Spelling suggestions: "subject:"openfoam""
31 |
Balanceamento de carga utilizando planos de dados OpenFlow comerciaisCosta, Leonardo Chinelate 10 June 2016 (has links)
Submitted by Renata Lopes (renatasil82@gmail.com) on 2016-07-28T11:35:35Z
No. of bitstreams: 1
leonardochinelatecosta.pdf: 971542 bytes, checksum: f5371f63a0629a94b6f8569205597bb5 (MD5) / Rejected by Adriana Oliveira (adriana.oliveira@ufjf.edu.br), reason: Corrigir openflow conforme consta no resumo OpenFlow on 2016-07-28T12:15:24Z (GMT) / Submitted by Renata Lopes (renatasil82@gmail.com) on 2016-07-28T12:23:04Z
No. of bitstreams: 1
leonardochinelatecosta.pdf: 971542 bytes, checksum: f5371f63a0629a94b6f8569205597bb5 (MD5) / Approved for entry into archive by Adriana Oliveira (adriana.oliveira@ufjf.edu.br) on 2016-07-28T12:26:34Z (GMT) No. of bitstreams: 1
leonardochinelatecosta.pdf: 971542 bytes, checksum: f5371f63a0629a94b6f8569205597bb5 (MD5) / Made available in DSpace on 2016-07-28T12:26:34Z (GMT). No. of bitstreams: 1
leonardochinelatecosta.pdf: 971542 bytes, checksum: f5371f63a0629a94b6f8569205597bb5 (MD5)
Previous issue date: 2016-06-10 / O paradigmade Redes Definidas por Software (SDN) vem mudando a forma como gerenciar e operar redes de computadores através da sua principal ideia, a separação dos planos de dados e de controle. O protocolo OpenFlow implementa este conceito e,devido às vantagens de menor custo de operação e maior facilidade de adaptação a projetos de comutadores já existentes, é encontrado hoje em diversos equipamentos de rede comercializados por muitas empresas. Com o uso do paradigma SDN e do protocolo OpenFlow, a inovação e a evolução da rede são facilitadas. Dessa forma, muitos serviços típicos de rede podem ser repensados, de forma a torná-los mais flexíveis. Um desses serviços é o balanceamento de carga. Neste trabalho é realizado um estudo sobre a viabilidade de se implementar um balanceador de carga OpenFlow em uma rede SDN real, considerando as restrições existentes nos equipamentos OpenFlow comerciais atuais. Para isso, foi proposto um modelo de balanceamento de carga em SDN que leva em consideração diferentes perfis de carga mais realistas e que é baseado na utilização de diferentes políticas para a realização do balanceamento. Contudo, antes de reproduzir esse cenário em um ambiente real, foi realizada uma avaliação de desempenho de alguns planos de dados OpenFlow a fim de se verificar se as implementações OpenFlow atuais são capazes de suportar o balanceamento de carga ou outros serviços e uma rede de produção. Foi avaliada a qualidade de diferentes implementações OpenFlow de hardware switches comerciais e de implementações open source de software switches, através de métricas de desempenho em operações típicas de um switch OpenFlow. Os resultados mostram que as implementações OpenFlow dos hardware switches avaliados ainda não atingiram um nível de maturidade suficiente para serem utilizadas em larga escala. Apesar de desempenhos similares entre os modos OpenFlow e legacy na maioria dos casos, as implementações OpenFlow em hardware apresentaram problemas como implementações incompletas do padrão, baixo número de regras suportadas, funcionamento instável para tabelas de fluxo cheias e problemas no processamento de múltiplos comandos. / Software Defined Networks paradigm (SDN) is changing the way how we manage and operate computer networks by its main idea, the decoupling of data and control planes. OpenFlow protocol implements this concept and, due to the advantages of lower operating expenditures and greater ease of adaptation to existing switches projects, it is found today in various network equipment sold by many companies. Using SDN paradigm and OpenFlow protocol, network innovation and evolution are facilitated. Thus, many typical network services can be rethought in order to make them more flexible. An example of such services is load balancing. This work is a study about the feasibility of implementing an OpenFlow load balancer in a real SDN network, considering the restrictions in current commercial OpenFlow equipment. For this, we propose a SDN load balancing which considersdifferentmorerealisticworkloadprofilesandisbasedonusingdifferentpoliciesfor performing the balancing. However, before reproducing this scenario in a real environment, a performance evaluation of some OpenFlow data planes was conducted in order to verify that the current OpenFlow implementations are able to support load balancing or other services in production networks. The quality of different commercial OpenFlow hardware switch implementations and open source software switch implementations was evaluated, using performance metrics in typical operations of an OpenFlow switch. The results show that OpenFlow implementations of the evaluated hardware switches have not yet reached a sufficient level of maturity to be used on a large scale. Despite similar performances between OpenFlow and legacy modes in most cases, OpenFlow hardware implementations have presented problems such as standard incomplete implementations, low number of supported rules, unstable operation for full flow tables and problems in processing multiple commands
