To see the other types of publications on this topic, follow the link: Softer Defined Networking (SDN).
Dissertations / Theses on the topic 'Softer Defined Networking (SDN)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Softer Defined Networking (SDN).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Liver, Toma, and Mohammed Darian. "Soft Migration from Traditional to Software Defined Networks." Thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-44265.
Full textAbstract:
The concept of Software Defined Networking (SDN) may be a way to face the fast growing computer network infrastructure with its demands and requirements. The concept is attracting the interest of enterprises to expand their respective network infrastructures, but one has to consider the impacts of migrating from an existing network infrastructure to an SDN network. One way that could minimize the impacts is to proceed a soft migration from a traditional IP network to SDN, creating what is so called a heterogeneous network. Instead of fully replacing the network infrastructure and face the impacts of it, the idea of the soft migration is to replace a part of it with an environment of SDN and examine the performance of it. This thesis work will analyze the performance of a network consisting of a traditional IP network combined with SDN. It is essential during this work to identify the differences in performance when having a heterogeneous network in comparison with having a dedicated traditional IP network. Therefore, the questions that will be addressed during this thesis work is to examine how such a heterogeneous network can be designed and measure the performance of it in terms of throughput, jitter and packet losses. By the method of experimentation and the studying of related works of the SDN fundamentals, we hope to achieve our goals with this thesis work, to give us and the reader a clearer insight.
2
Pitzus, Antonio. "SDN : Software Defined Networking." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2017. http://amslaurea.unibo.it/14006/.
Full textAbstract:
In un periodo in cui tutto si evolve rapidamente, il settore delle telecomunicazioni sta assistendo alla crescita esponenziale del numero di dispositivi mobili costantemente connessi alla rete; ciò richiede la necessità di un nuovo modo di gestire le reti.
La nuova visione che sta maturando in questi ultimi tempi è quella di adottare un modello di rete dinamico, flessibile e soprattutto affidabile e che non richieda grossi sforzi di manutenzione o l’installazione di ulteriori hardware da parte degli operatori.
Una rete con queste caratteristiche può essere sviluppata grazie ad un modello architetturale innovativo come il Software Defined Networking (SDN) e ad un nuovo modo di sfruttare le funzionalità degli apparati di rete come la Network Function Virtualization (NFV), la quale è a sua volta un processo di virtualizzazione delle funzionalità di rete svolte da apparati di telecomunicazione fisici.
Questi due concetti sono strettamente legati tra loro e possono comportare particolari vantaggi se applicati contemporaneamente, ma sono di per sè indipendenti.
Software Defined Networking (SDN) è un’ architettura utilizzata per la realizzazione di reti di telecomunicazione nelle quali il piano di controllo della rete e quello del trasporto dei dati sono separati logicamente.
La Network Function Virtualization (NFV) è il processo di virtualizzazione delle funzionalità di rete svolte da apparati di telecomunicazione fisici.
Un ultimo aspetto da trattare riguarda la comunicazione del controller SDN di alto e basso livello.
La comunicazione di alto livello, ovvero quella con i software applicativi è consentita grazie alle NBI (North-Bound Interfaces), mentre quella di basso livello, ovvero con i dispositivi hardware è consentita grazie alle SBI (South-Bound Interfaces).
Queste due interfacce riescono a soddisfare le richieste del controller SDN grazie all' applicazione del paradigma Intent NBI, di tipo dichiarativo, non prescrittivo e indipendente dal fornitore.
3
Jiménez, Agudelo Yury Andrea. "Scalability and robustness in software-defined networking (SDN)." Doctoral thesis, Universitat Politècnica de Catalunya, 2016. http://hdl.handle.net/10803/397652.
Full textAbstract:
The simplicity of Internet design has led to enormous growth and innovation. In recent decades several network technologies, services and applications have appeared, which demand specific network requirements for their correct operation.
In traditional networks, operators are responsible for providing a network configuration sufficiently robust to deal with a wide range of network events and applications. To achieve this is incredibly difficult because: i) the state of the networks can change continuously and today's networks do not provide a mechanism to automatically respond to the wide range of events that may occur and ii) the static nature of current network devices does not permit detailed control-layer configuration, given that the hardware and software are provided by the manufacturer and can not be customized.
This is the basis of the current, present-day Internet and its architecture, that has grown in an evolutionary fashion from experimental beginnings, rather than from a deliberate strategy. The unpredictable network growth in terms of size and heterogeneity, has exposed a number of fundamental complexities in the current architecture. For instance, the manual configuration of control functions on network devices that may lead to misconfigurations.
This is evident that network management requires more intelligent and efficient management systems to coordinate thousands of network elements and applications, the high demand on network performance and growing configuration complexity. In recent decades, several approaches have been introduced in order to improve the network management, such as: MPLS, virtualization and programmable networks. These latter networks have been proposed as a way of facilitating network evolution. In particular, Software Defined Networking (SDN), a networking paradigm focused on allowing software developers to rely on network resources in an easy manner, unifying the state network distribution and a general-purpose technique to manage any type of network in an transparent manner.
In SDN, network intelligence is logically centralized in software-based controllers (the control layer), and network devices become simple packet forwarding devices (the data layer) that can be programmed via an open interface. By decoupling the control and data layers, network devices can be easily programmed and reconfigured, allowing the behaviour of different types of network devices to be unified. Even though SDN is quite recent, it has already been standardized and implemented in the Internet by several recognized companies such as Google. Several SDN architectures have been proposed to handle current and future network services. However, there are still important research challenges to be addressed in SDN. Some of these current challenges are related to: i) SDN scalability as control is centralized, ii) control layer robustness as any failure can lead to switches to be disconnected from the controller, iii) consistency of network information as wrong decisions can be made affecting network performance and iv) security as controllers can be attacked.
The purpose of this thesis is to address the first three of the aforementioned problems. They are addressed from the first premise, ignoring existing approaches offered in traditional networks to remedy some of these issues. First, a controller placement protocol is proposed, taking into account the network/service requirements. To measure the robustness of a control layer, a robustess metric is designed and evaluated. This metric can also be used to select controller placements in a SDN network that minimize the data loss. Finally, a resource discovery protocol is designed, implemented and evaluated. This protocol discovers any network topology in time efficient, avoiding making assumptions about the network state as it happens in traditional networks.En las redes tradicionales, los operadores de red son responsables de proporcionar una configuración de red lo suficientemente robusta que permita gestionar los diferentes tipos de eventos que puedan afectar el funcionamiento de esta y los requerimientos de los servicios. Esto es difícil de alcanzar dado que: i) el funcionamiento de las redes puede variar en cualquier momento y las redes actuales no cuentan con un mecanismo que les permita reaccionar eficientemente al amplio rango de eventos que pueden ocurrir y ii) la naturaleza estática de las elementos de red no permite una detallada configuración dado que su hardware/software no pueden ser modificados de una manera eficiente. El impredecible crecimiento de la red en terminos de su tamaño y su heterogeneidad, han expuesto un número de complejidades en la actual arquitectura de red. Primero, los elementos de red tienen que soportar un gran número de comandos/configuraciones sobre un especifico sistema operativo, dificultando la instalación de un nuevo software sobre ellos, debido a incompatibilidades con el hardware o debido a que el software es incapaz de gestionar las capacidades del hardware. Segundo, la configuración manual de las funciones de control sobre los elementos de red pueden llevar a configurar erróneamente las tablas de enrutamiento. Finalmente, la integración vertical de los middleboxes dificulta a los operadores especificar las políticas de alto nivel sobre las tradicionales tecnologías de red. La gestión de la red requiere un sistema inteligente y eficiente que coordine: i) los miles de elementos y aplicaciones presentes en la red, ii) la alta demanda sobre el rendimiento de la red y iii) la creciente complejidad en la configuración de las redes. En las últimas décadas, diferentes soluciones han sido propuestas con el objetivo de mejorar la gestión de la red, tales como MPLS, virtualización y las redes programables. En este último caso, las redes definidas por software o SDNs permiten a los desarrolladores de software gestionar los recursos de red en una manera fácil, dado que la distribución del estado de la red es unificado, lo cual permite gestionar cualquier tipo de red en una manera transparente y en tiempo eficiente. En SDN, la inteligencia de la red esta lógicamente centralizada en unos elementos de red llamados controladores, de modo que los demás elementos que actúan en la red solo transmiten paquetes hacia el destino. Estos elementos, son configurados por los controladores a través de una interface abierta. Es decir, SDN desacopla la capa de control de la capa de datos permitiendo que los elementos de red puedan ser programados y re-configurados independiente del tipo de red. Aún cuando SDN es reciente, este ha sido estandarizado e implementado por diferentes compañías (ej. Google). Sin embargo, hay varios desafios por resolver en SDN aún. Algunos de estos desafios están relacionados con: i) la escalabilidad de los controladores, como estos están centralizados, ii) la robustez de la capa de control, dado que un fallo en esta puede dejar los elementos de red sin conexión con el controlador, iii) la consistencia de la información de control, para evitar tomar decisiones que afecten la operación de la red, y finalmente iv) la seguridad. En esta tesis, los primeros tres desafios son tratados desde el punto de vista de la localización de los controladores en la red, los cuales son seleccionados teniendo en cuenta los requerimientos de los servicios/aplicaciones y las características de la red. La primera contribución de esta tesis es un algoritmo que selecciona el número de controladores y su localización en la red. Un parámetro de robustez que permite seleccionar los controladores desde los cuales se construye una capa de control robusta y también puede medir la robustez de cualquier capa de control, es definida. Finalmente, un protocolo que descubre la topología y características de cualquier red es propuesto y evaluado.
4
Hossain, Md Billal. "QoS-Aware Intelligent Routing For Software Defined Networking." University of Akron / OhioLINK, 2020. http://rave.ohiolink.edu/etdc/view?acc_num=akron1595086618729923.
Full text
5
Tseng, Yuchia. "Securing network applications in software defined networking." Electronic Thesis or Diss., Sorbonne Paris Cité, 2018. http://www.theses.fr/2018USPCB036.
Full textAbstract:
Suite à l'introduction de divers services Internet, les réseaux informatiques ont été reconnus comme ayant joué un rôle essentiel dans la vie moderne au cours du dernier demi-siècle. Le développement rapide et la convergence des technologies informatiques et de communication créent le besoin de connecter divers périphériques avec différents systèmes d'exploitation et protocoles. Il en résulte de nombreux défis pour fournir une intégration transparente d'une grande quantité de dispositifs physiques ou d'entités hétérogènes. Ainsi, les réseaux définis par logiciel (Software Defined Networks, SDN) en tant que paradigme émergent ont le potentiel de révolutionner la gestion des réseaux en centralisant le contrôle et la visibilité globale sur l'ensemble du réseau. Cependant, les problèmes de sécurité demeurent une préoccupation importante et empêchent l'adoption généralisée du SDN. Pour identifier les menaces, nous avons effectué une analyse en 3 dimensions pour évaluer la sécurité de SDN. Dans cette analyse, nous avons repris 9 principes de sécurité pour le contrôleur SDN et vérifié la sécurité des contrôleurs SDN actuels avec ces principes. Nous avons constaté que les contrôleurs SDN, ONOS et OpenContrail sont relativement plus sécurisés que les autres selon notre méthodologie d'analyse. Nous avons également trouvé le besoin urgent d'atténuer le problème d'injection d'applications malveillantes. Par conséquent, nous avons proposé une couche d'amélioration de la sécurité (Security-enhancing layer, couche SE) pour protéger l'interaction entre le plan de contrôle et le plan d’application. Cette couche SE est indépendante du contrôleur et peut fonctionner avec OpenDaylight, ONOS, Floodlight, Ryu et POX, avec une faible complexité de déploiement. Aucune modification de leurs codes sources n'est requise dans leur mise en œuvre alors que la sécurité globale du contrôleur SDN est améliorée. Le prototype I, Controller SEPA, protège le contrôleur SDN avec l'authentification de l'application réseau, l'autorisation, l'isolation des applications et le blindage de l'information avec un coût additionnel négligeable de moins de 0,1% à 0,3%. Nous avons développé le prototype II de la couche SE, appelé Controller DAC, qui rend dynamique le contrôle d'accès. Le controller DAC peut détecter l'utilisation abusive de l'API en comptabilisant les opérations de l'application réseau avec un coût additionnel inférieure à 0,5%. Grâce à cette couche SE, la sécurité globale du contrôleur SDN est améliorée mais avec un coût additionnel inférieure à 0,5%. De plus, nous avons tenté de fournir un framework de déploiement d'application réseau sécurisé pour le contrôleur SDN avec un orchestrateur. Tout d'abord, nous avons sécurisé le contrôleur SDN en utilisant la file d'attente de messages pour remplacer les interfaces populaires actuelles, y compris les RESTful APIs et les APIs internes, à l'aide d'une interface orientée événement décomposable. Avec cette nouvelle interface northbound, l'orchestrateur peut déployer les applications réseau dans le bac à sable(sanbox) avec contrôle des ressources et contrôle d'accès. Cette approche peut efficacement protéger contre les menaces, qui incluent les attaques d'épuisement des ressources (Resource exhaustion attacks) et le traitement des données sur le contrôleur SDN actuel. Nous avons également implémenté une application réseau déployée par l'orchestrateur pour détecter une attaque spécifique à OpenFlow, appelée attaque par contournement de priorité, pour évaluer l'utilité de l'interface norttbound. À long terme, le temps de traitement d'un message packet_in dans cette interface est inférieur à cinq millisecondes mais l'application réseau peut être complètement découplée et isolée du contrôleur SDN.The rapid development and convergence of computing technologies and communications create the need to connect diverse devices with different operating systems and protocols. This resulted in numerous challenges to provide seamless integration of a large amount of heterogeneous physical devices or entities. Hence, Software-defined Networks (SDN), as an emerging paradigm, has the potential to revolutionize the legacy network management and accelerate the network innovation by centralizing the control and visibility over the network. However, security issues remain a significant concern and impede SDN from being widely adopted.To identity the threats that inherent to SDN, we conducted a deep analysis in 3 dimensions to evaluate the security of the proposed architecture. In this analysis, we summarized 9security principles for the SDN controller and checked the security of the current well-known SDN controllers with those principles. We found that the SDN controllers, namely ONOS and OpenContrail, are relatively two more secure controllers according to our conducted methodology. We also found the urgent need to integrate the mechanisms such as connection verification, application-based access control, and data-to-control traffic control for securely implementing a SDN controller. In this thesis, we focus on the app-to-control threats, which could be partially mitigated by the application-based access control. As the malicious network application can be injected to the SDN controller through external APIs, i.e., RESTful APIs, or internal APIs, including OSGi bundles, Java APIs, Python APIs etc. In this thesis, we discuss how to protect the SDN controller against the malicious operations caused by the network application injection both through the external APIs and the internal APIs. We proposed a security-enhancing layer (SE-layer) to protect the interaction between the control plane and the application plane in an efficient way with the fine-grained access control, especially hardening the SDN controller against the attacks from the external APIs. This SE-layer is implemented in the RESTful-based northbound interfaces in the SDN controller and hence it is controller-independent for working with most popular controllers, such as OpenDaylight, ONOS, Floodlight, Ryu and POX, with low deployment complexity. No modifications of the source codes are required in their implementations while the overall security of the SDN controller is enhanced. Our developed prototype I, Controller SEPA, protects well the SDN controller with network application authentication, authorization, application isolation, and information shielding with negligible latency from less than 0.1% to 0.3% for protecting SDN controller against the attacks via external APIs, i.e, RESTful APIs. We developed also the SE-layer prototype II, called Controller DAC, which makes dynamic the access control. Controller DAC can detect the API abuse from the external APIs by accounting the network application operation with latency less than 0.5%. Thanks to this SE-layer, the overall security of the SDN controller is improved but with a latency of less than 0.5%. However, the SE-layer can isolate the network application to communicate the controller only through the RESTful APIs. However, the RESTful APIs is insufficient in the use cases which needs the real-time service to deliver the OpenFlow messages. Therefore, we proposed a security-enhancing architecture for securing the network application deployment through the internal APIs in SDN, with a new SDN architecture dubbed SENAD. In SENAD, we split the SDN controller in: (1) a data plane controller (DPC), and (2) an application plane controller (APC) and adopt the message bus system as the northbound interface instead of the RESTful APIs for providing the service to deliver the OpenFlow messages in real-time. (...)
