The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions

In recent years, the current Internet has experienced an unexpected paradigm shift in the usage model, which has pushed researchers towards the design of the Information-Centric Networking (ICN) paradigm as a possible replacement of the existing architecture. Even though both Academia and Industry have investigated the feasibility and effectiveness of ICN, achieving the complete replacement of the Internet Protocol (IP) is a challenging task. Some research groups have already addressed the coexistence by designing their own architectures, but none of those is the final solution to move towards the future Internet considering the unaltered state of the networking. To design such architecture, the research community needs now a comprehensive overview of the existing solutions that have so far addressed the coexistence. The purpose of this paper is to reach this goal by providing the first comprehensive survey and classification of the coexistence architectures according to their features (i.e., deployment approach, deployment scenarios, addressed coexistence requirements and architecture or technology used) and evaluation parameters (i.e., challenges emerging during the deployment and the runtime behaviour of an architecture). We believe that this paper will finally fill the gap required for moving towards the design of the final coexistence architecture.Comment: 23 pages, 16 figures, 3 table

Analyzing challenging aspects of IPv6 over IPv4

The exponential expansion of the Internet has exhausted the IPv4 addresses provided by IANA. The new IP edition, i.e. IPv6 introduced by IETF with new features such as a simplified packet header, a greater address space, a different address sort, improved encryption, powerful section routing, and stronger QoS. ISPs are slowly seeking to migrate from current IPv4 physical networks to new generation IPv6 networks. ‎The move from actual IPv4 to software-based IPv6 is very sluggish, since billions of computers across the globe use IPv4 addresses. The configuration and actions of IP4 and IPv6 protocols are distinct. Direct correspondence between IPv4 and IPv6 is also not feasible. In terms of the incompatibility problems, all protocols can co-exist throughout the transformation for a few years. Compatibility, interoperability, and stability are key concerns between IP4 and IPv6 protocols. After the conversion of the network through an IPv6, the move causes several issues for ISPs. The key challenges faced by ISPs are packet traversing, routing scalability, performance reliability, and protection. Within this study, we meticulously analyzed a detailed overview of all aforementioned issues during switching into ipv6 network

Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey

Internet usage has changed from its first design. Hence, the current Internet must cope with some limitations, including performance degradation, availability of IP addresses, and multiple security and privacy issues. Nevertheless, to unsettle the current Internet's network layer i.e., Internet Protocol with ICN is a challenging, expensive task. It also requires worldwide coordination among Internet Service Providers , backbone, and Autonomous Services. Additionally, history showed that technology changes e.g., from 3G to 4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes a long coexistence period between the old and new technology. Similarly, we believe that the process of replacement of the current Internet will surely transition through the coexistence of IP and ICN. Although the tremendous amount of security and privacy issues of the current Internet taught us the importance of securely designing the architectures, only a few of the proposed architectures place the security-by-design. Therefore, this article aims to provide the first comprehensive Security and Privacy analysis of the state-of-the-art coexistence architectures. Additionally, it yields a horizontal comparison of security and privacy among three deployment approaches of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical comparison among ten considered security and privacy features. As a result of our analysis, emerges that most of the architectures utterly fail to provide several SP features including data and traffic flow confidentiality, availability and communication anonymity. We believe this article draws a picture of the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across

Distributed Mobility Management for Future 5G Networks: Overview and Analysis of Existing Approaches

The ever-increasing demand of mobile Internet traffic is pushing operators to look for solutions to increase the available bandwidth per user and per unit of area. At the same time, they need to reduce the load in the core network at a reasonable cost in their future 5G deployments. Today's trend points to the deployment of extremely dense networks in order to provide ubiquitous connectivity at high data rates. However, this is hard to couple with the current mobile networks' architecture, which is heavily centralized, posing difficult challenges when coping with the foreseen explosion of mobile data. Additionally, future 5G networks will exhibit disparate types of services, posing different connectivity requirements. Distributed mobility management is emerging as a valid framework to design future mobile network architectures, taking into account the requirements for large traffic in the core and the rise of extremely dense wireless access networks. In this article, we discuss the adoption of a distributed mobility management approach for mobile networks, and analyze the operation of the main existing solutions proposed so far, including a first practical evaluation based on experiments with real Linux-based prototype implementations.The research leading to these results has received funding from the European Community's Seventh Framework Program FP7/2007-2013 under grant agreement 317941-project iJOIN. The European Union and its agencies are not liable or otherwise responsible for the con tents of this document; its content reflects the view of its authors only.Publicad

