Vers les réseaux guidés par et pour les applications hautement dynamiques. / Towards networks guided by and for highly dynamic applications

Simo Tegueu, Armel francklin

04 July 2018

Les applications modernes s’appuient sur des architectures qui combinent de plus en plus de composants logiciels émanant de plusieurs éditeurs, implantant des fonctions de plus en plus spécialisées, et très souvent déployés dans le « cloud ». De ce fait, ces applications nécessitent une dynamique et une adaptation certaines vis-à-vis des flux de données que leurs composants échangent et des besoins de qualité de service (QdS) que ces flux requièrent. Pour la majorité des applications, il s’avère difficile d’identifier à l’avance l’ensemble des flux et/ou d’exprimer précisément les besoins de QdS associés. Ainsi, fournir un service de communication réseau capable de répondre et de suivre les besoins de ces applications sans gaspiller, par surdimensionnement, l’utilisation des ressources réseau, pose plusieurs défis aux réseaux de communication supports, notamment un haut degré de flexibilité, largement au-delà des possibilités des réseaux de communication actuels. L’objectif de ce travail de thèse est de développer le concept de réseau guidé par les applications (ADN : Application Driven Networking), réseau capable d’offrir des services de communication personnalisés et dynamiques aux applications. Le qualificatif personnalisé signifie que le service ADN répond à des besoins de communication applicatifs exprimés avec un niveau de granularité très fin pouvant aller jusqu’aux flux élémentaires. Ces besoins peuvent être exprimés explicitement par l’application ou inférés par le réseau par analyse du trafic. L’aspect dynamique signifie que le service ADN est reprogrammé et ajusté pour suivre l’évolution des besoins de l’application dans le temps. Les contributions de ce travail de thèse couvrent plusieurs points. Nous avons défini l’architecture générale d’un réseau ADN bâti sur une infrastructure réseau de type SDN (Software Defined Network) en explicitant ses composants fonctionnels et en spécifiant les interfaces entre composants. Nous avons développé les algorithmes de ses principaux composants, notamment deux algorithmes d’allocation de ressources réseau qui calculent les chemins de données et les ressources réseau à y réserver pour satisfaire les exigences de bande passante et de délai des services ADN, tout en optimisant l’utilisation de ressources. Nous avons mis au point deux heuristiques de migration des services ADN afin de répartir aux mieux la charge du réseau et d’augmenter l’admissibilité des requêtes des services ADN à venir. Nous avons développé un prototype démonstrateur de réseau ADN qui fournit un ensemble de services ADN à des applications dynamiques basées sur le middleware temps réel DDS (Data Distribution Service). / Modern applications are typically composed of lots of software components that tend to implement self-contained specialized functions. These components are often supplied by many software editors and provisioned and accessed via the cloud. As a consequence, the data flows that are exchanged between applications’ components and their QoS requirements vary over time. Moreover, in many situations, it is quite difficult to pre-identify this set of data flows and/or express precisely the associated QoS. Hence, providing a network service that meets application requirements and dynamically evolves with their needs without uselessly wasting network resources poses several challenges to the underlying communication network. Notably, the necessity of a high level of flexibility, far beyond the capabilities of today’s communication networks. The aim of this PhD is to develop the Application Driven Networking (ADN) concept, which is able to provide tailored and dynamic network services to applications. Tailored means that the ADN service captures a fine-grained description of application needs, which can consider elementary flows. These needs can be expressed, either, explicitly by the application or inferred by the network by traffic analysis. The dynamic facet means that the ADN service is reprogrammed and adjusted to fit to evolving application needs. The main contributions of this thesis are the following. First, a general architecture of the ADN network built on top of a Software Defined Network (SDN) infrastructure is proposed. Algorithms related to the ADN functional components are also proposed, in particular two network resource allocation algorithms that calculate the optimal (in terms of network resource utilization) data paths and the required network resources that meet application requirements. Two ADN service migration heuristics are also proposed to efficiently distribute the network load and increase the acceptance of forthcoming network service requests. An ADN network prototype is developed as proof of concept. It provides ADN services to dynamic applications with QoS requirements built on top of the DDS (Data Distribution Service) middleware.