6
Aydeger, Abdullah. "Software Defined Networking for Smart Grid Communications." FIU Digital Commons, 2016. http://digitalcommons.fiu.edu/etd/2580.
Full textAbstract:
Emerging Software Defined Networking (SDN) technology has provided excellent flexibility to large-scale networks in terms of control, management, security, and maintenance. On the other hand, recent years witnessed a tremendous growth of the critical infrastructure networks, namely the Smart-Grid, in terms of its underlying communication infrastructure. Such large local networks requires significant effort in terms of network management and security. We explore the potential utilization of the SDN technology over the Smart Grid communication architecture. Specifically, we introduce three novel SDN deployment scenarios in local networks of Smart Grid. Moreover, we also investigate the pertinent security aspects with each deployment scenario along with possible solutions. On the other hand, we conducted experiments by using actual Smart Grid communication data to assess the recovery performance of the proposed SDN-based system. The results show that SDN is a viable technology for the Smart Grid communications with almost negligible delays in switching to backup wireless links.
7
Adduci, Pietro. "Software-Defined Networking: lo standard Openflow." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2014. http://amslaurea.unibo.it/7241/.
Full text
8
Nyberg, Tihmmy. "Introduktion till Software Defined Networking : Utvärdering av kontroller." Thesis, Mittuniversitetet, Institutionen för informationssystem och –teknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-39380.
Full textAbstract:
Denna studie fokuserar på att samla information om Software Defined Networking, dess protokoll och dess kontroller. Det som jag har lärt mig under arbetet kommer att användas för att utvärdera två olika kontroller, POX och ONOS. Ett traditionellt nätverks kommer att sättas upp fysiskt och användas som en grund för att jämföra kontrollerna. Den traditionella lösningen använder två routrar och fyra switchar, och egenskaper som testas är bland annat lager 2 och lager 3 samt deras protokoll för redundans. Kontrollerna kommer sedan att användas för att se om de lever upp till samma krav. Resultaten av denna studie visar att varken POX eller ONOS kunde användas för varje testat scenario, inte med de moduler som kontrollerna kommer förinstallerade med. Det visade också att de egenskaper som de levde upp till var en hel del lättare att konfigurera och övervaka jämfört med dess traditionella motsvarigheter. Detta visar vikten av att lista ut vad som behövs och förväntas från nätverket innan man försöker hitta en passande lösning för att utföra detta. All information som samlats i denna studie används också för att skapa en laboration som ska introducera andra till koncepten kring SDN. Den undersöker hur Mininet kan användas för att virtualisera ett nätverk, hur flöden kan installeras med OpenFlow samt hur en kontroller kan användas för att förenkla administration av ett nätverk.This study focuses on gathering information about Software Defined Networking, it's protocols ans it's controllers. What I have learned doing this will be used to evaluate two different controllers, POX and ONOS. A traditional network setup will be set up physically and serve as a base when it comes to comparing the controllers. The traditional setup includes two routers and four switches, and among the tested characteristics are layer 2 and 3 and it's redundancy protocols. The controllers will then be used to try and live up to the same characteristics. The result of this study shows that neither POX nor ONOS could be used for every scenario tested, not with the basic modules the controllers comes with. It also showed that the characteristics they did manage was a fair bit easier to setup and monitor compared to it's traditional counterparts, thus showing the importance of figuring out what is needed from a network before trying to find a fitting solution to how it needs to be set up. All the information gathered in this study is also used to create a lab instruction meant to introduce others to the concepts of SDN. It explores how to use Mininet to virtualise a network environment, how to install flows using OpenFlow and how to use a controller to simplify the management of the network.
9
Kim, Hyojoon. "Facilitating dynamic network control with software-defined networking." Diss., Georgia Institute of Technology, 2015. http://hdl.handle.net/1853/53939.
Full textAbstract:
This dissertation starts by realizing that network management is a very complex and error-prone task. The major causes are identified through interviews and systematic analysis of network config- uration data on two large campus networks. This dissertation finds that network events and dynamic reactions to them should be programmatically encoded in the network control program by opera- tors, and some events should be automatically handled for them if the desired reaction is general. This dissertation presents two new solutions for managing and configuring networks using Software- Defined Networking (SDN) paradigm: Kinetic and Coronet. Kinetic is a programming language and central control platform that allows operators to implement traffic control application that reacts to various kinds of network events in a concise, intuitive way. The event-reaction logic is checked for correction before deployment to prevent misconfigurations. Coronet is a data-plane failure recovery service for arbitrary SDN control applications. Coronet pre-plans primary and backup routing paths for any given topology. Such pre-planning guarantees that Coronet can perform fast recovery when there is failure. Multiple techniques are used to ensure that the solution scales to large networks with more than 100 switches. Performance and usability evaluations show that both solutions are feasible and are great alternative solutions to current mechanisms to reduce misconfigurations.
10
Fahlén, Tony. "En jämförande studie mellan Software-Defined Networking protokollen OpenFlow & OpFlex." Thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-35565.
Full textAbstract:
Software-Defined Networking är ett sätt att implementera ett nätverk som helt styrs från en central plats. Målet med SDN är att vara ett flexibelt nätverk som snabbt kan förändras för att klara av dagens massiva dataströmmar. För att SDN ska kunna fungera krävs det att ett protokoll används för att sköta kommunikationen mellan den centrala kontrollpunkten och nätverksutrustningen i nätverket. OpenFlow är ett sådant protokoll. OpenFlow protokollet är väl etablerat och används i många av dagens SDN-nätverk. Ett alternativ till detta är OpFlex, ett protokoll som är nytt på dagens marknad men har stöd från en mängd stora tillverkare i datavärlden. Målet med denna rapport är att jämföra dessa protokoll både teoretisk och även praktiskt via experiment i laborationsmiljö för att identifiera likheter och skillnader mellan protokollen. För att kunna jämföra dem utfördes först en omfattande litteraturstudie där information samlades in och sammanställdes om protokollen. Efter detta sattes en laborationsmiljö upp för att testa hur protokollen arbetar. Efter experimenten sammanställdes litteraturstudien och laborationsresultaten och protokollen bedömdes på olika områden. Slutligen lyftes olika situationer fram där respektive protokoll skulle lämpas att väljas över det andra.Software-Defined Networking is a way to implement a fully-managed network from a central location. The goal of SDN is to be a flexible network that can quickly adapt to new configurations to handle today’s massive data streams. In order for SDN to work, a protocol is required to manage communication between the central control point and the network equipment within the network. OpenFlow is such a protocol, The OpenFlow protocol is very well established and used in many of today’s SDN networks. An alternative to OpenFlow is OpFlex, a protocol that is relatively new on today’s market, but has the support of many major manufacturers within networking and computers. The aim of this thesis is to compare these protocols both theoretically and practically through experiments in a laboratory environment to identify similarities and differences between these protocols. In order to be able to compare them, a comprehensive literature study was first conducted where information about the protocols was collected and compiled. After this, a laboratory environment was set up to test how the protocols work. After the experiments, the literature study and the laboratory results were compiled the protocols were assessed in different areas. Finally, different situations were raised where each protocol would be suitable to be chosen over the other.
11
Rotsos, Charalampos. "Improving network extensibility and scalability through SDN." Thesis, University of Cambridge, 2015. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.709033.
Full text
12
Ahmad, I. (Ijaz). "Improving software defined cognitive and secure networking." Doctoral thesis, Oulun yliopisto, 2018. http://urn.fi/urn:isbn:9789526219516.
Full textAbstract:
Abstract Traditional communication networks consist of large sets of vendor-specific manually configurable devices. These devices are hardwired with specific control logic or algorithms used for different network functions. The resulting networks comprise distributed control plane architectures that are complex in nature, difficult to integrate and operate, and are least efficient in terms of resource usage. However, the rapid increase in data traffic requires the integrated use of diverse access technologies and autonomic network operations with increased resource efficiency. Therefore, the concepts of Software Defined Networking (SDN) are proposed that decouple the network control plane from the data-forwarding plane and logically centralize the control plane. The SDN control plane can integrate a diverse set of devices, and tune them at run-time through vendor-agnostic programmable Application Programming Interfaces (APIs). This thesis proposes software defined cognitive networking to enable intelligent use of network resources. Different radio access technologies, including cognitive radios, are integrated through a common control platform to increase the overall network performance. The architectural framework of software defined cognitive networking is presented alongside the experimental performance evaluation. Since SDN enables applications to change the network behavior and centralizes the network control plane to oversee the whole network, it is highly important to investigate SDN in terms of security. Therefore, this thesis finds the potential security vulnerabilities in SDN, studies the proposed security platforms and architectures for those vulnerabilities, and presents future directions for unresolved security vulnerabilities. Furthermore, this thesis also investigates the potential security challenges and their solutions for the enabling technologies of 5G, such as SDN, cloud technologies, and virtual network functions, and provides key insights into increasing the security of 5G networksTiivistelmä Perinteiset tietoliikenneverkot pohjautuvat usein laajoille manuaalisesti konfiguroitaville valmistajakohtaisille ratkaisuille. Niissä käytetään laitekohtaista kontrollilogiikkaa tai verkon eri toiminnallisuuksien algoritmeja. Tämän johdosta verkon hajautettu kontrollitaso muodostuu monimutkaiseksi, jota on vaikea integroida ja operoida, eikä se ole kovin joustava resurssien käytön suhteen. Tietoliikenteen määrän kasvaessa tulee entistä tärkeämmäksi integroida useita verkkoteknologioita ja autonomisia verkon toiminnallisuuksia tehokkaan resurssinhallinnan saavuttamiseksi. Ohjelmisto-ohjatut verkkoratkaisut (SDN, Software Defined Networking) tarjoavat keinon hallita erikseen verkon kontrolliliikennettä eroteltuna dataliikenteestä keskitetysti. Tämä kontrollitaso voi integroida erilaisia verkkolaitteita ja ohjata niitä ajonaikaisesti valmistajariippumattoman sovellusohjelmointirajapinnan kautta. Tässä työssä on tutkittu älykästä ohjelmisto-ohjattavaa verkkoratkaisua, jonka avulla eri radioverkkoteknologiat (mukaan lukien konginitiiviradio) voidaan integroida yhteisen kontrollialustan kautta lisäämään verkon kokonaissuorituskykyä. Työssä esitetään kognitiivinen ohjelmisto-ohjattu verkon arkkitehtuuriratkaisu sekä sen suorituskyvyn arviointi mittauksiin pohjautuen. Koska ohjelmisto-ohjattu verkko pohjautuu koko verkon keskitettyyn kontrollilogiikkaan, on tietoturvan merkitys korostunut entisestään. Tässä työssä on sen vuoksi tutkittu juuri tällaisen verkkoratkaisun mahdollisia tietoturvauhkia sekä niiden torjumiseen soveltuvia ratkaisuvaihtoehtoja sekä esitetään tulevaisuuden kehityssuuntia vielä ratkaisemattomille uhkille. Lisäksi työssä on tutkittu laajemmin tulevien 5G verkkojen tietoturvauhkia ja niiden ratkaisuja, liittyen ohjelmisto-ohjattuihin verkkoratkaisuin, pilviteknologioihin ja virtualisoiduille verkkotoiminnallisuuksille. Työ tarjoaa myös näkemyksen siitä, miten verkon tietoturvaa voidaan kokonaisuudessaan lisätä 5G verkoissa
13
Cerboni, Simone Marco. "Software Defined Networking for The Internet of Things." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2016.
