• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 90
  • 30
  • 10
  • 4
  • 2
  • 2
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 166
  • 166
  • 166
  • 86
  • 54
  • 47
  • 42
  • 40
  • 35
  • 32
  • 26
  • 23
  • 21
  • 21
  • 20
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
11

Software Defined Networking : Virtual Router Performance

Svantesson, Björn January 2016 (has links)
Virtualization is becoming more and more popular since the hardware that is available today often has theability to run more than just a single machine. The hardware is too powerful in relation to the requirementsof the software that is supposed to run on the hardware, making it inefficient to run too little software ontoo powerful of machines. With virtualization, the ability exists to run a lot of different software on thesame hardware, thereby increasing the efficiency of hardware usage.Virtualization doesn't stop at just virtualizing operating systems or commodity software, but can also beused to virtualize networking components. These networking components include everything from routersto switches and are possible to set up on any kind of virtulized system.When discussing virtualization of networking components, the experssion “Software Defined Networking”is hard to miss. Software Defined Networking is a definition that contains all of these virtualized networkingcomponents and is the expression that should be used when researching further into this subject. There'san increasing interest in these virtualized networking components now in relation to just a few years ago.This is due to company networking becoming much more complex now in relation to the complexity thatcould be found in a network a few years back. More services need to be up inside of the network and a lotof people believe that Software Defined Networking can help in this regard.This thesis aim is to try to find out what kind of differences there are between multiple different softwarerouters. Finding out things like, which one of the routers that offer the highest network speed for the leastamount of hardware cost, are the kind of things that this thesis will be focused on. It will also look at somedifferent aspects of performance that the routers offer in relation to one another in order to try toestablish if there exists any kind of “best” router in multiple different areas.The idea is to build up a virtualized network that somewhat relates to how a normal network looks insmaller companies today. This network will then be used for different types of testing while having thesoftware based router placed in the middle and having it take care of routing between different local virtualnetworks. All of the routers will be placed on the same server and their configuration will be very basicwhile also making sure that each of the routers get access to the same amount of hardware.After initial testing, all routers that perform bad will be opted out for additional testing. This is done tomake sure that there's no unnecessary testing done on routers that seem to not be able to keep up withthe other ones. The results from these tests will be compared to the results of a hardware router with thesame kind of tests used with it in the middle in relation to the tests the software routers had to go through.The results from the testing were fairly surprising, only having one single router being eliminated early onas the remaining ones continued to “battle” one another with more tests. These tests were compared tothe results of a hardware router and the results here were also quite surprising with a much betterperformance in many different areas from the software routers perspective.
12

An SDN-based firewall shunt for data-intensive science applications

Miteff, Simeon January 2016 (has links)
A dissertation submitted to the Faculty of Engineering and the Built Environment, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Master of Science in Engineering, 2016 / Data-intensive research computing requires the capability to transfer les over long distances at high throughput. Stateful rewalls introduce su cient packet loss to prevent researchers from fully exploiting high bandwidth-delay network links [25]. To work around this challenge, the science DMZ design [19] trades o stateful packet ltering capability for loss-free forwarding via an ordinary Ethernet switch. We propose a novel extension to the science DMZ design, which uses an SDN-based rewall. This report introduces NFShunt, a rewall based on Linux's Net lter combined with OpenFlow switching. Implemented as an OpenFlow 1.0 controller coupled to Net lter's connection tracking, NFShunt allows the bypass-switching policy to be expressed as part of an iptables rewall rule-set. Our implementation is described in detail, and latency of the control-plane mechanism is reported. TCP throughput and packet loss is shown at various round-trip latencies, with comparisons to pure switching, as well as to a high-end Cisco rewall. Cost, as well as operations and maintenance aspects, are compared and analysed. The results support reported observations regarding rewall introduced packet-loss, and indicate that the SDN design of NFShunt is a technically viable and cost-e ective approach to enhancing a traditional rewall to meet the performance needs of data-intensive researchers / GS2016
13

Controller-plane workload characterization and forecasting in software-defined networking

