Resource Management for Efficient, Scalable and Resilient Network Function Chains

Kulkarni, Sameer G.

04 July 2018

No description available.

510

Network Function Virtualization (NFV)

Software Defined Networking (SDN)

Service Function Chains (SFC)

Middleboxes

Network Resiliency

Fault-Tolerance

Network Softwarization

Cloud computing

Informatik (PPN619939052)

Model based testing techniques for software defined networks / Méthodes de test basées sur les modèles pour la validation des réseaux logiciels (SDN)

Berriri, Asma

22 October 2019

Les réseaux logiciels (connus sous l'éppellation: Software Defined Networking, SDN), qui s'appuient sur le paradigme de séparation du plan de contrôle et du plan d'acheminement, ont fortement progressé ces dernières années pour permettre la programmabilité des réseaux et faciliter leur gestion. Reconnu aujourd'hui comme des architectures logicielles pilotées par des applications, offrant plus de programmabilité, de flexibilité et de simplification des infrastructures, les réseaux logiciels sont de plus en plus largement adoptés et graduellement déployés par l'ensemble des fournisseurs. Néanmoins, l'émergence de ce type d'architectures pose un ensemble de questions fondamentales sur la manière de garantir leur correct fonctionnement. L'architecture logicielle SDN est elle-même un système complexe à plusieurs composants vulnérable aux erreurs. Il est essentiel d'en assurer le bon fonctionnement avant déploiement et intégration dans les infrastructures.Dans la littérature, la manière de réaliser cette tâche n'a été étudiée de manière approfondie qu'à l'aide de vérification formelle. Les méthodes de tests s'appuyant sur des modèles n'ont guère retenu l'attention de la communauté scientifique bien que leur pertinence et l'efficacité des tests associés ont été largement demontrés dans le domaine du développement logiciel. La création d'approches de test efficaces et réutilisables basées sur des modèles nous semble une approche appropriée avant tout déploiement de réseaux virtuels et de leurs composants. Le problème abordé dans cette thèse concerne l'utilisation de modèles formels pour garantir un comportement fonctionnel correct des architectures SDN ainsi que de leurs composants. Des approches formelles, structurées et efficaces de génération de tests sont les principale contributions de la thèse. En outre, l'automatisation du processus de test est mis en relief car elle peut en réduire considérablement les efforts et le coût.La première contribution consiste en une méthode reposant sur l'énumération de graphes et qui vise le test fonctionnel des architectures SDN. En second lieu, une méthode basée sur un circuit logique est développée pour tester la fonctionnalité de transmission d'un commutateur SDN. Plus loin, cette dernière méthode est étendue pour tester une application d'un contrôleur SDN. De plus, une technique basée sur une machine à états finis étendus est introduite pour tester la communication commutateur-contrôleur.Comme la qualité d'une suite de tests est généralement mesurée par sa couverture de fautes, les méthodes de test proposées introduisent différents modèles de fautes et génèrent des suites de tests avec une couverture de fautes guarantie. / Having gained momentum from its concept of decoupling the traffic control from the underlying traffic transmission, Software Defined Networking (SDN) is a new networking paradigm that is progressing rapidly addressing some of the long-standing challenges in computer networks. Since they are valuable and crucial for networking, SDN architectures are subject to be widely deployed and are expected to have the greatest impact in the near future. The emergence of SDN architectures raises a set of fundamental questions about how to guarantee their correctness. Although their goal is to simplify the management of networks, the challenge is that the SDN software architecture itself is a complex and multi-component system which is failure-prone. Therefore, assuring the correct functional behaviour of such architectures and related SDN components is a task of paramount importance, yet, decidedly challenging.How to achieve this task, however, has only been intensively investigated using formal verification, with little attention paid to model based testing methods. Furthermore, the relevance of models and the efficiency of model based testing have been demonstrated for software engineering and particularly for network protocols. Thus, the creation of efficient and reusable model based testing approaches becomes an important stage before the deployment of virtual networks and related components. The problem addressed in this thesis relates to the use of formal models for guaranteeing the correct functional behaviour of SDN architectures and their corresponding components. Formal, and effective test generation approaches are in the primary focus of the thesis. In addition, automation of the test process is targeted as it can considerably cut the efforts and cost of testing.The main contributions of the thesis relate to model based techniques for deriving high quality test suites. Firstly, a method relying on graph enumeration is proposed for the functional testing of SDN architectures. Secondly, a method based on logic circuit is developed for testing the forwarding functionality of an SDN switch. Further on, the latter method is extended to test an application of an SDN controller. Additionally, a technique based on an extended finite state machine is introduced for testing the switch-to-controller communication. As the quality of a test suite is usually measured by its fault coverage, the proposed testing methods introduce different fault models and seek for test suites with guaranteed fault coverage that can be stated as sufficient conditions for a test suite completeness / exhaustiveness.