Find full textAbstract:
Quello delle reti di sensori radio è ad oggi, nel mondo delle telecomunicazioni, uno dei campi che sta crescendo e si sta sviluppando più velocemente, essendo uno dei punti cardine della visione dell’Internet of Things (IoT). La natura di questo tipo di reti, costituite il più delle volte da dispositivi semplici e a basso costo, che devono essere in grado di svolgere diversi tipi di applicazioni nonostante la potenza di calcolo limitata, porta alla necessità di un protocollo di rete che sia allo stesso tempo flessibile e di bassa complessità. Inoltre, la futura quinta generazione di reti cellulari (5G) dovrà inglobare anche il traffico dovuto alla reti IoT, con il prerequisito di una latenza che sia bassa e deterministica, ed il tutto tramite un approccio centralizzato. Dato questo scenario, l’applicazione del concetto di Software Defined Networking all’interno delle reti di sensori radio potrebbe essere una possibile soluzione alle sfide del 5G, e questa dissertazione presenta un’implementazione di tale principio.
In particolare, questa tesi descrive la struttura di una rete IoT basata su SDN, con alcuni dei servizi addizionali che questa può fornire rispetto ad altre soluzioni per reti di sensori, come è stata implementata, ed i risultati ottenuti tramite i test effettuati.
14
Tanyingyong, Voravit. "Performance and Reliability in Open Router Platforms for Software-Defined Networking." Licentiate thesis, KTH, Network Systems Laboratory (NS Lab), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-144285.
Full textAbstract:
The unprecedented growth of the Internet has brought about such an enormous impact on our daily life that it is regarded as indispensable in modern era. At the same time, the underlying Internet architecture is still underpinned by principles designed several decades ago. Although IP networking has been proven very successful, it has been considered as the cause to network ossification creating barriers to entry for new network innovations. To support new demands and requirements of the current and the future Internet, solutions for new and improved Internet architectures should be sought. Software-defined networking (SDN), a new modularized network architecture that separates the control plane from the data plane, has emerged as a promising candidate for the future Internet. SDN can be described as flow-based networking, which provides finer granularity while maintaining backward compatibility with traditional IP networking. In this work, our goal is to investigate how to incorporate flow-based networking into open router platforms in an SDN context. We investigate performance and reliability aspects related to SDN data plane operation in software on open source PC-based routers. Our research methodology is based on design, implementation, and experimental evaluation. The experimental platform consists of PC-based routers running open source software in combination with commodity-off-the-shelf (COTS) hardware components. When it comes to performance aspects, we demonstrate that by offloading the lookup from a CPU to a network interface card, the overall performance is improved significantly. For enhanced reliability, we investigate bidirectional forwarding detection (BFD) as a component to realize redundancy with fast failover. We demonstrate that BFD becomes unreliable under high traffic load and propose a solution to this problem by allocating dedicated system resources for BFD control messages. In line with this solution, we extend our architecture for next-generation PC-based routers with OpenFlow support by devising a strategy to efficiently map packet forwarding and application processing tasks onto the multi-core architecture on the PC-based router. This extension would make it possible to integrate BFD effectively into the router platform. Our work demonstrates the potentials of open router platforms for SDN. Our prototypes offer not only high performance with good reliability but also flexibility to adopt new software extensions. Such platforms will play a vital role in advancing towards the future Internet.QC 20140416
15
Pagola, Moledo Santiago. "Vendor-Independent Software-Defined Networking : Beyond The Hype." Thesis, Linköpings universitet, Databas och informationsteknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-157456.
Full textAbstract:
Software-Defined Networking (SDN) is an emerging trend in networking that offers a number of advantages such as smoother network management over traditional networks. By decoupling the control and data planes from network elements, a huge amount of new opportunities arise, especially in network virtualization. In cloud datacenters, where virtualization plays a fundamental role, SDN presents itself as the perfect candidate to ease infrastructure management and to ensure correct operation. Even if the original SDN ideology advocates openness of source and interfaces, multiple networking vendors offer their own proprietary solutions. In this work, an open-source SDN solution, named Tungsten Fabric, will be deployed in a virtualized datacenter and a number of SDN-related use-cases will be examined. The main goal of this work is to determine whether Tungsten Fabric can deliver the same set of use-cases as a proprietary solution from Juniper, named Contrail Cloud. Finally, this work will give some guidelines on whether open-source SDN is the right candidate for Ericsson.
16
Forgione, Alessandro. "Openflow e software-defined networking: l'evoluzione della rete programmabile." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2014. http://amslaurea.unibo.it/7919/.
Full textAbstract:
Il paradigma “Software-Defined Networking” (SDN) ha suscitato recentemente interesse grazie allo sviluppo e all'implementazione di uno standard tecnologico come OpenFlow. Con il modello SDN viene proposta una rete programmabile tramite la separazione dell’unità di controllo e l'unità di instradamento, rendendo quindi i nodi di rete (come ad es. router o switch) esclusivamente hardware che inoltra pacchetti di dati secondo le regole dettate dal controller. OpenFlow rappresenta lo standard dominante nella tecnologia SDN in grado di far comunicare l'unità controller e l'hardware di uno o più nodi di rete. L'utilizzo di OpenFlow consente maggiore dinamicità e agevolazione nella personalizzazione della rete attraverso un'interfaccia utente, includendo svariate funzioni quali la modifica e l’automatizzazione delle regole di instradamento, la creazione di una rete virtuale dotata di nodi logici o la possibilità di monitorare il traffico accrescendo la sicurezza della propria rete.
17
Ridolfi, Pietro. "SDN: il futuro della rete - stato dell'arte e casi reali." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2015. http://amslaurea.unibo.it/9107/.
Full textAbstract:
La tesi analizza un emergente paradigma di rete, Software Defined Network, evidenziandone i punti di forza e mettendone quindi in luce i conseguenti vantaggi, le potenzialità, le limitazioni, l’attuabilità e i benefici, nonché eventuali punti di debolezza.
18
Rivera, Polanco Sergio A. "AUTOMATED NETWORK SECURITY WITH EXCEPTIONS USING SDN." UKnowledge, 2019. https://uknowledge.uky.edu/cs_etds/87.
Full textAbstract:
Campus networks have recently experienced a proliferation of devices ranging from personal use devices (e.g. smartphones, laptops, tablets), to special-purpose network equipment (e.g. firewalls, network address translation boxes, network caches, load balancers, virtual private network servers, and authentication servers), as well as special-purpose systems (badge readers, IP phones, cameras, location trackers, etc.). To establish directives and regulations regarding the ways in which these heterogeneous systems are allowed to interact with each other and the network infrastructure, organizations typically appoint policy writing committees (PWCs) to create acceptable use policy (AUP) documents describing the rules and behavioral guidelines that all campus network interactions must abide by.
While users are the audience for AUP documents produced by an organization's PWC, network administrators are the responsible party enforcing the contents of such policies using low-level CLI instructions and configuration files that are typically difficult to understand and are almost impossible to show that they do, in fact, enforce the AUPs. In other words, mapping the contents of imprecise unstructured sentences into technical configurations is a challenging task that relies on the interpretation and expertise of the network operator carrying out the policy enforcement. Moreover, there are multiple places where policy enforcement can take place. For example, policies governing servers (e.g., web, mail, and file servers) are often encoded into the server's configuration files. However, from a security perspective, conflating policy enforcement with server configuration is a dangerous practice because minor server misconfigurations could open up avenues for security exploits. On the other hand, policies that are enforced in the network tend to rarely change over time and are often based on one-size-fits-all policies that can severely limit the fast-paced dynamics of emerging research workflows found in campus networks.
This dissertation addresses the above problems by leveraging recent advances in Software-Defined Networking (SDN) to support systems that enable novel in-network approaches developed to support an organization's network security policies. Namely, we introduce PoLanCO, a human-readable yet technically-precise policy language that serves as a middle-ground between the imprecise statements found in AUPs and the technical low-level mechanisms used to implement them. Real-world examples show that PoLanCO is capable of implementing a wide range of policies found in campus networks. In addition, we also present the concept of Network Security Caps, an enforcement layer that separates server/device functionality from policy enforcement. A Network Security Cap intercepts packets coming from, and going to, servers and ensures policy compliance before allowing network devices to process packets using the traditional forwarding mechanisms. Lastly, we propose the on-demand security exceptions model to cope with the dynamics of emerging research workflows that are not suited for a one-size-fits-all security approach. In the proposed model, network users and providers establish trust relationships that can be used to temporarily bypass the policy compliance checks applied to general-purpose traffic -- typically by network appliances that perform Deep Packet Inspection, thereby creating network bottlenecks. We describe the components of a prototype exception system as well as experiments showing that through short-lived exceptions researchers can realize significant improvements for their special-purpose traffic.
19
Aklamanu, Fred Kwasi Mawufemor. "Intent-based networking for 5G mobile networks." Electronic Thesis or Diss., Institut polytechnique de Paris, 2020. http://www.theses.fr/2020IPPAS013.
Full textAbstract:
Les réseaux mobiles utilisent actuellement une approche impérative pour la fourniture de services réseaux et la gestion du cycle de vie des services. Les sauts de technologie qui accompagnent la 5G vont attirer des millions de nouveaux utilisateurs et d'énormes volumes de données. Plus Les infrastructure de réseaux atteindront une complexité telle qu'une gestion en mode impératif ne pourra pas suivre la hausse escomptée en demandes de services. Les technologies Software Defined Networking (SDN) et Network Function Virtualisation (NFV) tracent la route pour la programmabilité, la flexibilité et l'évolutivité des réseaux mobiles. Les deux technologies offrent un avantage significatif aux Opérateur de réseau (NOs) en terme de gestion de réseaux et de fourniture de services, et élargissent leur marché aux fournisseurs tiers tels des opérateurs de réseau virtuels (VNOs) et des fournisseurs d'application Over-The-Top (OTT). Cependant, ces technologies reposent toujours sur des approches impératives de gestion et de fourniture de services réseaux. Une approche déclarative pour la gestion des réseaux services est nécessaire pour gérer leur accroissement du réseau de manière transparente, ce qu'offre une approche de réseautage basé sur l'intention (IBN). L'IBN consiste à organiser et à abstraire des ensembles d'instructions complexes de gestion et de configuration de réseaux afin de les exposer aux locataires du réseau sous la forme d'une demande de service simple et sans ambiguïté appelé Intention. L'intention décrit QUOI on demande tandis que le réseau gère COMMENT y répondre. La présente thèse propose un cadre de traitement basé sur les Intentions pour le traitement des requêtes par les marchés verticaux. L'étude se concentre sur l'approvisionnement des tranches de réseau 5G dédiées à des applications. La structure aide à la fois les opérateurs et les locataires du réseau à exprimer leur intention dans un langage de 4eme génération proche du langage humain et en langage de transformation (source-à-source)Mobile networks currently provide an imperative approach to network service provisioning and service life-cycle management. With the rapid technology disruptions, there is a wave that brings onboard millions of users, huge data bulks, and more complex network infrastructures which an imperative management approach will not scale up with the expected increase in demand. Software-Defined Networking (SDN) and Network Function Virtualization (NFV) pave the way for programmability, flexibility, and scalability of mobile networks. Both technologies offer significant advantages to the Network Operators (NOs) in terms of network management and service provisioning, which widens their market to 3rd party providers such as Virtual Network Operators (VNOs) and Over-The-Top (OTT) Application Providers. However, these technologies still rely on imperative approaches to manage and provision network services. A declarative approach to network and service management is essential to handle the growth of networks seamlessly, which an Intent-based networking (IBN) approach provides. IBN consists of organizing and abstracting sets of complex network management and configuration instructions so as to expose them to network tenants in the form of a simple and unambiguous service request called Intent. Intents involve the expression of WHAT while the network handles the HOW. This thesis proposes an Intent-based networking framework for vertical markets with the aim to speed up and simplify the task of network service provisioning and management. The thesis focuses on provisioning 5G network slices using a declarative approach, Intents. The framework aids both operators and network tenants to express their Intent in a high-level language which is close to human language, based on the 4th generation language approach and language transformation (source-to-source) tools. The Intent-Based Networking framework is responsible for the end-to-end deployment of 5G network application slices by staging through different service execution phases including, service configuration, resource allocation, identifying optimal service placement strategy and service lifecycle monitoring without human intervention after Intent expression
20
Franková, Barbora. "Zákonné odposlechy v SDN." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2015. http://www.nusl.cz/ntk/nusl-234982.
Full textAbstract:
This thesis covers utilization of software defined networks for lawful interception purposes. Based on specific implementation of lawful interception system SLIS developed by Sec6Net group, suggests improvements aiming at more precise identification of intercepted users and better effectivity of system resources. First aim is achieved by implementation of a new module for dynamic identification component while the other one alters configuration mechanism for probes and OpenFlow switches.
21
Kamaruddin, Amalina Farhan. "Experimentation on dynamic congestion control in Software Defined Networking (SDN) and Network Function Virtualisation (NFV)." Thesis, Brunel University, 2017. http://bura.brunel.ac.uk/handle/2438/16917.