Nkosi, Emmanuel January 2017 (has links)
A research report submitted to the Faculty of Engineering and the Built Environment of the University of the Witwatersrand in partial fulfilment of the requirements for the degree of Master of Science in Engineering February 2017 / Software-defined networking (SDN) is the physical separation of the control and data planes in networking devices. A logically centralised controller plane which uses a network-wide view data structure to control several data plane devices is another defining attribute of SDN. The centralised controllers and the network-wide view data structure are difficult to scale as the network and the data it carries grow. Solutions which have been proposed to combat this challenge in SDN lack the use of the statistical properties of the workload or network traffic seen by SDN controllers. Hence, the objective of this research is twofold: Firstly, the statistical properties of the controller workload are investigated. Secondly, Autoregressive Integrated Moving Average Models (ARIMA) and Artificial Neural Network (ANN) models are investigated to establish the feasibility of forecasting the controller workload signal. Representations of the state of the controller plane in the network-wide view in the form of forecasts of the controller workload will enable control applications to detect dwindling controller resources and therefore alleviate controller congestion. On the other hand, realistic statistical traffic models of the controller workload variable are sought for the design and evaluation of SDN controllers. A data center network prototype is created by making use of an SDN network emulator called Mininet and an SDN controller called Onos. It was found that 1–2% of flows arrive within 10 s of each other and more than 80% have inter-arrival times in the range of 10 s–10ms. These inter-arrival times were found to follow a beta distribution, which is similar to findings made in Machine Type Communications (MTC). The use of ARIMA and ANN to forecast the controller workload established that it is feasible to forecast the workload seen by SDN controllers. The accuracy of these models was found to be comparable for continuously valued time series signals. The ANN model was found to be applicable even in discretely valued time series data. / MT2017
14

Software-defined Networking: Improving Security for Enterprise and Home Networks

Taylor, Curtis Robin 24 April 2017 (has links)
In enterprise networks, all aspects of the network, such as placement of security devices and performance, must be carefully considered. Even with forethought, networks operators are ultimately unaware of intra-subnet traffic. The inability to monitor intra-subnet traffic leads to blind spots in the network where compromised hosts have unfettered access to the network for spreading and reconnaissance. While network security middleboxes help to address compromises, they are limited in only seeing a subset of all network traffic that traverses routed infrastructure, which is where middleboxes are frequently deployed. Furthermore, traditional middleboxes are inherently limited to network-level information when making security decisions. Software-defined networking (SDN) is a networking paradigm that allows logically centralized control of network switches and routers. SDN can help address visibility concerns while providing the benefits of a centralized network control platform, but traditional switch-based SDN leads to concerns of scalability and is ultimately limited in that only network-level information is available to the controller. This dissertation addresses these SDN limitations in the enterprise by pushing the SDN functionality to the end-hosts. In doing so, we address scalability concerns and provide network operators with better situational awareness by incorporating system-level and graphical user interface (GUI) context into network information handled by the controller. By incorporating host-context, our approach shows a modest 16% reduction in flows that can be processed each second compared to switch-based SDN. In comparison to enterprise networks, residential networks are much more constrained. Residential networks are limited in that the operators typically lack the experience necessary to properly secure the network. As a result, devices on home networks are sometimes compromised and, unbeknownst to the home user, perform nefarious acts such as distributed denial of services (DDoS) attacks on the Internet. Even with operator expertise in residential networks, the network infrastructure is limited to a resource-constrained router that is not extensible. Fortunately, SDN has the potential to increase security and network control in residential networks by outsourcing functionality to the cloud where third-party experts can provide proper support. In residential networks, this dissertation uses SDN along with cloud-based resources to introduce enterprise-grade network security solutions where previously infeasible. As part of our residential efforts, we build and evaluate device-agnostic security solutions that are able to better protect the increasing number of Internet of Things (IoT) devices. Our work also shows that the performance of outsourcing residential network control to the cloud is feasible for up to 90% of home networks in the United States.
15

Enhancing network scalability by introducing mechanisms, architectures and protocols

Alasadi, Emad Younis January 2017 (has links)
In this thesis, three key issues that restrict networks from scaling up so as to be able to cope with the rapid increase in traffic are investigated and series of approaches are proposed and tested for overcoming them. Firstly, scalability limitations owing to the use of a broadcast mechanism in one collision domain are discussed. To address this matter, servers under software-defined network architectures for eliminating discovery messages (SSED) are designed in this thesis and a backbone of floodless packets in an SDN LAN network is introduced. SSED has an innovative mechanism for defining the relationship between the servers and SDN architecture. Experimental results, after constructing and applying an authentic testbed, verify that SSED has the ability to improve upon the scalability of the traditional mechanism in terms of the number of switches and hosts. This is achieved by removing broadcast packets from the data and control planes as well as offering a better response time. Secondly, the scalability restrictions from using routers and the default gateway mechanism are explained. In this thesis, multiple distributed subnets using SDN architecture and servers to eliminate router devices and the default gateway mechanism (MSSERD) are introduced, designed and implemented as the general backbone for scalable multiple LAN-based networks. MSSERD's proposed components handle address resolution protocol (ARP) discovery packets and general IP packets across different subnets. Moreover, a general view of the network is provided through a multi-subnets discovery protocol (MDP). A 23 computers testbed is built and the results verify that MSSERD scales up the number of subnets more than traditional approaches, enhances the efficiency significantly, especially with high load, improves performance 2.3 times over legacy mechanisms and substantially reduces complexity. Finally, most of the available distributed-based architectures for different domains are reviewed and the aggregation discovery mechanism analysed to establish their impact on network scalability. Subsequently, a general distributed-centralised architecture with open-level control plane (OLC) architecture and a dynamic discovery hierarchical protocol (DHP) is introduced to provide better scalability in an SDN network. OLC can scale up the network with high performance even during high traffic.
16