Applications modernes

Qualité de Service dynamique

Réseaux définis par logiciel

Réseaux guidés par les applications

Modern applications

Dynamic Quality of Service

Software-Defined Networks

Application Driven Networking

004.65

004.68

004.678

Balanceamento de carga utilizando planos de dados OpenFlow comerciais

Costa, Leonardo Chinelate

10 June 2016

Submitted by Renata Lopes (renatasil82@gmail.com) on 2016-07-28T11:35:35Z No. of bitstreams: 1 leonardochinelatecosta.pdf: 971542 bytes, checksum: f5371f63a0629a94b6f8569205597bb5 (MD5) / Rejected by Adriana Oliveira (adriana.oliveira@ufjf.edu.br), reason: Corrigir openflow conforme consta no resumo OpenFlow on 2016-07-28T12:15:24Z (GMT) / Submitted by Renata Lopes (renatasil82@gmail.com) on 2016-07-28T12:23:04Z No. of bitstreams: 1 leonardochinelatecosta.pdf: 971542 bytes, checksum: f5371f63a0629a94b6f8569205597bb5 (MD5) / Approved for entry into archive by Adriana Oliveira (adriana.oliveira@ufjf.edu.br) on 2016-07-28T12:26:34Z (GMT) No. of bitstreams: 1 leonardochinelatecosta.pdf: 971542 bytes, checksum: f5371f63a0629a94b6f8569205597bb5 (MD5) / Made available in DSpace on 2016-07-28T12:26:34Z (GMT). No. of bitstreams: 1 leonardochinelatecosta.pdf: 971542 bytes, checksum: f5371f63a0629a94b6f8569205597bb5 (MD5) Previous issue date: 2016-06-10 / O paradigmade Redes Definidas por Software (SDN) vem mudando a forma como gerenciar e operar redes de computadores através da sua principal ideia, a separação dos planos de dados e de controle. O protocolo OpenFlow implementa este conceito e,devido às vantagens de menor custo de operação e maior facilidade de adaptação a projetos de comutadores já existentes, é encontrado hoje em diversos equipamentos de rede comercializados por muitas empresas. Com o uso do paradigma SDN e do protocolo OpenFlow, a inovação e a evolução da rede são facilitadas. Dessa forma, muitos serviços típicos de rede podem ser repensados, de forma a torná-los mais flexíveis. Um desses serviços é o balanceamento de carga. Neste trabalho é realizado um estudo sobre a viabilidade de se implementar um balanceador de carga OpenFlow em uma rede SDN real, considerando as restrições existentes nos equipamentos OpenFlow comerciais atuais. Para isso, foi proposto um modelo de balanceamento de carga em SDN que leva em consideração diferentes perfis de carga mais realistas e que é baseado na utilização de diferentes políticas para a realização do balanceamento. Contudo, antes de reproduzir esse cenário em um ambiente real, foi realizada uma avaliação de desempenho de alguns planos de dados OpenFlow a fim de se verificar se as implementações OpenFlow atuais são capazes de suportar o balanceamento de carga ou outros serviços e uma rede de produção. Foi avaliada a qualidade de diferentes implementações OpenFlow de hardware switches comerciais e de implementações open source de software switches, através de métricas de desempenho em operações típicas de um switch OpenFlow. Os resultados mostram que as implementações OpenFlow dos hardware switches avaliados ainda não atingiram um nível de maturidade suficiente para serem utilizadas em larga escala. Apesar de desempenhos similares entre os modos OpenFlow e legacy na maioria dos casos, as implementações OpenFlow em hardware apresentaram problemas como implementações incompletas do padrão, baixo número de regras suportadas, funcionamento instável para tabelas de fluxo cheias e problemas no processamento de múltiplos comandos. / Software Defined Networks paradigm (SDN) is changing the way how we manage and operate computer networks by its main idea, the decoupling of data and control planes. OpenFlow protocol implements this concept and, due to the advantages of lower operating expenditures and greater ease of adaptation to existing switches projects, it is found today in various network equipment sold by many companies. Using SDN paradigm and OpenFlow protocol, network innovation and evolution are facilitated. Thus, many typical network services can be rethought in order to make them more flexible. An example of such services is load balancing. This work is a study about the feasibility of implementing an OpenFlow load balancer in a real SDN network, considering the restrictions in current commercial OpenFlow equipment. For this, we propose a SDN load balancing which considersdifferentmorerealisticworkloadprofilesandisbasedonusingdifferentpoliciesfor performing the balancing. However, before reproducing this scenario in a real environment, a performance evaluation of some OpenFlow data planes was conducted in order to verify that the current OpenFlow implementations are able to support load balancing or other services in production networks. The quality of different commercial OpenFlow hardware switch implementations and open source software switch implementations was evaluated, using performance metrics in typical operations of an OpenFlow switch. The results show that OpenFlow implementations of the evaluated hardware switches have not yet reached a sufficient level of maturity to be used on a large scale. Despite similar performances between OpenFlow and legacy modes in most cases, OpenFlow hardware implementations have presented problems such as standard incomplete implementations, low number of supported rules, unstable operation for full flow tables and problems in processing multiple commands

Redes definidas por software

Balanceamento de carga

Software Defined Networks

Load balancing

Adaptive router bypass techniques to enhance core network efficiency

Ghonaim, Fahad A.