|
32 |
Policy-driven autonomic cyberdefense using software-defined networking / Cyberdefense autonome pilotée par règles à l'aide d'un réseau défini par logicielSahay, Rishikesh 14 November 2017 (has links)
Les attaques cybernétiques causent une perte importante non seulement pour les utilisateurs finaux, mais aussi pour les fournisseurs de services Internet (FAI). Récemment, les clients des FAI ont été la cible numéro un de cyber-attaques telles que les attaques par déni de service distribué (DDoS). Ces attaques sont favorisées par la disponibilité généralisée outils pour lancer les attaques. Il y a donc un besoin crucial de contrer ces attaques par des mécanismes de défense efficaces. Les chercheurs ont consacré d’énormes efforts à la protection du réseau contre les cyber-attaques. Les méthodes de défense contiennent d’abord un processus de détection, complété par l’atténuation. Le manque d’automatisation dans tout le cycle de détection à l’atténuation augmente les dégâts causés par les cyber-attaques. Cela provoque des configurations manuelles de périphériques l’administrateur pour atténuer les attaques affectent la disponibilité du réseau. Par conséquent, il est nécessaire de compléter la boucle de sécurité avec un mécanisme efficace pour automatiser l’atténuation. Dans cette thèse, nous proposons un cadre d’atténuation autonome pour atténuer les attaques réseau qui visent les ressources du réseau, comme par les attaques exemple DDoS. Notre cadre fournit une atténuation collaborative entre le FAI et ses clients. Nous utilisons la technologie SDN (Software-Defined Networking) pour déployer le cadre d’atténuation. Le but de notre cadre peut se résumer comme suit : d’abord, les clients détectent les attaques et partagent les informations sur les menaces avec son fournisseur de services Internet pour effectuer l’atténuation à la demande. Nous développons davantage le système pour améliorer l’aspect gestion du cadre au niveau l’ISP. Ce système effectue l’extraction d’alertes, l’adaptation et les configurations d’appareils. Nous développons un langage de politique pour définir la politique de haut niveau qui se traduit par des règles OpenFlow. Enfin, nous montrons l’applicabilité du cadre par la simulation ainsi que la validation des tests. Nous avons évalué différentes métriques QoS et QoE (qualité de l’expérience utilisateur) dans les réseaux SDN. L’application du cadre démontre son efficacité non seulement en atténuant les attaques pour la victime, mais aussi en réduisant les dommages causés au trafic autres clients du FAI / Cyber attacks cause significant loss not only to end-users, but also Internet Service Providers (ISP). Recently, customers of the ISP have been the number one target of the cyber attacks such as Distributed Denial of Service attacks (DDoS). These attacks are encouraged by the widespread availability of tools to launch the attacks. So, there is a crucial need to counter these attacks (DDoS, botnet attacks, etc.) by effective defense mechanisms. Researchers have devoted huge efforts on protecting the network from cyber attacks. Defense methodologies first contains a detection process, completed by mitigation. Lack of automation in the whole cycle of detection to mitigation increase the damage caused by cyber attacks. It requires manual configurations of devices by the administrator to mitigate the attacks which cause the network downtime. Therefore, it is necessary to close the security loop with an efficient mechanism to automate the mitigation process. In this thesis, we propose an autonomic mitigation framework to mitigate attacks that target the network resources. Our framework provides a collaborative mitigation strategy between the ISP and its customers. The implementation relies on Software-Defined Networking (SDN) technology to deploy the mitigation framework. The contribution of our framework can be summarized as follows: first the customers detect the attacks and share the threat information with its ISP to perform the on-demand mitigation. We further develop the system to improve the management aspect of the framework at the ISP side. This system performs the alert extraction, adaptation and device configurations. We develop a policy language to define the high level policy which is translated into OpenFlow rules. Finally, we show the applicability of the framework through simulation as well as testbed validation. We evaluate different QoS and QoE (quality of user experience) metrics in SDN networks. The application of the framework demonstrates its effectiveness in not only mitigating attacks for the victim, but also reducing the damage caused to traffic of other customers of the ISP