Full textAbstract:
In this thesis, a novel framework for dynamic congestion control has been proposed. The study is about the congestion control in broadband communication networks. Congestion results when demand temporarily exceeds capacity and leads to severe degradation of Quality of Service (QoS) and possibly loss of traffic. Since traffic is stochastic in nature, high demand may arise anywhere in a network and possibly causing congestion. There are different ways to mitigate the effects of congestion, by rerouting, by aggregation to take advantage of statistical multiplexing, and by discarding too demanding traffic, which is known as admission control. This thesis will try to accommodate as much traffic as possible, and study the effect of routing and aggregation on a rather general mix of traffic types. Software Defined Networking (SDN) and Network Function Virtualization (NFV) are concepts that allow for dynamic configuration of network resources by decoupling control from payload data and allocation of network functions to the most suitable physical node. This allows implementation of a centralised control that takes the state of the entire network into account and configures nodes dynamically to avoid congestion. Assumes that node controls can be expressed in commands supported by OpenFlow v1.3. Due to state dependencies in space and time, the network dynamics are very complex, and resort to a simulation approach. The load in the network depends on many factors, such as traffic characteristics and the traffic matrix, topology and node capacities. To be able to study the impact of control functions, some parts of the environment is fixed, such as the topology and the node capacities, and statistically average the traffic distribution in the network by randomly generated traffic matrices. The traffic consists of approximately equal intensity of smooth, bursty and long memory traffic. By designing an algorithm that route traffic and configure queue resources so that delay is minimised, this thesis chooses the delay to be the optimisation parameter because it is additive and real-time applications are delay sensitive. The optimisation being studied both with respect to total end-to-end delay and maximum end-to-end delay. The delay is used as link weights and paths are determined by Dijkstra's algorithm. Furthermore, nodes are configured to serve the traffic optimally which in turn depends on the routing. The proposed algorithm is a fixed-point system of equations that iteratively evaluates routing - aggregation - delay until an equilibrium point is found. Three strategies are compared: static node configuration where each queue is allocated 1/3 of the node resources and no aggregation, aggregation of real-time (taken as smooth and bursty) traffic onto the same queue, and dynamic aggregation based on the entropy of the traffic streams and their aggregates. The results of the simulation study show good results, with gains of 10-40% in the QoS parameters. By simulation, the positive effects of the proposed routing and aggregation strategy and the usefulness of the algorithm. The proposed algorithm constitutes the central control logic, and the resulting control actions are realisable through the SDN/NFV architecture.
22
Bispo, Pedro José Neves. "A software defined network controller quantitative and qualitative analysis." Master's thesis, Universidade de Aveiro, 2017. http://hdl.handle.net/10773/23475.
Full textAbstract:
Mestrado em Engenharia Eletrónica e TelecomunicaçõesNew challenges are being raised in the networking field with the increasing number of connected devices. The growth of mobile data usage has to be considered as a requirement for the deployment of future 5G networks, especially regarding mobility scenarios. Software-Defined Networking (SDN) enables a greater degree of dynamism and simplification for the deployment of those 5G networks. SDN provides the separation of the control plane from the forwarding plane, allowing more control, adaptability and cost reduction. The growth of SDN integration in new mechanisms and network architectures led to the development of different controller solutions, with a wide variety of characteristics. Several SDN controllers exist, which originated from the different needs of operators and research teams. That resulted in the development of their own controller versions, which made comparison efforts more difficult. As such, this work provides a wider study of several open-source controllers, (namely, OpenDaylight (ODL), Open Network Operative System (ONOS), Ryu and POX), by evaluating not only their performance, but also their characteristics in a qualitative way. Taking performance as a critical issue among SDN controllers, several criteria were evaluated by benchmarking the controllers under different operational conditions, using the Cbench tool. Results are presented regarding both qualitative and quantitative comparisons between those SDN controllers under test.
Com o aumento do número de dispositivos ligados em rede, surgem novos desafios no ramo das redes. A necessidade de acompanhar o crescimento da utilização de dados móveis é um dos requisitos a ter em conta nas futuras redes 5G (5a Geração), sobretudo em cenários de mobilidade. As redes controladas por software (do inglês, Software-Defined Networking (SDN)) permitem a simplificação e dinamismo necessários à criação das referidas redes 5G. As SDNs promovem ainda a separação do plano de controlo do plano de dados, permitindo um maior controlo, adaptabilidade e redução de custos. O crescimento da tecnologia SDN levou ao desenvolvimento de diferentes controladores, com diferentes características. Existem vários controladores SDN, com origem em diferentes necessidades dos operadores e equipas de investigação. Este desenvolvimento individualizado tornou as comparações entre os controladores mais difíceis. Deste modo, o trabalho desenvolvido fornece um estudo mais abrangente de vários controladores open-source (OpenDaylight (ODL), Open Network Operative System (ONOS), Ryu and POX), avaliando não só a sua performance como as suas características de uma forma qualitativa. Considerando a performance crucial nos controladores SDN, foram considerados vários critérios na avaliação dos controladores sob diferentes circunstâncias, utilizando a ferramenta Cbench. Os resultados apresentados são relativos à comparação qualitativa e quantitativa dos controladores em teste.
23
Nasim, Kamraan. "AETOS: An Architecture for Offloading Core LTE Traffic Using Software Defined Networking Concepts." Thesis, Université d'Ottawa / University of Ottawa, 2016. http://hdl.handle.net/10393/35085.
Full textAbstract:
It goes without saying that cellular users of today have an insatiable appetite for bandwidth and data. Data-intensive applications, such as video on demand, online gaming and video conferencing, have gained prominence. This, coupled with recent innovations in the mobile network such as LTE/4G, poses a unique challenge to network operators in how to extract the most value from their deployments all the while reducing their Total Cost of Operations(TCO). To this end, a number of enhancements have been proposed to the ”conventional” LTE mobile network. Most of these recognize the monolithic and non-elastic nature of the mobile backend and propose complimenting core functionality with concepts borrowed from Software Defined Networking (SDN). In this thesis we shall attempt to explore some existing options within the LTE standard to mitigate large traffic churns. We will then review some SDN-enabled alternatives, and attempt to derive a proof based critique on their merits and drawbacks.
24
Isolani, Pedro Heleno. "Interactive monitoring, visualization, and configuration of openflow-based SDN." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2015. http://hdl.handle.net/10183/127452.
Full textAbstract:
Redes Definidas por Software (Software-Defined Networking – SDN) é um paradigma emergente que sem dúvida facilita a inovação e simplifica o gerenciamento da rede. SDN provém esses recursos baseado em quatro princípios fundamentais: (i) os planos de controle e encaminhamento da rede são claramente desacoplados, (ii) as decisões de encaminhamento são baseadas em fluxo ao invés de baseadas em destino, (iii) a lógica de encaminhamento é abstraída do hardware para uma camada de software e (iv) um elemento, chamado controlador, é introduzido para coordenar as decisões de encaminhamento. Atualmente muito se tem discutido acerca do uso de SDN em benefício do gerenciamento de redes – onde SDN é considerado uma ferramenta de gerenciamento –, ao invés de se discutir quais são os novos desafios de gerenciamento que esse paradigma introduz. No contexto de SDN, atividades de gerenciamento como monitoramento, visualização e configuração podem ser consideravelmente diferentes das mesmas realizadas em redes tradicionais, merecendo a devida atenção. Por exemplo, um controlador SDN pode ser customizado por administradores de rede de acordo com suas necessidades. Essas customizações podem impactar em consumo de recursos e desempenho no encaminhamento de tráfego. Tal impacto é difícil de se avaliar porque solucões de gerenciamento de redes tradicionais nao foram projetadas para lidar com o contexto de SDN. Como consequencia, uma solução de gerenciamento de SDN deve ser capaz de ajudar o administrador a entender e controlar como o comportamento do controlador SDN afeta a rede. Considerando esse contexto, nós inicialmente desenvolvemos uma análise do tráfego de controle em SDN visando melhor entender o impacto da comunicação entre controlador e dispositivos de encaminhamento. Em seguida, nós propomos uma abordagem interativa para gerenciamento de SDN através do monitoramento, visualização e configuração da rede incluindo o administrador em um ciclo de atividades de gerenciamento, onde metricas específicas de SDN são monitoradas, processadas e mostradas em visualizações interativas. Assim, o administrador da rede é capaz de configurar/ reconfigurar parâmetros de SDN de acordo com seu/sua necessidade. Para demonstrar a viabilidade da nossa abordagem, nós desenvolvemos um protótipo chamado SDN Interactive Manager. Os resultados obtidos através do protótipo apresentaram que a nossa abordagem é capaz de auxiliar o administrador a melhor entender o impacto da configuração de parâmetros relativos a SDN no desempenho da rede como um todo.Software-Defined Networking (SDN) is an emerging paradigm that arguably facilitates network innovation and simplifies network management. SDN enables these features based on four fundamental principles: (i) network control and forwarding planes are clearly decoupled, (ii) forwarding decisions are flow-based instead of destination-based, (iii) the network forwarding logic is abstracted from a hardware to a programmable software layer, and (iv) an element, called controller, is introduced to coordinate network-wide forwarding decisions. Nowadays, much has been discussed about using SDN principles to improve network management – where SDN is taken as a management tool –, instead of discussing which are the new management challenges that this network paradigm introduces. In the context of SDN, management activities, such as monitoring, visualization, and configuration can be considerably different from traditional networks, thus deserving proper attention. For example, an SDN controller can be customized by network administrators according to their needs. Such customizations might pose an impact on resource consumption and traffic forwarding performance, which is difficult to assess because traditional network management solutions were not designed to cope with the context of SDN. As a consequence, an SDN-tailored management solution must be able to help the administrator to understand and control how the SDN controller behavior affects the network. Considering this context, we initially performed an analysis of control traffic in SDN aiming to better understand the impact of the communication between the controller and forwarding devices. Afterwards, we propose an interactive approach to SDN management through monitoring, visualization, and configuration that includes the administrator in the management loop, where SDN-specific metrics are monitored, processed, and displayed in interactive visualizations. Thus, the administrator is able to make decisions and configure/reconfigure SDN-related parameters according to his/her needs. To show the feasibility of our approach a prototype has been developed, called SDN Interactive Manager. The results obtained with this prototype show that our approach can help the administrator to better understand the impact of configuring SDN-related parameters on the overall network performance.
25
Ekanayake, Mudiyanselage Wijaya Dheeshakthi. "An SDN-based Framework for QoSaware Mobile Cloud Computing." Thesis, Université d'Ottawa / University of Ottawa, 2016. http://hdl.handle.net/10393/35117.
Full textAbstract:
In mobile cloud computing (MCC), rich mobile application data is processed at the cloud infrastructure by reliving resource limited mobile devices from computationally complex tasks. However, due to the ubiquitous and mobility nature, providing time critical rich applications over remote cloud infrastructure is a challenging task for mobile application service providers. Therefore, according to the literature, close proximity placement of cloud services has been identified as a way to achieve lower end-to-end access delay and thereby provide a higher quality of experience (QoE) for rich mobile application users. However, providing a higher Quality of Service (QoS) with mobility is still a challenge within close proximity clouds. Access delay to a closely placed cloud tends to be increased over time when users move away from the cloud. However, reactive resource relocation mechanism proposed in literature does not provide a comprehensive mechanism to guarantee the QoS and as well as to minimize service provisioning cost for mobile cloud service providers.
As a result, using the benefits of SDN and the data plane programmability with logically centralized controllers, a resource allocation framework was
proposed for IaaS mobile clouds with regional datacenters. The user mobility problem was analyzed within SDN-enabled wireless networks and addressed the possible service level agreement violations that could occur with inter-regional mobility. The proposed framework is composed of an optimization algorithm to provide seamless cloud service during user mobility. Further a service provisioning cost minimization criteria was considered during an event of resource allocation and inter-regional user mobility.
26
Calabrigo, Adam Chase. "SD-MCAN: A Software-Defined Solution for IP Mobility in Campus Area Networks." DigitalCommons@CalPoly, 2017. https://digitalcommons.calpoly.edu/theses/1797.
Full textAbstract:
Campus Area Networks (CANs) are a subset of enterprise networks, comprised of a network core connecting multiple Local Area Networks (LANs) across a college campus. Traditionally, hosts connect to the CAN via a single point of attachment; however, the past decade has seen the employment of mobile computing rise dramatically. Mobile devices must obtain new Internet Protocol (IP) addresses at each LAN as they migrate, wasting address space and disrupting host services. To prevent these issues, modern CANs should support IP mobility: allowing devices to keep a single IP address as they migrate between LANs with low-latency handoffs. Traditional approaches to mobility may be difficult to deploy and often lead to inefficient routing, but Software-Defined Networking (SDN) provides an intriguing alternative. This thesis identifies necessary requirements for a software-defined IP mobility system and then proposes one such system, the Software-Defined Mobile Campus Area Network (SD-MCAN) architecture. SD-MCAN employs an OpenFlow-based hybrid, label-switched routing scheme to efficiently route traffic flows between mobile hosts on the CAN. The proposed architecture is then implemented as an application on the existing POX controller and evaluated on virtual and hardware testbeds. Experimental results show that SD-MCAN can process handoffs with less than 90 ms latency, suggesting that the system can support data-intensive services on mobile host devices. Finally, the POX prototype is open-sourced to aid in future research.
27
Carpa, Radu. "Energy Efficient Traffic Engineering in Software Defined Networks." Thesis, Lyon, 2017. http://www.theses.fr/2017LYSEN065/document.