30 April 2018

Internet traffic is increasing exponentially, driven by new technologies such as Internet of Things (IoT) and rich streaming media. The traditional IP router becomes a bottleneck for further Internet expansion due to its high power consumption and inefficiency in processing the growing traffic. Router bypass has been introduced to overcome capacity limitations and the processing costs of IP routers. With router bypass, a portion of traffic is provisioned to bypass the router and is switched by the transport layer. Router bypass has shown to provide significant savings in network costs. These advantages are limited by a reduction in the statistical multiplexing associated with the subdivision of the available bandwidth typically into bypass and traditional portions thus limiting the interest in bypass techniques. This thesis will explore multiple techniques to enhance the efficiency of router bypass. The main goals are to address the issue of the reduction in statistical multiplexing and to add a dynamic approach to the router bypass mechanism. The recent advancements in the Optical Transport Network (OTN) play a major role in the transport network. This proposal takes full advantage of OTN in the router-bypassing context by applying recent developments such as Hitless Adjustments ODUflex (HAO), which allow the provisioned channels to be adjusted without re-establishing the connections. In addition, it will allow the bypassing mechanism to be flexible enough to meet the traffic behaviour needs of the future. This thesis will study multiple approaches to enhance the router bypass mechanism including: an adaptive provisioning style using various degrees of provisioning granularities and controlling the provisioning based on traffic behaviour. In addition, this thesis will explore the impact of automation in Software-Defined Networking (SDN) on router bypass. The application-driven infrastructure in SDN is moving the network to be more adaptive, which paves the way for an enhanced implementation of router bypass. Many challenges still face the industry to fully integrate the three layers (3, 2, and 1) to transform the current infrastructure into an adaptive application driven network. The IP router (layer 3) provisions and restores the connection regardless of the underlying layers (layer 2 and 1) and the transport layer does the same regardless of the IP layer. Although allowing every layer to develop without being constrained by other layers offers a huge advantage, it renders the transport layer static and not fully aware of the traffic behaviour. It is my hope that this thesis is a step forward in transforming the current network into a dynamic, efficient and responsive network. A simulation has been built to imitate the router bypassing concept and then many measurements have been recorded. / Graduate

Capacity limits

Software-Defined Networks (SDN)

Router Bypass

Green Networks

Space division multiplexing

Multilayer Switching

Optical Networks

Optical Transport Network (OTN)

Network topology

AN EVALUATION OF SDN AND NFV SUPPORT FOR PARALLEL, ALTERNATIVE PROTOCOL STACK OPERATIONS IN FUTURE INTERNETS

Suresh, Bhushan

09 July 2018

Virtualization on top of high-performance servers has enabled the virtualization of network functions like caching, deep packet inspection, etc. Such Network Function Virtualization (NFV) is used to dynamically adapt to changes in network traffic and application popularity. We demonstrate how the combination of Software Defined Networking (SDN) and NFV can support the parallel operation of different Internet architectures on top of the same physical hardware. We introduce our architecture for this approach in an actual test setup, using CloudLab resources. We start of our evaluation in a small setup where we evaluate the feasibility of the SDN and NFV architecture and incrementally increase the complexity of the setup to run a live video streaming application. We use two vastly different protocol stacks, namely TCP/IP and NDN to demonstrate the capability of our approach. The evaluation of our approach shows that it introduces a new level of flexibility when it comes to operation of different Internet architectures on top of the same physical network and with this flexibility provides the ability to switch between the two protocol stacks depending on the application.

Software Defined Networks (SDN)

Network Function virtualization (NFV)

Named Data Networks (NDN)

Future Internet Architecture (FIA)

Live Video Streaming

Adaptive Bitrate Streaming (ABR)

