Global ETD Search

91	A framework for economic analysis of network architectures Karakus, Murat 12 1900 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / This thesis firstly surveys and summarizes the state-of-the-art studies from two research areas in Software De fined Networking (SDN) architecture: (i) control plane scalability and (ii) Quality of Service (QoS)-related problems. It also outlines the potential challenges and open problems that need to be addressed further for more scalable SDN control planes and better and complete QoS abilities in SDN networks. The thesis secondly presents a hierarchical SDN design along with an inter-AS QoS-guaranteed routing approach. This design addresses the scalability problems of control plane and privacy concerns of inter-AS QoS routing philosophies in SDN. After exploring the roots of control plane scalability problems in SDN, the thesis then proposes a metric to quantitatively evaluate the control plane scalability in SDN. Later, the thesis presents a general framework for economic analysis of network architectures and designs. To this end, the thesis defines and utilizes two metrics, Unit Service Cost Scalability and Cost-to-Service, to evaluate how SDN architecture performs compared to MPLS architecture in terms of unit cost for a service and cost of introducing a new service along with giving mathematical models to calculate Capital Expenditures (CAPEX) and Operational Expenditures (OPEX) of a network. Moreover, the thesis studies the problem of optimal final pricing for services by proposing an optimal pricing scheme for a service request with QoS in SDN environment while aiming to maximize benefits of both service providers and customers. Finally, the thesis investigates how programmable network architectures, i.e. SDN, affect the network economics compared to traditional network architectures, i.e. MPLS, in case of failures along with exploring the economic impact of failures in different SDN control plane models. CAPEX OPEX Economic analysis Software defined networking (SDN) Network architecture Unit service cost
92	A Design Choice Guideline for Software-Defined Network Control Plane Architecture using Analytical Hierarchical Process Anis, Sadia Shahnoor 26 January 2021 (has links) No description available. Electrical Engineering
93	The Evolvement of the Wireless Industry Capability for Agile Service Production Curan, Gustav January 2023 (has links) Along with the dramatic changes that have happened over the years, from the first-generation (1G) of mobile networks to the current fifth-generation (5G) of mobile networks. A wide range of different technologies has been seen as potential possibilities for changing and improving the 5G networks, whereas Software-defined networking (SDN) has been widely regarded as one of the significant enablers for this possibility. At the same time, it has been seen that lowering cost and increasing speed and coverage is not enough for the emerging market. Instead, higher flexibility and increased revenues are desirable and have been seen coming from being able to manage and make use of programmed mobile networks. This thesis investigates the principles and concepts of merging 5G networks with the SDN technology, in which ways those networks can make use of programming to make them more suitable to manage and use. Lastly, it explores the possibility to demonstrate the identified model with the use case for creating virtual private networks. This was mainly done by evaluating and experimenting with 5G networks and the SDN technology together with available tools. Alongside doing so, it was possible to present several principles and concepts suitable for such a programmed mobile network, where some of which were through the utilization of a programming language and a compiler. In addition, it was also possible to discover a compatible SDN controller that seamlessly could be integrated with the other components providing more efficient network management and enhanced usability. To then present the identified model, an implementation could be made by combining the principles and concepts to illustrate a programmed mobile network. The implementation contained two elements, each resembling a virtual private network, with each network further consisting of several user equipments (UEs). Furthermore, it was possible to control the communication between individual UEs and their respective base stations. Several useful pieces of information have thus been gathered in the same place towards answering those research questions, whereas the identified model has also been demonstrated with the use case for creating virtual private networks. 5G Software-defined networking SDN Programming Computer and Information Sciences Data- och informationsvetenskap Computer Engineering Datorteknik
94	Agile, Resilient and Cost-efficient Mobile Backhaul Networks Yaghoubi, Forough January 2017 (has links) The exponentially increasing traffic demand for mobile services requires innovative solutions in both access and backhaul segments of 5th generation (5G) mobile networks. Although, heterogeneous networks (HetNets) are a promising solution for the wireless access, the backhaul segment has received considerably less attention and falls short in meeting the stringent requirements of 5G in terms of capacity and availability. HetNets together with mobility requirements motivate the use of microwave backhauling that supports fiber-like capacity with millimeter-wave communications. However, higher carrier frequencies are subject to weather disturbances like rain that may substantially degrade the network throughput. To mitigate this effect, we develop a fast and accurate