Full textAbstract:
Ce travail a pour but d'améliorer l'efficacité énergétique des réseaux de cœur en éteignant un sous-ensemble de liens par une approche SDN (Software Defined Network). Nous nous différencions des nombreux travaux de ce domaine par une réactivité accrue aux variations des conditions réseaux. Cela a été rendu possible grâce à une complexité calculatoire réduite et une attention particulière au surcoût induit par les échanges de données. Pour valider les solutions proposées, nous les avons testées sur une plateforme spécialement construite à cet effet.Dans la première partie de cette thèse, nous présentons l'architecture logicielle ``SegmenT Routing based Energy Efficient Traffic Engineering'' (STREETE). Le cœur de la solution repose sur un re-routage dynamique du trafic en fonction de la charge du réseau dans le but d'éteindre certains liens peu utilisés. Cette solution utilise des algorithmes de graphes dynamiques pour réduire la complexité calculatoire et atteindre des temps de calcul de l'ordre des millisecondes sur un réseau de 50 nœuds. Nos solutions ont aussi été validées sur une plateforme de test comprenant le contrôleur SDN ONOS et des commutateurs OpenFlow. Nous comparons nos algorithmes aux solutions optimales obtenues grâce à des techniques de programmation linéaires en nombres entiers et montrons que le nombre de liens allumés peut être efficacement réduit pour diminuer la consommation électrique tout en évitant de surcharger le réseau.Dans la deuxième partie de cette thèse, nous cherchons à améliorer la performance de STREETE dans le cas d’une forte charge, qui ne peut pas être écoulée par le réseau si des algorithmes de routages à plus courts chemins sont utilisés. Nous analysons des méthodes d'équilibrage de charge pour obtenir un placement presque optimal des flux dans le réseau.Dans la dernière partie, nous évaluons la combinaison des deux techniques proposées précédemment : STREETE avec équilibrage de charge. Ensuite, nous utilisons notre plateforme de test pour analyser l'impact de re-routages fréquents sur les flux TCP. Cela nous permet de donner des indications sur des améliorations à prendre en compte afin d'éviter des instabilités causées par des basculements incontrôlés des flux réseau entre des chemins alternatifs. Nous croyons à l'importance de fournir des résultats reproductibles à la communauté scientifique. Ainsi, une grande partie des résultats présentés dans cette thèse peuvent être facilement reproduits à l'aide des instructions et logiciels fournisThis work seeks to improve the energy efficiency of backbone networks by automatically managing the paths of network flows to reduce the over-provisioning. Compared to numerous works in this field, we stand out by focusing on low computational complexity and smooth deployment of the proposed solution in the context of Software Defined Networks (SDN). To ensure that we meet these requirements, we validate the proposed solutions on a network testbed built for this purpose. Moreover, we believe that it is indispensable for the research community in computer science to improve the reproducibility of experiments. Thus, one can reproduce most of the results presented in this thesis by following a couple of simple steps. In the first part of this thesis, we present a framework for putting links and line cards into sleep mode during off-peak periods and rapidly bringing them back on when more network capacity is needed. The solution, which we term ``SegmenT Routing based Energy Efficient Traffic Engineering'' (STREETE), was implemented using state-of-art dynamic graph algorithms. STREETE achieves execution times of tens of milliseconds on a 50-node network. The approach was also validated on a testbed using the ONOS SDN controller along with OpenFlow switches. We compared our algorithm against optimal solutions obtained via a Mixed Integer Linear Programming (MILP) model to demonstrate that it can effectively prevent network congestion, avoid turning-on unneeded links, and provide excellent energy-efficiency. The second part of this thesis studies solutions for maximizing the utilization of existing components to extend the STREETE framework to workloads that are not very well handled by its original form. This includes the high network loads that cannot be routed through the network without a fine-grained management of the flows. In this part, we diverge from the shortest path routing, which is traditionally used in computer networks, and perform a particular load balancing of the network flows. In the last part of this thesis, we combine STREETE with the proposed load balancing technique and evaluate the performance of this combination both regarding turned-off links and in its ability to keep the network out of congestion. After that, we use our network testbed to evaluate the impact of our solutions on the TCP flows and provide an intuition about the additional constraints that must be considered to avoid instabilities due to traffic oscillations between multiple paths
28
Scalzotto, Luca. "Software Defined Networking-enabled IoT Middleware for Event Prioritization in Emergency Scenarios." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2019. http://amslaurea.unibo.it/17390/.
Full textAbstract:
Nell'estate del 2018, la California è stata colpita da numerosi incendi che sono divampati in tutta la regione. Situazioni di questo tipo causano gravi malfunzionamenti nell'infrastruttura di rete (i.e. limitazione della banda di rete disponibile per l'invio di messaggi). Malfunzionamenti nelle tecnologie comunicazione impediscono ai soccorritori una coordinazione efficace e causano un maggior numero di vittime e feriti, e danni materiali ingenti. Il progetto di tesi si propone come obiettivo la progettazione e la realizzazione di una soluzione IoT middleware in grado di garantire la continuità dei servizi di comunicazione nelle regioni interessate da catastrofi naturali. A tal scopo, il middleware applica politiche di prioritizzazione dei messaggi e scarto dei messaggi meno rilevanti. Per calcolare le priorità e le probabilità di scarto dei diversi tipi di messaggi, il middleware utilizza algoritmi innovativi. Tali algoritmi mirano a massimizzare funzioni di utilità definite dai riceventi, considerando i limiti imposti dall'infrastruttura di rete. I diversi algoritmi proposti vengono confrontati tra di loro, valutando efficacia delle politiche applicate ed efficienza di calcolo. La tecnologia Software-defined networking viene utilizzata per imporre le politiche di prioritizzazione e scarto dei messaggi al livello di rete (i.e. nell'infrastruttura di rete). Per dimostrare l'efficacia dell'approccio utilizzato, il middleware viene confrontato con soluzioni alternative: un sistema che non applica politiche di prioritizzazione dei messaggi e scarto dei messaggi meno rilevanti, un sistema che applica solamente politiche di prioritizzazione dei messaggi. I test effettuati dimostrano come l'approccio proposto migliori considerevolmente il valore informativo dei messaggi ricevuti (i.e. messaggi generalmente più rilevanti) e la latenza sperimentata dai riceventi.
29
Arbiza, Lucas Mendes Ribeiro. "SDN no contexto de IoT : refatoração de middleware para monitoramento de pacientes crônicos baseada em software-defined networking." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2016. http://hdl.handle.net/10183/134368.
Full textAbstract:
Algumas palavras e definições comumente utilizadas quando se está falando de Software-Defined Networking, como programabilidade, flexibilidade, ou gerenciamento centralizado, parecem muito apropriadas ao contexto de um outro paradigma de rede: Internet of Things. Em redes domésticas já não é incomum a existência de dispositivos projetados para segurança, climatização, iluminação, monitoramento de saúde e algumas formas de automação que diferem entre si em diversos aspectos, como no modo de operar e de se comunicar. Lidar com este tipo de cenário, que pode diferir bastante daquilo que estamos acostumados na gerência de redes e serviços, fazendo uso dos recursos tradicionais como ferramentas e protocolos bem estabelecidos, pode ser difícil e, em alguns casos, inviável. Com o objetivo de possibilitar o monitoramento remoto de pacientes com doenças crônicas através de dispositivos de healthcare disponíveis no mercado, uma proposta de middleware foi desenvolvida em um projeto de pesquisa para contornar as limitações relacionadas à interoperabilidade, coleta de dados, gerência, segurança e privacidade encontradas nos dispositivos utilizados. O middleware foi projetado com o intuito de executar em access points instalados na casa dos pacientes. Contudo, as limitações de hardware e software do access point utilizado refletem no desenvolvimento, pois restringem o uso de linguagens de programação e recursos que poderiam agilizar e facilitar a implementação dos módulos e dos mecanismos necessários. Os contratempos encontrados no desenvolvimento motivaram a busca por alternativas, o que resultou na refatoração do middleware através de Software-Defined Networking, baseando-se em trabalhos que exploram o uso desse paradigma em redes domésticas. O objetivo deste trabalho é verificar a viabilidade da utilização de Software-Defined Networking no contexto de Internet of Things, mais especificamente, aplicado ao serviço de monitoramento de pacientes da proposta anterior e explorar os possíveis benefícios resultantes. Com a refatoração, a maior parte da carga de serviços da rede e do monitoramento foi distribuída entre servidores remotos dedicados, com isso os desenvolvedores podem ir além das restrições do access point e fazer uso de recursos antes não disponíveis, o que potencializa um processo de desenvolvimento mais ágil e com funcionalidades mais complexas, ampliando as possibilidades do serviço. Adicionalmente, a utilização de Software-Defined Networking proporcionou a entrega de mais de um serviço através de um único access point, escalabilidade e autonomia no gerenciamento das redes e dos dispositivos e na implantação de serviços, fazendo uso de recursos do protocolo OpenFlow, e a cooperação entre dispositivos e serviços a fim de se criar uma representação digital mais ampla do ambiente monitorado.Some words and definitions usually employed when talking about Software-Defined Networking such as programmability, frexibility, or centralized management sound very appropriate to the context of another network paradigm: Internet of Things. The presence of devices designed for security, air conditioning, lighting, health monitoring and some other automation resources have become common in home networks; those devices may be different in many ways, such as the way they operate and communicate, between others. Dealing with this kind of scenario may differ in many ways from what we are familiar regarding networking and services management; the use of traditional management tools and protocols may be hard or even unfeasible. Aiming to enable the health monitoring of patients with chronical illnesses through using off-the-shelf healthcare devices a middleware proposal was developed in a research project to circumvent interoperability, data collecting, management, security and privacy issues found in employed devices. The middleware was designed to run on access points in the homes of the patients. Although hardware and software limitations of the used access points reflect on the development process, because they restrict the use of programming languages and resources that could be employed to expedite the implementation of necessary modules and features. Development related mishaps have motivated the search for alternatives resulting in the middleware refactoring through Software-Defined Networking, based on previous works where that paradigm is used in home networks. This work aims to verify the feasability of the employment of Software- Defined Networking in the Internet of Things context, and its resulting benefits; specifically in the health monitoring of chronic patients service from the previous proposal. After refactoring most of the network and services load was distributed among remote dedicated servers allowing developers to go beyond the limitations imposed by access points constraints, and to make use of resources not available before enabling agility to the development process; it also enables the development of more complex features expanding services possibilities. Additionally Software-Defined Networking employment provides benefits such as the delivering of more than only one service through the same access point; scalability and autonomy to the network and devices monitoring, as to the service deployment through the use of OpenFlow resources; and devices and services cooperation enabling the built of a wider digital representation of the monitored environment.
30
Alharbi, Faisal. "SDN-BASED MECHANISMS FOR PROVISIONING QUALITY OF SERVICE TO SELECTED NETWORK FLOWS." UKnowledge, 2018. https://uknowledge.uky.edu/cs_etds/72.
Full textAbstract:
Despite the huge success and adoption of computer networks in the recent decades, traditional network architecture falls short of some requirements by many applications. One particular shortcoming is the lack of convenient methods for providing quality of service (QoS) guarantee to various network applications. In this dissertation, we explore new Software-Defined Networking (SDN) mechanisms to provision QoS to targeted network flows. Our study contributes to providing QoS support to applications in three aspects. First, we explore using alternative routing paths for selected flows that have QoS requirements. Instead of using the default shortest path used by the current network routing protocols, we investigate using the SDN controller to install forwarding rules in switches that can achieve higher bandwidth. Second, we develop new mechanisms for guaranteeing the latency requirement by those applications depending on timely delivery of sensor data and control signals. The new mechanism pre-allocates higher priority queues in routers/switches and reserves these queues for control/sensor traffic. Third, we explore how to make the applications take advantage of the opportunity provided by SDN. In particular, we study new transmission mechanisms for big data transfer in the cloud computing environment. Instead of using a single TCP path to transfer data, we investigate how to let the application set up multiple TCP paths for the same application to achieve higher throughput. We evaluate these new mechanisms with experiments and compare them with existing approaches.
31
Marciniak, Petr. "Vyvažování zátěže v sítích OpenFlow." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236205.
Full textAbstract:
The aim of this thesis is to develop a load balancing tool for OpenFlow networks. Software-defined networking (SDN) principles are introduced (OpenFlow protocol used as an example) and compared to the legacy routing and switching technology. Openflow is the first protocol/API enabling communication between the control and infrastructure planes of the software-defined networking model. Key features of the protocol are described and several OpenFlow controllers are introduced. Current best practices in computer networks load balancing are discussed as well. The load balancing application development process is described including the test laboratory setups - Mininet (SW) and OFELIA (HW). The application test results are evaluated and possible further enhancements to the program are discussed.
32
Hasan, Hasanein. "Enhancing performance of conventional computer networks employing selected SDN principles." Thesis, Brunel University, 2016. http://bura.brunel.ac.uk/handle/2438/14457.
Full textAbstract:
This research is related to computer networks. In this thesis, three main issues are addressed which affect the performance of any computer network: congestion, efficient resources utilization and link failure. Those issues are related to each other in many situations. Many approaches have been suggested to deal with those issues as well as many solutions were applied. Despite all the improvements of the technology and the proposed solutions, those issues continue to be a burden on the system’s performance. This effect is related to the increase of the Quality of Service (QoS) requirements in modern networks. The basic idea of this research is evolving the intelligence of a conventional computer network when dealing with those issues by adding some features of the Software Defined Networking (SDN). This adoption upgrades the conventional computer network system to be more dynamic and higher self-organizing when dealing with those issues. This idea is applied on a system represented by a computer network that uses the Open Shortest Path First (OSPF) routing protocol. The first improvement deals with the distribution of Internet Protocol (IP) routed flows. The second improvement deals with tunnel establishment that serves Multi-Protocol Label Switching (MPLS) routed flows and the third improvement deals with bandwidth reservation when applying network restoration represented by Fast Re-route (FRR) mechanism to sooth the effect of link failure in OSPF/MPLS routed network. This idea is also applied on another system that uses the Enhanced Interior Gateway Routing Protocol (EIGRP) to improve the performance of its routing algorithm. Adopting the SDN notion is achieved by adding an intelligent controller to the system and creating a dialog of messages between the controller and the conventional routers. This requires upgrading the routers to respond to the new modified system. Our proposed approaches are presented with simulations of different configurations which produce fine results.
33
Jamaliannasrabadi, Saba. "High Performance Computing as a Service in the Cloud Using Software-Defined Networking." Bowling Green State University / OhioLINK, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=bgsu1433963448.
Full text
34
Niyaz, Quamar. "Design and Implementation of a Deep Learning based Intrusion Detection System in Software-Defined Networking Environment." University of Toledo / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1501785493311223.