Policy Conflict Management in Distributed SDN Environments

abstract: The ease of programmability in Software-Defined Networking (SDN) makes it a great platform for implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers. In this dissertation, a formalism for flow rule conflicts in SDN environments is introduced. This formalism is realized in Brew, a security policy analysis framework implemented on an OpenDaylight SDN controller. Brew has comprehensive conflict detection and resolution modules to ensure that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free security policy implementation and preventing information leakage. Techniques for global prioritization of flow rules in a decentralized environment are presented, using which all SDN flow rule conflicts are recognized and classified. Strategies for unassisted resolution of these conflicts are also detailed. Alternately, if administrator input is desired to resolve conflicts, a novel visualization scheme is implemented to help the administrators view the conflicts in an aesthetic manner. The correctness, feasibility and scalability of the Brew proof-of-concept prototype is demonstrated. Flow rule conflict avoidance using a buddy address space management technique is studied as an alternate to conflict detection and resolution in highly dynamic cloud systems attempting to implement an SDN-based Moving Target Defense (MTD) countermeasures.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Evolutionary gaming approach for decision making of Tier-3 Internet service provider networks migration to SoDIP6 networks

This is the peer reviewed version of the following article: Dawadi, BR, Rawat, DB, Joshi, SR, Manzoni, P. Evolutionary gaming approach for decision making of Tier-3 Internet service provider networks migration to SoDIP6 networks. Int J Commun Syst. 2020; 33:e4399, which has been published in final form at https://doi.org/10.1002/dac.4399. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-Archiving.[EN] With the increasing number of Internet of Things (IoT) devices, current networking world is suffering in terms of management and operations with lack of IPv4 addresses leading to issues like network address translation (NAT) proliferation, security and quality of services. Software-defined networking (SDN) and Internet Protocol version 6 (IPv6) are the new networking paradigms evolved to address related issues of legacy IPv4 networking. To adapt with global competitive environment and avoid all existing issues in legacy networking system, network service providers have to migrate their networks into IPv6 and SDN-enabled networks. But immediate transformations of existing network are not viable due to several factors like higher cost of migration, lack of technical human resources, lack of standards and protocols during transitions, and many more. In this paper, we present the migration analysis for proper decision making of network transition in terms of customer demand, traffic engineering, and organizational strength with operation expenditure for network migration using evolutionary gaming approach. Joint migration to SDN-enabled IPv6 network from game theoretic perspective is modeled and is validated using numerical results obtained from simulations. Our empirical analysis shows the evolutionary process of network migration while different internal and external factors in the organization affect the overall migration. Evolutionary game in migration planning is supportive in decision making for service providers to develop suitable strategy for their network migration. The proposed approach for migration decision making is mostly applicable to fairly sustained service providers who lack economics, regulation/policy, and resources strengths.ERASMUS+, Grant/Award Number: KA107; UGC-NP, Grant/Award Number: FRG-074/75-Engg-01; NTNU-EnPE-MSESSD; US National Science Foundation, Grant/Award Numbers: CNS 1650831, HRD 1828811; NASTDawadi, BR.; Rawat, DB.; Joshi, SR.; Manzoni, P. (2020). Evolutionary gaming approach for decision making of Tier-3 Internet service provider networks migration to SoDIP6 networks. International Journal of Communication Systems. 33(11):1-17. https://doi.org/10.1002/dac.4399S1173311Livadariu, I., Elmokashfi, A., & Dhamdhere, A. (2017). On IPv4 transfer markets: Analyzing reported transfers and inferring transfers in the wild. Computer Communications, 111, 105-119. doi:10.1016/j.comcom.2017.07.012Dawadi, B. R., Rawat, D. B., & Joshi, S. R. (2019). Software Defined IPv6 Network: A New Paradigm for Future Networking. Journal of the Institute of Engineering, 15(2), 1-13. doi:10.3126/jie.v15i2.27636Rizvi, S. N., Raumer, D., Wohlfart, F., & Carle, G. (2015). Towards carrier grade SDNs. Computer Networks, 92, 218-226. doi:10.1016/j.comnet.2015.09.029Sezer, S., Scott-Hayward, S., Chouhan, P., Fraser, B., Lake, D., Finnegan, J., … Rao, N. (2013). Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine, 51(7), 36-43. doi:10.1109/mcom.2013.6553676ONF TR‐506.SDN migration considerations and use cases.;2014.https://www.opennetworking.org/wp-content/uploads/2014/10/sb-sdn-migration-use-cases.pdf.Raza, M. H., Sivakumar, S. C., Nafarieh, A., & Robertson, B. (2014). A Comparison of Software Defined Network (SDN) Implementation Strategies. Procedia Computer Science, 32, 1050-1055. doi:10.1016/j.procs.2014.05.532Wu, P., Cui, Y., Wu, J., Liu, J., & Metz, C. (2013). Transition from IPv4 to IPv6: A State-of-the-Art Survey. IEEE Communications Surveys & Tutorials, 15(3), 1407-1424. doi:10.1109/surv.2012.110112.00200Contreras, L. M., Doolan, P., Lønsethagen, H., & López, D. R. (2015). Operational, organizational and business challenges for network operators in the context of SDN and NFV. Computer Networks, 92, 211-217. doi:10.1016/j.comnet.2015.07.016Sandhya, Sinha, Y., & Haribabu, K. (2017). A survey: Hybrid SDN. Journal of Network and Computer Applications, 100, 35-55. doi:10.1016/j.jnca.2017.10.003ON.LAB.Driving SDN adoption in service provider networks.;2014.http://onosproject.org/wp-content/uploads/2014/11/Whitepaper-Service-Provider-SDN-final.pdf.SANDVINE. Carrier grade NAT: Mitigate IPv4 address exhaustion while maintaining network visibility.https://www.sandvine.com/hubfs/Procera_Live_Site_Files/PDF_Live_Site/Solutions_brief/SB_CGNAT.pdf. Published2018. .F5. Carrier‐grade NAT (CGNAT) for service providers.https://www.f5.com/services/resources/use-cases/carrier-grade-nat-for-service-providers. Accessed September 20 2019.Trinh, T. A., Gyarmati, L., & Sallai, G. (2010). Migrating to IPv6: A game-theoretic perspective. IEEE Local Computer Network Conference. doi:10.1109/lcn.2010.5735739Nikkhah, M. (2016). Maintaining the progress of IPv6 adoption. Computer Networks, 102, 50-69. doi:10.1016/j.comnet.2016.02.027Hu, T., Yi, P., Zhang, J., & Lan, J. (2018). A distributed decision mechanism for controller load balancing based on switch migration in SDN. China Communications, 15(10), 129-142. doi:10.1109/cc.2018.8485475TaoP YingC SunZ TanS WangP SunZ.The controller placement of software‐defined networks based on minimum delay and load balancing. In:2018 IEEE 16th Intl Conf on Dependable Autonomic and Secure Computing 16th Intl Conf on Pervasive Intelligence and Computing 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech).;2018:310‐313.Wang, K.-Y., Kao, S.-J., & Kao, M.-T. (2018). An efficient load adjustment for balancing multiple controllers in reliable SDN systems. 2018 IEEE International Conference on Applied System Invention (ICASI). doi:10.1109/icasi.2018.8394323Xu, H., Li, X.-Y., Huang, L., Deng, H., Huang, H., & Wang, H. (2017). Incremental Deployment and Throughput Maximization Routing for a Hybrid SDN. IEEE/ACM Transactions on Networking, 25(3), 1861-1875. doi:10.1109/tnet.2017.2657643Khorramizadeh, M., & Ahmadi, V. (2018). Capacity and load-aware software-defined network controller placement in heterogeneous environments. Computer Communications, 129, 226-247. doi:10.1016/j.comcom.2018.07.037LanW LiF LiuX QiuY.A dynamic load balancing mechanism for distributed controllers in software‐defined networking. In:2018 10th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA).;2018:259‐262.TR‐506 O.SDN Migration considerations and use cases.;2014.Kobayashi, M., Seetharaman, S., Parulkar, G., Appenzeller, G., Little, J., van Reijendam, J., … McKeown, N. (2014). Maturing of OpenFlow and Software-defined Networking through deployments. Computer Networks, 61, 151-175. doi:10.1016/j.bjp.2013.10.011BabikerH NikolovaI ChittimaneniKK.Deploying IPv6 in the Google Enterprise Network. Lessons learned. In:Proceedings of the 25th International Conference on Large Installation System Administration.;2011:10.APNIC. IPv6 capability measurement.https://stats.labs.apnic.net/ipv6. Accessed February 15 2020.Google Incl. IPv6 user access status.https://www.google.com/intl/en/ipv6/statistics.html. Accessed February 16 2020.Abdullah, S. A. (2019). SEUI-64, bits an IPv6 addressing strategy to mitigate reconnaissance attacks. Engineering Science and Technology, an International Journal, 22(2), 667-672. doi:10.1016/j.jestch.2018.11.012KreutzD RamosF VerissimoP RothenbergCE AzodolmolkyS UhligS.Software‐defined networking: A comprehensive survey.arXiv Prepr arXiv14060440.2014.DawadiBR RawatDB JoshiSR KeitschMM.Recommendations for energy efficient SoDIP6 network deployment at the early stage rural ICT expansion of Nepal. In: 2019International Conference on Computing Networking and Communications ICNC 2019.;2019.https://doi.org/10.1109/ICCNC.2019.8685567WintherM.Tier 1 isps: what they are and why they are important. IDC White Pap2006:1‐13.DawadiBR RawatDB JoshiSR.Evolutionary dynamics of service provider legacy network migration to software defined IPv6 network. In:International Conference on Computing and Information Technology;2019:245‐257.BriainDÓ DenieffeD KavanaghY OkelloD.A proposed architecture for distributed Internet eXchange Points in developing countries. In:2018 IST‐Africa Week Conference (IST‐Africa).;2018:Page‐‐1.ChatzisN SmaragdakisG FeldmannA.On the importance of Internet eXchange Points for today's Internet ecosystem.arXiv Prepr arXiv13075264.2013.RyanPS GersonJ.A primer on Internet exchange points for policymakers and non‐engineers.Available SSRN 2128103.2012.BogineniK.Introducing ONOS: A SDN network operating system for service providers.White Pap.2014.Karakus, M., & Durresi, A. (2018). Economic Viability of Software Defined Networking (SDN). Computer Networks, 135, 81-95. doi:10.1016/j.comnet.2018.02.015Shakkottai, S., & Srikant, R. (2006). Economics of Network Pricing With Multiple ISPs. IEEE/ACM Transactions on Networking, 14(6), 1233-1245. doi:10.1109/tnet.2006.886393Weiss, M. B., & Shin, S. (2002). Internet Interconnection Economic Model and its Analysis: Peering and Settlement. Communication Systems, 215-231. doi:10.1007/978-0-387-35600-6_10De Souza, E. P., Ferreira, E. M., & Neves, A. G. M. (2018). Fixation probabilities for the Moran process in evolutionary games with two strategies: graph shapes and large population asymptotics. Journal of Mathematical Biology, 78(4), 1033-1065. doi:10.1007/s00285-018-1300-4Klimek, P., Thurner, S., & Hanel, R. (2010). Evolutionary dynamics from a variational principle. Physical Review E, 82(1). doi:10.1103/physreve.82.01190

