Maestro: Achieving scalability and coordination in centralizaed network control plane

January 2012

Modem network control plane that supports versatile communication services (e.g. performance differentiation, access control, virtualization, etc.) is highly complex. Different control components such as routing protocols, security policy enforcers, resource allocation planners, quality of service modules, and more, are interacting with each other in the control plane to realize complicated control objectives. These different control components need to coordinate their actions, and sometimes they could even have conflicting goals which require careful handling. Furthermore, a lot of these existing components are distributed protocols running on large number of network devices. Because protocol state is distributed in the network, it is very difficult to tightly coordinate the actions of these distributed control components, thus inconsistent control actions could create serious problems in the network. As a result, such complexity makes it really difficult to ensure the optimality and consistency among all different components. Trying to address the complexity problem in the network control plane, researchers have proposed different approaches, and among these the centralized control plane architecture has become widely accepted as a key to solve the problem. By centralizing the control functionality into a single management station, we can minimize the state distributed in the network, thus have better control over the consistency of such state. However, the centralized architecture has fundamental limitations. First, the centralized architecture is more difficult to scale up to large network size or high requests rate. In addition, it is equally important to fairly service requests and maintain low request-handling latency, while at the same time having highly scalable throughput. Second, the centralized routing control is neither as responsive nor as robust to failures as distributed routing protocols. In order to enhance the responsiveness and robustness, one approach is to achieve the coordination between the centralized control plane and distributed routing protocols. In this thesis, we develop a centralized network control system, called Maestro, to solve the fundamental limitations of centralized network control plane. First we use Maestro as the central controller for a flow-based routing network, in which large number of requests are being sent to the controller at very high rate for processing. Such a network requires the central controller to be extremely scalable. Using Maestro, we systematically explore and study multiple design choices to optimally utilize modern multi-core processors, to fairly distribute computation resource, and to efficiently amortize unavoidable overhead. We show a Maestro design based on the abstraction that each individual thread services switches in a round-robin manner, can achieve excellent throughput scalability while maintaining far superior and near optimal max-min fairness. At the same time, low latency even at high throughput is achieved by Maestro's workload-adaptive request batching. Second, we use Maestro to achieve the coordination between centralized controls and distributed routing protocols in a network, to realize a hybrid control plane framework which is more responsive and robust than a pure centralized control plane, and more globally optimized and consistent than a pure distributed control plane. Effectively we get the advantages of both the centralized and the distributed solutions. Through experimental evaluations, we show that such coordination between the centralized controls and distributed routing protocols can improve the SLA compliance of the entire network.

Applied sciences

Centralizaed network control plane

Network management

Open flow

Performance optimization

Computer science

A influencia do diametro representativo do material do leito nas formulas de calculo do transporte de sedimentos em escoamentos com superficie livre / The influence of representative diameter of the bed material load in the formulae for calculating the sediment transport in free surface flows

Paiva, Luiz Evaristo Dias de

12 August 2018

Orientador: Evaldo Miranda Coiado / Tese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Civil, Arquitetura e Urbanismo / Made available in DSpace on 2018-08-12T09:09:22Z (GMT). No. of bitstreams: 1 Paiva_LuizEvaristoDiasde_D.pdf: 35394414 bytes, checksum: 213e131fa220c1a9965c1c327156d87f (MD5) Previous issue date: 2007 / Resumo: Nesta tese apresenta-se uma alternativa à definição do diâmetro de cículo a ser usado nas equações de estimativa da descarga de sedimentos na camada do leito, em escoamento com superfície livre. Foram empregadas quatorze equações de estimativa da descarga de sedimentos, a partir das quais foram determinados os diâmetros que poderiam ser empregados em substituição áqueles definidos pelos respectivos autores das equações. Para o desenvolvimento deste trabalho, foram empregados dados coletados no Rio Atibaia em Sousas, no município de Campinas (SP). No decorrer dos estudos, verificou-se que a vazão e a declividade da linha de água foram as variáveis mais significativas na definição do diâmetro. Para validar a alternativa à definição do diâmetro de círculo a ser usado nas equações de estimativa da descarga de sedimentos na camada do leito, foram utilizados dados de dois outros rios, de porte menor e maior que o rio Atibaia. Para os dois rios, a aplicação da metodologia produziu resultados mais satisfatários, se comparados àqueles obtidos pelos métodos na sua forma original. A aplicaçã da metodologia proposta nesta tese apresenta; além de ter demonstrado reduções nas diferenças percentuais relativas entre os valores das descargas calculadas e medidas, a vantagem de poder ser empregada para cursos de água com granulometria uniforme ou não e dispensa o levantamento de dados granulométricos. / Abstract: This thesis presents an alternative proposal to evaluate the sediment size to be used in the methods to estimate its discharge from bedload when occurring under open flow water. Fourteen different equations were employed in this work. From this equations different diameters were obtained that could replace respectively those suggested for each equation. Also, in order to undetake this work, data were collected from Atibaia River, Campinas-SP. Analises of these data showed that the discharge and slope of free surface of water were the most important variable to define de sediment dimension. To validate the alternative proposal to the calculated diameter, dates were used of the two other rivers one smaller and the other larger than Atibaia. Metodology apllied to those data produced sactisfactory results compared with the original methodology. The proposed methodology applied during this studies, besides having demonstrated decreased relative differences between calculated discharges and the measured ones also showed that it can be used in rivers whit uniform or non uniform grain sizes eliminating the necessity of collecting granulometric data. / Doutorado / Recursos Hidricos / Doutor em Engenharia Civil

Transporte de sedimento

Sedimentação e depositos

Discharge

Bedload

Sediment dimension

Open flow water

Neural Network-Based Crossfire Attack Detection in SDN-Enabled Cellular Networks

Perry, Nicholas

13 July 2023

No description available.