Full text
35
Zacarias, Iulisloi. "Employing concepts of the SDN paradigm to support last-mile military tactical edge networks." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2018. http://hdl.handle.net/10183/183191.
Full textAbstract:
Em um futuro próximo, “dispositivos inteligentes” serão massivamente empregados em campos de batalha. Essa já é uma realidade, porém, o número de dispositivos utilizados em campos de batalha tende a aumentar em ordens de magnitude. As redes de comunicação de dados serão essenciais para transmitir os dados que esses dispositivos coletam e transformá-los em informações valiosas utilizadas como suporte à atuação humana. O suporte à tomada de decisão, ou mesmo níveis de autonomia, permitindo que estes dispositivos coordenem outros dispositivos, exigem comunicação contínua. Desafios relacionados à comunicação surgirão devido à dinamicidade do ambiente. A configuração da rede deve refletir decisões superiores automaticamente. A grande escala das redes conectando os altos escalões, tropas, veículos e sensores, aliada à falta de padronização dos dispositivos, tornará a integração destes desafiadora. Em um ambiente tão heterogêneo, muitos protocolos e tecnologias coexistirão. As redes de campo de batalha são um elemento de suma importância nas operações militares modernas e conceito de guerra centrada em rede é uma tendência sem volta e influencia desde os altos escalões até o controle de tropas Embora estudos tenham sido realizados nessa área, a maioria deles aborda redes estratégicas de alto nível e portanto não levam em conta as “redes táticas de última milha” (TEN), que compreendem dispositivos de comunicação com recursos limitados, como sensores ou ainda pequenos veículos aéreos não tripulados. Em uma tentativa de preencher esta lacuna, esse trabalho propõe uma arquitetura que combina conceitos dos paradigmas de redes definidas por software (SDN) juntamente com redes tolerantes à atraso/disrupçoes (DTN), para aplicação em redes táticas de última milha. O uso de SDN em cenários com nodos móveis é avaliado considerando uma aplicação de vigilância que utiliza streaming de vídeo e medidas de Qualidade de Experiência (QoE) de usuário são coletadas. Com base nos resultados obtidos, uma aplicação em conjunto dos conceitos de SDN e DTN é proposta, além disso abordamos a escolha do nodo que atuará como controlador SDN na rede. Os experimentos foram executados utilizando um emulador de redes. Apesar de pesquisas adicionais serem necessárias – considerado requisitos de segurança, por exemplo – os resultados foram promissores e demonstram a aplicabilidade destes conceitos no cenários das TENs.The future battlefield tends to be populated by a plethora of “intelligent things”. In some ways, this is already a reality, but in future battlefields, the number of deployed things should be orders of magnitude higher. Networked communication is essential to take real advantage of the deployed devices on the battlefield, and to transform the data collected by them into information valuable for the human warfighters. Support for human decision making and even a level of autonomy, allowing devices to coordinate and interact with each other to execute their activities in a collaborative way require continuous communication. Challenges regarding communication will arise from the high dynamics of the environment. The network adaption and management should occur autonomously, and it should reflect upper-level decisions. The large scale of the network connecting high-level echelons, troops on the field, and sensors of many types, beside the lack of communication standards turn the integration of the devices more challenging. In such a heterogeneous environment, many protocols and communication technologies coexist. This way, battlefield networks is an element of paramount importance in modern military operations Additionally, a change of paradigm regarding levels of autonomy and cooperation between humans and machines is in course and the concept of network-centric warfare is a no way back trend. Although new studies have been carried out in this area, most of these concern higher-level strategic networks, with abundant resources. Thus, these studies fail to take into account the “last-mile Tactical Edge Network (TEN) level,” which comprises resource constrained communication devices carried by troopers, sensor nodes deployed on the field or small unmanned aerial vehicles. In an attempt to fill this gap, this work proposes an architecture combining concepts from software-defined networking (SDN) paradigm and the delay-tolerant approach to support applications in the last-mile TEN. First, the use of SDN in dynamic scenarios regarding node positioning is evaluated through a surveillance application using video streaming and Quality of Experience (QoE) measures are captured on the video player. We also explore the election of nodes to act as SDN Controllers in the TEN environment. The experiments use emulator for SDN with support to wireless networks. Further investigation is required, for example, considering security requirements, however the results are promising and demonstrate the applicability of this architecture in the TEN network scenario.
36
Olivi, Matteo. "Design of a Kubernetes-based Software-Defined Network Control Plane." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2020.
Find full textAbstract:
Negli ultimi anni, Kubernetes è emerso come l’orchestratore di applicazioni a containers dominante. Il suo design è basato su un’API che permette di descrivere in modo dichiarativo lo stato desiderato delle applicazioni e su un piano di controllo che lavora per far convergere lo stato effettivo delle applicazioni verso lo stato desiderato, ottenendo fault-tolerance, self-healing ed elevata scalabilità. Questo design pattern si è dimostrato estremamente efficace per la gestione dei container, ma è abbastanza generale da poter essere usato per orchestrare con successo qualsiasi tipo di risorsa virtuale che viene tradizionalmente offerta mediante il paradigma del cloud IaaS. Abbiamo testato questa idea estendendo Kubernetes per fargli gestire, oltre alle usuali applicazioni a containers, delle reti virtuali. Così facendo abbiamo di fatto realizzato il prototipo di un piano di controllo di una SoftwareDefined Network. Nel fare ciò sono emersi sia punti di forza che debolezze del design pattern di Kubernetes e delle librerie open source che lo supportano. Per verificare che il sistema ottenuto abbia una scalabilità adeguata a quella necessaria nei moderni cloud data centers, abbiamo condotto uno studio di performance.
37
Berriri, Asma. "Model based testing techniques for software defined networks." Thesis, Université Paris-Saclay (ComUE), 2019. http://www.theses.fr/2019SACLL017/document.
Full textAbstract:
Les réseaux logiciels (connus sous l'éppellation: Software Defined Networking, SDN), qui s'appuient sur le paradigme de séparation du plan de contrôle et du plan d'acheminement, ont fortement progressé ces dernières années pour permettre la programmabilité des réseaux et faciliter leur gestion. Reconnu aujourd'hui comme des architectures logicielles pilotées par des applications, offrant plus de programmabilité, de flexibilité et de simplification des infrastructures, les réseaux logiciels sont de plus en plus largement adoptés et graduellement déployés par l'ensemble des fournisseurs. Néanmoins, l'émergence de ce type d'architectures pose un ensemble de questions fondamentales sur la manière de garantir leur correct fonctionnement. L'architecture logicielle SDN est elle-même un système complexe à plusieurs composants vulnérable aux erreurs. Il est essentiel d'en assurer le bon fonctionnement avant déploiement et intégration dans les infrastructures.Dans la littérature, la manière de réaliser cette tâche n'a été étudiée de manière approfondie qu'à l'aide de vérification formelle. Les méthodes de tests s'appuyant sur des modèles n'ont guère retenu l'attention de la communauté scientifique bien que leur pertinence et l'efficacité des tests associés ont été largement demontrés dans le domaine du développement logiciel. La création d'approches de test efficaces et réutilisables basées sur des modèles nous semble une approche appropriée avant tout déploiement de réseaux virtuels et de leurs composants. Le problème abordé dans cette thèse concerne l'utilisation de modèles formels pour garantir un comportement fonctionnel correct des architectures SDN ainsi que de leurs composants. Des approches formelles, structurées et efficaces de génération de tests sont les principale contributions de la thèse. En outre, l'automatisation du processus de test est mis en relief car elle peut en réduire considérablement les efforts et le coût.La première contribution consiste en une méthode reposant sur l'énumération de graphes et qui vise le test fonctionnel des architectures SDN. En second lieu, une méthode basée sur un circuit logique est développée pour tester la fonctionnalité de transmission d'un commutateur SDN. Plus loin, cette dernière méthode est étendue pour tester une application d'un contrôleur SDN. De plus, une technique basée sur une machine à états finis étendus est introduite pour tester la communication commutateur-contrôleur.Comme la qualité d'une suite de tests est généralement mesurée par sa couverture de fautes, les méthodes de test proposées introduisent différents modèles de fautes et génèrent des suites de tests avec une couverture de fautes guarantieHaving gained momentum from its concept of decoupling the traffic control from the underlying traffic transmission, Software Defined Networking (SDN) is a new networking paradigm that is progressing rapidly addressing some of the long-standing challenges in computer networks. Since they are valuable and crucial for networking, SDN architectures are subject to be widely deployed and are expected to have the greatest impact in the near future. The emergence of SDN architectures raises a set of fundamental questions about how to guarantee their correctness. Although their goal is to simplify the management of networks, the challenge is that the SDN software architecture itself is a complex and multi-component system which is failure-prone. Therefore, assuring the correct functional behaviour of such architectures and related SDN components is a task of paramount importance, yet, decidedly challenging.How to achieve this task, however, has only been intensively investigated using formal verification, with little attention paid to model based testing methods. Furthermore, the relevance of models and the efficiency of model based testing have been demonstrated for software engineering and particularly for network protocols. Thus, the creation of efficient and reusable model based testing approaches becomes an important stage before the deployment of virtual networks and related components. The problem addressed in this thesis relates to the use of formal models for guaranteeing the correct functional behaviour of SDN architectures and their corresponding components. Formal, and effective test generation approaches are in the primary focus of the thesis. In addition, automation of the test process is targeted as it can considerably cut the efforts and cost of testing.The main contributions of the thesis relate to model based techniques for deriving high quality test suites. Firstly, a method relying on graph enumeration is proposed for the functional testing of SDN architectures. Secondly, a method based on logic circuit is developed for testing the forwarding functionality of an SDN switch. Further on, the latter method is extended to test an application of an SDN controller. Additionally, a technique based on an extended finite state machine is introduced for testing the switch-to-controller communication. As the quality of a test suite is usually measured by its fault coverage, the proposed testing methods introduce different fault models and seek for test suites with guaranteed fault coverage that can be stated as sufficient conditions for a test suite completeness / exhaustiveness
38
Barattini, Daniel. "Supporto a micro-servizi per controller SDN ad alta scalabilità e affidabilità." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2020. http://amslaurea.unibo.it/21428/.
Full textAbstract:
L'attuale architettura di rete sta mostrando, nel tempo, un numero sempre più elevato di limiti derivanti principalmente dall'integrazione del piano di controllo e del piano di inoltro all'interno dei dispositivi di rete che la compongono. Uno dei più promettenti paradigmi che consente di superare queste limitazioni è SDN (Software-Defined Networking), che si basa sull'idea di estrarre il piano di controllo dai dispositivi di rete per inserirlo all'interno di un nuovo componente logicamente centralizzato: il controller SDN. Le attuali e più popolari implementazioni di controller SDN utilizzano però un’architettura monolitica che limita l’affidabilità e la scalabilità del sistema. L’obbiettivo di questa Tesi consiste quindi nell'implementazione di un prototipo di controller SDN che fornisca supporto a micro-servizi e nella sua relativa sperimentazione.
39
Tammana, Praveen Aravind Babu. "Software-defined datacenter network debugging." Thesis, University of Edinburgh, 2018. http://hdl.handle.net/1842/31326.
Full textAbstract:
Software-defined Networking (SDN) enables flexible network management, but as networks evolve to a large number of end-points with diverse network policies, higher speed, and higher utilization, abstraction of networks by SDN makes monitoring and debugging network problems increasingly harder and challenging. While some problems impact packet processing in the data plane (e.g., congestion), some cause policy deployment failures (e.g., hardware bugs); both create inconsistency between operator intent and actual network behavior. Existing debugging tools are not sufficient to accurately detect, localize, and understand the root cause of problems observed in a large-scale networks; either they lack in-network resources (compute, memory, or/and network bandwidth) or take long time for debugging network problems. This thesis presents three debugging tools: PathDump, SwitchPointer, and Scout, and a technique for tracing packet trajectories called CherryPick. We call for a different approach to network monitoring and debugging: in contrast to implementing debugging functionality entirely in-network, we should carefully partition the debugging tasks between end-hosts and network elements. Towards this direction, we present CherryPick, PathDump, and SwitchPointer. The core of CherryPick is to cherry-pick the links that are key to representing an end-to-end path of a packet, and to embed picked linkIDs into its header on its way to destination. PathDump is an end-host based network debugger based on tracing packet trajectories, and exploits resources at the end-hosts to implement various monitoring and debugging functionalities. PathDump currently runs over a real network comprising only of commodity hardware, and yet, can support surprisingly a large class of network debugging problems with minimal in-network functionality. The key contributions of SwitchPointer is to efficiently provide network visibility to end-host based network debuggers like PathDump by using switch memory as a "directory service" - each switch, rather than storing telemetry data necessary for debugging functionalities, stores pointers to end hosts where relevant telemetry data is stored. The key design choice of thinking about memory as a directory service allows to solve performance problems that were hard or infeasible with existing designs. Finally, we present and solve a network policy fault localization problem that arises in operating policy management frameworks for a production network. We develop Scout, a fully-automated system that localizes faults in a large scale policy deployment and further pin-points the physical-level failures which are most likely cause for observed faults.
40
Aimi, Leonardo. "Orchestrazione di Risorse Distribuite in Scenari Network Function Virtualization e Software Defined Networking Integrati." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2018.
Find full textAbstract:
Software-defined Networking (SDN) e Network Function Virtualization (NFV) sono due modelli che negli ultimi anni hanno contribuito a rivoluzionare il modo con cui gli operatori di rete organizzano le proprie architetture.
SDN propone una separazione del livello di controllo da quello architetturale avvalendosi di protocolli aperti e standard, come OpenFlow, per permettere la comunicazione tra i dispositivi di rete, privati di logica e intelligenza, con un controller di più alto livello, arricchito di funzionalità e con una visione globale della topologia di rete.
