Deliverable JRA1.1: Evaluation of current network control and management planes for multi-domain network infrastructure

This deliverable includes a compilation and evaluation of available control and management architectures and protocols applicable to a multilayer infrastructure in a multi-domain Virtual Network environment.The scope of this deliverable is mainly focused on the virtualisation of the resources within a network and at processing nodes. The virtualization of the FEDERICA infrastructure allows the provisioning of its available resources to users by means of FEDERICA slices. A slice is seen by the user as a real physical network under his/her domain, however it maps to a logical partition (a virtual instance) of the physical FEDERICA resources. A slice is built to exhibit to the highest degree all the principles applicable to a physical network (isolation, reproducibility, manageability, ...). Currently, there are no standard definitions available for network virtualization or its associated architectures. Therefore, this deliverable proposes the Virtual Network layer architecture and evaluates a set of Management- and Control Planes that can be used for the partitioning and virtualization of the FEDERICA network resources. This evaluation has been performed taking into account an initial set of FEDERICA requirements; a possible extension of the selected tools will be evaluated in future deliverables. The studies described in this deliverable define the virtual architecture of the FEDERICA infrastructure. During this activity, the need has been recognised to establish a new set of basic definitions (taxonomy) for the building blocks that compose the so-called slice, i.e. the virtual network instantiation (which is virtual with regard to the abstracted view made of the building blocks of the FEDERICA infrastructure) and its architectural plane representation. These definitions will be established as a common nomenclature for the FEDERICA project. Other important aspects when defining a new architecture are the user requirements. It is crucial that the resulting architecture fits the demands that users may have. Since this deliverable has been produced at the same time as the contact process with users, made by the project activities related to the Use Case definitions, JRA1 has proposed a set of basic Use Cases to be considered as starting point for its internal studies. When researchers want to experiment with their developments, they need not only network resources on their slices, but also a slice of the processing resources. These processing slice resources are understood as virtual machine instances that users can use to make them behave as software routers or end nodes, on which to download the software protocols or applications they have produced and want to assess in a realistic environment. Hence, this deliverable also studies the APIs of several virtual machine management software products in order to identify which best suits FEDERICA’s needs.Postprint (published version

Deliverable DJRA1.3: Tool prototype for creating and stitching multiple network resources for virtual infrastructures

This document describes the prototype FEDERICA Slice Tool developed for the virtualization of network elements in FEDERICA and for creating and stitching network resources over this virtual infrastructure. An SNMP-based resource discovery prototype is also introduced as a new functionality to be integrated in the tool.The deliverable also presents aviability study for the use of traffic prioritization in the FEDERICA infrastructure and some network performance measurements on a real slice within FEDERICA.This document reports the final results of JRA1.2 Activity in the development of a tool prototype for creating sets ofvirtual resourcesinFEDERICA.The prototype goal is to simplify and automate part of the work for NOC.The tool may also serve,with different privileges, a FEDERICA user to operate on his/her slice. The tool described here was designed with the objective of providing an interactive application with a graphical interface to operate on resources for the NOC and the end users (researchers). The tool simplify the creation and configuration of resources in a slice and it is a mandatory step to ensure scalability of the NOC effort. It offers an interactive Graphical User Interface that translates the users’ actions to commands in the substrate (networknodesandV-nodes)andslice elements(VirtualMachines).User accounts may be created for the NOC and for researchers, each with specific privileges to enable different sets of capabilities. The NOC account has full access to all the resources in the substrate, while each user’account has full access only to the virtual resources in his/her slice. The tool has been developed using the Java programming language as Open Source code and relies on the open source Globus® Toolkit. Testing has been performed in a laboratory environment and on some FEDERICA substrate equipment (1switch, 2VMwareServers) in their standard configuration. For testing the router, web services and GUI an additional computer was used, using a public IP address.Postprint (published version

