Spelling suggestions: "subject:"softwaredefined"" "subject:"softwaredefined""
151 |
Modelo de avaliação de redes de acesso banda larga baseadas no paradigma SDN / An evaluation model for SDN based broadband internet access networksSouza, Alexsander Silva de January 2017 (has links)
Redes definidas por software (SDN) são uma abordagem recente para o projeto e operação de redes de computadores. Este paradigma é empregado com sucesso em cenários de datacenter, no entanto redes de acesso definidas por software (SDAN) ainda são raras em operadoras de telefonia e provedores de Internet. Isso deve-se em grande parte à inexistência de uma arquitetura de referência, algo que diversos projetos tentaram suprir nos últimos anos. Independente da vertente escolhida, a opção por uma mudança tão disruptiva como o SDN precisa ser justificada. Modelos tecno-econômicos são comumente utilizados para estimar o impacto da mudança na rentabilidade da operação. O custo total de propriedade (TCO) é uma métrica utilizada para esse fim. O presente trabalho desenvolveu um modelo simplificado de comparação de arquiteturas de rede, que diferentemente dos demais, tem foco nos serviços oferecidos ao assinante e no custo de gerenciamento dos mesmos. A análise é realizada em duas dimensões. Na primeira o esforço de operar a rede é estimado através de uma análise qualitativa, de forma similar ao realizado por outros modelos. O segundo eixo é a quantidade de recursos exigida para provisionar e monitorar cada serviço. Essa estimativa é gerada através do uso de simulação de tempo discreto dos elementos e protocolos relevantes. A combinação das duas análises permite identificar as tendências de comportamento dos serviços geradas pela adoção de uma nova arquitetura de rede, e avaliar a conveniência dessa migração. O uso de simulação neste trabalho demandou a construção de modelos dos equipamentos e protocolos envolvidos. Elegeu-se o pacote NS-3 como ferramenta de simulação. Definir e implementar modelos para todos os serviços analisados poderia tornar-se tão oneroso quanto as técnicas que desejávamos suplantar, e por isso utilizou-se uma abordagem indireta. São simulados apenas os componentes essenciais, e os custos de cada serviço são inferidos a partir deles. O modelo de rede SDAN utilizado, denominado SDCN, é inspirado no SplitArchitecture, proposto pelo projeto SPARC. / Software defined networks are a novel approach to design and operation of computer networks. Although this paradigm is employed successfully in many data-centers and campus, software defined access networks (SDAN) are still in their infancy. Carriers and ISPs have not converged on a standard architecture to build their infrastructure upon, a problem many initiatives are trying to solve. Regardless of the chosen model, the option for such a disruptive change as SDN needs to be justified. Techno-economic models are commonly used to estimate the impact of a change in the operation. The Total Cost of Ownership (TCO) is a metric commonly used for this purpose. The present work developed a simplified evaluation model for network architectures, which focuses on the services offered to the subscriber and on the cost of managing them. The analysis is performed in two dimensions. In the first, the effort to operate the network is estimated through a qualitative analysis, similar to the one performed by other existing models. The second axis is the amount of resources required to provision and monitor each service. This estimation is produced through the use of discrete time simulation of selected elements and protocols. The combination of the analyzes allows us to identify the behavioral trends provoked by the adoption of a new network architecture, and to evaluate the convenience of such migration. The simulation in this work demanded models for the equipment and protocols involved. The package NS-3 was the chosen simulation tool. Defining and implementing models for all services analyzed could become as costly as the techniques we wish to overcome, so an indirect approach has been used. Only the essential components are simulated, and the costs of each service are inferred from them. The SDAN model evaluated in this work, called SDCN, is a simplification of the SplitArchitecture proposed by the SPARC project.