NFV si basa sul concetto di virtualizzazione permettendo un completo disaccoppiamento tra i servizi di rete offerti da un operatore ed i dispositivi hardware su cui questi vengono installati ed eseguiti.
L'obiettivo di questa tesi è quello di delineare un modello di integrazione tra SDN e NFV per l'orchestrazione di risorse di rete distribuite. Si vuole così creare un testbed architetturale mediante software open source come ONOS e Mininet tenendo in considerazione i limiti ed i requisiti di SDN e NFV all'interno di uno scenario di rete simulato.
41
Ceron, João Marcelo. "MARS: uma arquitetura para análise de malwares utilizando SDN." Universidade de São Paulo, 2017. http://www.teses.usp.br/teses/disponiveis/3/3141/tde-28022018-105426/.
Full textAbstract:
Detectar e analisar malwares é um processo essencial para aprimorar os sistemas de segurança. As soluções atuais apresentam limitações no processo de investigação e detecção de códigos maliciosos sofisticados. Mais do que utilizar técnicas para evadir sistemas de análise, malwares sofisticados requerem condições específicas no ambiente em que são executados para revelar seu comportamento malicioso. Com o surgimento das Redes Definidas por Software (SDN), notou-se uma oportunidade para aprimorar o processo de investigação de malware propondo uma arquitetura flexível apta a detectar variações comportamentais de maneira automática. Esta tese apresenta uma arquitetura especializada para analisar códigos maliciosos que permite controlar de maneira unificada o ambiente de análise, incluindo o sandbox e os elementos que o circundam. Dessa maneira, é possível gerenciar regras de contenção, configuração dinâmica de recursos, e manipular o tráfego de rede gerado pelos malwares. Para avaliar a arquitetura foi analisado um conjunto de malwares em dois cenários de avaliação. No primeiro cenário de avaliação, as funcionalidades descritas pela solução proposta revelaram novos eventos comportamentais em 100% dos malwares analisados. Já, no segundo cenários de avaliação, foi analisado um conjunto de malwares projetados para dispositivos IoT. Em consequência, foi possível bloquear ataques, monitorar a comunicação do malware com seu controlador de botnet, e manipular comandos de ataques.Mechanisms to detect and analyze malicious software are essential to improve security systems. Current security mechanisms have limited success in detecting sophisticated malicious software. More than to evade analysis system, many malware require specific conditions to activate their actions in the target system. The flexibility of Software-Defined Networking (SDN) provides an opportunity to develop a malware analysis architecture that can detect behavioral deviations in an automated way. This thesis presents a specialized architecture to analyze malware by managing the analysis environment in a centralized way, including to control the sandbox and the elements that surrounds it. The proposed architecture enables to determine the network access policy, to handle the analysis environment resource configuration, and to manipulate the network connections performed by the malware. To evaluate our solution we have analyzed a set of malware in two evaluation scenarios. In the first evaluation scenario, we showed that the mechanisms proposed have increased the number of behavioral events in 100% of the malware analyzed. In the second evaluation scenario, we have analyzed malware designed for IoT devices. As a result, by using the MARS features, it was possible to block attacks, to manipulate attack commands, and to enable the malware communication with the respective botnet controller. The experimental results showed that our solution can improve the dynamic malware analysis process by providing this configuration flexibility to the analysis environment.
42
Sahay, Rishikesh. "Policy-driven autonomic cyberdefense using software-defined networking." Thesis, Evry, Institut national des télécommunications, 2017. http://www.theses.fr/2017TELE0022/document.
Full textAbstract:
Les attaques cybernétiques causent une perte importante non seulement pour les utilisateurs finaux, mais aussi pour les fournisseurs de services Internet (FAI). Récemment, les clients des FAI ont été la cible numéro un de cyber-attaques telles que les attaques par déni de service distribué (DDoS). Ces attaques sont favorisées par la disponibilité généralisée outils pour lancer les attaques. Il y a donc un besoin crucial de contrer ces attaques par des mécanismes de défense efficaces. Les chercheurs ont consacré d’énormes efforts à la protection du réseau contre les cyber-attaques. Les méthodes de défense contiennent d’abord un processus de détection, complété par l’atténuation. Le manque d’automatisation dans tout le cycle de détection à l’atténuation augmente les dégâts causés par les cyber-attaques. Cela provoque des configurations manuelles de périphériques l’administrateur pour atténuer les attaques affectent la disponibilité du réseau. Par conséquent, il est nécessaire de compléter la boucle de sécurité avec un mécanisme efficace pour automatiser l’atténuation. Dans cette thèse, nous proposons un cadre d’atténuation autonome pour atténuer les attaques réseau qui visent les ressources du réseau, comme par les attaques exemple DDoS. Notre cadre fournit une atténuation collaborative entre le FAI et ses clients. Nous utilisons la technologie SDN (Software-Defined Networking) pour déployer le cadre d’atténuation. Le but de notre cadre peut se résumer comme suit : d’abord, les clients détectent les attaques et partagent les informations sur les menaces avec son fournisseur de services Internet pour effectuer l’atténuation à la demande. Nous développons davantage le système pour améliorer l’aspect gestion du cadre au niveau l’ISP. Ce système effectue l’extraction d’alertes, l’adaptation et les configurations d’appareils. Nous développons un langage de politique pour définir la politique de haut niveau qui se traduit par des règles OpenFlow. Enfin, nous montrons l’applicabilité du cadre par la simulation ainsi que la validation des tests. Nous avons évalué différentes métriques QoS et QoE (qualité de l’expérience utilisateur) dans les réseaux SDN. L’application du cadre démontre son efficacité non seulement en atténuant les attaques pour la victime, mais aussi en réduisant les dommages causés au trafic autres clients du FAICyber attacks cause significant loss not only to end-users, but also Internet Service Providers (ISP). Recently, customers of the ISP have been the number one target of the cyber attacks such as Distributed Denial of Service attacks (DDoS). These attacks are encouraged by the widespread availability of tools to launch the attacks. So, there is a crucial need to counter these attacks (DDoS, botnet attacks, etc.) by effective defense mechanisms. Researchers have devoted huge efforts on protecting the network from cyber attacks. Defense methodologies first contains a detection process, completed by mitigation. Lack of automation in the whole cycle of detection to mitigation increase the damage caused by cyber attacks. It requires manual configurations of devices by the administrator to mitigate the attacks which cause the network downtime. Therefore, it is necessary to close the security loop with an efficient mechanism to automate the mitigation process. In this thesis, we propose an autonomic mitigation framework to mitigate attacks that target the network resources. Our framework provides a collaborative mitigation strategy between the ISP and its customers. The implementation relies on Software-Defined Networking (SDN) technology to deploy the mitigation framework. The contribution of our framework can be summarized as follows: first the customers detect the attacks and share the threat information with its ISP to perform the on-demand mitigation. We further develop the system to improve the management aspect of the framework at the ISP side. This system performs the alert extraction, adaptation and device configurations. We develop a policy language to define the high level policy which is translated into OpenFlow rules. Finally, we show the applicability of the framework through simulation as well as testbed validation. We evaluate different QoS and QoE (quality of user experience) metrics in SDN networks. The application of the framework demonstrates its effectiveness in not only mitigating attacks for the victim, but also reducing the damage caused to traffic of other customers of the ISP
43
Alasadi, Emad Younis. "Enhancing network scalability by introducing mechanisms, architectures and protocols." Thesis, Brunel University, 2017. http://bura.brunel.ac.uk/handle/2438/15874.
Full textAbstract:
In this thesis, three key issues that restrict networks from scaling up so as to be able to cope with the rapid increase in traffic are investigated and series of approaches are proposed and tested for overcoming them. Firstly, scalability limitations owing to the use of a broadcast mechanism in one collision domain are discussed. To address this matter, servers under software-defined network architectures for eliminating discovery messages (SSED) are designed in this thesis and a backbone of floodless packets in an SDN LAN network is introduced. SSED has an innovative mechanism for defining the relationship between the servers and SDN architecture. Experimental results, after constructing and applying an authentic testbed, verify that SSED has the ability to improve upon the scalability of the traditional mechanism in terms of the number of switches and hosts. This is achieved by removing broadcast packets from the data and control planes as well as offering a better response time. Secondly, the scalability restrictions from using routers and the default gateway mechanism are explained. In this thesis, multiple distributed subnets using SDN architecture and servers to eliminate router devices and the default gateway mechanism (MSSERD) are introduced, designed and implemented as the general backbone for scalable multiple LAN-based networks. MSSERD's proposed components handle address resolution protocol (ARP) discovery packets and general IP packets across different subnets. Moreover, a general view of the network is provided through a multi-subnets discovery protocol (MDP). A 23 computers testbed is built and the results verify that MSSERD scales up the number of subnets more than traditional approaches, enhances the efficiency significantly, especially with high load, improves performance 2.3 times over legacy mechanisms and substantially reduces complexity. Finally, most of the available distributed-based architectures for different domains are reviewed and the aggregation discovery mechanism analysed to establish their impact on network scalability. Subsequently, a general distributed-centralised architecture with open-level control plane (OLC) architecture and a dynamic discovery hierarchical protocol (DHP) is introduced to provide better scalability in an SDN network. OLC can scale up the network with high performance even during high traffic.
44
van, 't Hof David M. "Service Provisioning in SDN using a Legacy Network Management System." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-204957.
Full textAbstract:
Software Defined Networking (SDN) has become increasingly popular in combination with Network Function Virtualization (NFV). SDN is a way to make a network more programmable and dynamic. However, in order to create a homogeneous network using this concept, legacy equipment will have to be substituted by SDN equipment, which is costly. To close the gap between the legacy world and SDN, we introduce the concept of a legacy Network Management System (NMS) that is connected to an SDN controller to perform service provisioning. This way, the NMS is capable of configuring both legacy as well as SDN networks to provide customers with the services that they have ordered, while still allowing for new SDN features in the SDN domain of the network. The main service we wish to provide using SDN is Service Function Chaining (SFC). Service provisioning consists of dynamically constructing a path through the ordered network services, in this case Virtual Network Functions (VNFs). This thesis focuses on the SDN controller and its interaction with the NMS. This project aims at configuring OpenFlow rules in the network using an SDN controller to perform SFC. Moreover, the focus will be on how to represent an SDN element and a service function chain in the legacy network NMS. The thesis also contains a discussion on what information should be exchanged between the management software and the controller. The management software used is called BECS, a system developed by Packetfront Software. Integrating SDN in BECS is done by creating a proof of concept, containing a full environment from the low level network elements to the NMS. By using a bottom-up approach for creating this proof of concept, the information that BECS is required to send to the SDN controller can be identified before designing and implementing the connection between these two entities. When sending the information, the NMS should be able to receive acknowledgement of successful information exchange or an error. However, when the proof of concept was created a problem arose on how to test and troubleshoot it. For this reason, a web Graphical User Interface (GUI) was created. This GUI shows the number of packets that have gone through a VNF. Because it is possible to see how many packets go through a VNF, one can see where a network issue occurs. The subsequent analysis investigates the impact of making such a GUI available for a network administrator and finds that the part of the network where the configuration error occurs can be narrowed down significantly.Software Defined Networking (SDN) har blivit mer och mer populärt i kombination med Network Function Virtualization (NFV). SDN är en sätt för att göra ett nätverk mer programmerbart och dynamiskt. För att skapa ett homogent nätverk med detta koncept, behöver man dock ersätta traditionell utrustning med SDN utrustning som är dyr. För att stänga gapet mellan traditionella nätverk och SDN-världen, introducerar vi ett koncept med ett traditionell Network Management System (NMS) som är anslutet till en SDN-styrenhet för att utföra tjänsteprovisionering. På detta sätt kan NMS:et konfigurera både traditionella och SDN-nätverk, samt provisionera tjänster för kunderna medan nya SDN-funktioner möjliggörs i SDN-delen av nätverket. Den huvudsakliga tjänsten som vi vill lansera genom SDN är Service Function Chaining (SFC). Tjänsteprovisionering består av att konstruera en väg genom beställda tjänster, i detta fall Virtual Network Functions (VNFs). Detta examensarbete fokuserar huvusakligen på SDN-styrenheten och dess interaktion med NMS:et. Projektet syftar till att konfigurera OpenFlow regler i SDN-styrenheten för att utföra SFC. Dessutom fokuserar arbetet på hur man kan representera SDN-element och SFCs i ett traditionellt NMS. Vidare diskuteras vilken information som ska utbytas mellan NMS:et och SDNstyrenheten. NMS:et som ska vara användas är BECS, ett system utvecklat av Packetfront Software. Uppgiften löses genom att skapa ett proof of concept, som innehåller ett komplett system med alla komponenter från nätverkselement till NMS:et. Genom att använda en bottom-up-strategi för detta proof of concept kan informationen som BECS måste skicka till SDN styrenheten indentifieras, innan design och implementation av förbindelsen mellan enheterna kan utföras. När informationen är skickad ska NMS:et kunna hämta information om huruvida styrenheten fick informationen utan fel. Dock uppstår ett problem gällande hur man testar och felsöker detta proof of concept. Av denna anledning skapades ett web Graphical User Interface (GUI). Användargränssnittet visar antalet paket som går genom varje VNF, samt var i nätverket fel uppstår. Analysen undersöker hur stor effekten är för en nätverkadministrator och visar att området där fel kan uppstå begränsas avsevärt.
45
Silva, Eduardo Germano da. "A one-class NIDS for SDN-based SCADA systems." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2007. http://hdl.handle.net/10183/164632.
Full textAbstract:
Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo.Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices.
46
Ijiga, Owoicho Emmanuel. "SDN-based adaptive data-enabled channel estimation in the internet of maritime things for QoS enhancement in nautical radio networks." Thesis, University of Pretoria, 2021. http://hdl.handle.net/2263/78709.
