524 research outputs found
SDN Access Control for the Masses
The evolution of Software-Defined Networking (SDN) has so far been
predominantly geared towards defining and refining the abstractions on the
forwarding and control planes. However, despite a maturing south-bound
interface and a range of proposed network operating systems, the network
management application layer is yet to be specified and standardized. It has
currently poorly defined access control mechanisms that could be exposed to
network applications. Available mechanisms allow only rudimentary control and
lack procedures to partition resource access across multiple dimensions.
We address this by extending the SDN north-bound interface to provide control
over shared resources to key stakeholders of network infrastructure: network
providers, operators and application developers. We introduce a taxonomy of SDN
access models, describe a comprehensive design for SDN access control and
implement the proposed solution as an extension of the ONOS network controller
intent framework
Redes definidas por software flexíveis
The fifth generation of mobile networks (5G) are able to offer better
services than its predecessors mainly through the usage of software
defined networks (SDN) and network functions virtualization (NFV)
However, after multiple solutions developed using OpenFlow, the conclusion
was that the even after several years of the first version released,
OpenFlow fails to offer full flexibility and cannot handle unknown protocols.
With that in mind, the community got together and created
what is known today as P4. P4 is a language designed to program the
data plane behavior, that, with the help of P4Runtime, the alternative
of OpenFlow to P4 enabled devices, it allows the management of the
data plane behavior regarding the target or the protocol. All of that
because, unlike OpenFlow, P4Runtime does not assume that network
devices have a fixed and well defined behavior, usually described by
the ASIC chip.
In this work, P4 ecosystem is used to implement offloading of functions
to the network devices and evaluate whether that is impactful for the
network performance. Given the low amount of work developed with
P4 regarding publish-subscribe systems, that traditionally rely on brokers,
it was decided to offload several functions of such systems to the
dataplane with P4, leading that the overall solution can be comparable
to distributed broker ones. However, P4 is limited regarding the management
of state related data, just like of TCP sessions, which many
publish-subscribe system rely on. Zenoh, a new publish-subscribe protocol
that is still in early phases and directed to IoT, is also able to
run over UDP and therefore is a great candidate to be implemented in
P4 to overcome such issues. It is then used to show the advantages of
doing offloading of processing to the dataplane.
The conceptualized system was then compared to two more traditional
ones, that do not make use of offloading. The overall results achieved
are promising. Results show that there are benefits in the offloading of
certain tasks to the dataplane and therefore be closer to the end user
and with that improve latency. However, regarding the pure Zenoh,
the results achieved are poorer. That can be explained by the usage
of software switches that are not production grade ready and whose
performance is highly impacted by several data plane factors. That
makes it necessary to do more tests on expensive hardware equipment
for a more concrete conclusion.As redes móveis de quinta geração (5G) conseguem oferecer melhores
serviços que as suas anteriores gerações maioritariamente através do
uso de tecnologias como redes definidas por software (SDN) e virtualização das funções da rede (NFV).
No entanto, após vários anos de implementações de soluções usando
OpenFlow, chegou-se à conclusão que este tem limitações relativamente
a protocolos desconhecidos, mesmo após vários anos da primeira
versão. Então, a comunidade juntou-se e criou o que hoje é o
ecossistema P4/P4Runtime. Sendo o P4 uma linguagem destinada à
programação do comportamento do plano de dados e o P4Runtime
o equivalente ao OpenFlow para equipamentos que suportam P4, no
entanto permite uma gestão do comportamento do plano de dados independente
do dispositivo e do protocolo, uma vez que não assume que
os equipamentos de rede têm um comportamento fixo bem definido,
normalmente descrito pelo chip ASIC.
