DoS Attack Impact Assessment on Software Defined Networks

© 2018, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Software Defined Networking (SDN) is an evolving network paradigm which promises greater interoperability, more innovation, flexible and effective solutions. Although SDN on the surface provides a simple framework for network programmability and monitoring, few has been said about security measures to make it resilient to hitherto security flaws in traditional network and the new threats the architecture is ushering in. One of the security weaknesses the architecture is ushering in due to separation of control and data plane is Denial of Service (DoS) attack. The main goal of this attack is to make network resources unavailable to legitimate users or introduce large delays. In this paper, the effect of DoS attack on SDN is presented using Mininet, OpenDaylight (ODL) controller and network performance testing tools such as iperf and ping. Internet Control Message Protocol (ICMP) flood attack is performed on a Transmission Control Protocol (TCP) server and a User Datagram Protocol (UDP) server which are both connected to OpenFlow switches. The simulation results reveal a drop in network throughput from 233 Mbps to 87.4 Mbps and the introduction of large jitter between 0.003 ms and 0.789 ms during DoS attack.Published versio

OpenFlow-based Distributed and Fault-Tolerant Software Switch Architecture

We are living in the era where each of us is connected with each other virtually across the globe. We are sharing the information electronically over the internet every second of our day. There are many networking devices involved in sending the information over the internet. They are routers, gateways, switches, PCs, laptops, handheld devices, etc. The switches are very crucial elements in delivering packets to the intended recipients. Now the networking field is moving towards Software Defined Networking and the network elements are being slowly replaced by the software applications run by OpenFlow protocols. For example the switching functionality in local area networks could be achieved with software switches like OpenvSwitch (OVS), LINC-Switch, etc. Now a days the organizations depend on the datacenters to run their services. The application servers are being run from virtual machines on the hosts to better utilize the computing resources and make the system more scalable. The application servers need to be continuously available to run the business for which they are deployed for. Software switches are used to connect virtual machines as an alternative to Top of Rack switches. If such software switch fails then the application servers will not be able to connect to its clients. This may severely impact the business serviced by the application servers, deployed on the virtual machines. For reliable data connectivity, the switching elements need to be continuously functional. There is a need for reliable and robust switches to cater the today's networking infrastructure. In this study, the software switch LINC-Switch is implemented as distributed application on multiple nodes to make it resilient to failure. The fault-tolerance is achieved by using the distribution properties of the programming language Erlang. By implementing the switch on three redundant nodes and starting the application as a distributed application, the switch will be serving its purpose very promptly by restarting it on other node in case it fails on the current node by using failover/takeover mechanisms of Erlang. The tolerance to failure of the LINC-Switch is verified with Ping based experiment on the GENI test bed and on the Xen-cluster in our Lab.Engineering Technology, Department o

Contribution to the Federation of the asynchronous SmartSantander service layer within the European Fed4FIRE context

This thesis is a contribution to the federation of asynchronous SmartSantander service layer within the European Fed4FIRE context. The thesis was developed in a Smart City background, and its main aims were both to gain knowledge of how Smart Cities, Testbeds and Federations of Testbeds are structured by working on a real deployed system, i.e. SmartSantander framework and Fed4FIRE federation, and to contribute with some of the components required for the integratio

