Design, Implementation and Evaluation of an In-House Controller for Software Defined Networking with Applications

Over the past several decades, there has been a dramatic improvement in net- working technologies. Network devices and protocols are becoming more powerful and complex. The vertical structure of the network protocol layers also leads to a coupled control plane and data plane in data frames. To solve this issue from a structural level, researchers introduced a new architecture of networking, the Software Defined Networking (SDN). By decoupling the control plane and data plane from a frame level and aggregating the protocols into software run in a centralized controller dynamically, engineers obtained a new way to build and control a network dynamically in real time. Meanwhile, with the development of Internet of Things (IoT), data volume from mobile devices and low power terminals are dramatically increasing. However, the traditional cloud computing is still in a relatively centralized architecture, which causes huge traffic volume of IoT applications in the network. To this end, researchers proposed the concept of Edge Computing, which utilizes the capacity of the edge nodes in the network to process data and aggregate data from terminals. This research introduces In-House Controller of SDN which has a distributed characteristic and deployed within SDN nodes to minimize the costs in control plane communication. The In-House controller also enables data processing and aggregation capacity in access points which host these functionalities as SDN applications. To research the system performance of the In-House controller in different application scenarios, in this work, following applications were studied: Data flow aggregation of Message Queue Telemetry Transport (MQTT) protocol in Internet of Things, an MQTT proxy in edge switch which is aggregating short MQTT flows from multiple clients into a long MQTT flow to reduce the control plane traffic overhead in TCP. A novel delay tolerant network architecture and a new convergence layer over MQTT protocol in opportunistic networking. Using in-house controller as host and event scheduler for Delay Tolerant Network (DTN) modules and convergence layers which run as applications guest applications in the controller. With the study of applications, this research also proposed a generalized framework named as SDN Docker which support dynamically docking and un-docking applications in network devices with the help of the In-House controller

Sisäkkäiset virtuaaliympäristöt

Virtual Machines have been a common computation platform in areas of cloud computing for some time now. VMs offer a decent amount of isolation for security and system resources, and from application perspective they behave much like native environments. Software containers are gaining popularity, as a new application delivery technology. Just like VMs, applications started inside containers are running in isolated environments but without the performance overhead caused by virtualization of system resources. This makes containers seem like a more effient option for VMs. In this thesis, different combinations of containers and VMs are benchmarked. For each benchmark, host environment is also measured, to understand the overhead caused by the underlying virtuel environment technology. Benchmarks used include storage and network access benchmarks, and also an application benchmark of compiling Linux kernel. As another part of the thesis, a CPU intensive workload is run on the virtualization host server. Then the benchmarks are repeated, in order to determine how much the given workload effects the benchmark score, and also if this effect can be observed from the virtualization guest side by measuring CPU steal time. Results show that containers are slightly slower in the application benchmark than the host. The main difference is expected to come from the way docker handles storage accesses. With default network configuration, the container is losing in terms of performance to the host. In every benchmark we did, VMs always lost to host and containers in performance.Virtuaalikoneista on tullut yleinen laskenta-alusta pilvitietokoneille. Ne eristävät virtuaaliympäristön muista palveluista samalla fyysisellä koneella ja sovellusten näkökulmasta ne toimivat lähes samalla tavalla kuin natiivit ympäristöt. Ohjelmistokontit ovat nousseet suosioon tehokkaana sovellusten toimitusteknologiana. Molemmat, sekä virtuaalikoneet, että ohjelmistokontit tarjoavat niiden sisällä suoritettaville sovelluksille eristetyn virtuaaliympäristön. Ohjelmistokontit eivät pyri virtualisoimaan kaikkia järjestelmän resursseja vaan käyttävät alla olevaa käyttöjärjestelmän ydintä hyväkseen. Tämä tekee ohjelmistokonteista houkuttelevan vaihtoehdon virtuaalikoneille. Tässä diplomityössä suoritettiin erilaisia suorituskykymittauksia ohjelmistokonttien ja virtuaalikoneiden avulla luoduissa ympäristöissä. Myös alla olevan isäntäkoneen natiivisuorituskyky mitattiin, josta saatiin hyvä arvo erilaisten virtuaaliympäristöjen vertailuun. Mittasimme pysyvän muistin, verkon ja sovelluksen suorituskyvyn. Sovelluksena toimi Linuxin kääntäminen lähdekoodista toimivaksi käyttöjärjestelmäksi. Tuloksemme osoittavat, että sovellussuorituskykytestissä kontit häviävät natiivijärjestelmän suorituskyvylle vain vähän. Eron oletetaan johtuvan tavasta, jolla valitsemamme konttiteknologia hoitaa pysyvän muistin lukemisen ja kirjoittamisen. Oletusverkkoasetuksilla, kontit hävisivät natiivijärjestelmälle myös. Kaikissa tekemissämme suorituskykymittauksissa virtuaalikoneet hävisivät natiivijärjestelmälle sekä ohjelmistokonteille

