Validation of SDN policies: a property-based testing perspective

[Abstract] Software-defined networks are being widely adopted and used in large and complex networks supporting critical operations. Their increasing importance highlights the need for effective validation of SDN topologies and routing policies both prior and during operation. The policies that configure an SDN deployment come from several, possibly conflicting sources. This may lead to undesired effects such as node isolation, network partitions, performance drops and routing loops. Such effects can be formulated as automatically testable reusable conditions using property-based testing (PBT). This approach allows to automatically determine and formulate as a counterexample the minimum set of conflicting rules. The approach is especially useful when policies are configured in an incremental manner. PBT techniques are particularly good at automatic counterexample shrinking and have the potential of being extremely effective in this area.Swedish Foundationfor Strategic Research; RIT17-0035

Performance benchmarking of SDN experimental platforms

There is a huge number of SDN experimental platforms available such as simulators, emulators and actual testbeds, each of them having different performance metrics. This paper presents a series of performance tests, that can be performed in each of the available platforms, in order to evaluate and rank them in various performance categories. These tests cover performance categories such as experiment setup/teardown time, resources needed in the form of CPU and RAM, as well as the fair use and fair share of those resources by the experimental platform. In addition, ping delay, response failure rate and scalability are also measured. All the performance tests presented in this paper have been implemented in Mininet emulator in order to evaluate its performance. After the data analysis, the most noticeable results are (i) response failure increases as the number of links increases, in some cases by 95%, (ii) CPU load balancing is more efficient as the number of nodes increases and (iii) initial ping delay is huge compared to average ping delay, in some cases up to 1725 times larger. Finally, performance results indicate that Mininet has several scalability issues

New concepts for traffic, resource and mobility management in software-defined mobile networks

The evolution of mobile telecommunication networks is accompanied by new demands for the performance, portability, elasticity, and energy efficiency of network functions. Network Function Virtualization (NFV), Software Defined Networking (SDN), and cloud service technologies are claimed to be able to provide most of the capabilities. However, great leap forward will only be achieved if resource, traffic, and mobility management methods of mobile network services can efficiently utilize these technologies. This paper conceptualizes the future requirements of mobile networks and proposes new concepts and solutions in the form of Software-Defined Mobile Networks (SDMN) leveraging SDN, NFV and cloud technologies. We evaluate the proposed solutions through testbed implementations and simulations. The results reveal that our proposed SDMN enhancements supports heterogeneity in wireless networks with performance improvements through programmable interfaces and centralized control

Performance benchmarking of SDN experimental platforms

There is a huge number of SDN experimental platforms available such as simulators, emulators and actual testbeds, each of them having different performance metrics. This paper presents a series of performance tests, that can be performed in each of the available platforms, in order to evaluate and rank them in various performance categories. These tests cover performance categories such as experiment setup/teardown time, resources needed in the form of CPU and RAM, as well as the fair use and fair share of those resources by the experimental platform. In addition, ping delay, response failure rate and scalability are also measured. All the performance tests presented in this paper have been implemented in Mininet emulator in order to evaluate its performance. After the data analysis, the most noticeable results are (i) response failure increases as the number of links increases, in some cases by 95%, (ii) CPU load balancing is more efficient as the number of nodes increases and (iii) initial ping delay is huge compared to average ping delay, in some cases up to 1725 times larger. Finally, performance results indicate that Mininet has several scalability issues

Diseño del componente experimental para la formación en redes de comunicaciones de nueva generación

RESUMEN: En la actualidad las redes definidas por software (SDN) son un nuevo paradigma que conduce al cambio en cómo implementamos y administramos las redes. Al desprender el plano de control del plano de datos, se logra operar en un entorno centralizado, haciendo que las redes de comunicación sean programables, logrando mayor agilidad y flexibilidad al interior de una red. En este proyecto se explican los conceptos básicos de SDN permitiendo, a través de la experimentación, compararlos con los escenarios tradicionales con las potencialidades que presentan las Redes Definidas por Software (SDN). Se han desarrollado cuatro prácticas de laboratorio que explican los conceptos de Switching y Routing implementados a las redes de comunicaciones de nueva generación con enfoque en SDN (Software Defined Networking). En cada una de las guías de uso se explica cómo configurar cada una de las herramientas utilizadas y los procedimientos para desarrollar las prácticas, así como las pruebas para comprobar su correcto funcionamiento a través de una máquina virtual que tiene incorporado Mininet para la simulación de redes y POX como controlador OpenFlow. Como escenario de prueba y evaluación de la plataforma remota diseñada, la Universidad de Antioquia implementará una plataforma educativa que permitirá apoyar procesos de formación en redes de comunicación. La plataforma integrará los contenidos teóricos del curso redes de nueva generación ofrecido por la Universidad de Antioquia, con un laboratorio remoto que permitirá el desarrollo de prácticas controladas desde un entorno virtual haciendo uso de contenedores a través de LXC OS

Seamless Support of Low Latency Mobile Applications with NFV-Enabled Mobile Edge-Cloud