|
152 |
NFV-PEAR : posicionamento e encadeamento adaptativo de funções virtuais de redeMiotto, Gustavo January 2018 (has links)
O projeto de mecanismos flexíveis e eficientes para o posicionamento e encadeamento de funções virtualizadas de rede (VNFs) é essencial para o sucesso de Virtualização de Funções de Rede (Network Function Virtualization, NFV). A maioria das soluções existentes, no entanto, considera custos fixos (e imutáveis) de processamento de fluxos e de largura de banda ao posicionar as VNFs em Pontos de Presença da Rede (N-PoPs). Essa limitação torna-se crítica em redes NFV com fluxos cujos comportamentos são altamente dinâmicos e nas quais os requisitos de processamento e os recursos disponíveis nos NPoPs mudam constantemente. Para preencher essa lacuna, propõe-se o NFV-PEAR, uma plataforma para o posicionamento e encadeamento adaptativo de VNFs. O NFV-PEAR visa (re)organizar periodicamente os posicionamentos e encadeamentos de VNFs previamente determinados, objetivando-se manter um desempenho fim-a-fim aceitável mesmo durante flutuações nos custos de processamento e nos requisitos dos fluxos. Paralelamente, busca-se minimizar as mudanças na rede (por exemplo, a realocação de VNFs ou de fluxos) realizadas para cumprir esse objetivo. Os resultados obtidos, a partir de uma avaliação experimental, mostram que o NFV-PEAR tem potencial para reduzir significativamente o número de mudanças na rede necessárias para assegurar o desempenho fim-a-fim esperado para os fluxos, garantindo assim o funcionamento estável dos serviços. / The design of flexible and efficient mechanisms for proper placement and chaining of virtual network functions (VNFs) is key for the success of Network Function Virtualization (NFV). Most state-of-the-art solutions, however, consider fixed (and immutable) flow processing and bandwidth requirements when placing VNFs in the Network Points of Presence (N-PoPs). This limitation becomes critical in NFV-enabled networks having highly dynamic flow behavior, and in which flow processing requirements and available N-PoP resources change constantly. To bridge this gap, we present NFV-PEAR, a platform for adaptive VNF placement and chaining. In NFV-PEAR, network operators may periodically (re)arrange previously determined placement and chaining of VNFs, with the goal of maintaining acceptable end-to-end flow performance despite fluctuations of flow processing costs and requirements. In parallel, NFV-PEAR seeks to minimize network changes (e.g., reallocation of VNFs or network flows). The results obtained from an experimental evaluation provide evidence that NFV-PEAR has potential to deliver more stable operation of network services, while significantly reducing the number of network changes required to ensure end-to-end flow performance.
|
153 |
ARKHAM : an advanced refinement toolkit for handling service level agreements in software-defined networking / ARKHAM : um avançado conjunto de ferramentas de refinamento para manipulação de acordos de nível de serviço em redes definidas por softwareMachado, Cristian Cleder January 2015 (has links)
Redes definidas por software (Software-Defined Networking – SDN) tem como objetivo fornecer uma arquitetura mais sofisticada e precisa para gerenciar e monitorar o tráfego da rede. SDN permite centralizar parte da lógica de tomada de decisão sobre o processamento de fluxo e roteamento de pacotes em dispositivos chamados controladores. Apesar disso, o comportamento dos dispositivos de rede e suas configurações são muitas vezes escritos para situações específicas diretamente no controlador. Isto torna-se um problema quando há um aumento no número de elementos, ligações e serviços de rede, resultando numa grande quantidade de regras e uma elevada sobrecarga relacionada à configuração da rede. Como alternativa , técnicas, tais como gerenciamento baseado em políticas (Policy-Based Management – PBM) e refinamento de políticas podem ser utilizadas por operadores de alto nível para escrever Acordos de Nível de Serviço (Service Level Agreements – SLAs) em uma interface amigável, sem a necessidade de alterar o código implementado nos controladores. No entanto, o refinamento de políticas na nova área de pesquisa SDN tem sido um tema negligenciado, em parte, porque o refinamento não é um processo trivial. Ao utilizar SLAs, a sua tradução para políticas de baixo nível, por exemplo, regras para a configuração de elementos de comutação, não é simples. Se essa tradução não for realizada corretamente, os elementos do sistema podem não ser capaz de cumprir os requisitos implícitos especificados no SLA. Neste contexto, este trabalho apresenta ARKHAM: um avançado conjunto de ferramentas de refinamento para manipulação de acordos de nível de serviço em redes definidas por software. Este conjunto de ferramentas é composto por (i) um framework para criação de políticas que usa raciocínio lógico para a especificação de objetivos de nível de negócio e automatização de seu refinamento; (ii) um controlador OpenFlow que realiza a coleta de informações e implantação de configurações na rede; e (iii) uma representação formal de políticas de alto nível utilizando Event Calculus e aplicando raciocínio lógico para modelar tanto o comportamento do sistema quanto o processo de refinamento de políticas para