Full textAbstract:
Several heterogeneous, intelligent and distributed devices can be connected to interact with one another over the internet in what is known as the internet of things (IoT). Also, the concept of IoT can be exploited in the industrial environment for increasing the production output of goods and services and for mitigating the risk of disaster occurrences. This application of IoT for enhancing industrial production is known as industrial IoT (IIoT). More so, the benefits of IoT technology can be particularly exploited across the maritime industry in what is termed the internet of maritime things (IoMT) where sensors and actuator devices are implanted on marine equipment in order to foster the communication efficacy of nautical radio networks. Marine explorations may suffer from unwanted situations such as transactional delays, environmental degradation, insecurity, seaport congestions, accidents and collisions etc, which could arise from severe environmental conditions. As a result, there is a need to develop proper communication techniques that will improve the overall quality of service (QoS) and quality of experience (QoE) of marine users. To address these, the merits of contemporaneous technologies such as ubiquitous computing, software-defined networking (SDN) and network functions virtualization (NFV) in addition to salubrious communication techniques including emergent configurations (EC), channel estimation (CE) and communication routing protocols etc, can be utilized for sustaining optimal operation of pelagic networks.
Emergent configuration (EC) is a technology that can be adapted into maritime radio networks to support the operation and collaboration of IoT connected devices in order to improve the efficiency of the connected IoT systems for maximum user satisfaction. To meet user goals, the connected devices are required to cooperate with one another in an adaptive, interoperable, and homogeneous manner. In this thesis, a survey on the concept of IoT is presented in addition to a review of IIoT systems. The applications of ubiquitous computing and SDN technology are employed to design a newfangled network architecture which is specifically propounded for enhancing the throughput of oil and gas production in the maritime ecosystem. The components of this architecture work in collaboration with one another by attempting to manage and control the exploration process of deep ocean activities especially during emergencies involving anthropogenic oil and gas spillages.
Several heterogeneous, intelligent and distributed devices can be connected to interact with one another over the internet in what is known as the internet of things (IoT). Also, the concept of IoT can be exploited in the industrial environment for increasing the production output of goods and services and for mitigating the risk of disaster occurrences. This application of IoT for enhancing industrial production is known as industrial IoT (IIoT). More so, the benefits of IoT technology can be particularly exploited across the maritime industry in what is termed the internet of maritime things (IoMT) where sensors and actuator devices are implanted on marine equipment in order to foster the communication efficacy of nautical radio networks. Marine explorations may suffer from unwanted situations such as transactional delays, environmental degradation, insecurity, seaport congestions, accidents and collisions etc, which could arise from severe environmental conditions. As a result, there is a need to develop proper communication techniques that will improve the overall quality of service (QoS) and quality of experience (QoE) of marine users. To address these, the merits of contemporaneous technologies such as ubiquitous computing, software-defined networking (SDN) and network functions virtualization (NFV) in addition to salubrious communication techniques including emergent configurations (EC), channel estimation (CE) and communication routing protocols etc, can be utilized for sustaining optimal operation of pelagic networks.
Emergent configuration (EC) is a technology that can be adapted into maritime radio networks to support the operation and collaboration of IoT connected devices in order to improve the efficiency of the connected IoT systems for maximum user satisfaction. To meet user goals, the connected devices are required to cooperate with one another in an adaptive, interoperable, and homogeneous manner. In this thesis, a survey on the concept of IoT is presented in addition to a review of IIoT systems. The applications of ubiquitous computing and SDN technology are employed to design a newfangled network architecture which is specifically propounded for enhancing the throughput of oil and gas production in the maritime ecosystem. The components of this architecture work in collaboration with one another by attempting to manage and control the exploration process of deep ocean activities especially during emergencies involving anthropogenic oil and gas spillages.
On the other hand, CE is a utilitarian communication technique that can be exploited during maritime exploration processes which offer additional reinforcement to the capacities of the nautical radio network. This technique enables the receivers of deep-sea networks to efficiently approximate the channel impulse response (CIR) of the wireless communication channel so that the effects of the communication channel on the transmitting aggregated cluster head information can be proficiently understood and predicted for useful decision-making procedures. Two CE schemes named inter-symbol interference/ average noise reduction (ISI/ANR) and reweighted error-reducing (RER) are designed in this study for estimating maritime channels for supporting the communication performances of nautical radio networks in both severe and light-fading environmental conditions. In the proposed RER method, the Manhattan distance of the CIR of an orthodox adaptive estimator is taken, which is subsequently normalised by a stability constant ɛ whose responsibility is for correcting any potential numerical system instability that may arise during the updating stages of the estimation process. To decrease the received signal error, a log-sum penalty function is eventually multiplied by an adjustable leakage (ɛ ) ̈that provides additional stability to the oscillating channel behaviour. The performance of the proposed RER method is further strengthened and made resilient against channel effects by the introduction of a reweighting attractor that further contracts the mean square error of this proposed estimator. In the ISI/ANR technique, the effects of possible ISI that may arise from maritime transmissions is considered and transformed using a low-pass filter that is incorporated for eliminating the effects of channel noise possible effects of multipath propagation. The RER scheme offered superior CE performances in comparison to other customary techniques such as the adaptive recursive least squares and normalised least mean square method in addition to conventional linear approaches such as least squares, linear minimum mean square error and maximum-likelihood estimation method. The proposed ISI/ANR technique offered an improved MSE performance in comparison to all considered linear methods. Finally, from this study, we were able to establish that accurate CE methods can improve the QoS and QoE of nautical radio networks in terms of network data rate and system outage probability.Thesis (PhD (Computer Engineering))--University of Pretoria, 2021.
University of Pretoria Doctoral research grant, South African National Research Foundation/Research and Innovation Support and Advancement (NRF/RISA) research grant. Center for Connected Intelligence, Advanced Sensor Networks research group, University of Pretoria.
Electrical, Electronic and Computer Engineering
PhD (Computer Engineering)
Unrestricted
47
Renzi, Gianluca. "Controllo generalizzato via software di dispositivi per l'interconnessione flessibile di data center." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2015. http://amslaurea.unibo.it/8524/.
Full text
48
Mouawad, Nadia. "SDN based Mobility Management and Quality of Service Provisioning for 5G Vehicular Networks." Thesis, université Paris-Saclay, 2020. http://www.theses.fr/2020UPASV003.
Full textAbstract:
Vehicle to Everything (V2X), y compris véhicule à véhicule (V2V) et véhicule à infrastructure (V2I), est la base de communications véhiculaires, où Les messages de sécurité routière active, d’infotainment et de gestion du trafic sont transmis sur des liaisons à bande passante élevée, à faible temps de latence et à haute fiabilité, ouvrant ainsi la voie à une conduite totalement autonome. L’objectif ultime des systèmes de communication V2X de la prochaine génération est de permettre une conduite coopérative sans accident. Pour atteindre cet objectif, le système de communication devra permettre un ensemble diversifié de cas d'usage, chacun avec un ensemble spécifique d'exigences. L'analyse des exigences relatives aux principales catégories de cas d’usage, en particulier les applications de temps réel critiques, souligne la nécessité d'une conception de système V2X efficace, capable de fournir les performances du réseau. La technologie de cinquième génération (5G), avec sa Qualité de Service (QoS) fournie en termes de capacité élevée et de faible temps de latence, est préconisée comme solution pour faire face aux exigences strictes imposées par les applications V2X.Dans cet écosystème 5G véhiculaire, diverses technologies de communication sont envisagés, allant des communications IEEE 802.11p, LTE, LTE-V aux Visible Light Communications. Par conséquent, l’hétérogénéité des technologies d’accès radio suscitera des inquiétudes quant à la gestion transparente de la mobilité et à la garantie de qualité de service.Cette thèse propose un nouveau système de gestion de la mobilité conçu pour les réseaux de véhicules 5G, basé sur la technologie émergente SDN (Software Defined Networking). SDN offre une programmabilité réseau qui vise à obtenir une allocation efficace des ressources du réseau et une gestion de la mobilité.Notre travail de recherche vise trois objectifs. Dans un premier temps, nous concevons une architecture de réseau de véhicules. Au sommet de cette architecture, nous implémentons deux Applications SDN, à savoir application de sélection de réseau et gestion de la mobilité Application. L'architecture proposée est renforcée par une solution de placement de contrôleur visant à réduire le temps de latence des communications. De plus, une préoccupation particulière est consacrée à la conception d’une application de sécurité active de la route SDN contrôlant l’emplacement des capteurs de vitesse sur les routes. L’application proposée vise à réduire le taux d’accidents, objectif principal du futur système de transport intelligent.Le deuxième objectif de cette thèse aborde le problème de la gestion de la mobilité.Ceci est réalisé en implémentant des applications liées à la mobilité SDN au sommet de la topologie de réseau adoptée. La première application est dédiée à la résolution du problème de sélection du réseau. Son objectif est de mapper les sessions V2X en cours sur la technologie correspondante. La deuxième application est conçue pour résoudre le handover; ceci est réalisé en utilisant la duplication de paquets et en introduisant un algorithme de routage efficace.Le troisième objectif de la thèse est axé sur l’approvisionnement en qualité de service pour les communications V2XVehicle to everything (V2X), including vehicle-to-vehicle (V2V) and vehicle-to-infrastructure(V2I), is the umbrella for the vehicular communication system, where active road safety, infotainment and traffic management messages are transmitted over high-bandwidth, low-latency, high-reliability links, paving the way to fully autonomous driving. The ultimate objective of next generation V2X communication systems is enabling accident-free cooperative driving that uses the available roadway efficiently. To achieve this goal, the communication system will need to enable a diverse set of use cases, each with a specific set of requirements.The main use case categories requirements analysis, specifically the critical realtime applications, points out the need for an efficient V2X system design that could fulfill the network performance. The Fifth Generation (5G) technology, with its provisioned QoS features in terms of high capacity and low latency, is advocated as a prominent solution to cope with the firm requirements imposed by V2X applications.In this multifaceted vehicular 5G ecosystem, diverse communication technologies are envisioned, spanning from IEEE 802.11p, LTE, LTE-V to vehicular visible light communications. Therefore, the heterogeneity of radio access technologies will raise a concern regarding the seamless mobility management and the quality of service guarantee.This thesis provides a novel mobility management scheme devised for 5G vehicular networks based on the emerging Software Defined Networking (SDN) technology.SDN provides network programmability that strives to achieve an efficient network resource allocation and mobility management.Our research work tackles three objectives. At a first stage, we design a software defined vehicular network topology. On the top of this topology, we implement twoSDN applications, namely Network Selection Application and Mobility Management Application. The proposed architecture is enhanced by a controller placement solution that aims at reducing communication latency. Moreover, a special concern is devoted to design a SDN road active safety application that controls speed traps placement. The proposed application aims at reducing accidents rate which is a main purpose of future Intelligent Transportation System.The second objective of this thesis tackles the mobility management problem. This is achieved by implementing SDN mobility related applications on the top of the adopted network topology. The first application is dedicated to solve the network selection problem; it aims at mapping running V2X sessions to the corresponding technology. The second application is conceived to solve the handover procedure; this is achieved using packets duplication and introducing an efficient routing algorithm.The third thesis objective is focused on QoS provisioning for V2X communications
49
Zaman, Faisal Ameen. "VN Embedding in SDN-based Metro Optical Network for Multimedia Services." Thesis, Université d'Ottawa / University of Ottawa, 2017. http://hdl.handle.net/10393/35933.
Full textAbstract:
Currently a growing number of users depend on the Edge Cloud Computing Paradigm in a Metro Optical Network (MON). This has led to increased competition among the Cloud Service Providers (CPs) to supply incentives for the user through guaranteed Quality of Service (QoS). If the CP fails to guarantee the QoS for the accepted request, then the user will move to another CP. Making an informed decision dynamically in such a sensitive situation demands that the CP knows the user's application requirements. The Software Defined Networking (SDN) paradigm enabled the CP to achieve such desired requirement. Therefore, a framework called Virtual Network Embedding on SDN-based Metro Optical Network (VNE-MON) is proposed in this Thesis. The use of SDN paradigm in the framework guarantees profit to the CP as well as QoS to the user.\par
The design concept of the SDN control plane, raises concerns regarding its scalability, reliability and performance compared to a traditionally distributed network. To justify concerns regarding the SDN, the performance of VNE-MON and its possible dependancy on the controller location is investigated. Several strategies are proposed and formulated using Integer Linear Programming to determine the controller location in a MON. Performance results from the assessment of the VNE-MON illustrates that it is more stable compare to GMPLS-based network. It is evident that the controller location's attributes have a significant effect on the efficacy of the accepted VN request.
50
Henriksson, Johannes, and Alexander Magnusson. "Impact of using cloud-based SDNcontrollers on the networkperformance." Thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-44152.
Full textAbstract:
Software-Defined Networking (SDN) is a network architecture that differs from traditionalnetwork planes. SDN has tree layers: infrastructure, controller, and application. Thegoal of SDN is to simplify management of larger networks by centralizing control into thecontroller layer instead of having it in the infrastructure. Given the known advantages ofSDN networks, and the flexibility of cloud computing. We are interested if this combinationof SDN and cloud services affects network performance, and what affect the cloud providersphysical location have on the network performance. These points are important whenSDN becomes more popular in enterprise networks. This seems like a logical next step inSDN, centralizing branch networks into one cloud-based SDN controller. These questionswere created with a literature studies and answered with an experimentation method. Theexperiments consist of two network topologies both locally hosted SDN (baseline) and cloudhosted SDN. The topology used Zodiac FX switches and Linux hosts. The following metricswas measured: throughput, latency, jitter, packet loss, and time to add new hosts. Theconclusion is that SDN as a cloud service is possible and does not significantly affect networkperformance. One limitation with this thesis was the hardware, resulting in big fluctuationin throughput and packet loss.