|
33 |
Aplicação de redes definidas por software no processo de gerenciamento de energia nos switches de rede OpenFlow / Software-defined networking application in the energy management process in OpenFlow network switchesPrete, Ligia Rodrigues [UNESP] 13 December 2016 (has links)
Submitted by LÍGIA RODRIGUES PRETE (ligiaprete@gmail.com) on 2017-02-09T18:51:10Z
No. of bitstreams: 1
ligia_rodrigues_prete.pdf: 7338300 bytes, checksum: 749589aef86e7cc89e556975ee3c0763 (MD5) / Approved for entry into archive by LUIZA DE MENEZES ROMANETTO (luizamenezes@reitoria.unesp.br) on 2017-02-14T17:42:37Z (GMT) No. of bitstreams: 1
prete_lr_dr_ilha.pdf: 7338300 bytes, checksum: 749589aef86e7cc89e556975ee3c0763 (MD5) / Made available in DSpace on 2017-02-14T17:42:37Z (GMT). No. of bitstreams: 1
prete_lr_dr_ilha.pdf: 7338300 bytes, checksum: 749589aef86e7cc89e556975ee3c0763 (MD5)
Previous issue date: 2016-12-13 / O consumo de energia no setor de Tecnologia da Informação e Comunicação (TIC) tem crescido exponencialmente nos últimos anos, em virtude da quantidade crescente de equipamentos para armazenamento e processamento de dados. O paradigma de Redes Definidas por Software (do inglês, Software-Defined Networking - SDN) e a arquitetura OpenFlow estão permitindo uma nova gama de aplicações e serviços para redes. A presente tese apresenta um estudo que aplica tecnologias SDN em um ambiente virtualizado com a federação GENI (Global Environment for Network Innovation). Neste trabalho foi desenvolvido um módulo no controlador Floodlight intitulado como Módulo Economia de Energia que emprega um algoritmo denominado MiNet (Mínima Rede) para a construção da Árvore de Extensão Mínima (do inglês, Minimum Spanning Tree - MST) sobre os componentes de comutação em redes. Este estudo apresenta três simulações em duas topologias de rede Fat Tree, sendo, uma com dez (FatTree10) e outra com vinte switches (FatTree20). Na primeira simulação foi realizada sem o módulo com a configuração padrão do controlador Floodlight para servir de comparação com os resultados de desempenho obtidos nas outras duas simulações. Já a segunda, com o Módulo Economia de Energia incluído no controlador, foi avaliada quanto aos custos iniciais nas ligações entre os switches. Na terceira, os custos nas ligações dos switches foram alterados para evidenciar que o Módulo Economia de Energia é capaz de recalcular uma nova Árvore de Extensão Mínima sobre os custos fornecidos e assim adaptar-se à rede para uma nova situação de atualização. Por meio de simulações realizadas, considerando somente as ligações entre os switches, sendo, quarenta portas Ethernet para a topologia menor e oitenta portas Ethernet para a topologia ampla, de acordo com os resultados alcançados, o módulo incorporado no Floodlight reduziu o consumo de energia final em 35% para a topologia FatTree10 e 32,5% na topologia FatTree20. / Energy consumption in the Information and Communication Technology (ICT) sector has grown exponentially recently, due to the increasing amount of equipment for data storage and processing. The paradigm of Software-Defined Networking (SDN) and OpenFlow architecture are enabling a new range of applications and services for networks. This thesis presents a study that applies SDN technologies in a virtualized environment with the GENI federation (Global Environment for Network Innovation). This paper developed a module in Floodlight controller titled Energy Saving Module employing an algorithm called MiNet (Minimum Network) for the construction of the Minimum Spanning Tree (MST) on the switching components in networks. This study presents three simulations in two network topologies Fat Tree, as it follows, a ten one (FatTree10) and another with twenty switches (FatTree20). In the first simulation, it was performed without the module with the default configuration of Floodlight controller to serve as a comparison with the performance results in the other two simulations. The second, with Module Energy Saver included in the controller, it evaluated the initial costs on the links between switches. In the third, the costs in the connections of the switches were changed to high light that the Energy Savings Module is able to recalculate a new Minimum Spanning Tree on the provided costs and thus adapt the network to a new update situation. Through the performed simulations, considering only the links between switches, as it is, forty Ethernet ports for smaller topology and eighty Ethernet ports for wide topology, according to the achieved results, the embedded module Floodlight reduced the final energy consumption to 35% FatTree10 topology and 32.5% FatTree20 topology.