Neste trabalho, faz-se uso do ecossistema do P4 para implementação de
offloading de funções para os próprios equipamentos de rede e avalia-se
se esta solução traz benefícios para a performance da rede. Devido à
pouca exploração em P4 de sistemas publish-subscribe, que dependem
tradicionalmente de brokers, foi decidido fazer offloading de funções
de um desses sistemas através do uso de P4, permitindo ainda que a
solução como um todo possa ser comparável com as oferecidas por
um broker distribuído. No entanto, o P4 tem limitações ao nível de
gestão de sessões TCP. O Zenoh, um protocol publish-subscribe ainda
em evolução e direcionado para IoT, permite também transporte sobre
UDP, e é por isso um grande candidato a ser implementado em P4 para
demonstrar as vantagens de fazer offloading de processamento para o
plano de dados.
O sistema conceptualizado e desenvolvido foi então comparado com
outros dois sistemas mais tradicionais que não fazem uso de offloading.
Os resultados são animadores mostrando que existe benefício
em fazer ffloading de certas funções para o plano de dados, visto que
certas operações podem ser feitas mais perto do utilizador final. No
entanto, comparando os resultados com os oferecidos pelo Zenoh puro,
os resultados são piores, sendo isto explicado pelo facto de os equipamentos
de rede utilizados serem switches em software que não estão
preparados para ambientes de produção e são muito penalizados por
diversos fatores do comportamento do plano de dados. É por isso necessário fazer testes em equipamentos de hardware para uma avaliação
mais profunda e consequente conclusão.Mestrado em Engenharia de Computadores e Telemátic
P-SCOR: Integration of Constraint Programming Orchestration and Programmable Data Plane
In this manuscript we present an original implementation of network management functions in the context of Software Defined Networking. We demonstrate a full integration of an artificial intelligence driven management, an SDN control plane, and a programmable data plane. Constraint Programming is used to implement a management operating system that accepts high level specifications, via a northbound interface, in terms of operational objective and directives. These are translated in technology-specific constraints and directives for the SDN control plane, leveraging the programmable data plane, which is enriched with functionalities suited to feed data that enable the most effective operation of the “intelligent” control plane, by exploiting the language
A unifying operating platform for 5G end-to-end and multi-layer orchestration
Heterogeneity of current software solutions for 5G is heading for complex and costly situations, with high fragmentation, which in turn creates uncertainty and the risk of delaying 5G innovations. This context motivated the definition of a novel Operating Platform for 5G (5G-OP), a unifying reference functional framework supporting end-to-end and multi-layer orchestration. 5G-OP aims at integrated management, control and orchestration of computing, storage, memory, networking core and edge resources up to the end-user devices and terminals (e.g., robots and smart vehicles). 5G-OP is an overarching architecture, with agnostic interfaces and well-defined abstractions, offering the seamless integration of current and future infrastructure control and orchestration solutions (e.g., OpenDaylight, ONOS, OpenStack, Apache Mesos, OpenSource MANO, Docker, LXC, etc.) The paper provides also the description of a prototype that can be seen as a simplified version of a 5G-OP, whose feasibility has been demonstrated in Focus Group IMT2020 of ITU-T
Managing NFV using SDN and control theory
Control theory and SDN (Software Defined Networking) are key components for NFV (Network Function Virtualization) deployment. However little has been done to use a control-theoretic approach for SDN and NFV management. In this paper, we describe a use case for NFV management using control theory and SDN. We use the management architecture of RINA (a clean-slate Recursive InterNetwork Architecture) to manage Virtual Network Function (VNF) instances over the GENI testbed. We deploy Snort, an Intrusion Detection System (IDS) as the VNF. Our network topology has source and destination hosts, multiple IDSes, an Open vSwitch (OVS) and an OpenFlow controller. A distributed management application running on RINA measures the state of the VNF instances and communicates this information to a Proportional Integral (PI) controller, which then provides load balancing information to the OpenFlow controller. The latter controller in turn updates traffic flow forwarding rules on the OVS switch, thus balancing load across the VNF instances. This paper demonstrates the benefits of using such a control-theoretic load balancing approach and the RINA management architecture in virtualized environments for NFV management. It also illustrates that GENI can easily support a wide range of SDN and NFV related experiments
- …