Power Systems Monitoring and Control using Telecom Network Management Standards

Historically, different solutions have been developed for power systems control and telecommunications network management environments. The former was characterized by proprietary solutions, while the latter has been involved for years in a strong standardization process guided by criteria of openness. Today, power systems control standardization is in progress, but it is at an early stage compared to the telecommunications management area, especially in terms of information modeling. Today, control equipment tends to exhibit more computational power, and communication lines have increased their performance. These trends hint at some conceptual convergence between power systems and telecommunications networks from a management perspective. This convergence leads us to suggest the application of well-established telecommunications management standards for power systems control. This paper shows that this is a real medium-to-long term possibility

SNMP Trace Analysis: Results of Extra Traces

The Simple Network Management Protocol (SMMP) was introduced in the late 1980s. Since then, several evolutionary protocol changes have taken place, resulting in the SNMP version 3 framework (SNMPv3). Extensive use of SNMP has led to significant practical experience by both network operators and researchers. Since recently, researchers are in the possession of real world SNMP traces. This allows researchers to analyze the real world application of SNMP. A publication of 2007 made a significant start with this. However, real world trace analysis demands a continual approach, due to changing circumstances (e.g., regarding the network and SNMP engine implementations). Therefore, this paper reports on a lot more traces than in the mentioned paper, which are also more recent

Centralized model driven trace route mechanism for TCP/IP routers : Remote traceroute invocation using NETCONF API and YANG data model

During the recent years, utilizing programmable APIs and YANG data model for service configuration and monitoring of TCP/IP open network devices from a centralized network management system as an alternative to SNMP based network management solutions has gained popularity among service providers and network engineers. However, both SNMP and YANG lacks any data model for tracing the routes between different routers inside and outside the network that has not addressed. Having a centralized traceroute tool provides a central troubleshooting point in the network. And rather than having to individually connect to each router terminal, traceroute can be invoked remotely on different routers. And the responses can be collected on the network management system. The aim of this thesis is to develop a centralized traceroute tool called Trace that invokes traceroute CLI tool with a unique syntax from a centralized network management system on a TCP/IP router, traces the hops and BGP AS and measures RTT between a router and specific destination and returns the response back to the network management system. And evaluates the possibility of utilizing this traceroute tool along with YANG based network management solutions. This implementation has shown that YANG based data models enables a unique syntax on the network management system for invoking traceroute command on different TCP/IP devices. This unique syntax can be used to invoke the traceroute CLI command on the routers with the different operating systems. And the evaluation has shown that using NETCONF as an API between the network management system and the network devices, enables the Trace to be utilized in YANG and NETCONF based network management solutions

Centralized model driven trace route mechanism for TCP/IP routers : Remote traceroute invocation using NETCONF API and YANG data model

During the recent years, utilizing programmable APIs and YANG data model for service configuration and monitoring of TCP/IP open network devices from a centralized network management system as an alternative to SNMP based network management solutions has gained popularity among service providers and network engineers. However, both SNMP and YANG lacks any data model for tracing the routes between different routers inside and outside the network that has not addressed. Having a centralized traceroute tool provides a central troubleshooting point in the network. And rather than having to individually connect to each router terminal, traceroute can be invoked remotely on different routers. And the responses can be collected on the network management system. The aim of this thesis is to develop a centralized traceroute tool called Trace that invokes traceroute CLI tool with a unique syntax from a centralized network management system on a TCP/IP router, traces the hops and BGP AS and measures RTT between a router and specific destination and returns the response back to the network management system. And evaluates the possibility of utilizing this traceroute tool along with YANG based network management solutions. This implementation has shown that YANG based data models enables a unique syntax on the network management system for invoking traceroute command on different TCP/IP devices. This unique syntax can be used to invoke the traceroute CLI command on the routers with the different operating systems. And the evaluation has shown that using NETCONF as an API between the network management system and the network devices, enables the Trace to be utilized in YANG and NETCONF based network management solutions