Electrical and Computer Engineering

Security challenges within Software Defined Networks

Ahmed, Haroon, Sund, Gabriel

January 2014

A large amount of today's communication occurs within data centers where a large number of virtual servers (running one or more virtual machines) provide service providers with the infrastructure needed for their applications and services. In this thesis, we will look at the next step in the virtualization revolution, the virtualized network. Software-defined networking (SDN) is a relatively new concept that is moving the field towards a more software-based solution to networking. Today when a packet is forwarded through a network of routers, decisions are made at each router as to which router is the next hop destination for the packet. With SDN these decisions are made by a centralized SDN controller that decides upon the best path and instructs the devices along this path as to what action each should perform. Taking SDN to its extreme minimizes the physical network components and increases the number of virtualized components. The reasons behind this trend are several, although the most prominent are simplified processing and network administration, a greater degree of automation, increased flexibility, and shorter provisioning times. This in turn leads to a reduction in operating expenditures and capital expenditures for data center owners, which both drive the further development of this technology. Virtualization has been gaining ground in the last decade. However, the initial introduction of virtualization began in the 1970s with server virtualization offering the ability to create several virtual server instances on one physical server. Today we already have taken small steps towards a virtualized network by virtualization of network equipment such as switches, routers, and firewalls. Common to virtualization is that it is in early stages all of the technologies have encountered trust issues and general concerns related to whether software-based solutions are as rugged and reliable as hardwarebased solutions. SDN has also encountered these issues, and discussion of these issues continues among both believers and skeptics. Concerns about trust remain a problem for the growing number of cloud-based services where multitenant deployments may lead to loss of personal integrity and other security risks. As a relatively new technology, SDN is still immature and has a number of vulnerabilities. As with most software-based solutions, the potential for security risks increases. This thesis investigates how denial-of-service (DoS) attacks affect an SDN environment and a singlethreaded controller, described by text and via simulations. The results of our investigations concerning trust in a multi-tenancy environment in SDN suggest that standardization and clear service level agreements are necessary to consolidate customers’ confidence. Attracting small groups of customers to participate in user cases in the initial stages of implementation can generate valuable support for a broader implementation of SDN in the underlying infrastructure. With regard to denial-of-service attacks, our conclusion is that hackers can by target the centralized SDN controller, thus negatively affect most of the network infrastructure (because the entire infrastructure directly depends upon a functioning SDN controller). SDN introduces new vulnerabilities, which is natural as SDN is a relatively new technology. Therefore, SDN needs to be thoroughly tested and examined before making a widespread deployment. / Dagens kommunikation sker till stor del via serverhallar där till stor grad virtualiserade servermiljöer förser serviceleverantörer med infrastukturen som krävs för att driva dess applikationer och tjänster. I vårt arbete kommer vi titta på nästa steg i denna virtualiseringsrevolution, den om virtualiserade nätverk. mjukvarudefinierat nätverk (eng. Software-defined network, eller SDN) kallas detta förhållandevis nya begrepp som syftar till mjukvarubaserade nätverk. När ett paket idag transporteras genom ett nätverk tas beslut lokalt vid varje router vilken router som är nästa destination för paketet, skillnaden i ett SDN nätverk är att besluten istället tas utifrån ett fågelperspektiv där den bästa vägen beslutas i en centraliserad mjukvaruprocess med överblick över hela nätverket och inte bara tom nästa router, denna process är även kallad SDN kontroll. Drar man uttrycket SDN till sin spets handlar det om att ersätta befintlig nätverksutrustning med virtualiserade dito. Anledningen till stegen mot denna utveckling är flera, de mest framträdande torde vara; förenklade processer samt nätverksadministration, större grad av automation, ökad flexibilitet och kortare provisionstider. Detta i sin tur leder till en sänkning av löpande kostnader samt anläggningskostnader för serverhallsinnehavare, något som driver på utvecklingen. Virtualisering har sedan början på 2000-talet varit på stark frammarsch, det började med servervirtualisering och förmågan att skapa flertalet virtualiserade servrar på en fysisk server. Idag har vi virtualisering av nätverksutrustning, såsom switchar, routrar och brandväggar. Gemensamt för all denna utveckling är att den har i tidigt stadie stött på förtroendefrågor och överlag problem kopplade till huruvida mjukvarubaserade lösningar är likvärdigt robusta och pålitliga som traditionella hårdvarubaserade lösningar. Detta problem är även något som SDN stött på och det diskuteras idag flitigt bland förespråkare och skeptiker. Dessa förtroendefrågor går på tvären mot det ökande antalet molnbaserade tjänster, typiska tjänster där säkerheten och den personliga integriten är vital. Vidare räknar man med att SDN, liksom annan ny teknik medför vissa barnsjukdomar såsom kryphål i säkerheten. Vi kommer i detta arbete att undersöka hur överbelastningsattacker (eng. Denial-of-Service, eller DoS-attacker) påverkar en SDN miljö och en singel-trådig kontroller, i text och genom simulering. Resultatet av våra undersökningar i ämnet SDN i en multitenans miljö är att standardisering och tydliga servicenivåavtal behövs för att befästa förtroendet bland kunder. Att attrahera kunder för att delta i mindre användningsfall (eng. user cases) i ett inledningsskede är också värdefullt i argumenteringen för en bredare implementering av SDN i underliggande infrastruktur. Vad gäller DoS-attacker kom vi fram till att det som hackare går att manipulera en SDN infrastruktur på ett sätt som inte är möjligt med dagens lösningar. Till exempel riktade attacker mot den centraliserade SDN kontrollen, slår man denna kontroll ur funktion påverkas stora delar av infrastrukturen eftersom de är i ett direkt beroende av en fungerande SDN kontroll. I och med att SDN är en ny teknik så öppnas också upp nya möjligheter för angrepp, med det i åtanke är det viktigt att SDN genomgår rigorösa tester innan större implementation.