o gerenciamento de SDN. Como resultado, a abordagem é capaz de identificar as necessidades e os recursos que precisam ser configurados de acordo com o refinamento do SLA, podendo assim configurar e executar com sucesso ações dinâmicas de suporte à reconfiguração de infraestrutura. / Software-Defined Networking (SDN) aims to provide a more sophisticated and accurate architecture for managing and monitoring network traffic. SDN permits centralizing part of the decision-making logic regarding flow processing and packet routing in controller devices. Despite this, the behavior of network devices and their configurations are often written for specific situations directly in the controller. This becomes an issue when there is an increase in the number of network elements, links, and services, resulting in a large amount of rules and a high overhead related to network configuration. As an alternative, techniques such as Policy- Based Management (PBM) and policy refinement can be used by high-level operators to write Service Level Agreements (SLAs) in a user-friendly interface without the need to change the code implemented in the controllers. However, policy refinement in the new research area of SDN has been a neglected topic, in part, because refinement is a nontrivial process. When using SLAs, their translation to low-level policies, e.g., rules for configuring switching elements, is not straightforward. If this translation is not performed properly, the system elements may not be able to meet the implicit requirements specified in the SLA. In this context, we introduce ARKHAM: an Advanced Refinement Toolkit for Handling Service Level Agreements in Software-Defined Networking. This work presents (i) a Policy Authoring Framework that uses logical reasoning for the specification of business-level goals and to automate their refinement; (ii) an OpenFlow controller which performs information gathering and configuration deployment; and (iii) a formal representation using event calculus that describes our solution. As a result, our approach is capable of identifying the requirements and resources that need to be configured in accordance with SLA refinement, and can successfully configure and execute dynamic actions for supporting infrastructure reconfiguration.
|
154 |
Estudo e implementação de un sistema IEEE 802.11g empregando o conceito de software Defined RadioPerez Junior, José Antonio Gonzalez January 2017 (has links)
Orientador: Prof. Dr. Carlos Eduardo Capovilla / Dissertação (mestrado) - Universidade Federal do ABC, Programa de Pós-Graduação em Engenharia Elétrica, 2017. / Com a evolução dos meios de comunicação e a constante necessidade por altas
taxas de transferencia de dados, a comunicação sem fio torna-se constantemente o
principal e favorito meio para as mais diversas aplicações. Por aliar agilidade, desempenho
e facilidade de instalação, é frequentemente encontrada em sistemas de
controle, áudio e televisão, acesso a internet, etc. Porém, devido as imperfeições e
ruído no canal, essa comunicação requer uma eficiente modulação e uma adequada
proteção contra erros na transmissao dos dados. A versão IEEE 802.11g, presente
em praticamente todos sistemas de comunicação moderno e amplamente difundido
pelas redes conhecidas como WiFi surge como perfeita solução, pois permite alinhar
técnicas robustas e efcientes, como a modulação OFDM e a codificação Convolucional.
Alinhado ao conceito digital e a forma dinamica que a comunicação sem fio
proporciona, o conceito de SDR (Software Dened Radio), torna-se uma interessante
e poderosa ferramenta com a possibilidade de simulação e implementação de transceptores
para diversas aplicaçõess em um único dispositivo. Assim, este projeto de
mestrado tem como objetivo o estudo e testabilidade de um sistema IEEE 802.11g de
comunicação sem fio utilizando dispositivo SDR, com foco em sistemas eficientes e de
baixo custo, para fazer a interface entre o meio físico e o ambiente de processamento
do sinal digital. / With the advancements of communication technology and the constant need for
high rates of data transfer, wireless communication is consistently the main and favorite
option for the most kind of applications. By combining agility, performance and
fast installation, it is often found in control systems, audio and television systems,
internet access, etc. However, due to the imperfections and noise in the channel, this
communication requires an eficient modulation and an adequate protection against
errors in the data transmission. The IEEE 802.11g standard, also used in practically
all modern communication systems and widely difused by the networks known as
WiFi, appears as a perfect solution, since it allows to align robust and eficient techniques
such as OFDM modulation and Convolutional coding. Using digital concept
and the dynamic behavior of wireless communication, the concept of SDR (Software
Dened Radio) becomes an interesting and powerful tool because the possibility of
simulation and implementation of transceivers for several applications in a single
device. This project aims to make a wireless IEEE 802.11g communication system
using Software Defined Radios focusing on low cost radios and high performance to
make the interface between the real world and the digital signal processing.
