Analysis of Latency-Aware Network Slicing in 5G Packet xHaul Networks

Packet-switched xHaul networks are a scalable solution enabling convergent transport of diverse types of radio data flows, such as fronthaul/midhaul/backhaul (FH/MH/BH) flows, between remote sites and a central site (hub) in 5G radio access networks (RANs). Such networks can be realized using the cost-efficient Ethernet technology, which enhanced with time-sensitive networking (TSN) features allows for prioritized transmission of latency-sensitive fronthaul flows. Provisioning of multiple types of 5G services of different service requirements in a shared network, commonly referred to as network slicing, requires adequate handling of transported data flows in order to satisfy particular service/slice requirements. In this work, we investigate two traffic prioritization policies, namely, flow-aware (FA) and latency-aware (LA), in a packet-switched xHaul network supporting slices of different latency requirements. We evaluate the effectiveness of the policies in a network-planning case study, where virtualized radio processing resources allocated at the processing pool (PP) facilities, for two slices related to enhanced mobile broadband (eMBB) and ultra-reliable low latency communications (URLLC) services, are subject to optimization. Using numerical experiments, we analyze PP cost savings from applying the LA policy (vs. FA) in various network scenarios. The savings in active PPs reach up to 40%-60% in ring scenarios and 30% in a mesh network, whereas the gains in overall PP cost are up to 20% for the cost values assumed in the analysis

Ein analytisches Framework zur Bewertung der Zuverlässigkeit und Security von fortschrittlichen Netzwerk Systemen

Today, anonymous networks such as The Onion Routing (Tor) have been designed to ensure anonymity, privacy and censorship prevention, which have become major concerns in modern society. Although the Tor network provides layered encryption and traffic tunneling against eavesdropping attacks, the jamming attacks and their impact on the network and network services can not be efficiently handled today. Moreover, to defy modern censorship, it is not enough just to use the Tor network to hide the client's identity and the message content as the censorship has become a type of jamming attack, which prevents users from connecting to the censored network nodes by blocking or jamming (Tor) traffic. In network security, the main tools to protect privacy and anonymity as well as integrity and service reliability against eavesdropping and jamming, respectively, are diversity, randomness, coding or encryption and over-provisioning, all less exploit in traditional networks. This thesis provides radical new network concepts to address the needs of traditional networks for privacy, anonymity, integrity, and reliability; and designs \emph{advanced network systems} based on parallel transmission, random routing, erasure coding and redundant configurations as tools to offer diversity, randomness, coding and over-provisioning. Since the network systems designed in this thesis can not be evaluated with existing analytical models due to their rather complex configurations, the main focus of this work is a development of novel analytical approaches for evaluation of network performance, reliability and security of these systems and to show their practicality. The provided analysis is based on combinatorics, probability and information theory. In contrast to current reliability models, the analysis in this thesis takes into account the sharing of network components, heterogeneity of software and hardware, and interdependence between failed components. The significant property of the new security analysis proposed is the ability to assess the level of privacy, anonymity, integrity and censorship success when multiple jamming and eavesdropping adversaries reside in the network.Derzeit werden anonyme Internet Kommunikationssysteme, wie The Onion Routing (Tor), verwendet, um die Anonymität, die Privatsphäre und die Zensurfreiheit der Internetnutzer zu schützen. Obwohl das Tor-Netzwerk einen Schutz vor Lauschangriffe (Eavesdropping) bietet, kann ein beabsichtigtes Stören (Jamming) der Übertragung und den daraus resultierenden Auswirkungen auf die Netzwerkfunktionen derzeit nicht effektiv abgewehrt werden. Auch das moderne Zensurverfahren im Internet stellt eine Art des Jammings dar. Deswegen kann das Tor Netzwerk zwar die Identität der Tor-Nutzer und die Inhalte ihrer Nachrichten geheim halten, die Internetzensur kann dadurch nicht verhindert werden. Um die Netzwerksicherheit und insbesondere Anonymität, Privatsphäre und Integrität zusammen mit der Verfügbar.- und Zuverlässigkeit von Netzwerkservices zu gewährleisten, sind Diversität, Zufallsprinzip, Codierung (auch Verschlüsselung) und eine Überversorgung, die in den konventionellen Netzwerksystemen eher sparsam angewendet werden, die wichtigsten Mittel gegen Security-Angriffe. Diese Arbeit befasst sich mit grundlegend neuen Konzepten für Kommunikationsnetze, die einen Schutz der Anonymität und der Privatsphäre im Internet bei gleichzeitiger Sicherstellung von Integrität, Verfügbarkeit und Zuverlässigkeit ermöglichen. Die dabei verwendeten Konzepte sind die parallele Datenübertragung, das Random Routing, das Erasure Coding und redundante Systemkonfigurationen. Damit sollen Diversität, Zufallsprinzip, Codierung und eine Überversorgung gewährleistet werden. Da die entwickelten Übertragungssysteme komplexe Strukturen und Konfigurationen aufweisen, können existierende analytische Modelle nicht für eine fundierte Bewertung angewendet werden. Daher ist der Schwerpunkt dieser Arbeit neue analytische Verfahren für eine Bewertung von unterschiedlichen Netzwerkleistungsparametern, Zuverlässigkeit und Security zu entwickeln und die Praxistauglichkeit der in der Arbeit aufgeführten neuen Übertragungskonzepte zu beurteilen. Im Gegensatz zu existierenden Zuverlässigkeitsmodellen berücksichtigt der analytische Ansatz dieser Arbeit die Vielfalt von beteiligten Netzwerkkomponenten, deren komplexe Zusammenhänge und Abhängigkeiten im Fall eines Ausfalls