Software Defined Networks (SDN)

network security

denial of service

distributed denial of service

multi-tenancy

mjukvarudefinierat nätverk

nätverkssäkerhet

överbelastningsattack

distribuerad överbelastningsattack

multitenans

Computer and Information Sciences

Data- och informationsvetenskap

Les réseaux maillés sans fils assistés par le SDN / Software-defined network for wireless mesh networks

Labraoui, Mohamed

19 December 2017

Avec les progrès dans les communications sans fil, le réseau maillé sans fils (WMN) est apparu comme une solution à la couverture et à la capacité limitée des réseaux d'infrastructure. Un WMN est un réseau ad-hoc multi-sauts dans lequel les routeurs participants acheminent le trafic pour le compte de tiers. Malgré les avantages et l'efficacité accrue de nombreuses applications, plusieurs problèmes doivent encore être résolus, notamment des facteurs critiques influant sur les performances des WMNs tels que l'évolutivité, la stabilité de la connectivité réseau, la qualité de service, la sécurité et les problèmes d'interférence. Face à ce défi, cette thèse explore une nouvelle approche des réseaux, à savoir le concept de réseau défini par logiciel (SDN). Dans une configuration SDN, l'intelligence située au niveau des périphériques réseau est déplacée dans une entité centrale communément appelée le contrôleur SDN. Dans cette architecture, le contrôleur SDN prend toutes les décisions et dicte à chaque périphérique réseau comment router les flux de données. Dans cette thèse, l'accent est mis sur l'évaluation des améliorations de la gestion de réseau que SDN pourrait apporter aux WMNs. En particulier, nous avons analysé et déterminé le type de granularité de contrôle SDN envisageable pour ce type de réseaux ainsi que les solutions techniques permettant de mettre en œuvre ce concept pour de meilleures performances. / With advances in wireless communications, Wireless Mesh Network (WMN) has emerged as one solution to the limited coverage and capacity of infrastructure networks. A WMN is a multihop ad-hoc network where participating routers forward traffic on behalf of others. Despite the advantages and increased efficiency in many applications, several challenges still need to be solved and especially critical factors influencing the performance of WMNs such as scalability, network connectivity steadiness, Quality of Service (QoS), security, and interference problems. In the face of this challenge, this thesis explores a new approach for networks, namely the concept of Software-Defined Network (SDN). In an SDN configuration, the intelligence located at network devices level is moved within a central entity commonly referred to as the SDN controller. In this architecture, the SDN controller takes all decisions and dictates to each network device how to route data flows. In this thesis, the focus is on evaluating network management improvements that SDN could make in WMNs. Particularly, we analyzed and determined what kind of SDN control granularity that could be envisaged for this type of networks as well as the technical solutions to implement this concept for better performance.

Réseau maillé sans fils

Réseau défini par logiciel

Routage

Gestion de réseau

Déploiement

Performance

Wireless mesh network

Software-defined networks

Routing

004.68

Building the Intelligent IoT-Edge: Balancing Security and Functionality using Deep Reinforcement Learning

Anand A Mudgerikar (11791094)

19 December 2021

<div>The exponential growth of Internet of Things (IoT) and cyber-physical systems is resulting in complex environments comprising of various devices interacting with each other and with users. In addition, the rapid advances in Artificial Intelligence are making those devices able to autonomously modify their behaviors through the use of techniques such as reinforcement learning (RL). There is thus the need for an intelligent monitoring system on the network edge with a global view of the environment to autonomously predict optimal device actions. However, it is clear however that ensuring safety and security in such environments is critical. To this effect, we develop a constrained RL framework for IoT environments that determines optimal devices actions with respect to user-defined goals or required functionalities using deep Q learning. We use anomaly based intrusion detection on the network edge to dynamically generate security and safety policies to constrain the RL agent in the framework. We analyze the balance required between ‘safety/security’ and ‘functionality’ in IoT environments by manipulating the exploration of safe and unsafe benefit state spaces in the RL framework. We instantiate the framework for testing on application layer control in smart home environments, and network layer control including network functionalities like rate control and routing, for SDN based environments.</div>