rain detection algorithm that triggers a network-layer strategy, i.e., rerouting. The results show that with small detection error the network throughput increases while posing small overhead on the network. The rain impact can be alleviated by centralized rerouting under the software defined networking paradigm. However, careless reconfiguration may impose inconsistency that leads to a significant temporary congestion and limits the gain of rerouting. We propose a consistency-aware rerouting framework by considering the cost of reconfiguration. At each time, the centralized controller may either take a rerouting or no-rerouting decision in order to minimize the total data loss. We use a predictive control algorithm to provide such an online sequence of decisions. Compared to the regular rerouting, our proposed approach reduces the throughput loss and substantially decreases the number of reconfigurations. In the thesis we also study which backhaul option is the best from a techno-economic perspective. We develop a comprehensive framework to calculate the total cost of ownership of the backhaul segment and analyze the profitability in terms of cash flow and net present value. The results highlight the importance of selecting proper backhaul solution to increase profitability. / <p>QC 20170308</p> 5G software defined networking rain disturbance technoeconomic framework network consistency. Communication Systems Kommunikationssystem
95	Model Based Testing for Programmable Data Planes / Modellbaserad testning för programmerbara dataplan Rixon, Gustav January 2023 (has links) The advent of Software Defined Networking (SDN) and programmable data planes has revolutionized the networking domain, enabling the programming of networking functions down to the silicon level responsible for data packet switching. Unfortunately, while this programmability offers greater flexibility and control, it also increases the likelihood of introducing software bugs. To counter this risk, rigorous testing methodologies and strategies are essential to ensure the reliability, security, and stability of SDN deployments. A comprehensive approach should combine various techniques, including formal verification, fuzz, and performance testing. Model-Based Testing (MBT) is a technique that can significantly enhance the effectiveness of SDN testing. By leveraging formal models of the system under test, MBT automatically generates test cases that can help identify potential issues in network configuration, data plane programming, and network protocols. Utilizing MBT allows network administrators to systematically explore SDN components’ possible states and transitions, resulting in a higher level of coverage and confidence in the system’s overall stability and security. However, a lack of information on applying MBT in an SDN environment challenges its full implementation and utilization in this field. This master thesis aims to investigate and demonstrate the application of MBT to programmable data plane functions. This work uses VLAN tagging as the target data plane function, and AltWalker is employed as the MBT tool for generating and executing tests on an SDN switch. The results present an initial testing methodology that, when applied to the VLAN tagging function, can provide insights into the potential benefits and challenges of using MBT for SDN testing. This thesis lays the groundwork for further exploration and refinement of MBT methodologies in the context of SDN and programmable data plane functions. Model Based Testing Programmable Data Planes P4 Software- Defined Networking Computer Engineering Datorteknik
96	Securing SDN Data Plane:Investigating the effects of IP SpoofingAttacks on SDN Switches and its Mitigation : Simulation of IP spoofing using Mininet JABBU, SHIVAKUMAR YADAV, MADIRAJU, ANIRUDH SAI January 2023 (has links) Background:Software-Defined Networking (SDN) represents a network architecture that offers a separate control and data layer, facilitating its rapid deployment and utilization for diverse purposes. However, despite its ease of implementation, SDN is susceptible to numerous security attacks, primarily stemming from its centralized nature. Among these threats, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks pose the most substantial risks. In the event of a successful attack on the SDNcontroller, the entire network may suffer significant disruption. Hence, safe guarding the controller becomes crucial to ensure the integrity and availability of the SDN network. Objectives:This thesis focuses on examining the IP spoofing attack and its impact on the Data Plane, particularly concerning the metrics of an SDN switch. The investigation centers around attacks that manipulate flow-rules to amplify the number of rules and deplete the resources of a switch within the Data Plane of an SDN network. To conduct the study, a software-defined network architecture was constructed using Mininet, with a Ryu controller employed for managing network operations. Various experiments were carried out to observe the response of the SDN system when subjected to an IP spoofing attack, aiming to identify potential mitigation strategies against such threats. Method and Results: To simulate the resource exhaustion scenario on the SDN network’s Data Plane,we deliberately triggered an escalation in the number of flow-rules installed in the switch. This was achieved by sending packets with spoofed IP addresses, there by exploiting the switch’s limited resources. Specifically, we focused on monitoring the impact on CPU utilization, storage memory, latency, and throughput within the switch. Detailed findings were presented in the form of tables, accompanied by graphical representations to visually illustrate the effects of increasing flow rules on the switches. Furthermore, we explored potential mitigation measures by developing an application that actively monitors the flow rules on the Ryu controller, aiming to detect and counteract such resource-exhausting effects. Software Defined Networking IP Spoofing Flooding DDoS Attacks Data Plane Mininet Telecommunications Telekommunikation