Resource allocation and scalability in dynamic wavelength-routed optical networks.

This thesis investigates the potential benefits of dynamic operation of wavelength-routed optical networks (WRONs) compared to the static approach. It is widely believed that dynamic operation of WRONs would overcome the inefficiencies of the static allocation in improving resource use. By rapidly allocating resources only when and where required, dynamic networks could potentially provide the same service that static networks but at decreased cost, very attractive to network operators. This hypothesis, however, has not been verified. It is therefore the focus of this thesis to investigate whether dynamic operation of WRONs can save significant number of wavelengths compared to the static approach whilst maintaining acceptable levels of delay and scalability. Firstly, the wavelength-routed optical-burst-switching (WR-OBS) network architecture is selected as the dynamic architecture to be studied, due to its feasibility of implementation and its improved network performance. Then, the wavelength requirements of dynamic WR-OBS are evaluated by means of novel analysis and simulation and compared to that of static networks for uniform and non-uniform traffic demand. It is shown that dynamic WR-OBS saves wavelengths with respect to the static approach only at low loads and especially for sparsely connected networks and that wavelength conversion is a key capability to significantly increase the benefits of dynamic operation. The mean delay introduced by dynamic operation of WR-OBS is then assessed. The results show that the extra delay is not significant as to violate end-to-end limits of time-sensitive applications. Finally, the limiting scalability of WR-OBS as a function of the lightpath allocation algorithm computational complexity is studied. The trade-off between the request processing time and blocking probability is investigated and a new low-blocking and scalable lightpath allocation algorithm which improves the mentioned trade-off is proposed. The presented algorithms and results can be used in the analysis and design of dynamic WRONs

Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results

Fixed and mobile telecom operators, enterprise network operators and cloud providers strive to face the challenging demands coming from the evolution of IP networks (e.g. huge bandwidth requirements, integration of billions of devices and millions of services in the cloud). Proposed in the early 2010s, Segment Routing (SR) architecture helps face these challenging demands, and it is currently being adopted and deployed. SR architecture is based on the concept of source routing and has interesting scalability properties, as it dramatically reduces the amount of state information to be configured in the core nodes to support complex services. SR architecture was first implemented with the MPLS dataplane and then, quite recently, with the IPv6 dataplane (SRv6). IPv6 SR architecture (SRv6) has been extended from the simple steering of packets across nodes to a general network programming approach, making it very suitable for use cases such as Service Function Chaining and Network Function Virtualization. In this paper we present a tutorial and a comprehensive survey on SR technology, analyzing standardization efforts, patents, research activities and implementation results. We start with an introduction on the motivations for Segment Routing and an overview of its evolution and standardization. Then, we provide a tutorial on Segment Routing technology, with a focus on the novel SRv6 solution. We discuss the standardization efforts and the patents providing details on the most important documents and mentioning other ongoing activities. We then thoroughly analyze research activities according to a taxonomy. We have identified 8 main categories during our analysis of the current state of play: Monitoring, Traffic Engineering, Failure Recovery, Centrally Controlled Architectures, Path Encoding, Network Programming, Performance Evaluation and Miscellaneous...Comment: SUBMITTED TO IEEE COMMUNICATIONS SURVEYS & TUTORIAL