Modèles formels

Testing

Réseaux logiciels (SDN)

Model based testing

Formal models

Testing

Software defined networking (SDN)

Virtualized network functions

Software-defined Situation-aware Cloud Security

January 2020

abstract: The use of reactive security mechanisms in enterprise networks can, at times, provide an asymmetric advantage to the attacker. Similarly, the use of a proactive security mechanism like Moving Target Defense (MTD), if performed without analyzing the effects of security countermeasures, can lead to security policy and service level agreement violations. In this thesis, I explore the research questions 1) how to model attacker-defender interactions for multi-stage attacks? 2) how to efficiently deploy proactive (MTD) security countermeasures in a software-defined environment for single and multi-stage attacks? 3) how to verify the effects of security and management policies on the network and take corrective actions? I propose a Software-defined Situation-aware Cloud Security framework, that, 1) analyzes the attacker-defender interactions using an Software-defined Networking (SDN) based scalable attack graph. This research investigates Advanced Persistent Threat (APT) attacks using a scalable attack graph. The framework utilizes a parallel graph partitioning algorithm to generate an attack graph quickly and efficiently. 2) models single-stage and multi-stage attacks (APTs) using the game-theoretic model and provides SDN-based MTD countermeasures. I propose a Markov Game for modeling multi-stage attacks. 3) introduces a multi-stage policy conflict checking framework at the SDN network's application plane. I present INTPOL, a new intent-driven security policy enforcement solution. INTPOL provides a unified language and INTPOL grammar that abstracts the network administrator from the underlying network controller's lexical rules. INTPOL develops a bounded formal model for network service compliance checking, which significantly reduces the number of countermeasures that needs to be deployed. Once the application-layer policy conflicts are resolved, I utilize an Object-Oriented Policy Conflict checking (OOPC) framework that identifies and resolves rule-order dependencies and conflicts between security policies. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020

Computer science

Advanced Persistent Threat (APT)

Attack Graph

Bounded Model Checking

Markov Game

Moving Target Defense (MTD)

Software-defined Networking (SDN)