|
34 |
ASSESSMENT OF DISAGGREGATING THE SDN CONTROL PLANEAdib Rastegarnia (7879706) 20 November 2019 (has links)
Current SDN controllers have been designed based on a monolithic approach that integrates all of services and applications into one single, huge program. The monolithic design of SDN controllers restricts programmers who build management applications to specific programming interfaces and services that a given SDN controller provides, making application development dependent on the controller, and thereby restricting portability of management applications across controllers. Furthermore, the monolithic approach means an SDN controller must be recompiled whenever a change is made, and does not provide an easy way to add new functionality or scale to handle large networks. To overcome the weaknesses inherent in the monolithic approach, the next generation of SDN controllers must use a distributed, microservice architecture that disaggregates the control plane by dividing the monolithic controller into a set of cooperative microservices. Disaggregation allows a programmer to choose a programming language that is appropriate for each microservice. In this dissertation, we describe steps taken towards disaggregating the SDN control plane, consider potential ways to achieve the goal, and discuss the advantages and disadvantages of each. We propose a distributed architecture that disaggregates controller software into a small controller core and a set of cooperative microservices. In addition, we present a software defined network programming framework called Umbrella that provides a set of abstractions that programmers can use for writing of SDN management applications independent of NB APIs that SDN controllers provide. Finally, we present an intent-based network programming framework called OSDF to provide a high-level policy based API for programming of network devices using SDN. <br>
|
35 |
Architectures and Algorithms for Future Wireless Local Area NetworksDely, Peter January 2012 (has links)
Future Wireless Local Area Networks (WLANs) with high carrier frequencies and wide channels need a dense deployment of Access Points (APs) to provide good performance. In densely deployed WLANs associations of stations and handovers need to be managed more intelligently than today. This dissertation studies when and how a station should perform a handover and to which AP from a theoretical and a practical perspective. We formulate and solve optimization problems that allow to compute the optimal AP for each station in normal WLANs and WLANs connected via a wireless mesh backhaul. Moreover, we propose to use software defined networks and the OpenFlow protocol to optimize station associations, handovers and traffic rates. Furthermore, we develop new mechanisms to estimate the quality of a link between a station and an AP. Those mechanisms allow optimization algorithms to make better decisions about when to initiate a handover. Since handovers in today’s WLANs are slow and may disturb real-time applications such as video streaming, a faster procedure is developed in this thesis. Evaluation results from wireless testbeds and network simulations show that our architectures and algorithms significantly increase the performance of WLANs, while they are backward compatible at the same time.