|
155 |
OpenFlow-enabled dynamic DMZ for local networksWu, Haotian January 1900 (has links)
Doctor of Philosophy / Department of Electrical and Computer Engineering / Don M. Gruenbacher / Caterina M. Scoglio / Cybersecurity is playing a vital role in today's network. We can use security devices, such as a deep packet inspection (DPI) device, to enhance cybersecurity. However, a DPI has a limited amount of inspection capability, which cannot catch up with the ever-increasing volume of network traffic, and that gap is getting even larger. Therefore, inspecting every single packet using DPI is impractical.
Our objective is to find a tradeoff between network security and network performance. More explicitly, we aim at maximizing the utilization of security devices, while not decreasing network throughput. We propose two prototypes to address this issue in a demilitarized zone (DMZ) architecture.
Our first prototype involves a flow-size based DMZ criterion. In a campus network elephant flows, flows with large data rate, are usually science data and they are mostly safe. Moreover, the majority of the network bandwidth is consumed by elephant flows. Therefore, we propose a DMZ prototype that we inspect elephant flows for a few seconds, and then we allow them to bypass DPI inspection, as long as they are identified as safe flows; and they can be periodically inspected to ensure they remain safe.
Our second prototype is a congestion-aware DMZ scheme. Instead of determining whether a flow is safe or not by its size, we treat all flows identically. We measure the data rates of all flows, and use a global optimization algorithm to determine which flows are allowed to safely bypass a DPI. The objective is to maximize DPI utilization.
Both prototypes are implemented using OpenFlow in this work, and extensive experiments are performed to test both prototypes' feasibility. The results attest that the two prototypes are effective in ensuring network security while not compromising network performance. A number of tools for SDN network configuring and testing are also developed.
|
156 |
Comparing a Commercial and an SDN-Based Load Balancer in a Campus NetworkJanuary 2015 (has links)
abstract: Commercial load balancers are often in use, and the production network at Arizona State University (ASU) is no exception. However, because the load balancer uses IP addresses, the solution does not apply to all applications. One such application is Rsyslog. This software processes syslog packets and stores them in files. The loss rate of incoming log packets is high due to the incoming rate of the data. The Rsyslog servers are overwhelmed by the continuous data stream. To solve this problem a software defined networking (SDN) based load balancer is designed to perform a transport-level load balancing over the incoming load to Rsyslog servers. In this solution the load is forwarded to one Rsyslog server at a time, according to one of a Round-Robin, Random, or Load-Based policy. This gives time to other servers to process the data they have received and prevent them from being overwhelmed. The evaluation of the proposed solution is conducted a physical testbed with the same data feed as the commercial solution. The results suggest that the SDN-based load balancer is competitive with the commercial load balancer. Replacing the software OpenFlow switch with a hardware switch is likely to further improve the results. / Dissertation/Thesis / Masters Thesis Computer Science 2015
|
157 |
SDN-based Proactive Defense Mechanism in a Cloud SystemJanuary 2015 (has links)
abstract: Cloud computing is known as a new and powerful computing paradigm. This new generation of network computing model delivers both software and hardware as on-demand resources and various services over the Internet. However, the security concerns prevent users from adopting the cloud-based solutions to fulfill the IT requirement for many business critical computing. Due to the resource-sharing and multi-tenant nature of cloud-based solutions, cloud security is especially the most concern in the Infrastructure as a Service (IaaS). It has been attracting a lot of research and development effort in the past few years.
Virtualization is the main technology of cloud computing to enable multi-tenancy.