QoE-Centric Control and Management of Multimedia Services in Software Defined and Virtualized Networks

Multimedia services consumption has increased tremendously since the deployment of 4G/LTE networks. Mobile video services (e.g., YouTube and Mobile TV) on smart devices are expected to continue to grow with the emergence and evolution of future networks such as 5G. The end user’s demand for services with better quality from service providers has triggered a trend towards Quality of Experience (QoE) - centric network management through efficient utilization of network resources. However, existing network technologies are either unable to adapt to diverse changing network conditions or limited in available resources. This has posed challenges to service providers for provisioning of QoE-centric multimedia services. New networking solutions such as Software Defined Networking (SDN) and Network Function Virtualization (NFV) can provide better solutions in terms of QoE control and management of multimedia services in emerging and future networks. The features of SDN, such as adaptability, programmability and cost-effectiveness make it suitable for bandwidth-intensive multimedia applications such as live video streaming, 3D/HD video and video gaming. However, the delivery of multimedia services over SDN/NFV networks to achieve optimized QoE, and the overall QoE-centric network resource management remain an open question especially in the advent development of future softwarized networks. The work in this thesis intends to investigate, design and develop novel approaches for QoE-centric control and management of multimedia services (with a focus on video streaming services) over software defined and virtualized networks. First, a video quality management scheme based on the traffic intensity under Dynamic Adaptive Video Streaming over HTTP (DASH) using SDN is developed. The proposed scheme can mitigate virtual port queue congestion which may cause buffering or stalling events during video streaming, thus, reducing the video quality. A QoE-driven resource allocation mechanism is designed and developed for improving the end user’s QoE for video streaming services. The aim of this approach is to find the best combination of network node functions that can provide an optimized QoE level to end-users through network node cooperation. Furthermore, a novel QoE-centric management scheme is proposed and developed, which utilizes Multipath TCP (MPTCP) and Segment Routing (SR) to enhance QoE for video streaming services over SDN/NFV-based networks. The goal of this strategy is to enable service providers to route network traffic through multiple disjointed bandwidth-satisfying paths and meet specific service QoE guarantees to the end-users. Extensive experiments demonstrated that the proposed schemes in this work improve the video quality significantly compared with the state-of-the- art approaches. The thesis further proposes the path protections and link failure-free MPTCP/SR-based architecture that increases survivability, resilience, availability and robustness of future networks. The proposed path protection and dynamic link recovery scheme achieves a minimum time to recover from a failed link and avoids link congestion in softwarized networks

Context-based security function orchestration for the network edge

Over the last few years the number of interconnected devices has increased dramatically, generating zettabytes of traffic each year. In order to cater to the requirements of end-users, operators have deployed network services to enhance their infrastructure. Nowadays, telecommunications service providers are making use of virtualised, flexible, and cost-effective network-wide services, under what is known as Network Function Virtualisation (NFV). Future network and application requirements necessitate services to be delivered at the edge of the network, in close proximity to end-users, which has the potential to reduce end-to-end latency and minimise the utilisation of the core infrastructure while providing flexible allocation of resources. One class of functionality that NFV facilitates is the rapid deployment of network security services. However, the urgency for assuring connectivity to an ever increasing number of devices as well as their resource-constrained nature, has led to neglecting security principles and best practices. These low-cost devices are often exploited for malicious purposes in targeting the network infrastructure, with recent volumetric Distributed Denial of Service (DDoS) attacks often surpassing 1 terabyte per second of network traffic. The work presented in this thesis aims to identify the unique requirements of security modules implemented as Virtual Network Functions (VNFs), and the associated challenges in providing management and orchestration of complex chains consisting of multiple VNFs The work presented here focuses on deployment, placement, and lifecycle management of microservice-based security VNFs in resource-constrained environments using contextual information on device behaviour. Furthermore, the thesis presents a formulation of the latency-optimal placement of service chains at the network edge, provides an optimal solution using Integer Linear Programming, and an associated near-optimal heuristic solution that is able to solve larger-size problems in reduced time, which can be used in conjunction with context-based security paradigms. The results of this work demonstrate that lightweight security VNFs can be tailored for, and hosted on, a variety of devices, including commodity resource-constrained systems found in edge networks. Furthermore, using a context-based implementation of the management and orchestration of lightweight services enables the deployment of real-world complex security service chains tailored towards the user’s performance demands from the network. Finally, the results of this work show that on-path placement of service chains reduces the end-to-end latency and minimise the number of service-level agreement violations, therefore enabling secure use of latency-critical networks