|
36 |
SDN OpenFlow Switch上效能評測 / Performance Evaluation of SDN OpenFlow Switch蔡明志, Tsai, Ming Chih Unknown Date (has links)
SDN軟體定義網路,是一種新的以軟體為基礎的網路架構及技術。最大的特點為將傳統二、三層網路設備的控制功能與設備本身數據轉發功能進行分離。由於分離後的控制功能集中統一管理,且其具有軟體設計的靈活性,因此,網路管理人員對底層設備的資源控制變得更加容易,進而大大提升網路自動化管理能力,並有效解決目前網路系統所面臨的如網路拓樸的靈活性差,規模擴充受限等問題。
近年來隨著寬頻上網,物聯網,雲端計算,移動裝置等新技術及新業務的快速發展,在愈來愈多各種型態連網裝置快速增加的情況下,同時也使人們對IP位址的需求日增。然而目前IPv4卻無法針對此需求,提供一個相對大量的位址,也因此對於IPv4到IPv6網路的升級有其迫切性與必要性。IPv4過渡到IPv6網路目前提出的方法有三種:Dual Stack、Tunneling以及Translation。Tunneling及Translation皆有其效能上的瓶頸,為過渡期間的應用技術。目前主要推動的技術為Dual Stack,在Dual Stack模式下,可以由IPv4網路逐步演進成IPv4與IPv6共存互通,最後再形成以IPv6為主的網路。現階段愈來愈多的IPv6設備與節點,為順利的連接舊的IPv4與新的IPv6網路,藉由具有Dual Stack能力的SDN交換機網路設備,將是個有效的解決方案,也將使得IPv6網路的管理及升級更具有彈性。SDN、IPv6為現今幾個熱門的研究議題,看似不同領域的電腦相關技術,然而若使上述幾種技術相互連結使用,將使得未來之網路環境更具備可擴充性、可管理性、靈活性與敏捷性。
為了解SDN交換機上的效能,本論文提出一個測試平台架構。利用Linux系統做為待測網路設備,並在待測網路設備上模擬Bridge、Router、Open vSwitch SDN交換機等不同環境。測試端為Linux系統,並使用Iperf測試軟體,透過對待測網路設備不同模擬環境下發送不同大小的封包做效能測試。實驗中同時也量測IPv4網路協定,以作為和傳統網路效能的比較。另外,也量測了SDN交換機同時在IPv4及IPv6雙協定的負載下,和單獨的IPv4協定或IPv6協定做效能上的差異比較。最後,也模擬同時在多主機下對待測網路設備進行封包的發送與接收,以測試SDN交換機在多主機下的負載狀況。
經由測量的數據分析,IPv6在Open vSwitch SDN交換機上運行效能幾乎等同於傳統的IPv4,也驗證IPv6在交換機上的可行性。此外,當SDN交換機同時運行在IPv4和IPv6雙協定環境下,在整體效能的表現上和單獨運行單協定相比幾近相同,也證明SDN交換機同時運行在雙協定下的可行性。由多主機負載的實驗數據分析,在以UDP協定做資料傳送時,愈多的主機因為資源的競爭問題愈大外,間接也會造成愈多packet loss。並且對較大的封包,packet loss的問題也愈嚴重,但相對來看,在以TCP協定做資料傳送時,total throughput的瓶頸則決定於網路卡的效能,即效能愈好的網路卡,愈能提升多主機環境下的total throughput。 / Software Defined Network (SDN) is a new software-based network architecture and technique. The main characteristic is to separate the control functions and the data forwarding functions of the traditional layer 2 or layer 3 network devices. Since the separated control functions can be centralized management with software design flexibility, thus network managers can control the underlying resource device easier, which greatly enhances the ability to automate network management as well as effectively resolves the problems confronted by conventional network system, such as lack of network topology flexibility, limited network scalability.
In recent decades, along with broadband Internet access, Internet of Things, cloud computing, the rapid development of new technologies and the rapid increase of network devices, it has increased the demand for IP address to a great extent. While IPv4 can not meet the current demand to offer a relatively large number of addresses and thus it is urgent and essential to upgrade IPv4 to IPv6 network. Transition from IPv4 to IPv6 network currently is proposed in these three ways which respectively named Dual Stack, Tunneling, and Translation. Tunneling and Translation have their performance bottlenecks and only Dual Stack mode can be gradually evolved from IPv4 to IPv4 and IPv6 coexistence network, eventually toward the IPv6-based network. There are increasing numbers of IPv6 devices and nodes with the aim to connect IPv4 network to IPv6 network, through SDN switch with Dual Stack network which would be an effective solution. It makes the IPv6 network management and maintenance more flexible. IPv6 and SDN are two hot researching issues currently. If they can be linked with each other, it will be more scalable and flexible for the network environment in the future.
In order to understand the effectiveness of the SDN switch, this paper presents a test platform architecture. Using Linux systems as a Device under Testing, we simulate Bridge, Router, Open vSwitch SDN switch network equipment on it. Test end is Linux system, and Iperf serves as a test software. Through simulation of the Device under Testing in different scenarios, we have performed many tests on different sizes of packets. The experiment also measures IPv4 network protocol and compares with traditional network. In order to compare with the performance of separate IPv4 or IPv6 protocol, the loading of SDN switch running both of IPv4 and IPv6 dual protocol is measured. Finally, simulation on multi-host is tested under Device under Testing in sending and receiving packet which is to test SDN switch under a multi-host loading conditions.