Improving the performance of software-defined networks using dynamic flow installation and management techniques

Isaia, Philippos January 2018 (has links)
As computer networks evolve, they become more complex, introducing several challenges in the areas of performance and management. Such problems can lead to stagnation in network innovation. Software Defined Networks (SDN) framework could be one of the best candidates for improving and revolutionising networking by giving the full control to the network administrators to implement new management and performance optimisation techniques. This thesis examines performance issues faced in SDN due to the introduction of the SDN Controller. These issues include the extra delay due to the round-trip time between the switch and the controller as well as the fact that some packets arrive at the destination out-of-order. We propose a novel dynamic flow installation and management algorithm (OFPE) using the SDN protocol OpenFlow, which preserves the controller to a non-overloaded CPU state and allow it to dynamically add and adjust flow table rules to reduce packet delay and out-of-order packets. In addition, we propose OFPEX, an extension to OFPE algorithm that includes techniques for managing multi-switch environments as well as methods that make use of the packets interarrival time in categorising and serving packet flows. Such techniques allow topology awareness, helping the controller to install flow table rules in such a way to form optimal routes for high priority flows thus increasing network performance. For the performance evaluation of the proposed algorithms, both hardware testbed as well as emulation experiments have been conducted. The performance results indicate that OFPE algorithm achieves a significant enhancement in performance in the form of reduced delay by up to 92.56% (depending on the scenario), reduced packet loss by up to 55.32% and reduced out-of-order packets by up to 69.44%. Furthermore, we propose a novel placement algorithm for distributed Mininet implementations which uses weights in order to distribute the experiment components to the appropriately distributed machines. The proposed algorithm uses static code analysis in order to examine the experimental code as well as it measures the capabilities of physical components in order to create a weights table which is then used to distribute the experiment components properly. The performance results of the proposed algorithm evaluation indicated reductions in delay and packet loss of up to 65.51% and 86.35% respectively, as well as a decrease in the standard deviation of CPU usage by up to 88.63%. These results indicate that the proposed algorithm distributes the experiment components evenly across the available resources. Finally, we propose a series of Benchmarking tests that can be used to rate all the available SDN experimental platforms. These tests allow the selection of the appropriate experimental platform according to the scenario needs as well as they indicate the resources needed by each platform.
17

Architectures for Softwarized Networks and Their Performance Evaluation / Architekturen für Software-basierte Netze und deren Leistungsbewertung

Gebert, Steffen Christian January 2017 (has links) (PDF)
This thesis contributes to several issues in the context of SDN and NFV, with an emphasis on performance and management. The main contributions are guide lines for operators migrating to software-based networks, as well as an analytical model for the packet processing in a Linux system using the Kernel NAPI. / In der Dissertation werden mehrere Problemstellungen im Kontext von SDN und NFV, vor allem hinsichtlich Performance und Management, bearbeitet. Die Hauptbeiträge sind Guidelines für Netzbetreiber zum Management Software-basierter Netze sowie ein analytisches Modell, welches den Paketverarbeitungsprozess in der Linux Kernel NAPI beschreibt.
18

Facilitating dynamic network control with software-defined networking

Kim, Hyojoon 21 September 2015 (has links)
This dissertation starts by realizing that network management is a very complex and error-prone task. The major causes are identified through interviews and systematic analysis of network config- uration data on two large campus networks. This dissertation finds that network events and dynamic reactions to them should be programmatically encoded in the network control program by opera- tors, and some events should be automatically handled for them if the desired reaction is general. This dissertation presents two new solutions for managing and configuring networks using Software- Defined Networking (SDN) paradigm: Kinetic and Coronet. Kinetic is a programming language and central control platform that allows operators to implement traffic control application that reacts to various kinds of network events in a concise, intuitive way. The event-reaction logic is checked for correction before deployment to prevent misconfigurations. Coronet is a data-plane failure recovery service for arbitrary SDN control applications. Coronet pre-plans primary and backup routing paths for any given topology. Such pre-planning guarantees that Coronet can perform fast recovery when there is failure. Multiple techniques are used to ensure that the solution scales to large networks with more than 100 switches. Performance and usability evaluations show that both solutions are feasible and are great alternative solutions to current mechanisms to reduce misconfigurations.
19