Trustworthy SDN Control Plane for Prioritized Path Recovery

Barcellesi, Jacopo

January 2022

Software Defined Networking (SDN) has gained popularity and attractiveness in the past years’ thanks to its dynamic and programmable nature. The possibility to decouple the data plane and control plane allows for the implementation of Internet networks in an innovative way. Thanks to its ease in changing flow rules in network switches, SDN allows network resources optimization. In the case of critical applications, an essential aspect is to ensure connectivity on the network even in case of link failures. Even when a failure causes an interruption of connectivity, the challenge also stays in recovering as fast as possible. Nonetheless, the SDN controller should have the policy to decide which pairs of end-hosts to disable connectivity when there is a shortage of resources to keep the most important connections active. In this thesis, we developed a proactive-reactive SDN controller coded in Python that copes with restoring end-hosts connectivity as fast as possible. The controller prioritizes the couples of end-hosts that need connectivity based on their importance. During a shortage of network resources, the connectivity of pairs of end-hosts with low importance is disabled, and the connectivity between the most important couples can be ensured. We tested our solution with a reactive-only SDN controller and a proactive-reactive SDN controller that does not consider any prioritization order between end-hosts connectivity. Both the benchmark SDN controllers were developed in the thesis. Experiments were run on the same network topology, with the same couple of endhosts involved. The comparison between the proactive-reactive and reactive-only controllers showed the first one to be faster in restoring the connectivity after a failure. It saves time restoring the connectivity and has fewer packets lost under certain conditions in the relationship between the switch-to-switch and the switchto-controller transmission delay. The comparison between the proactive-reactive iii controller and the controller with no prioritization confirms that without an ordered queue of priorities, it may be the most important couple of end-hosts to lose connectivity in case of shortages of network resources. To simulate a realistic scenario, the project considers the case study of electric power transmission networks using SDN. In particular, the focus is on reconnecting Phasor Measurement Unit (PMU)s to the power grid to ensure system observability. During our experiments, we adopted the typical measurement transmission frequency used by PMUs (50Hz). The SDN switches are deployed with P4, and the SDN controller is coded in Python. Furthermore, it exploits P4Runtime to communicate with the switches in run-time. / Software Defined Networking (SDN) har vunnit popularitet och attraktionskraft under de senaste åren tack vare sin dynamiska och programmerbara natur. Möjligheten att frikoppla dataplanet från kontrollplanet gör det möjligt att genomföra Internetnät på ett innovativt sätt. Tack vare att det är lätt att ändra flödesreglerna i nätverksväxlar gör SDN det möjligt att optimera nätverksresurserna. När det gäller kritiska tillämpningar är en viktig aspekt att säkerställa konnektiviteten i nätet även vid länkfel. Även när ett fel orsakar ett avbrott i konnektiviteten är utmaningen också att återhämta sig så snabbt som möjligt. Trots detta bör SDNstyrenheten ha en policy för att avgöra vilka par av slutvärdar som ska inaktivera anslutningen när det råder brist på resurser för att hålla de viktigaste anslutningarna aktiva. I den här avhandlingen har vi utvecklat en proaktiv-reaktiv SDN-styrenhet kodad i Python som klarar av att återställa slutvärdarnas anslutning så snabbt som möjligt. Styrenheten prioriterar paren av slutvärdar som behöver anslutning utifrån deras betydelse. Vid brist på nätverksresurser inaktiveras anslutningen för par av slutvärdar med låg betydelse, och anslutningen mellan de viktigaste paren kan säkerställas. Vi testade vår lösning med en enbart reaktiv SDN-styrenhet och en proaktiv-reaktiv SDN-styrenhet som inte tar hänsyn till någon prioriteringsordning mellan slutvärdarnas konnektivitet. Båda riktmärkeskontrollerna SDN utvecklades i avhandlingen. Experimenten genomfördes på samma nätverkstopologi med samma antal slutvärdar. Jämförelsen mellan den proaktivt-reaktiva och den enbart reaktiva kontrollören visade att den förstnämnda kontrollören var snabbare när det gäller att återställa anslutningen efter ett fel. Den sparar tid för att återställa anslutningen och har färre förlorade paket under vissa förhållanden i förhållandet mellan överföringsfördröjningen från switch till switch och från switch till styrenhet. Jämförelsen mellan den proaktiva-reaktiva styrenheten och v styrenheten utan prioritering bekräftar att utan en ordnad kö av prioriteringar kan det vara det viktigaste paret av slutvärdar som förlorar konnektiviteten vid brist på nätverksresurser. För att simulera ett realistiskt scenario används SDN i projektet som fallstudie för elöverföringsnät. Fokus ligger särskilt på att återansluta Phasor Measurement Unit (PMU)s till elnätet för att säkerställa systemets observerbarhet. Under våra experiment antog vi den typiska överföringsfrekvensen för mätningar som används av PMUs (50Hz). SDN-växlarna installeras med P4, och SDN-styrenheten är kodad i Python. Dessutom utnyttjas P4Runtime för att kommunicera med växlarna i körtid.

Software Defined Networking (SDN)

Path Recovery

End-hosts Connectivity

Connectivity Prioritization

Phasor Measurement Unit (PMU)s

Computer Sciences

Datavetenskap (datalogi)

Simulating and prototyping software defined networking (sdn) using mininet approach to optimise host communication in realistic programmable networking environment optimise host communication in realistic programmable networking environment.