Through the analysis of the measured data, the performance of IPv6 running on the Open Switch SDN switch is equivalent to that of the traditional IPv4. It also proves the feasibility and efficiency of IPv6 on the switch. In addition, when SDN switch running in IPv4 and IPv6 Dual Stack mode simultaneously, the overall performance is almost exactly the same as single IPv4 or IPv6 protocol, which proves the feasibility of SDN switch in Dual Stack mode. Based on the analysis of multiple-host loading, UDP protocols were used during data transfer. Apart from multi-hosts with more competition for resourcing issue, a packet loss will be aroused indirectly. We observed that larger packets can cause more packet loss. However, with TCP protocols during data transfer, total throughput bottleneck is determined by the effectiveness of the network card. Therefore, the better the effectiveness of the network card is, the higher total throughput can be provided in multi-host environment.
|
37 |
Centralizovaná správa aktivních prvků s využitím Software Defined Networking (SDN) a technologie OpenFlow, včetně zobrazení grafické topologieTŮMA, Jan January 2016 (has links)
The aim of this master thesis is to create a web-based graphical user interface which communicates with a Software Defined Controller and the OpenFlow protocol to provide a basic network management and a topology graph, then to describe main aspects of the OpenFlow technology and to optimalize the chosen SDN Controller for full support in a multi-vendor enviroment.
|
38 |
Avoiding control plane partition in software defined networks through cellular networks : assessin opportunities and linitattions / Evitando a partição do plano de controle de redes definidas por software através de redes celulares : avaliando a oportunidade e limitaçõesPetry, Tobias Brignol January 2015 (has links)
Redes Definidas por Software ajudam a simplificar a programabilidade da rede ao desacoplar o plano de controle dos dispositivos de encaminhamento, e implementá-lo em um controlador logicamente centralizado. Apesar de permitir uma separação de conceitos mais clara, essa característica cria também uma relação de dependência entre controlador e dispositivos. Falhas no plano de controle prejudicam a visibilidade do estado da rede no controlador e podem tornar a rede inutilizável caso os dispositivos de encaminhamento sejam isolados. A relevância deste problema motivou uma série de propostas, incluindo a distribuição física de instâncias de controle e a delegação de tarefas aos dispositivos de encaminhamento. Esta dissertação contém a proposta e a avaliação de uma arquitetura que usa redes celulares de dados (4G) como enlaces reservas para o plano de controle. Nenhum trabalho anterior explorou esta ideia, apesar da pesquisa recente envolvendo Redes Definidas por Software e redes sem fio. A avaliação experimental permite uma melhor compreensão ao responder três perguntas: (i) Como o comportamento do tráfego do plano de controle é afetado pelas características de enlaces celulares, (ii) quão rapidamente o plano de controle é migrado para o enlace reserva quando uma falha ocorre e (iii) como funções de rede que dependem do estado da rede em um instante se comportam em tal arquitetura. Apesar da já esperada maior latência dos enlaces celulares, esta arquitetura mantém o funcionamento parcial de tarefas que dependem de visão global da rede quando falhas ocorrem nos enlaces primários, de maneira simples e com custo acessível. O grau de manutenção de tais tarefas é diretamente relacionado com sua dependência da rapidez de reação do plano de controle a eventos de rede. O principal benefício de prevenir a partição do plano de controle é a manutenção de uma visão global consistente da rede. / Software Defined Networks simplify network programmability by detaching the control plane from forwarding devices and deploying it into a logically centralized controller. While this allows a clearer separation of concerns, it also creates a dependency between them. Failures in the control plane break the controller view of the network state and could render the network unusable if forwarding devices cannot be reached. The relevance of this problem has led to a range of proposals, including physical distribution of controller instances and delegation of concerns to forwarding devices. This dissertation features the proposal and evaluation of an architecture that leverages cellular data networks (4G) as control plane backup links. No previous work has explored this idea, despite the recent research intersecting SDN and wireless networks. The experimental evaluation provides insights towards answering three research questions: (i) How is the behavior of control plane traffic affected by the characteristics of cellular links, (ii) how quickly is the control plane handed over to the backup link when a failure occurs and (iii) how well do network functions that rely on a snapshot of the network state behave on such an architecture. Despite the expected higher latency of cellular links, this architecture maintains partial functionality of tasks that depend on global network awareness when failures occur in primary control links in a simple, affordable fashion. The degree to which the functionality of these tasks is maintained is directly related to its dependency on the timeliness of control plane reaction to network events. The main benefit of preventing control plane partition is to maintain a consistent global view of the network.