Computing power, storage, and network are all virtualizable to be shared in an IaaS system. This important technology makes abstract infrastructure and resources available to users as isolated virtual machines (VMs) and virtual networks (VNs). However, it also increases vulnerabilities and possible attack surfaces in the system, since all users in a cloud share these resources with others or even the attackers. The promising protection mechanism is required to ensure strong isolation, mediated sharing, and secure communications between VMs. Technologies for detecting anomalous traffic and protecting normal traffic in VNs are also needed. Therefore, how to secure and protect the private traffic in VNs and how to prevent the malicious traffic from shared resources are major security research challenges in a cloud system.
This dissertation proposes four novel frameworks to address challenges mentioned above. The first work is a new multi-phase distributed vulnerability, measurement, and countermeasure selection mechanism based on the attack graph analytical model. The second work is a hybrid intrusion detection and prevention system to protect VN and VM using virtual machines introspection (VMI) and software defined networking (SDN) technologies. The third work further improves the previous works by introducing a VM profiler and VM Security Index (VSI) to keep track the security status of each VM and suggest the optimal countermeasure to mitigate potential threats. The final work is a SDN-based proactive defense mechanism for a cloud system using a reconfiguration model and moving target defense approaches to actively and dynamically change the virtual network configuration of a cloud system. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2015
|
158 |
Analysis and Visualization of OpenFlow Rule ConflictsJanuary 2016 (has links)
abstract: In traditional networks the control and data plane are highly coupled, hindering development. With Software Defined Networking (SDN), the two planes are separated, allowing innovations on either one independently of the other. Here, the control plane is formed by the applications that specify an organization's policy and the data plane contains the forwarding logic. The application sends all commands to an SDN controller which then performs the requested action on behalf of the application. Generally, the requested action is a modification to the flow tables, present in the switches, to reflect a change in the organization's policy. There are a number of ways to control the network using the SDN principles, but the most widely used approach is OpenFlow.
With the applications now having direct access to the flow table entries, it is easy to have inconsistencies arise in the flow table rules. Since the flow rules are structured similar to firewall rules, the research done in analyzing and identifying firewall rule conflicts can be adapted to work with OpenFlow rules.
The main work of this thesis is to implement flow conflict detection logic in OpenDaylight and inspect the applicability of techniques in visualizing the conflicts. A hierarchical edge-bundling technique coupled with a Reingold-Tilford tree is employed to present the relationship between the conflicting rules. Additionally, a table-driven approach is also implemented to display the details of each flow.
Both types of visualization are then tested for correctness by providing them with flows which are known to have conflicts. The conflicts were identified properly and displayed by the views. / Dissertation/Thesis / Masters Thesis Computer Science 2016
|
159 |
Aplicação de redes definidas por software no processo de gerenciamento de energia nos switches de rede OpenFlow /Prete, Ligia Rodrigues January 2016 (has links)
Orientador: Ailton Akira Shinoda / Resumo: O consumo de energia no setor de Tecnologia da Informação e Comunicação (TIC) tem crescido exponencialmente nos últimos anos, em virtude da quantidade crescente de equipamentos para armazenamento e processamento de dados. O paradigma de Redes Definidas por Software (do inglês, Software-Defined Networking - SDN) e a arquitetura OpenFlow estão permitindo uma nova gama de aplicações e serviços para redes. A presente tese apresenta um estudo que aplica tecnologias SDN em um ambiente virtualizado com a federação GENI (Global Environment for Network Innovation). Neste trabalho foi desenvolvido um módulo no controlador Floodlight intitulado como Módulo Economia de Energia que emprega um algoritmo denominado MiNet (Mínima Rede) para a construção da Árvore de Extensão Mínima (do inglês, Minimum Spanning Tree - MST) sobre os componentes de comutação em redes. Este estudo apresenta três simulações em duas topologias de rede Fat Tree, sendo, uma com dez (FatTree10) e outra com vinte switches (FatTree20). Na primeira simulação foi realizada sem o módulo com a configuração padrão do controlador Floodlight para servir de comparação com os resultados de desempenho obtidos nas outras duas simulações. Já a segunda, com o Módulo Economia de Energia incluído no controlador, foi avaliada quanto aos custos iniciais nas ligações entre os switches. Na terceira, os custos nas ligações dos switches foram alterados para evidenciar que o Módulo Economia de Energia é capaz de recalcular uma nova Árvore d... (Resumo completo, clicar acesso eletrônico abaixo) / Doutor
|
160 |
Improving software defined cognitive and secure networkingAhmad, I. (Ijaz) 08 June 2018 (has links)
Abstract
Traditional communication networks consist of large sets of vendor-specific manually configurable devices. These devices are hardwired with specific control logic or algorithms used for different network functions. The resulting networks comprise distributed control plane architectures that are complex in nature, difficult to integrate and operate, and are least efficient in terms of resource usage. However, the rapid increase in data traffic requires the integrated use of diverse access technologies and autonomic network operations with increased resource efficiency. Therefore, the concepts of Software Defined Networking (SDN) are proposed that decouple the network control plane from the data-forwarding plane and logically centralize the control plane. The SDN control plane can integrate a diverse set of devices, and tune them at run-time through vendor-agnostic programmable Application Programming Interfaces (APIs).