Zulu, Lindinkosi Lethukuthula

19 August 2019

This is a Masters student Final Dissertation / In this project, two tests were performed. On the first test, Mininet-WiFi was used to simulate a Software Defined Network to demonstrate Mininet-WiFi’ s ability to be used as the Software Defined Network emulator which can also be integrated to the existing network using a Network Virtualized Function (NVF). A typical organization’s computer network was simulated which consisted of a website hosted on the LAMP (Linux, Apache, MySQL, PHP) virtual machine, and an F5 application delivery controller (ADC) which provided load balancing of requests sent to the web applications. A website page request was sent from the virtual stations inside Mininet-WiFi. The request was received by the application delivery controller, which then used round robin technique to send the request to one of the web servers on the LAMP virtual machine. The web server then returned the requested website to the requesting virtual stations using the simulated virtual network. The significance of these results is that it presents Mininet-WiFi as an emulator, which can be integrated into a real programmable networking environment offering a portable, cost effective and easily deployable testing network, which can be run on a single computer. These results are also beneficial to modern network deployments as the live network devices can also communicate with the testing environment for the data center, cloud and mobile provides. On the second test, a Software Defined Network was created in Mininet using python script. An external interface was added to enable communication with the network outside of Mininet. The amazon web services elastic computing cloud was used to host an OpenDaylight controller. This controller is used as a control plane device for the virtual switch within Mininet. In order to test the network, a webserver hosted on the Emulated Virtual Environment – Next Generation (EVENG) software is connected to Mininet. EVE-NG is the Emulated Virtual Environment for networking. It provides tools to be able to model virtual devices and interconnect them with other virtual or physical devices. The OpenDaylight controller was able to create the flows to facilitate communication between the hosts in Mininet and the webserver in the real-life network / The University of South Africa The University of Johannesburg / College of Engineering, Science and Technology

Software Defined Networking (SDN)

Network Functions Virtualization (NFV)

OpenDaylight Controller

Mininet

Linux Web Server

Mininet Wi-Fi

Application Delivery Controller (F5)

Cloud Computing (Amazon Web Services)

Python Script

Multi-operator greedy routing based on open routers

Venmani, Daniel Philip

26 February 2014

Revolutionary mobile technologies, such as high-speed packet access 3G (HSPA+) and LTE, have significantly increased mobile data rate over the radio link. While most of the world looks at this revolution as a blessing to their day-to-day life, a little-known fact is that these improvements over the radio access link results in demanding tremendous improvements in bandwidth on the backhaul network. Having said this, today's Internet Service Providers (ISPs) and Mobile Network Operators (MNOs) are intemperately impacted as a result of this excessive smartphone usage. The operational costs (OPEX) associated with traditional backhaul methods are rising faster than the revenue generated by the new data services. Building a mobile backhaul network is very different from building a commercial data network. A mobile backhaul network requires (i) QoS-based traffic with strict requirements on delay and jitter (ii) high availability/reliability. While most ISPs and MNOs have promised advantages of redundancy and resilience to guarantee high availability, there is still the specter of failure in today's networks. The problems of network failures in today's networks can be quickly but clearly ascertained. The underlying observation is that ISPs and MNOs are still exposed to rapid fluctuations and/or unpredicted breakdowns in traffic; it goes without saying that even the largest operators can be affected. But what if, these operators could now put in place designs and mechanisms to improve network survivability to avoid such occurrences? What if mobile network operators can come up with low-cost backhaul solutions together with ensuring the required availability and reliability in the networks? With this problem statement in-hand, the overarching theme of this dissertation is within the following scopes: (i) to provide low-cost backhaul solutions; the motivation here being able to build networks without over-provisioning and then to bring-in new resources (link capacity/bandwidth) on occasions of unexpected traffic surges as well as on network failure conditions for particularly ensuring premium services (ii) to provide uninterrupted communications even at times of network failure conditions, but without redundancy. Here a slightly greater emphasis is laid on tackling the 'last-mile' link failures. The scope of this dissertation is therefore to propose, design and model novel network architectures for improving effective network survivability and network capacity, at the same time by eliminating network-wide redundancy, adopted within the context of mobile backhaul networks. Motivated by this, we study the problem of how to share the available resources of a backhaul network among its competitors, with whom a Service Level Agreement (SLA) has been concluded. Thus, we present a systematic study of our proposed solutions focusing on a variety of empirical resource sharing heuristics and optimization frameworks. With this background, our work extends towards a novel fault restoration framework which can cost-effectively provide protection and restoration for the operators, enabling them with a parameterized objective function to choose desired paths based on traffic patterns of their end-customers. We then illustrate the survivability of backhaul networks with reduced amount of physical redundancy, by effectively managing geographically distributed backhaul network equipments which belong to different MNOs using 'logically-centralized' physically-distributed controllers, while meeting strict constraints on network availability and reliability

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

[SPI:OTHER] Engineering Sciences/Other

Network architecture

Network design

Network resilience

Network algorithms & operations

智慧家庭中以SDN結合具服務品質感知排程演算法之效能研究 / Performance study on QoS aware scheduling with SDN for smart homes

