Application development for Software-Defined networks in state of the art controllers

In the last few years, the importance of the internet in our lives increased considerably. Networks have become a big part of our lives and there will be a setup almost everywhere we go: in our homes, in the workplace, in stores, in universities, in the subway. Each and every one of these places has a network, a router, Wi-Fi, etc. Due to its high importance, service providers must guarantee a fully operational network, 24 hours a day, leaving no room for mistakes. However, that creates a problem: how can developers test new protocols? In no way is a service provider willing to risk ruining its network because a developer tested a non-working protocol. Researchers who dedicate themselves to the study of these frameworks believe that the main problems of a fully operational network lie essentially in its architecture, as network devices incorporate different and quite complex functions. Major networks, such as service providers, are built upon robust architectures with the ability to support large traffic volumes, with different characteristics. The service provider is able to process large amounts of data simultaneously, as well as route and forward traffic. As they have built-in control functions that work in a distributed manner and considering they are made by a limited number of manufacturers, these networks present several limitations. Besides its complexity and configuration, it must be taken into account that every network should be prepared to deal with potential failures that might occur, as well as any security-related problems. A network - regardless of its level of use - must allow its users to use it as safely as possible. Networks today have poor flexibility and their development, growth and innovation are far from simple. Thus, the provision of more diversified services to satisfy the users presents a challenge to service providers, since the system and the administration functions are separated. The answer to these problems lies within the Software-Defined Networks (SDN), given that they seem to be very promising as far as innovation is concerned, allowing the development of new strategies and management control networks. These networks use programmable switches and routers that can process packets of data for several isolated experimental networks simultaneously, through virtualization. These networks run in the Control Plane, in servers operating separately from the network devices. This gives the network administrator a greater control over the network, as it allows to manage different resources by directing them to different traffic flows. A SDN using OpenFlow is capable of supporting a high-response network to each and every controller failures that might occur, without slowing the network's response, as it offers great flexibility and helps with fighting the limitations of any existing network. The main goal of this thesis is to explain how to use this new approach (SDN) and its capacities. This work will serve as a basis to all who wish to obtain new knowledge about this topic. One of the main focuses of this thesis is to pinpoint the advantages and disadvantages of SDN with an OpenFlow architecture

A Data Distribution Service in a hierarchical SDN architecture: implementation and evaluation

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Software-defined networks (SDNs) have caused a paradigm shift in communication networks as they enable network programmability using either centralized or distributed controllers. With the development of the industry and society, new verticals have emerged, such as Industry 4.0, cooperative sensing and augmented reality. These verticals require network robustness and availability, which forces the use of distributed domains to improve network scalability and resilience. To this aim, this paper proposes a new solution to distribute SDN domains by using Data Distribution Services (DDS). The DDS allows the exchange of network information, synchronization among controllers and auto-discovery. Moreover, it increases the control plane robustness, an important characteristic in 5G networks (e.g., if a controller fails, its resources and devices can be managed by other controllers in a short amount of time as they already know this information). To verify the effectiveness of the DDS, we design a testbed by integrating the DDS in SDN controllers and deploying these controllers in different regions of Spain. The communication among the controllers was evaluated in terms of latency and overhead.Postprint (author's final draft

A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

Active Response Using Host-Based Intrusion Detection System and Software-Defined Networking

This research proposes AHNSR: Active Host-based Network Security Response by utilizing Host-based Intrusion Detection Systems (HIDS) with Software-Defined Networking (SDN) to enhance system security by allowing dynamic active response and reconstruction from a global network topology perspective. Responses include traffic redirection, host quarantining, filtering, and more. A testable SDN-controlled network is constructed with multiple hosts, OpenFlow enabled switches, and a Floodlight controller, all linked to a custom, novel interface for the Open-Source SECurity (OSSEC) HIDS framework. OSSEC is implemented in a server-agent architecture, allowing scalability and OS independence. System effectiveness is evaluated against the following factors: alert density and a selective Floodlight module response types. At the expected operational load of 500 events per second (EPS), results reveal a mean system response time of 0.5564 seconds from log generation to flow table update via Floodlights Access Control List module. Load testing further assesses performance at 10 - 10000 EPS for all tested response modules

Development of a Modified East-West Interface for Distributed Control Plane Network

The East-West Interface is important in achieving communication in a distributed control plane network such as a Wide Area Network (WAN); to enable scalability and distribution of the control plane. In this paper, a Modified Communication Interface for Distributed Control Plane (mCIDC) was developed to ensure communication in WANs. The mCIDC interface allows the synchronization of different modules in the controller to enable consistent high availability and efficient communication among controllers in the East-West Interface needed for Software Defined Network (SDN) to scale in a WAN environment. The modified-CIDC (mCIDC) is developed based on the Communication Interface for Distributed Control Plane (CIDC) and implemented on top of Floodlight Controller using the ISyncService module. The performance of the mCIDC and CIDC was compared using captured Transmission Control Protocol (TCP) packets, TCP errors and inter-controller communication overload (ICO). The results indicated that for Claranet_2; mCIDC showed a better performance in minimizing number of Captured TCP Packets, TCP Errors and ICO by 26.55%, 17.89%, and 19.35% respectively when compared with CIDC, while for Claranet_3; 15.82%, 21.60% and 29.25%   for Captured TCP Packets, TCP Errors and ICO respectively, when compared with CIDC. This shows that the mCIDC ensures communication by transmitting the necessary required packets (information) among controllers with reduced TCP errors and fewer overloads

SDN-BASED MECHANISMS FOR PROVISIONING QUALITY OF SERVICE TO SELECTED NETWORK FLOWS

Despite the huge success and adoption of computer networks in the recent decades, traditional network architecture falls short of some requirements by many applications. One particular shortcoming is the lack of convenient methods for providing quality of service (QoS) guarantee to various network applications. In this dissertation, we explore new Software-Defined Networking (SDN) mechanisms to provision QoS to targeted network flows. Our study contributes to providing QoS support to applications in three aspects. First, we explore using alternative routing paths for selected flows that have QoS requirements. Instead of using the default shortest path used by the current network routing protocols, we investigate using the SDN controller to install forwarding rules in switches that can achieve higher bandwidth. Second, we develop new mechanisms for guaranteeing the latency requirement by those applications depending on timely delivery of sensor data and control signals. The new mechanism pre-allocates higher priority queues in routers/switches and reserves these queues for control/sensor traffic. Third, we explore how to make the applications take advantage of the opportunity provided by SDN. In particular, we study new transmission mechanisms for big data transfer in the cloud computing environment. Instead of using a single TCP path to transfer data, we investigate how to let the application set up multiple TCP paths for the same application to achieve higher throughput. We evaluate these new mechanisms with experiments and compare them with existing approaches