Protecting Networked Systems from Malware Threats

Shin, Seungwon 16 December 2013 (has links)
Currently, networks and networked systems are essential media for us to communicate with other people, access resources, and share information. Reading (or sending) emails, navigating web sites, and uploading pictures to social medias are common behaviors using networks. Besides these, networks and networked systems are used to store or access sensitive or private information. In addition, major economic activities, such as buying food and selling used cars, can also be operated with networks. Likewise, we live with networks and networked systems. As network usages are increasing and popular, people face the problems of net- work attacks. Attackers on the networks can steal people’s private information, mislead people to pay money for fake products, and threaten people, who operate online commercial sites, by bothering their services. There are much more diverse types of network attacks that torture many people using networks, and the situation is still serious. The proposal in this dissertation starts from the following two research questions: (i) what kind of network attack is prevalent and how we can investigate it and (ii) how we can protect our networks and networked systems from these attacks. Therefore, this dissertation spans two main areas to provide answers for each question. First, we analyze the behaviors and characteristics of large-scale bot infected hosts, and it provides us new findings of network malware and new insights that are useful to detect (or defeat) recent network threats. To do this, we investigate the characteristics of victims infected by recent popular botnet - Conficker, MegaD, and Srizbi. In addition, we propose a method to detect these bots by correlating network and host features. Second, we suggest new frameworks to make our networks secure based on the new network technology of Software Defined Networking (SDN). Currently, SDN technology is considered as a future major network trend, and it can dynamically program networks as we want. Our suggested frameworks for SDN can be used to devise network security applications easily, and we also provide an approach to make SDN technology secure.
20

User-centric traffic engineering in software defined networks

Bakhshi, Taimur January 2017 (has links)
Software defined networking (SDN) is a relatively new paradigm that decouples individual network elements from the control logic, offering real-time network programmability, translating high level policy abstractions into low level device configurations. The framework comprises of the data (forwarding) plane incorporating network devices, while the control logic and network services reside in the control and application planes respectively. Operators can optimize the network fabric to yield performance gains for individual applications and services utilizing flow metering and application-awareness, the default traffic management method in SDN. Existing approaches to traffic optimization, however, do not explicitly consider user application trends. Recent SDN traffic engineering designs either offer improvements for typical time-critical applications or focus on devising monitoring solutions aimed at measuring performance metrics of the respective services. The performance caveats of isolated service differentiation on the end users may be substantial considering the growth in Internet and network applications on offer and the resulting diversity in user activities. Application-level flow metering schemes therefore, fall short of fully exploiting the real-time network provisioning capability offered by SDN instead relying on rather static traffic control primitives frequent in legacy networking. For individual users, SDN may lead to substantial improvements if the framework allows operators to allocate resources while accounting for a user-centric mix of applications. This thesis explores the user traffic application trends in different network environments and proposes a novel user traffic profiling framework to aid the SDN control plane (controller) in accurately configuring network elements for a broad spectrum of users without impeding specific application requirements. This thesis starts with a critical review of existing traffic engineering solutions in SDN and highlights recent and ongoing work in network optimization studies. Predominant existing segregated application policy based controls in SDN do not consider the cost of isolated application gains on parallel SDN services and resulting consequence for users having varying application usage. Therefore, attention is given to investigating techniques which may capture the user behaviour for possible integration in SDN traffic controls. To this end, profiling of user application traffic trends is identified as a technique which may offer insight into the inherent diversity in user activities and offer possible incorporation in SDN based traffic engineering. A series of subsequent user traffic profiling studies are carried out in this regard employing network flow statistics collected from residential and enterprise network environments. Utilizing machine learning techniques including the prominent unsupervised k-means cluster analysis, user generated traffic flows are cluster analysed and the derived profiles in each networking environment are benchmarked for stability before integration in SDN control solutions. In parallel, a novel flow-based traffic classifier is designed to yield high accuracy in identifying user application flows and the traffic profiling mechanism is automated. The core functions of the novel user-centric traffic engineering solution are validated by the implementation of traffic profiling based SDN network control applications in residential, data center and campus based SDN environments. A series of simulations highlighting varying traffic conditions and profile based policy controls are designed and evaluated in each network setting using the traffic profiles derived from realistic environments to demonstrate the effectiveness of the traffic management solution. The overall network performance metrics per profile show substantive gains, proportional to operator defined user profile prioritization policies despite high traffic load conditions. The proposed user-centric SDN traffic engineering framework therefore, dynamically provisions data plane resources among different user traffic classes (profiles), capturing user behaviour to define and implement network policy controls, going beyond isolated application management.

Page generated in 0.0622 seconds