Network Automation Methodology for Detecting Rogue Switch

The issue of detecting malicious switches on the network is still a concern even as networks continue to grow more complex. Even though Wired networks are considered more secure than wireless, the wireless rogue device problem has been solved. However, the wired rogue switch problem remains unsolved. In this project, we apply core networking concepts and demonstrate a smart solution by combining the latest Automation techniques with highly effective software tool-sets available for detecting malicious systems connected to a rogue switch. This solution promises quick detection and requires Zero Downtime which could prove to be an ideal solution for enterprises having managed switch production networks. We achieve this by continuously filtering and analyzing network traffic for any broadcast storms or new Address Resolution protocol packets using Packet Analyzers and then effectively tracing the malicious host connected to the rogue switch by deploying automation techniques. This technique also helps detecting rogue unmanaged switches (“plug and play” devices) having pre-loaded configuration

Dynamic Context Awareness of Universal Middleware based for IoT SNMP Service Platform

This study focused on the Universal Middleware design for the IoT (Internet of Things) service gateway for the implementation module of the convergence platform. Recently, IoT service gateway including convergence platform could be supported on dynamic module system that is required mounting and recognized intelligent status with the remote network protocol. These awareness concepts support the dynamic environment of the cross-platform distributed computing technology is supported by these idea as a Universal Middleware for network substitution. Distribution system commonly used in recent embedded systems include CORBA (Common Object Request Broker Architecture), RMI (Remote Method Invocation), DCE (Distributed Computing Environment) for dynamic service interface, and suggested implementations of a device object context. However, the aforementioned technologies do not support each standardization of application services, communication protocols, and data, but are also limited in supporting inter-system scalability. In particular, in order to configure an IoT service module, the system can be simplified, and an independent service module can be configured as long as it can support the standardization of modules based on hardware and software components. This paper proposed a design method for Universal Middleware that, by providing IoT modules and service gateways with scalability for configuring operating system configuration, may be utilized as an alternative. This design could be a standardized interface provisioning way for hardware and software components as convergence services, and providing a framework for system construction. Universal Middleware Framework could be presented and dynamic environment standardization module of network protocols, various application service modules such as JINI (Apache River), UPnP (Universal Plug & Play), SLP (Service Location Protocol) bundles that provide communication facilities, and persistence data module. In this IoT gateway, management for based Universal Middleware framework support and available for each management operation, application service component could be cross-executed over SNMP (Simple Network Management Protocol) version 1, version 2, and version 3. The way of SNMP extension service modules are conducted cross-support each module and independent system meta-information that could be built life cycle management component through the MIB (Management Information Base) information unit analysis. Therefore, the MIB role of relation with the Dispatcher applied to support multiple concurrent SNMP messages by receiving incoming messages and managing the transfer of PDU (Protocol Data Unit) between the RFC 1906 network in this study. Results of the study revealed utilizing Universal Middleware that dynamic situations of context objects with mechanisms and tools to publish information could be consisted of IoT to standardize module interfaces to external service clients as a convergence between hardware and software platforms

Middleware for managing a large, heterogeneous programmable network

The links between BTexact Technologies and the Department of Computing Science at University College London are becomingincreasingly beneficial for the development of the middleware area for the management of programmable networks. This paperdescribes the work that has been done to date, and outlines the plans for future research

Secure Configuration and Management of Linux Systems using a Network Service Orchestrator.

Manual management of the configuration of network devices and computing devices (hosts) is an error-prone task. Centralized automation of these tasks can lower the costs of management, but can also introduce unknown or unanticipated security risks. Misconfiguration (deliberate (by outsiders) or inadvertent (by insiders)) can expose a system to significant risks. Centralized network management has seen significant progress in recent years, resulting in model-driven approaches that are clearly superior to previous "craft" methods. Host management has seen less development. The tools available have developed in separate task-specific ways. This thesis explores two aspects of the configuration management problem for hosts: (1) implementing host management using the model-driven (network) management tools; (2) establishing the relative security of traditional methods and the above proposal for model driven host management. It is shown that the model-driven approach is feasible, and the security of the model driven approach is significantly higher than that of existing approaches