Theoretical Computer Science

Applied Computer Science

Internet of Things (IoT),

Deep Reinforcement Learning (DRL)

Network security

IOT SECURITY

Software Defined Networks

Virtual networked infrastructure provisioning in distributed cloud environments / Allocation d’infrastructures virtuelles en environnements clouds distribués

Mechtri, Marouen

01 December 2014

L'informatique en nuage (Cloud Computing) a émergé comme un nouveau paradigme pour offrir des ressources informatiques à la demande et pour externaliser des infrastructures logicielles et matérielles. Le Cloud Computing est rapidement et fondamentalement en train de révolutionner la façon dont les services informatiques sont mis à disposition et gérés. Ces services peuvent être demandés à partir d’un ou plusieurs fournisseurs de Cloud d’où le besoin de la mise en réseau entre les composants des services informatiques distribués dans des emplacements géographiquement répartis. Les utilisateurs du Cloud veulent aussi déployer et instancier facilement leurs ressources entre les différentes plateformes hétérogènes de Cloud Computing. Les fournisseurs de Cloud assurent la mise à disposition des ressources de calcul sous forme des machines virtuelles à leurs utilisateurs. Par contre, ces clients veulent aussi la mise en réseau entre leurs ressources virtuelles. En plus, ils veulent non seulement contrôler et gérer leurs applications, mais aussi contrôler la connectivité réseau et déployer des fonctions et des services de réseaux complexes dans leurs infrastructures virtuelles dédiées. Les besoins des utilisateurs avaient évolué au-delà d'avoir une simple machine virtuelle à l'acquisition de ressources et de services virtuels complexes, flexibles, élastiques et intelligents. L'objectif de cette thèse est de permettre le placement et l’instanciation des ressources complexes dans des infrastructures de Cloud distribués tout en permettant aux utilisateurs le contrôle et la gestion de leurs ressources. En plus, notre objectif est d'assurer la convergence entre les services de cloud et de réseau. Pour atteindre cela, nous proposons des algorithmes de mapping d’infrastructures virtuelles dans les centres de données et dans le réseau tout en respectant les exigences des utilisateurs. Avec l'apparition du Cloud Computing, les réseaux traditionnels sont étendus et renforcés avec des réseaux logiciels reposant sur la virtualisation des ressources et des fonctions réseaux. En plus, le nouveau paradigme d'architecture réseau (Software Defined Networks) est particulièrement pertinent car il vise à offrir la programmation du réseau et à découpler, dans un équipement réseau, la partie plan de données de la partie plan de contrôle. Dans ce contexte, la première partie propose des algorithmes optimaux (exacts) et heuristiques de placement pour trouver le meilleur mapping entre les demandes des utilisateurs et les infrastructures sous-jacentes, tout en respectant les exigences exprimées dans les demandes. Cela inclut des contraintes de localisation permettant de placer une partie des ressources virtuelles dans le même nœud physique. Ces contraintes assurent aussi le placement des ressources dans des nœuds distincts. Les algorithmes proposés assurent le placement simultané des nœuds et des liens virtuels sur l’infrastructure physique. Nous avons proposé aussi un algorithme heuristique afin d’accélérer le temps de résolution et de réduire la complexité du problème. L'approche proposée se base sur la technique de décomposition des graphes et la technique de couplage des graphes bipartis. Dans la troisième partie, nous proposons un cadriciel open source (framework) permettant d’assurer la mise en réseau dynamique entre des ressources Cloud distribués et l’instanciation des fonctions réseau dans l’infrastructure virtuelle de l’utilisateur. Ce cadriciel permettra de déployer et d’activer les composants réseaux afin de mettre en place les demandes des utilisateurs. Cette solution se base sur un gestionnaire des ressources réseaux "Cloud Network Gateway Manager" et des passerelles logicielles permettant d’établir la connectivité dynamique et à la demande entre des ressources