for IoT enabled smart homes. The application scope of this research assumes a scenario that an ISP (Internet Service Provider) should support thousands of IoT enabled smart homes for a variety of services. The proposed bandwidth allocation framework is based on the promising software defined networking (SDN) architecture and is responsible for optimizing bandwidth allocation on external Internet traffic. We modify the 3GPP LTE QoS Class Identifier (QCI) to adaptive to the services suitable for smart homes. The proposed bandwidth allocation smart home (BASH) algorithm considers service priority and delay at the same time. With this framework, ISP is able to optimize bandwidth allocation by aggregating thousands of classified services of smart homes and thus effectively enhance Quality of Service (QoS) and user experience (QoE). In order to verify the proposed methods, we implement a SDN environment by using Linux Ubuntu servers with Mininet, Open vSwitch and Ryu controller. The experiment results show that BASH outperforms ISP traditional method in increasing the throughput by 30%, reducing delay and jitter by 159% and 967%, respectively.

物聯網

智慧家庭

頻寬分配

軟體定義網路

Internet of things

Smart home

Bandwidth allocation

Software defined networking

Enhanced communication security and mobility management in small-cell networks

Namal, S. (Suneth)

09 December 2014

Abstract Software-Defined Networks (SDN) focus on addressing the challenges of increased complexity and unified communication, for which the conventional networks are not optimally suited due to their static architecture. This dissertation discusses the methods about how to enhance communication security and mobility management in small-cell networks with IEEE 802.11 backhaul. Although 802.11 has become a mission-critical component of enterprise networks, in many cases it is not managed with the same rigor as the wired networks. 802.11 networks are thus in need of undergoing the same unified management as the wired networks. This dissertation also addresses several new issues from the perspective of mobility management in 802.11 backhaul. Due to lack of built-in quality of service support, IEEE 802.11 experiences serious challenges in meeting the demands of modern services and applications. 802.11 networks require significantly longer duration in association compared to what the real-time applications can tolerate. To optimise host mobility in IEEE 802.11, an extension to the initial authentication is provided by utilising Host Identity Protocol (HIP) based identity attributes and Elliptic Curve Cryptography (ECC) based session key generation. Finally, this dissertation puts forward the concept of SDN based cell mobility and network function virtualization, its counterpart. This is validated by introducing a unified SDN and cognitive radio architecture for harmonized end-to-end resource allocation and management presented at the end. / Tiivistelmä Ohjelmisto-ohjatut verkot (SDN) keskittyvät ratkaisemaan haasteita liittyen kasvaneeseen verkkojen monimutkaisuuteen ja yhtenäiseen kommunikaatioon, mihin perinteiset verkot eivät staattisen rakenteensa vuoksi sovellu. Väitöskirja käsittelee menetelmiä, joilla kommunikaation turvallisuutta ja liikkuvuuden hallintaa voidaan parantaa IEEE 802.11 langattomissa piensoluverkoissa. Vaikkakin 802.11 on muodostunut avainkomponentiksi yritysverkoissa, monissa tapauksissa sitä ei hallinnoida yhtä täsmällisesti kuin langallista verkkoa. 802.11 verkoissa on näin ollen tarve samantyyppiselle yhtenäiselle hallinnalle, kuin langallisissa verkoissa on. Väitöskirja keskittyy myös moniin uusiin liikkuvuuden hallintaan liittyviin ongelmiin 802.11 verkoissa. Johtuen sisäänrakennetun yhteyden laatumäärittelyn (QoS) puuttumisesta, IEEE 802.11 verkoille on haasteellista vastata modernien palvelujen ja sovellusten vaatimuksiin. 802.11 verkot vaativat huomattavasti pidemmän ajan verkkoon liittymisessä, kuin reaaliaikasovellukset vaativat. Työssä on esitelty laajennus alustavalle varmennukselle IEEE 802.11-standardiin isäntälaitteen liikkuvuuden optimoimiseksi, joka hyödyntää Host Identity Protocol (HIP)-pohjaisia identiteettiominaisuuksia sekä elliptisten käyrien salausmenetelmiin (ECC) perustuvaa istunnon avaimen luontia. Lopuksi työssä esitellään ohjelmisto-ohjattuihin verkkoihin pohjautuva solujen liikkuvuuden konsepti, sekä siihen olennaisesti liittyvä verkon virtualisointi. Tämä validoidaan esittelemällä yhtenäinen SDN:ään ja kognitiiviseen radioon perustuva arkkitehtuuri harmonisoidulle päästä päähän resurssien varaamiselle ja hallinnoinnille, joka esitellään lopussa.

authentication

fast initial authentication

mobile femtocells

software defined networking

mobiilit femtosolut

nopea alustava varmennus

ohjelmisto-ohjattu verkko

varmentaminen

Host Identity Protocol

OMNet++

OpenFlow

VN Embedding in SDN-based Metro Optical Network for Multimedia Services

Zaman, Faisal Ameen

January 2017

Currently a growing number of users depend on the Edge Cloud Computing Paradigm in a Metro Optical Network (MON). This has led to increased competition among the Cloud Service Providers (CPs) to supply incentives for the user through guaranteed Quality of Service (QoS). If the CP fails to guarantee the QoS for the accepted request, then the user will move to another CP. Making an informed decision dynamically in such a sensitive situation demands that the CP knows the user's application requirements. The Software Defined Networking (SDN) paradigm enabled the CP to achieve such desired requirement. Therefore, a framework called Virtual Network Embedding on SDN-based Metro Optical Network (VNE-MON) is proposed in this Thesis. The use of SDN paradigm in the framework guarantees profit to the CP as well as QoS to the user.\par The design concept of the SDN control plane, raises concerns regarding its scalability, reliability and performance compared to a traditionally distributed network. To justify concerns regarding the SDN, the performance of VNE-MON and its possible dependancy on the controller location is investigated. Several strategies are proposed and formulated using Integer Linear Programming to determine the controller location in a MON. Performance results from the assessment of the VNE-MON illustrates that it is more stable compare to GMPLS-based network. It is evident that the controller location's attributes have a significant effect on the efficacy of the accepted VN request.

Virtual Network

Optimization

Column Generation

Integer Linear Programming

Software Defined Networking

Metro Optical Network

Network Virtualization

Multimedia Services

Media Cloud

Quality of Services