This thesis proposes software defined cognitive networking to enable intelligent use of network resources. Different radio access technologies, including cognitive radios, are integrated through a common control platform to increase the overall network performance. The architectural framework of software defined cognitive networking is presented alongside the experimental performance evaluation. Since SDN enables applications to change the network behavior and centralizes the network control plane to oversee the whole network, it is highly important to investigate SDN in terms of security. Therefore, this thesis finds the potential security vulnerabilities in SDN, studies the proposed security platforms and architectures for those vulnerabilities, and presents future directions for unresolved security vulnerabilities. Furthermore, this thesis also investigates the potential security challenges and their solutions for the enabling technologies of 5G, such as SDN, cloud technologies, and virtual network functions, and provides key insights into increasing the security of 5G networks. / Tiivistelmä
Perinteiset tietoliikenneverkot pohjautuvat usein laajoille manuaalisesti konfiguroitaville valmistajakohtaisille ratkaisuille. Niissä käytetään laitekohtaista kontrollilogiikkaa tai verkon eri toiminnallisuuksien algoritmeja. Tämän johdosta verkon hajautettu kontrollitaso muodostuu monimutkaiseksi, jota on vaikea integroida ja operoida, eikä se ole kovin joustava resurssien käytön suhteen. Tietoliikenteen määrän kasvaessa tulee entistä tärkeämmäksi integroida useita verkkoteknologioita ja autonomisia verkon toiminnallisuuksia tehokkaan resurssinhallinnan saavuttamiseksi. Ohjelmisto-ohjatut verkkoratkaisut (SDN, Software Defined Networking) tarjoavat keinon hallita erikseen verkon kontrolliliikennettä eroteltuna dataliikenteestä keskitetysti. Tämä kontrollitaso voi integroida erilaisia verkkolaitteita ja ohjata niitä ajonaikaisesti valmistajariippumattoman sovellusohjelmointirajapinnan kautta.
Tässä työssä on tutkittu älykästä ohjelmisto-ohjattavaa verkkoratkaisua, jonka avulla eri radioverkkoteknologiat (mukaan lukien konginitiiviradio) voidaan integroida yhteisen kontrollialustan kautta lisäämään verkon kokonaissuorituskykyä. Työssä esitetään kognitiivinen ohjelmisto-ohjattu verkon arkkitehtuuriratkaisu sekä sen suorituskyvyn arviointi mittauksiin pohjautuen. Koska ohjelmisto-ohjattu verkko pohjautuu koko verkon keskitettyyn kontrollilogiikkaan, on tietoturvan merkitys korostunut entisestään. Tässä työssä on sen vuoksi tutkittu juuri tällaisen verkkoratkaisun mahdollisia tietoturvauhkia sekä niiden torjumiseen soveltuvia ratkaisuvaihtoehtoja sekä esitetään tulevaisuuden kehityssuuntia vielä ratkaisemattomille uhkille. Lisäksi työssä on tutkittu laajemmin tulevien 5G verkkojen tietoturvauhkia ja niiden ratkaisuja, liittyen ohjelmisto-ohjattuihin verkkoratkaisuin, pilviteknologioihin ja virtualisoiduille verkkotoiminnallisuuksille. Työ tarjoaa myös näkemyksen siitä, miten verkon tietoturvaa voidaan kokonaisuudessaan lisätä 5G verkoissa.
|
Page generated in 0.0476 seconds