cloud et réseau. Le CNG-Manager offre le contrôle de la partie réseau et prend en charge le déploiement des fonctions réseau nécessaires dans l'infrastructure virtuelle des utilisateurs / Cloud computing emerged as a new paradigm for on-demand provisioning of IT resources and for infrastructure externalization and is rapidly and fundamentally revolutionizing the way IT is delivered and managed. The resulting incremental Cloud adoption is fostering to some extent cloud providers cooperation and increasing the needs of tenants and the complexity of their demands. Tenants need to network their distributed and geographically spread cloud resources and services. They also want to easily accomplish their deployments and instantiations across heterogeneous cloud platforms. Traditional cloud providers focus on compute resources provisioning and offer mostly virtual machines to tenants and cloud services consumers who actually expect full-fledged (complete) networking of their virtual and dedicated resources. They not only want to control and manage their applications but also control connectivity to easily deploy complex network functions and services in their dedicated virtual infrastructures. The needs of users are thus growing beyond the simple provisioning of virtual machines to the acquisition of complex, flexible, elastic and intelligent virtual resources and services. The goal of this thesis is to enable the provisioning and instantiation of this type of more complex resources while empowering tenants with control and management capabilities and to enable the convergence of cloud and network services. To reach these goals, the thesis proposes mapping algorithms for optimized in-data center and in-network resources hosting according to the tenants' virtual infrastructures requests. In parallel to the apparition of cloud services, traditional networks are being extended and enhanced with software networks relying on the virtualization of network resources and functions especially through network resources and functions virtualization. Software Defined Networks are especially relevant as they decouple network control and data forwarding and provide the needed network programmability and system and network management capabilities. In such a context, the first part proposes optimal (exact) and heuristic placement algorithms to find the best mapping between the tenants' requests and the hosting infrastructures while respecting the objectives expressed in the demands. This includes localization constraints to place some of the virtual resources and services in the same host and to distribute other resources in distinct hosts. The proposed algorithms achieve simultaneous node (host) and link (connection) mappings. A heuristic algorithm is proposed to address the poor scalability and high complexity of the exact solution(s). The heuristic scales much better and is several orders of magnitude more efficient in terms of convergence time towards near optimal and optimal solutions. This is achieved by reducing complexity of the mapping process using topological patterns to map virtual graph requests to physical graphs representing respectively the tenants' requests and the providers' physical infrastructures. The proposed approach relies on graph decomposition into topology patterns and bipartite graphs matching techniques. The third part propose an open source Cloud Networking framework to achieve cloud and network resources provisioning and instantiation in order to respectively host and activate the tenants' virtual resources and services. This framework enables and facilitates dynamic networking of distributed cloud services and applications. This solution relies on a Cloud Network Gateway Manager and gateways to establish dynamic connectivity between cloud and network resources. The CNG-Manager provides the application networking control and supports the deployment of the needed underlying network functions in the tenant desired infrastructure (or slice since the physical infrastructure is shared by multiple tenants with each tenant receiving a dedicated and isolated portion/share of the physical resources)