王芝吟, Wang, Chin Yin

Unknown Date

隨著物聯網這個萬物連網的概念順勢推動智慧家庭在市場裡蓬勃發展，可預期未來ISP(Internet Service Provider)業者勢必面臨大量智慧家庭中各種不同應用服務互相競爭頻寬資源的情況，甚至遇到網路滿載壅塞時造成應用服務不堪使用的情形。 為改善上述問題，本文以ISP業者管理智慧家庭中眾多的物聯網設備為情境，透過軟體定義網路 (Software Defined Network，SDN)進行頻寬排程配置，排程演算法以可兼顧公平性(fairness)、時間延遲(delay)及應用服務優先權(service priority)的A-MLWDF (Adaptive Modified Largest Weighted Delay First) [7]演算法，確保優先配置頻寬給智慧家庭中優先權較高、時效較為急迫的流量，以降低應用服務的延遲來提升智慧家庭網路之服務品質(Quality of Service，QoS)。 本研究透過OMNet++模擬器建構SDN環境與傳統環境中有眾多物聯網設備之智慧家庭。家中物聯網設備包含M2M (Machine to Machine)和非M2M(non Machine to Machine)裝置，以提供各種智慧家庭應用服務。我們透過SDN架構進行頻寬配置，達到集中式管控家中的頻寬資源，其中排程演算法包括PF、MLWDF、A-MLWDF。實驗結果顯示，以上排程演算法雖然於SDN環境下在公平性與抖動率表現並不顯著，公平性約改善1.6%及抖動率約降低1%左右，但在產能與延遲方面表現較為顯著，能有效提高產能約52%，及降低延遲約 52%。 / With the concept of IoT (Internet of Things) spread rapidly, it is the opportunity to promote smart homes in the expanding market. We can see that the future ISP (Internet Service Provider) has to face a large number of smart homes having bandwidth competition in a variety of different applications and causing application services unavailable due to network congestion.     In order to resolve the above problems, we propose that each ISP (Internet Service Provider) has to manage a large number of IoT devices in a smart home to performs bandwidth scheduling through Software Defined Network (SDN). We choose to use A-MLWDF scheduling algorithm (Adaptive Modified Largest Weighted Delay First) [7] which considers fairness, delay and service priority. A-MLWDF is able to ensure services of higher priority and emergent traffic be allocated bandwidth earlier and greatly reduce delay and thus effectively enhance Quality of Service (QoS) of smart homes.     In this research, we implement a SDN environment by using OMNet++ to simulate the bandwidth competition among smart homes with IoT devices. The IoT devices consists of M2M (Machine to Machine) and non-M2M (non Machine to Machine) devices which offer a variety of intelligent home application services. We configure the bandwidth allocation under SDN control. The scheduling algorithms include PF, MLWDF and A-MLWDF. When the network traffic is congested, SDN can significantly increase throughput and reduce latency compared to traditional network management. The experimental results show that above scheduling algorithms using SDN environment having no significant performance improvements in fairness and jitter. The fairness increases around 1.6% and the jitter reduces around 1%. However, it shows significant improvement on throughout and delay. The throughput increases around 52% and the delay reduces around 52%.

智慧家庭

軟體定義網路

物聯網

頻寬分配

排程演算法

Smart home

Software defined networking (SDN)

Internet of things (IoT)

Resource allocation

Scheduling algorithm

Enhancing security and scalability of Virtual Private LAN Services

Liyanage, M. (Madhusanka)