Computer Science

crossfire attack

DoS

cybersecurity

SDN

mininet

ryu

open flow

networking

attack

Performance evaluation of security mechanisms in Cloud Networks

Kannan, Anand

January 2012

Infrastructure as a Service (IaaS) is a cloud service provisioning model which largely focuses on data centre provisioning of computing and storage facilities. The networking aspects of IaaS beyond the data centre are a limiting factor preventing communication services that are sensitive to network characteristics from adopting this approach. Cloud networking is a new technology which integrates network provisioning with the existing cloud service provisioning models thereby completing the cloud computing picture by addressing the networking aspects. In cloud networking, shared network resources are virtualized, and provisioned to customers and end-users on-demand in an elastic fashion. This technology allows various kinds of optimization, e.g., reducing latency and network load. Further, this allows service providers to provision network performance guarantees as a part of their service offering. However, this new approach introduces new security challenges. Many of these security challenges are addressed in the CloNe security architecture. This thesis presents a set of potential techniques for securing different resource in a cloud network environment which are not addressed in the existing CloNe security architecture. The thesis begins with a holistic view of the Cloud networking, as described in the Scalable and Adaptive Internet Solutions (SAIL) project, along with its proposed architecture and security goals. This is followed by an overview of the problems that need to be solved and some of the different methods that can be applied to solve parts of the overall problem, specifically a comprehensive, tightly integrated, and multi-level security architecture, a key management algorithm to support the access control mechanism, and an intrusion detection mechanism. For each method or set of methods, the respective state of the art is presented. Additionally, experiments to understand the performance of these mechanisms are evaluated on a simple cloud network test bed. The proposed key management scheme uses a hierarchical key management approach that provides fast and secure key update when member join and member leave operations are carried out. Experiments show that the proposed key management scheme enhances the security and increases the availability and integrity. A newly proposed genetic algorithm based feature selection technique has been employed for effective feature selection. Fuzzy SVM has been used on the data set for effective classification. Experiments have shown that the proposed genetic based feature selection algorithm reduces the number of features and hence decreases the classification time, while improving detection accuracy of the fuzzy SVM classifier by minimizing the conflicting rules that may confuse the classifier. The main advantages of this intrusion detection system are the reduction in false positives and increased security. / Infrastructure as a Service (IaaS) är en Cloudtjänstmodell som huvudsakligen är inriktat på att tillhandahålla ett datacenter för behandling och lagring av data. Nätverksaspekterna av en cloudbaserad infrastruktur som en tjänst utanför datacentret utgör en begränsande faktor som förhindrar känsliga kommunikationstjänster från att anamma denna teknik. Cloudnätverk är en ny teknik som integrerar nätverkstillgång med befintliga cloudtjänstmodeller och därmed fullbordar föreställningen av cloud data genom att ta itu med nätverkaspekten.  I cloudnätverk virtualiseras delade nätverksresurser, de avsätts till kunder och slutanvändare vid efterfrågan på ett flexibelt sätt. Denna teknik tillåter olika typer av möjligheter, t.ex. att minska latens och belastningen på nätet. Vidare ger detta tjänsteleverantörer ett sätt att tillhandahålla garantier för nätverksprestandan som en del av deras tjänsteutbud. Men denna nya strategi introducerar nya säkerhetsutmaningar, exempelvis VM migration genom offentligt nätverk. Många av dessa säkerhetsutmaningar behandlas i CloNe’s Security Architecture. Denna rapport presenterar en rad av potentiella tekniker för att säkra olika resurser i en cloudbaserad nätverksmiljö som inte behandlas i den redan existerande CloNe Security Architecture. Rapporten inleds med en helhetssyn på cloudbaserad nätverk som beskrivs i Scalable and Adaptive Internet Solutions (SAIL)-projektet, tillsammans med dess föreslagna arkitektur och säkerhetsmål. Detta följs av en översikt över de problem som måste lösas och några av de olika metoder som kan tillämpas för att lösa delar av det övergripande problemet. Speciellt behandlas en omfattande och tätt integrerad multi-säkerhetsarkitektur, en nyckelhanteringsalgoritm som stödjer mekanismens åtkomstkontroll och en mekanism för intrångsdetektering. För varje metod eller för varje uppsättning av metoder, presenteras ståndpunkten för respektive teknik. Dessutom har experimenten för att förstå prestandan av dessa mekanismer utvärderats på testbädd av ett enkelt cloudnätverk. Den föreslagna nyckelhantering system använder en hierarkisk nyckelhantering strategi som ger snabb och säker viktig uppdatering när medlemmar ansluta sig till och medlemmarna lämnar utförs. Försöksresultat visar att den föreslagna nyckelhantering system ökar säkerheten och ökar tillgänglighet och integritet. En nyligen föreslagna genetisk algoritm baserad funktion valet teknik har använts för effektiv funktion val. Fuzzy SVM har använts på de uppgifter som för effektiv klassificering. Försök har visat att den föreslagna genetiska baserad funktion selekteringsalgoritmen minskar antalet funktioner och därmed minskar klassificering tiden, och samtidigt förbättra upptäckt noggrannhet fuzzy SVM klassificeraren genom att minimera de motstående regler som kan förvirra klassificeraren. De främsta fördelarna med detta intrångsdetekteringssystem är den minskning av falska positiva och ökad säkerhet.

Cloud Networks

Key management

mobile agent

telco cloud

open flow

Intrusion Detection System (IDS)

Genetic Algorithm (GA)

Fuzzy Support Vector Machine (FSVM)

tenfold cross validation

Communication Systems

Kommunikationssystem