Allocation d'infrastructures virtuelles

Virtualisation des fonctions réseaux

Software Defined Networks

Informatique en nuage

Mapping des ressources optimales

Réseau inter-cloud

Cloud Network Gateway

Network functions virtualization

Software Defined Networks

Cloud computing

Optimal resources mapping

Inter-cloud networking

Cloud Networking Gateway

Protocole de routage pour l’architecture NDN / Routing protocol for NDN architecture

Aubry, Elian

19 December 2017

Parmi les architectures orientées contenu, l'architecture NDN (Named-Data Networking) a su agréger la plus importante communauté de chercheurs et est la plus aboutie pour un Internet du futur. Dans le cadre de l'architecture NDN, au cours de ce doctorat, nous nous sommes concentrés sur les mécanismes de routage adaptés à cette nouvelle vision du réseau. En effet, la capacité à acheminer une requête vers la destination est fondamentale pour qu'une architecture réseau soit fonctionnelle et cette problématique avait été très peu étudiée jusqu'alors. Ainsi, dans ce manuscrit, nous proposons le protocole de routage SRSC (SDN-based Routing Scheme for CCN/NDN), qui repose sur l'utilisation du paradigme des réseaux logiciels (Software-Defined Networks\\, SDN). SRSC utilise un contrôleur capable de gérer le plan de contrôle du réseau NDN. En centralisant l'ensemble des informations telles que la topologie du réseau, la localisation des différents contenus et le contenu des mémoires cache des nœuds du réseau, le contrôleur va pouvoir établir la meilleure route pour acheminer les requêtes vers le contenu. SRSC permet également un routage de type anycast, c'est à dire qu'il permet d'acheminer les requêtes vers le nœud le plus proche qui dispose des données, permettant d'optimiser la distribution des requêtes dans le réseau et de répartir la charge parmi tous les nœuds. De plus, SRSC utilise uniquement les messages Interest et Data de l'architecture NDN et tient son originalité du fait qu'il s'affranchit complètement de l'infrastructure TCP/IP existante. Dans un premier temps, SRSC a été évalué via simulation avec le logiciel NS-3 où nous l'avons comparé à la méthode d'inondation des requêtes, appelée flooding, initialement proposée par NDN. SRSC a ensuite été implanté dans NDNx, l'implantation open source de l'architecture NDN, puis déployé sur notre testbed utilisant la technologie Docker. Ce testbed permet de virtualiser des nœuds NDN et d'observer un réel déploiement de cette architecture réseau à large échelle. Nous avons ainsi évalué les performances de notre protocole SRSC sur notre testbed virtualisé et nous l'avons comparé au protocole NLSR, (Named-Data Link State Routing Protocol), le protocole de routage du projet NDN / Internet is a mondial content network and its use grows since several years. Content delivery such as P2P or video streaming generates the main part of the Internet traffic and Named Data Networks (NDN) appear as an appropriate architecture to satisfy the user needs. Named-Data Networking is a novel clean-slate architecture for Future Internet. It has been designed to deliver content at large scale and integrates several features such as in-network caching, security, multi-path. However, the lack of scalable routing scheme is one of the main obstacles that slow down a large deployment of NDN at an Internet-scale. As it relies on content names instead of host address, it cannot reuse the traditional routing scheme on the Internet. In this thesis, we propose to use the Software-Defined Networking (SDN) paradigm to decouple data plane and control plane and present SRSC, a new routing scheme for NDN based on SDN paradigm. Our solution is a clean-slate approach, using only NDN messages and the SDN paradigm. We implemented our solution into the NS-3 simulator and perform extensive simulations of our proposal. SRSC show better performances than the flooding scheme used by default in NDN. We also present a new NDN testbed and the implementation of our protocol SRSC, a Controlled-based Routing Scheme for NDN. We implemented SRSC into NDNx, the NDN implementation, and deployed it into a virtual environment through Docker. Our experiments demonstrate the ability of our proposal to forward Interest, while keeping a low computation time for the Controller and low delay to access Content. Moreover, we propose a solution to easily deploy and evaluate NDN network, and we compare SRSC with NLSR, the current routing protocol used in NDNx

Réseaux orientés contenu

Réseaux logiciel

Routage

Protocole

Performance

Named-Data Networking (NDN)

ICN

SDN

Information centric networks

Software defined Networks

Routing

Protocol

Performance

Named-Data Networking (NDN)

ICN

SDN

004.62

Uma proposta de redirecionamento de fluxos de rede usando openflow para migração de aplicações entre nuvens

Moda, Carlos Spinetti

27 February 2014

Made available in DSpace on 2016-06-02T19:06:15Z (GMT). No. of bitstreams: 1 6215.pdf: 2705931 bytes, checksum: f13134b07bf961a0e166ae8f6fdc0bf0 (MD5) Previous issue date: 2014-02-27 / Financiadora de Estudos e Projetos / During the last decade, the advent of large scale processing and the need for rapid modification of computational structures have increased the popularity of Cloud Computing, particularly the Infrastructure as a Service model. Several companies have invested in infrastructure to become providers of this kind of service, whether for general public or only to supply their own business needs. This has increased the number of virtualized datacenters across the world and created a growing interest in interoperability between different providers. However, due to the lack of technology standardization, and to limitations in the current network s architecture, this interoperability is still an issue. Based on this, this research project presents an OpenFlow based network flow redirection architecture to support service continuity during the migration of applications between different IaaS providers. The tests performed show the applicability of the proposed architecture in a real network environment, having control only of the network edges, and without setting up any specific hardware. / Durante a ultima década, o advento do processamento em larga escala e a necessidade de rápida modificação de estruturas computacionais fez com que a computação em nuvem se popularizasse, em particular na forma de aprovisionamento de Infraestrutura como Serviço. Diversas companhias investiram em infraestrutura para se tornarem provedores desse tipo de serviço, seja para o publico ou para proverem recursos para seus próprios negócios. Isto aumentou o numero de centros de dados virtualizados e gerou o interesse na interoperabilidade entre os diferentes provedores. Entretanto, devido a falta de padronização de tecnologias, e devido a limitações na arquitetura das redes atuais, essa interoperabilidade ainda e um assunto em aberto. Com base nisso, o presente trabalho apresenta uma arquitetura de redirecionamento de fluxos de rede baseada em OpenFlow para o suporte a continuidade de serviço durante a migração de aplicações entre diferentes provedores de IaaS. Os testes realizados comprovam sua aplicabilidade em um cenário real, controlando apenas as bordas da rede, e sem a instalação de nenhum hardware específico.

Redes de computação - protocolos

Computação em nuvem

Redes definidas por software

Infrastructure as a Service (IaaS)

OpenFlow

Migração de aplicações

Redirecionamentos de fluxos

IaaS cloud computing

Software defined networks

OpenFlow

Flow redirection

Application migration