|
39 |
An outright open source approach for simple and pragmatic internet eXchange / Une approche SDN simple et pragmatique pour les points d'échange InternetBruyère, Marc 06 July 2016 (has links)
L'Internet, le réseaux des réseaux, est indispensable à notre vie moderne et mondialisée et en tant que ressource publique il repose sur l'inter opérabilité et la confiance. Les logiciels libres et open source jouent un rôle majeur pour son développement. Les points d'échange Internet (IXP) où tous les opérateurs de type et de taille différents peuvent s'échanger du trafic sont essentiels en tant que lieux d'échange neutres et indépendants. Le service fondamental offert par un IXP est une fabrique de commutation de niveau 2 partagée. Aujourd'hui les IXP sont obligés d'utiliser des technologies propriétaires pour leur fabrique de commutations. Bien qu'une fabrique de commutations de niveau 2 se doit d'être une fonctionnalité de base, les solutions actuelles ne répondent pas correctement aux exigences des IXPs. Cette situation est principalement dûe au fait que les plans de contrôle et de données sont intriqués sans possibilités de programmer finement le plan de commutation. Avant toute mise en œuvre, il est primordial de tester chaque équipement afin de vérifier qu'il répond aux attentes mais les solutions de tests permettant de valider les équipements réseaux sont toutes non open source, commerciales et ne répondent pas aux besoins techniques d'indépendance et de neutralité. Le "Software Defined Networking" (SDN), nouveau paradigme découplant les plans de contrôle et de données utilise le protocole OpenFlow qui permet de programmer le plan de commutation Ethernet haute performance. Contrairement à tous les projets de recherches qui centralisent la totalité du plan de contrôle au dessus d'OpenFlow, altérant la stabilité des échanges, nous proposons d'utiliser OpenFlow pour gérer le plan de contrôle spécifique à la fabrique de commutation. L'objectif principal de cette thèse est de proposer "Umbrella", fabrique de commutation simple et pragmatique répondant à toutes les exigences des IXPs et en premier lieu à la garantie d'indépendance et de neutralité des échanges. Dans la première partie, nous présentons l'architecture "Umbrella" en détail avec l'ensemble des tests et validations démontrant la claire séparation du plan de contrôle et du plan de données pour augmenter la robustesse, la flexibilité et la fiabilité des IXPs. Pour une exigence d'autonomie des tests nécessaires pour les IXPs permettant l'examen de la mise en œuvre d'Umbrella et sa validation, nous avons développé l'"Open Source Network Tester" (OSNT), un système entièrement open source "hardware" de génération et de capture de trafic. OSNT est le socle pour l"OpenFLow Operations Per Second Turbo" (OFLOPS Turbo), la plate-forme d'évaluation de commutation OpenFlow. Le dernier chapitre présente le déploiement de l'architecture "Umbrella" en production sur un point d'échange régional. Les outils de test que nous avons développés ont été utilisés pour vérifier les équipements déployés en production. Ce point d'échange, stable depuis maintenant un an, est entièrement géré et contrôlé par une seule application Web remplaçant tous les systèmes complexes et propriétaires de gestion utilisés précédemment. / In almost everything we do, we use the Internet. The Internet is indispensable for our today's lifestyle and to our globalized financial economy. The global Internet traffic is growing exponentially. IXPs are the heart of Internet. They are highly valuable for the Internet as neutral exchange places where all type and size of autonomous systems can "peer" together. The IXPs traffic explode. The 2013 global Internet traffic is equivalent with the largest european IXP today. The fundamental service offer by IXP is a shared layer2 switching fabric. Although it seems a basic functionality, today solutions never address their basic requirements properly. Today networks solutions are inflexible as proprietary closed implementation of a distributed control plane tight together with the data plane. Actual network functions are unmanageable and have no flexibility. We can understand how IXPs operators are desperate reading the EURO-IX "whishlist" of the requirements who need to be implemented in core Ethernet switching equipments. The network vendor solutions for IXPs based on MPLS are imperfect readjustment. SDN is an emerging paradigm decoupling the control and data planes, on opening high performance forwarding plane with OpenFlow. The aims of this thesis is to propose an IXP pragmatic Openflow switching fabric, addressing the