97	Accelerating Audio Data Analysis with In-Network Computing Wu, Huanzhuo 19 July 2023 (has links) Digital transformation will experience massive connections and massive data handling. This will imply a growing demand for computing in communication networks due to network softwarization. Moreover, digital transformation will host very sensitive verticals, requiring high end-to-end reliability and low latency. Accordingly, the emerging concept “in-network computing” has been arising. This means integrating the network communications with computing and also performing computations on the transport path of the network. This can be used to deliver actionable information directly to end users instead of raw data. However, this change of paradigm to in-network computing raises disruptive challenges to the current communication networks. In-network computing (i) expects the network to host general-purpose softwarized network functions and (ii) encourages the packet payload to be modified. Yet, today’s networks are designed to focus on packet forwarding functions, and packet payloads should not be touched in the forwarding path, under the current end-to-end transport mechanisms. This dissertation presents fullstack in-network computing solutions, jointly designed from network and computing perspectives to accelerate data analysis applications, specifically for acoustic data analysis. In the computing domain, two design paradigms of computational logic, namely progressive computing and traffic filtering, are proposed in this dissertation for data reconstruction and feature extraction tasks. Two widely used practical use cases, Blind Source Separation (BSS) and anomaly detection, are selected to demonstrate the design of computing modules for data reconstruction and feature extraction tasks in the in-network computing scheme, respectively. Following these two design paradigms of progressive computing and traffic filtering, this dissertation designs two computing modules: progressive ICA (pICA) and You only hear once (Yoho) for BSS and anomaly detection, respectively. These lightweight computing modules can cooperatively perform computational tasks along the forwarding path. In this way, computational virtual functions can be introduced into the network, addressing the first challenge mentioned above, namely that the network should be able to host general-purpose softwarized network functions. In this dissertation, quantitative simulations have shown that the computing time of pICA and Yoho in in-network computing scenarios is significantly reduced, since pICA and Yoho are performed, simultaneously with the data forwarding. At the same time, pICA guarantees the same computing accuracy, and Yoho’s computing accuracy is improved. Furthermore, this dissertation proposes a stateful transport module in the network domain to support in-network computing under the end-to-end transport architecture. The stateful transport module extends the IP packet header, so that network packets carry message-related metadata (message-based packaging). Additionally, the forwarding layer of the network device is optimized to be able to process the packet payload based on the computational state (state-based transport component). The second challenge posed by in-network computing has been tackled by supporting the modification of packet payloads. The two computational modules mentioned above and the stateful transport module form the designed in-network computing solutions. By merging pICA and Yoho with the stateful transport module, respectively, two emulation systems, i.e., in-network pICA and in-network Yoho, have been implemented in the Communication Networks Emulator (ComNetsEmu). Through quantitative emulations, the experimental results showed that in-network pICA accelerates the overall service time of BSS by up to 32.18%. On the other hand, using in-network Yoho accelerates the overall service time of anomaly detection by a maximum of 30.51%. These are promising results for the design and actual realization of future communication networks. info:eu-repo/classification/ddc/620 ddc:620
98	A Prevention Technique for DDoS Attacks in SDN using Ryu Controller Application Adabala, Yashwanth Venkata Sai Kumar, Devanaboina, Lakshmi Venkata Raghava Sudheer January 2024 (has links) Software Defined Networking (SDN) modernizes network control, offering streamlined management. However, its centralized structure makes it more vulnerable to distributed Denial of Service (DDoS) attacks, posing serious threats to network stability. This thesis explores the development of a DDoS attack prevention technique in SDN environments using the Ryu controller application. The research aims to address the vulnerabilities in SDN, particularly focusing on flooding and Internet Protocol (IP) spoofing attacks, which are a significant threat to network security. The study employs an experimental approach, utilizing tools like Mininet-VM (VirtualMachine), Oracle VM VirtualBox, and hping3 to simulate a virtual SDN environment and conduct DDoS attack scenarios. Key methodologies include packet sniffing and rule-based detection by integrating Snort IDS (Intrusion Detection System), which is critical for identifying and mitigating such attacks. The experiments demonstrate the effectiveness of the proposed prevention technique, highlighting the importance of proper configuration and integration of network security tools in SDN. This work contributes to enhancing the resilience of SDN architectures against DDoS attacks, offering insights into future developments in network security. Software Defined Networking SDN IP Spoofing Flooding DDoS Attacks Mininet Snort IDS Network Security Telecommunications Telekommunikation