Emerging mobile multimedia applications, such as augmented reality, have stringent latency requirements and high computational cost. To address this, mobile edge-cloud (MEC) has been proposed as an approach to bring resources closer to users. Recently, in contrast to conventional fixed cloud locations, the advent of network function virtualization (NFV) has, with some added cost due to the necessary decentralization, enhanced MEC with new flexibility in placing MEC services to any nodes capable of virtualizing their resources. In this work, we address the question on how to optimally place resources among NFV-enabled nodes to support mobile multimedia applications with low latency requirement and when to adapt the current resource placements to address workload changes. We first show that the placement optimization problem is NP-hard and propose an online dynamic resource allocation scheme that consists of an adaptive greedy heuristic algorithm and a detection mechanism to identify the time when the system will no longer be able to satisfy the applications' delay requirement. Our scheme takes into account the effect of current existing techniques (i.e., auto-scaling and load balancing). We design and implement a realistic NFV-enabled MEC simulated framework and show through extensive simulations that our proposal always manages to allocate sufficient resources on time to guarantee continuous satisfaction of the application latency requirements under changing workload while incurring up to 40% less cost in comparison to existing overprovisioning approaches

A balanced partitioning mechanism for multicontroller placement in software-defined wide area networks

Through softwarization, Software-Defined Networking (SDN) may govern the network. Deploying a single controller to manage enormous network traffic is inefficient; hence, having multiple controllers is a necessity of current SDN in wide area networks (WANs). However, the controller placement problem (CPP) is a thriving research subject for efficiently placing many controllers to improve network performance. It has two parts: how the controllers should be distributed and how many networking devices each controller should be connected to. Consequently, the objective of this study is to propose a Balanced Partitioning Mechanism (BPM) based on the notion of a network partition. Moreover, the BPM is designed based on a modified K-means algorithm. BPM comprises of two approaches: the initialization method and the partitioning strategy. The farthest-point initialization method is introduced to reduce end-to-end delay between the controllers and switches. The balanced partitioning strategy is used to balance controller loads and partition the network into balanced partitions. The research adopted the Design Science Research Methodology (DSRM) to accomplish its objectives. The network simulator OMNeT++ was configured to simulate the performance of BPM over the OS3E topology, with two scenarios including five and six domains. The K-means and CNPA algorithms, in particular, were used to evaluate the performance of BPM. In terms of balanced partitioning, the findings reveal that BPM outperforms the K-means and CNPA algorithms by maintaining a good load balance among controllers. Furthermore, the results show that BPM improves throughput and reduces end-to-end delay between the controllers and switches. In addition, BPM improves the number of packets received by the destination to the number of packets sent by 23% and 29% compared to the K-means for five and six domain scenarios, respectively. Given the diversity of future Internet and IoT, the findings have significant implications for improving the performance of WAN networks

Bidirectional LiFi Attocell Access Point Slicing Scheme

LiFi attocell access networks will be deployed everywhere to support diverse applications and service provisioning to various end-users. The LiFi infrastructure providers will need to offer LiFi access points (APs) resources as a service. This, however, requires a research challenge to be solved to dynamically and effectively allocate resources among service providers (SPs) while guaranteeing performance isolation among them and their respective users. This paper introduces an autonomic resource slicing (virtualization) scheme, which realizes autonomic management and configuration of virtual APs, in a LiFi attocell access network, based on SPs and their users service requirements. The developed scheme comprises of traffic analysis and classification, a local AP controller, downlink and uplink slice resources manager, traffic measurement, and information collection modules. It also contains a hybrid medium access protocol and an extended token bucket fair queueing algorithm to support uplink access virtualization and spectrum slicing. The proposed resource slicing scheme collects and analyzes the traffic statistics of the different applications supported on the slices defined in each LiFi AP and distributes the available resources fairly and proportionally among them. It uses a control algorithm to adjust the minimum contention window of user devices to achieve the target throughput and ensure airtime fairness among SPs and their users. The developed scheme has been extensively evaluated using OMNeT++. The obtained results show various resource slicing capabilities to support differentiated services and performance isolation

ASGARDS-H: Enabling Advanced Smart Grid cyber-physical Attacks, Risk and Data Studies with HELICS

Smart infrastructures are increasingly built with cyber-physical systems that connect physical operational technology (OT) devices, networks and systems over a cyberspace of ubiquitous information technology (IT). A key objective of such interconnection is to offer a data coverage that will enable comprehensive visibility of dynamic environments and events. The arrival of Internet-of-Things, 5G, and beyond in smart infrastructures will enable the collection of unprecedented volumes of data from these various sources for critical visibility of the entire infrastructure with advanced situational awareness. To break the barriers between the different data silos that limit advanced machine learning techniques against cyber-physical attacks and damages and to allow the development of advanced cross-domain awareness models, the thesis tried to develop a modular, complete and scalable co-simulation platform allowing the generation of standardized datasets for research and development of smart distribution grid security. It addresses the lack of realistic training and testing data for machine learning models to enable the development of more advanced techniques. Our contributions are as follows. First, a modular platform for software-based co-simulation testbed generation is developed using the HELICS co-simulation framework. Second, scenarios of instabilities, faults, cyber-physical attacks are built to allow the generation of a realistic and multi-sourced dataset. Third, well-defined datasets are generated from the developed scenarios to enable and empower data-driven approaches toward smart distribution grid security