critical requirements and bringing more flexibility. Transparency is better for neutrality. IXPs needs a straightforward more transparent layer2 fabric where IXP participants can exchange independently their traffic. Few SDN solutions have been presented already but all of them are proposing fuzzy layer2 and 3 separation. For a better stability not all control planes functions can be decoupled from the data plane. As other goal statement, networking testing tools are essential for qualifying networking equipment. Most of them are software based and enable to perform at high speed with accuracy. Moreover network hardware monitoring and testing being critical for computer networks, current solutions are both extremely expensive and inflexible. The experience in deploying Openflow in production networks has highlight so far significant limitations in the support of the protocol by hardware switches. We presents Umbrella, a new SDN-enabled IXP fabric architecture, that aims at strengthening the separation of control and data plane to increase both robustness, flexibility and reliability of the exchange. Umbrella abolish broadcasting with a pseudo wire and segment routing approach. We demonstrated for an IXP fabric not all the control plane can be decoupled from the date plane. We demonstrate Umbrella can scale and recycle legacy non OpenFlow core switch to reduce migration cost. Into the testing tools lacuna we launch the Open Source Network Tester (OSNT), a fully open-source traffic generator and capture system. Additionally, our approach has demonstrated lower-cost than comparable commercial systems while achieving comparable levels of precision and accuracy; all within an open-source framework extensible with new features to support new applications, while permitting validation and review of the implementation. And we presents the integration of OpenFLow Operations Per Second (OFLOPS), an OpenFlow switch evaluation platform, with the OSNT platform, a hardware-accelerated traffic generation and capturing platform. What is better justification than a real deployment ? We demonstrated the real flexibility and benefit of the Umbrella architecture persuading ten Internet Operators to migrate the entire Toulouse IXP. The hardware testing tools we have developed have been used to qualify the hardware who have been deployed in production. The TouIX is running stable from a year. It is fully managed and monitored through a single web application removing all the legacy complex management systems.
|
40 |
OpenFlow-enabled dynamic DMZ for local networksWu, Haotian January 1900 (has links)
Doctor of Philosophy / Department of Electrical and Computer Engineering / Don M. Gruenbacher / Caterina M. Scoglio / Cybersecurity is playing a vital role in today's network. We can use security devices, such as a deep packet inspection (DPI) device, to enhance cybersecurity. However, a DPI has a limited amount of inspection capability, which cannot catch up with the ever-increasing volume of network traffic, and that gap is getting even larger. Therefore, inspecting every single packet using DPI is impractical.
Our objective is to find a tradeoff between network security and network performance. More explicitly, we aim at maximizing the utilization of security devices, while not decreasing network throughput. We propose two prototypes to address this issue in a demilitarized zone (DMZ) architecture.
Our first prototype involves a flow-size based DMZ criterion. In a campus network elephant flows, flows with large data rate, are usually science data and they are mostly safe. Moreover, the majority of the network bandwidth is consumed by elephant flows. Therefore, we propose a DMZ prototype that we inspect elephant flows for a few seconds, and then we allow them to bypass DPI inspection, as long as they are identified as safe flows; and they can be periodically inspected to ensure they remain safe.
Our second prototype is a congestion-aware DMZ scheme. Instead of determining whether a flow is safe or not by its size, we treat all flows identically. We measure the data rates of all flows, and use a global optimization algorithm to determine which flows are allowed to safely bypass a DPI. The objective is to maximize DPI utilization.
Both prototypes are implemented using OpenFlow in this work, and extensive experiments are performed to test both prototypes' feasibility. The results attest that the two prototypes are effective in ensuring network security while not compromising network performance. A number of tools for SDN network configuring and testing are also developed.
|
Page generated in 0.2833 seconds