21 November 2016

Abstract Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider networks. VPLS networks are now becoming attractive in many Enterprise applications, such as DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their simple, protocol-independent and cost efficient operation. However, these new VPLS applications demand additional requirements, such as elevated security, enhanced scalability, optimum utilization of network resources and further reduction in operational costs. Hence, the motivation of this thesis is to develop secure and scalable VPLS architectures for future communication networks. First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol (HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism that increase the forwarding and security plane scalability of VPLS networks. Second, a secure hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted label-based secure frame forwarding mechanism is designed to transport L2 frames over a hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the impact of invisible loops in the provider network. Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is designed to overcome tunnel management limitations in legacy secure VPLS architectures. Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized controller to command VPLS tunnel establishment based on real-time network behavior. Hence, the results of the thesis will help for more secure, scalable and efficient system design and development of VPLS networks. It will also help to optimize the utilization of network resources and further reduction in operational costs of future VPLS networks. / Tiivistelmä Ethernet-pohjainen VPLS (Virtual Private LAN Service) on läpinäkyvä, protokollasta riippumaton monipisteverkkomekanismi (Layer 2 Virtual Private Network, L2VPN), jolla yhdistetään asiakkaan etäkohteet IP (Internet Protocol)- tai MPLS (Multiprotocol Label Switching) -yhteyskäytäntöön pohjautuvien palveluntarjoajan verkkojen kautta. VPLS-verkoista on yksinkertaisen protokollasta riippumattoman ja kustannustehokkaan toimintatapansa ansiosta tullut kiinnostavia monien yrityssovellusten kannalta. Tällaisia sovelluksia ovat esimerkiksi DCI (Data Center Interconnect), VoIP (Voice over IP) ja videoneuvottelupalvelut. Uusilta VPLS-sovelluksilta vaaditaan kuitenkin uusia asioita, kuten parempaa tietoturvaa ja skaalautuvuutta, optimaalista verkkoresurssien hyödyntämistä ja käyttökustannusten pienentämistä entisestään. Tämän väitöskirjan tarkoituksena onkin kehittää turvallisia ja skaalautuvia VPLS-arkkitehtuureja tulevaisuuden tietoliikenneverkoille. Ensin väitöskirjassa esitellään skaalautuva ja turvallinen flat-VPLS-arkkitehtuuri, joka perustuu Host Identity Protocol (HIP) -protokollaan. Seuraavaksi käsitellään istuntoavaimiin perustuvaa tietoturvamekanismia ja tehokasta lähetysmekanismia, joka parantaa VPLS-verkkojen edelleenlähetyksen ja tietoturvatason skaalautuvuutta. Tämän jälkeen esitellään turvallinen, hierarkkinen VPLS-arkkitehtuuri, jolla saadaan aikaan ohjaustason skaalautuvuus. Väitöskirjassa kuvataan myös uusi salattu verkkotunnuksiin perustuva tietokehysten edelleenlähetysmekanismi, jolla L2-kehykset siirretään hierarkkisessa VPLS-verkossa. Lisäksi väitöskirjassa ehdotetaan uuden Distributed Spanning Tree Protocol (DSTP) -protokollan käyttämistä vapaan Ethernet-verkkosilmukan ylläpitämiseen VPLS-verkossa. DSTP:n avulla on mahdollista ajaa muokattu STP (Spanning Tree Protocol) -esiintymä jokaisessa VPLS-verkon etäsegmentissä. Väitöskirjassa esitetään myös kaksi Redundancy Identification Mechanism (RIM) -mekanismia, Customer Associated RIM (CARIM) ja Provider Associated RIM (PARIM), joilla pienennetään näkymättömien silmukoiden vaikutusta palveluntarjoajan verkossa. Viimeiseksi ehdotetaan uutta SDN (Software Defined Networking) -pohjaista VPLS-arkkitehtuuria (Soft-VPLS) vanhojen turvallisten VPLS-arkkitehtuurien tunnelinhallintaongelmien poistoon. Näiden lisäksi väitöskirjassa ehdotetaan kolmea uutta mekanismia, joilla voidaan parantaa vanhojen arkkitehtuurien tunnelinhallintatoimintoja: 1) dynaaminen tunnelinluontimekanismi, 2) tunnelin jatkomekanismi ja 3) nopea tiedonsiirtomekanismi. Ehdotetussa arkkitehtuurissa käytetään VPLS-tunnelin luomisen hallintaan keskitettyä ohjainta, joka perustuu reaaliaikaiseen verkon käyttäytymiseen. Tutkimuksen tulokset auttavat suunnittelemaan ja kehittämään turvallisempia, skaalautuvampia ja tehokkaampia VLPS järjestelmiä, sekä auttavat hyödyntämään tehokkaammin verkon resursseja ja madaltamaan verkon operatiivisia kustannuksia.