Queuing delays in randomized load balanced networks

Valiant’s concept of Randomized Load Balancing (RLB), also promoted under the name ‘two-phase routing’, has previously been shown to provide a cost-effective way of implementing overlay networks that are robust to dynamically changing demand patterns. RLB is accomplished in two steps; in the first step, traffic is randomly distributed across the network, and in the second step traffic is routed to the final destination. One of the benefits of RLB is that packets experience only a single stage of routing, thus reducing queueing delays associated with multi-hop architectures. In this paper, we study the queuing performance of RLB, both through analytical methods and packet-level simulations using ns2 on three representative carrier networks. We show that purely random traffic splitting in the randomization step of RLB leads to higher queuing delays than pseudo-random splitting using, e.g., a round-robin schedule. Furthermore, we show that, for pseudo-random scheduling, queuing delays depend significantly on the degree of uniformity of the offered demand patterns, with uniform demand matrices representing a provably worst-case scenario. These results are independent of whether RLB employs priority mechanisms between traffic from step one over step two. A comparison with multi-hop shortest-path routing reveals that RLB eliminates the occurrence of demand-specific hot spots in the network

An SDN-based firewall shunt for data-intensive science applications

A dissertation submitted to the Faculty of Engineering and the Built Environment, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Master of Science in Engineering, 2016Data-intensive research computing requires the capability to transfer les over long distances at high throughput. Stateful rewalls introduce su cient packet loss to prevent researchers from fully exploiting high bandwidth-delay network links [25]. To work around this challenge, the science DMZ design [19] trades o stateful packet ltering capability for loss-free forwarding via an ordinary Ethernet switch. We propose a novel extension to the science DMZ design, which uses an SDN-based rewall. This report introduces NFShunt, a rewall based on Linux's Net lter combined with OpenFlow switching. Implemented as an OpenFlow 1.0 controller coupled to Net lter's connection tracking, NFShunt allows the bypass-switching policy to be expressed as part of an iptables rewall rule-set. Our implementation is described in detail, and latency of the control-plane mechanism is reported. TCP throughput and packet loss is shown at various round-trip latencies, with comparisons to pure switching, as well as to a high-end Cisco rewall. Cost, as well as operations and maintenance aspects, are compared and analysed. The results support reported observations regarding rewall introduced packet-loss, and indicate that the SDN design of NFShunt is a technically viable and cost-e ective approach to enhancing a traditional rewall to meet the performance needs of data-intensive researchersGS201

System-level scheduling of mixed-criticality traffics in avionics networks

ABSTRACT: System-level mixed-criticality design aims at reducing production cost and enhancing resource efficiency. This paper studies the technology of integrating mixed-criticality avionics traffics for Avionics Full-Duplex Switched Ethernet (AFDX) network, which can transmit both critical and non-critical traffics. These two traffics have different QoS requirements, such as low latency for critical traffics and high bandwidth for non-critical traffics. We use system-level compositional scheduling to integrate mixed-criticality traffics into one network to enhance the scalability of AFDX network. In the architecture of the proposed compositional scheduling, critical traffics are scheduled by bandwidth allocation gap-based scheduler, and non-critical traffics by Round Robin manner. To estimate the delay bound meeting requirements of applications, end-to-end delay for both critical and non-critical traffics are analyzed by using network calculus. Finally, a true time-based simulation of AFDX networks is conducted to verify the effectiveness of the proposed approach