Security architecture for Fog-To-Cloud continuum system

Nowadays, by increasing the number of connected devices to Internet rapidly, cloud computing cannot handle the real-time processing. Therefore, fog computing was emerged for providing data processing, filtering, aggregating, storing, network, and computing closer to the users. Fog computing provides real-time processing with lower latency than cloud. However, fog computing did not come to compete with cloud, it comes to complete the cloud. Therefore, a hierarchical Fog-to-Cloud (F2C) continuum system was introduced. The F2C system brings the collaboration between distributed fogs and centralized cloud. In F2C systems, one of the main challenges is security. Traditional cloud as security provider is not suitable for the F2C system due to be a single-point-of-failure; and even the increasing number of devices at the edge of the network brings scalability issues. Furthermore, traditional cloud security cannot be applied to the fog devices due to their lower computational power than cloud. On the other hand, considering fog nodes as security providers for the edge of the network brings Quality of Service (QoS) issues due to huge fog device’s computational power consumption by security algorithms. There are some security solutions for fog computing but they are not considering the hierarchical fog to cloud characteristics that can cause a no-secure collaboration between fog and cloud. In this thesis, the security considerations, attacks, challenges, requirements, and existing solutions are deeply analyzed and reviewed. And finally, a decoupled security architecture is proposed to provide the demanded security in hierarchical and distributed fashion with less impact on the QoS.Hoy en día, al aumentar rápidamente el número de dispositivos conectados a Internet, el cloud computing no puede gestionar el procesamiento en tiempo real. Por lo tanto, la informática de niebla surgió para proporcionar procesamiento de datos, filtrado, agregación, almacenamiento, red y computación más cercana a los usuarios. La computación nebulizada proporciona procesamiento en tiempo real con menor latencia que la nube. Sin embargo, la informática de niebla no llegó a competir con la nube, sino que viene a completar la nube. Por lo tanto, se introdujo un sistema continuo jerárquico de niebla a nube (F2C). El sistema F2C aporta la colaboración entre las nieblas distribuidas y la nube centralizada. En los sistemas F2C, uno de los principales retos es la seguridad. La nube tradicional como proveedor de seguridad no es adecuada para el sistema F2C debido a que se trata de un único punto de fallo; e incluso el creciente número de dispositivos en el borde de la red trae consigo problemas de escalabilidad. Además, la seguridad tradicional de la nube no se puede aplicar a los dispositivos de niebla debido a su menor poder computacional que la nube. Por otro lado, considerar los nodos de niebla como proveedores de seguridad para el borde de la red trae problemas de Calidad de Servicio (QoS) debido al enorme consumo de energía computacional del dispositivo de niebla por parte de los algoritmos de seguridad. Existen algunas soluciones de seguridad para la informática de niebla, pero no están considerando las características de niebla a nube jerárquica que pueden causar una colaboración insegura entre niebla y nube. En esta tesis, las consideraciones de seguridad, los ataques, los desafíos, los requisitos y las soluciones existentes se analizan y revisan en profundidad. Y finalmente, se propone una arquitectura de seguridad desacoplada para proporcionar la seguridad exigida de forma jerárquica y distribuida con menor impacto en la QoS.Postprint (published version