Host Identity Protocol

Software Defined Networking

Spanning Tree Protocol

Virtual Private LAN Services

Virtual Private Networks

network security

scalability

Host Identity Protocol

Software-defined Networking (SDN)

Spanning Tree Protocol

VPLS

VPN-verkot

skaalautuvuus

verkon tietoturva

Simmulating and prototyping software definednetworking (SDN) using Mininet approach to optimise host communication in realistic programmable networking environment

Zulu, Lindinkosi Lethukuthula

11 1900

In this project, two tests were performed. On the first test, Mininet-WiFi was used to simulate a Software Defined Network to demonstrate Mininet-WiFi’ s ability to be used as the Software Defined Network emulator which can also be integrated to the existing network using a Network Virtualized Function (NVF). A typical organization’s computer network was simulated which consisted of a website hosted on the LAMP (Linux, Apache, MySQL, PHP) virtual machine, and an F5 application delivery controller (ADC) which provided load balancing of requests sent to the web applications. A website page request was sent from the virtual stations inside Mininet-WiFi. The request was received by the application delivery controller, which then used round robin technique to send the request to one of the web servers on the LAMP virtual machine. The web server then returned the requested website to the requesting virtual stations using the simulated virtual network. The significance of these results is that it presents Mininet-WiFi as an emulator, which can be integrated into a real programmable networking environment offering a portable, cost effective and easily deployable testing network, which can be run on a single computer. These results are also beneficial to modern network deployments as the live network devices can also communicate with the testing environment for the data center, cloud and mobile provides. On the second test, a Software Defined Network was created in Mininet using python script. An external interface was added to enable communication with the network outside of Mininet. The amazon web services elastic computing cloud was used to host an OpenDaylight controller. This controller is used as a control plane device for the virtual switch within Mininet. In order to test the network, a webserver hosted on the Emulated Virtual Environment – Next Generation (EVENG) software is connected to Mininet. EVE-NG is the Emulated Virtual Environment for networking. It provides tools to be able to model virtual devices and interconnect them with other virtual or physical devices. The OpenDaylight controller was able to create the flows to facilitate communication between the hosts in Mininet and the webserver in the real-life network. / Electrical and Mining Engineering

Software Defined Networking (SDN)

Network Functions Virtualization (NFV)

OpenDaylight Controller

Mininet

Linux Web Server

Mininet Wi-Fi

Application Delivery Controller (F5)

Cloud Computing (Amazon Web Services)

Python Script

Especificación e implementación de un sistema de red definida por software con funciones virtuales adaptadas a despliegues de Internet de las cosas