99	Towards an Ideal Execution Environment for Programmable Network Switches Gruesen, Michael G. January 2016 (has links) No description available. Computer Science Software Defined Networking SDN Execution environment Virtual machine Programmable network switch
100	Enhancing security and scalability of Virtual Private LAN Services Liyanage, M. (Madhusanka) 21 November 2016 (has links) Abstract Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider networks. VPLS networks are now becoming attractive in many Enterprise applications, such as DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their simple, protocol-independent and cost efficient operation. However, these new VPLS applications demand additional requirements, such as elevated security, enhanced scalability, optimum utilization of network resources and further reduction in operational costs. Hence, the motivation of this thesis is to develop secure and scalable VPLS architectures for future communication networks. First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol (HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism that increase the forwarding and security plane scalability of VPLS networks. Second, a secure hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted label-based secure frame forwarding mechanism is designed to transport L2 frames over a hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the impact of invisible loops in the provider network. Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is designed to overcome tunnel management limitations in legacy secure VPLS architectures. Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized controller to command VPLS tunnel establishment based on real-time network behavior. Hence, the results of the thesis will help for more secure, scalable and efficient system design and development of VPLS networks. It will also help to optimize the utilization of network resources and further reduction in operational costs of future VPLS networks. / Tiivistelmä Ethernet-pohjainen VPLS (Virtual Private LAN Service) on läpinäkyvä, protokollasta riippumaton monipisteverkkomekanismi (Layer 2 Virtual Private Network, L2VPN), jolla yhdistetään asiakkaan etäkohteet IP (Internet Protocol)- tai MPLS (Multiprotocol Label Switching) -yhteyskäytäntöön pohjautuvien palveluntarjoajan verkkojen kautta. VPLS-verkoista on yksinkertaisen protokollasta riippumattoman ja kustannustehokkaan toimintatapansa ansiosta tullut kiinnostavia monien yrityssovellusten kannalta. Tällaisia sovelluksia ovat esimerkiksi DCI (Data Center Interconnect), VoIP (Voice over IP) ja videoneuvottelupalvelut. Uusilta VPLS-sovelluksilta vaaditaan kuitenkin uusia asioita, kuten parempaa tietoturvaa ja skaalautuvuutta, optimaalista verkkoresurssien hyödyntämistä ja käyttökustannusten pienentämistä entisestään. Tämän väitöskirjan tarkoituksena onkin kehittää turvallisia ja skaalautuvia VPLS-arkkitehtuureja tulevaisuuden tietoliikenneverkoille. Ensin väitöskirjassa esitellään skaalautuva ja turvallinen flat-VPLS-arkkitehtuuri, joka perustuu Host Identity Protocol (HIP) -protokollaan. Seuraavaksi käsitellään istuntoavaimiin perustuvaa tietoturvamekanismia ja tehokasta lähetysmekanismia, joka parantaa VPLS-verkkojen edelleenlähetyksen ja tietoturvatason skaalautuvuutta. Tämän jälkeen esitellään turvallinen, hierarkkinen VPLS-arkkitehtuuri, jolla saadaan aikaan ohjaustason skaalautuvuus. Väitöskirjassa kuvataan myös uusi salattu verkkotunnuksiin perustuva tietokehysten edelleenlähetysmekanismi, jolla L2-kehykset siirretään hierarkkisessa VPLS-verkossa. Lisäksi väitöskirjassa ehdotetaan uuden Distributed Spanning Tree Protocol (DSTP) -protokollan käyttämistä vapaan Ethernet-verkkosilmukan ylläpitämiseen VPLS-verkossa. DSTP:n avulla on mahdollista ajaa muokattu STP (Spanning Tree Protocol) -esiintymä jokaisessa VPLS-verkon etäsegmentissä. Väitöskirjassa esitetään myös kaksi Redundancy Identification Mechanism (RIM) -mekanismia, Customer Associated RIM (CARIM) ja Provider Associated RIM (PARIM), joilla pienennetään näkymättömien silmukoiden vaikutusta palveluntarjoajan verkossa. Viimeiseksi ehdotetaan uutta SDN (Software Defined Networking) -pohjaista VPLS-arkkitehtuuria (Soft-VPLS) vanhojen turvallisten VPLS-arkkitehtuurien tunnelinhallintaongelmien poistoon. Näiden lisäksi väitöskirjassa ehdotetaan kolmea uutta mekanismia, joilla voidaan parantaa vanhojen arkkitehtuurien tunnelinhallintatoimintoja: 1) dynaaminen tunnelinluontimekanismi, 2) tunnelin jatkomekanismi ja 3) nopea tiedonsiirtomekanismi. Ehdotetussa arkkitehtuurissa käytetään VPLS-tunnelin luomisen hallintaan keskitettyä ohjainta, joka perustuu reaaliaikaiseen verkon käyttäytymiseen. Tutkimuksen tulokset auttavat suunnittelemaan ja kehittämään turvallisempia, skaalautuvampia ja tehokkaampia VLPS järjestelmiä, sekä auttavat hyödyntämään tehokkaammin verkon resursseja ja madaltamaan verkon operatiivisia kustannuksia. Host Identity Protocol Software Defined Networking Spanning Tree Protocol Virtual Private LAN Services Virtual Private Networks network security scalability Host Identity Protocol Software-defined Networking (SDN) Spanning Tree Protocol VPLS VPN-verkot skaalautuvuus verkon tietoturva

Search results