Suárez de Puga García, Jara

21 March 2022

[ES] La complejidad en la gestión de las redes de comunicación tradicionales, así como su poca escalabilidad y flexibilidad, supone un obstáculo para el desarrollo y consolidación de nuevas tecnologías emergentes como es el caso del Internet de las Cosas (Internet of Things), dónde la facilidad para el intercambio y manejo de grandes volúmenes de datos heterogéneos procedentes de sensores es un requisito clave para el correcto funcionamiento del sistema. El Internet de las Cosas se define cómo la interconexión digital de objetos cotidianos dotados de inteligencia (Smart devices) a través de redes de comunicación de datos ya sean públicas (Internet) o privadas. Sin embargo, el Internet de las Cosas no sólo está compuesto por estos dispositivos, toda la infraestructura, plataformas, aplicaciones y servicios que ayudan a los datos a viajar desde los dispositivos origen y hacia sus diferentes destinos, y la gestión de estos también forman parte del denominado Internet de las Cosas. El almacenamiento, análisis, procesado y gestión masiva de dichos datos es lo que se denomina Big Data, y está compuesto de grandes cantidades de datos (massive data) estructurados en diferentes formatos, modelos de datos y protocolos, lo que dificulta su tratamiento y su intercambio a través de las redes de datos convencionales. Ante esta problemática la implementación de redes virtuales definidas por software se presenta como una posible solución para dotar de flexibilidad, escalabilidad y sencillez de gestión a las redes que interconectan estos dispositivos, plataformas y otros elementos IoT, permitiendo una visión global, una gestión centralizada y un desarrollo de servicios a nivel de red específicos para los entornos de Internet de las Cosas. Este proyecto se presenta como una aproximación de estas dos tecnologías y tendrá como objetivo el diseño de una solución donde probar las herramientas de control de redes definidas por software o programables (SDN) y las funciones virtuales de redes (NFV) aplicadas a despliegues de Internet de las Cosas (IoT) de forma que se puedan demostrar sus ventajas e implicaciones y se puedan descubrir nuevas líneas de desarrollo sobre esta base. / [CA] La complexitat en la gestió de les xarxes de comunicació tradicionals, així com la seua poca escalabilitat i flexibilitat, suposa un obstacle per al desenvolupament i consolidació de noves tecnologies emergents com és el cas de la Internet de les Coses (Internet of Things), on la facilitat per a l'intercanvi i maneig de grans volums de dades heterogènies procedents de sensors és un requisit clau per al correcte funcionament del sistema. La Internet de les Coses es defineix com la interconnexió digital d'objectes quotidians dotats d'intel·ligència (Smart devices) a través de xarxes de comunicació de dades ja siguen públiques (Internet) o privades. No obstant això, la Internet de les Coses no sols està compost per aquests dispositius, tota la infraestructura, plataformes, aplicacions i serveis que ajuden les dades a viatjar des dels dispositius d'origen i cap a les seues diferents destinacions, i la gestió d'aquests també formen part de la denominada Internet de les Coses. L'emmagatzematge, anàlisi, processament i gestió massiva d'aquestes dades és el que es denomina Big Data, i està compost de grans quantitats de dades (massive data) estructurats en diferents formats, models de dades i protocols, la qual cosa dificulta el seu tractament i el seu intercanvi a través de les xarxes de dades convencionals. Davant aquesta problemàtica la implementació de xarxes virtuals definides per software es presenta com una possible solució per a dotar de flexibilitat, escalabilitat i senzillesa de gestió a les xarxes que interconnecten aquests dispositius, plataformes i altres elements IoT, permetent una visió global, una gestió centralitzada i un desenvolupament de serveis a nivell de xarxa específics per als entorns d'Internet de les Coses. Aquest projecte es presenta com una aproximació d'aquestes dues tecnologies i tindrà com a objectiu el disseny d'una solució on provar les eines de control de xarxes definides per software o programables (SDN) i les funcions virtuals de xarxes (NFV) aplicades a desplegaments d'Internet de les Coses (IoT) de manera que es puguen demostrar els seus avantatges i implicacions, i es puguen descobrir noves línies de desenvolupament sobre aquesta base. / [EN] Nowadays, the complexity of traditional network administration, together with the lack of scalability and flexibility, has been a challenge for the proper development and integration of new emerging technologies which make use of this network. As an example, we have the so-called Internet of Things (IoT). The principal IoT network requirement that enables the growth of this paradigm is the need to facilitate high data volume exchange and administration, from very heterogeneous sources. The IoT concept is defined as the digital interconnection of daily objects endowed with more "intelligence" (Smart devices) through a data communication network either public (Internet) or private. However, this technological trend does not only depend on the "smart devices", but on the whole infrastructure, platforms, frameworks, services, and applications that helps data to travel from the source devices to their different destinations. Also, the handling of the massive volumes of data extracted from those smart devices, their storage, processing, and analysis, known as Big Data, is a key part of this paradigm. This data is gathered from very different sources, and hence, it has diverse data structures and formats. Moreover, it is exchanged using various network protocols (LoRa, CoAp, etc.) which hinder its management and communication through conventional networks, that were not created for such data traffic. Given this problem, several technological approaches have emerged to solve it. Virtual software-defined networking is presented as a possible solution to provide flexibility, scalability, and simplicity of management to the networks that interconnect these devices, platforms, services, and other IoT elements. The virtualization of the network infrastructure, includes an extra layer of abstraction, thus providing a holistic vision of the network and centralizing the administration of its elements and the development of specific network services for IoT deployments. This project is presented as an approximation of these two technological paradigms and will have as the main objective the design of an architectural blueprint and testbed were testing the control tools of software-defined networks (SDN) and the virtualized network functions (NFV) applied to IoT deployments. Thereby, its advantages and implications can be evaluated, and new lines of development can be discovered on this base. / Suárez De Puga García, J. (2022). Especificación e implementación de un sistema de red definida por software con funciones virtuales adaptadas a despliegues de Internet de las cosas [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/181555 / TESIS

Key Performance Indicators (KPIs)

Internet de las cosas (IoT)

Redes definidas por software

Funciones de red virtualizadas

IoT

Internet of Things

Software Defined Networks

5G

Interoperabilidad

Software Defined Networking (SDN)

Network Function Virtualization (NFV)

Network functions virtualization

Interoperability