Peer-to-Peer Based Trading and File Distribution for Cloud Computing

In this dissertation we take a peer-to-peer approach to deal with two specific issues, fair trading and file distribution, arisen from data management for cloud computing. In mobile cloud computing environment cloud providers may collaborate with each other and essentially organize some dedicated resources as a peer to peer sharing system. One well-known problem in such peer to peer systems with exchange of resources is free riding. Providing incentives for peers to contribute to the system is an important issue in peer to peer systems. We design a reputation-based fair trading mechanism that favors peers with higher reputation. Based on the definition of the reputation used in the system, we derive a fair trading policy. We evaluate the performance of reputation-based trading mechanisms and highlight the scenarios in which they can make a difference. Distribution of data to the resources within a cloud or to different collaborating clouds efficiently is another issue in cloud computing. The delivery efficiency is dependent on the characteristics of the network links available among these network nodes and the mechanism that takes advantage of them. Our study is based on the Global Environment for Network Innovations (GENI), a testbed for researchers to build a virtual laboratory at scale to explore future Internets. Our study consists of two parts. First, we characterize the links in the GENI network. Even though GENI has been used in many research and education projects, there is no systematic study about what we can expect from the GENI testbeds from a performance perspective. The goal is to characterize the links of the GENI networks and provide guidance for GENI experiments. Second, we propose a peer to peer approach to file distribution for cloud computing. We develop a mechanism that uses multiple delivery trees as the distribution structure, which takes into consideration the measured performance information in the GENI network. Files are divided into chunks to improve parallelism among different delivery trees. With a strict scheduling mechanism for each chunk, we can reduce the overall time for getting the file to all relevant nodes. We evaluate the proposed mechanism and show that our mechanism can significantly reduce the overall delivery time

Une approche générique pour l'automatisation des expériences sur les réseaux informatiques

This thesis proposes a generic approach to automate network experiments for scenarios involving any networking technology on any type of network evaluation platform. The proposed approach is based on abstracting the experiment life cycle of the evaluation platforms into generic steps from which a generic experiment model and experimentation primitives are derived. A generic experimentation architecture is proposed, composed of an experiment model, a programmable experiment interface and an orchestration algorithm that can be adapted to network simulators, emulators and testbeds alike. The feasibility of the approach is demonstrated through the implementation of a framework capable of automating experiments using any combination of these platforms. Three main aspects of the framework are evaluated: its extensibility to support any type of platform, its efficiency to orchestrate experiments and its flexibility to support diverse use cases including education, platform management and experimentation with multiple platforms. The results show that the proposed approach can be used to efficiently automate experimentation on diverse platforms for a wide range of scenarios.Cette thèse propose une approche générique pour automatiser des expériences sur des réseaux quelle que soit la technologie utilisée ou le type de plate-forme d'évaluation. L'approche proposée est basée sur l'abstraction du cycle de vie de l'expérience en étapes génériques à partir desquelles un modèle d'expérience et des primitives d'expérimentation sont dérivés. Une architecture générique d'expérimentation est proposée, composée d'un modèle d'expérience générique, d'une interface pour programmer des expériences et d'un algorithme d'orchestration qui peux être adapté aux simulateurs, émulateurs et bancs d'essai de réseaux. La faisabilité de cette approche est démontrée par la mise en œuvre d'un framework capable d'automatiser des expériences sur toute combinaison de ces plateformes. Trois aspects principaux du framework sont évalués : son extensibilité pour s'adapter à tout type de plate-forme, son efficacité pour orchestrer des expériences et sa flexibilité pour permettre des cas d'utilisation divers, y compris l'enseignement, la gestion des plate-formes et l'expérimentation avec des plates-formes multiples. Les résultats montrent que l'approche proposée peut être utilisée pour automatiser efficacement l'expérimentation sur les plates-formes d'évaluation hétérogènes et pour un éventail de scénarios variés

Latency-bandwidth tradeoffs in Internet applications

Wide-area Internet links are slow, expensive, and unreliable. This affects applications in two distinct ways. Back-end data processing applications, which need to transfer large amounts of data between data centers across the world, are primarily constrained by the limited capacity of Internet links. Front-end user facing applications, on the other hand, are primarily latency-sensitive, and are bottlenecked by the high, unpredictably variable delays in the wide-area network. Our work exploits this asymmetry in applications' requirements by developing techniques that trade off one of bandwidth and latency to improve the other. We first consider the problem of supporting analytics over the large volumes of geographically dispersed data produced by global-scale organizations. Current solutions for analyzing this data as a whole operate by copying it to a single central data center, an approach that incurs substantial data transfer costs. We instead propose an alternative geo-distributed approach, orchestrating distributed execution across data centers. Our system, Geode, incorporates two key optimizations --- a low-level syntactic network redundancy elimination mechanism, and a high-level semantically aware workload optimization process --- both of which operate by trading off increased processing overhead (and computation latency) within data centers for a reduction in cross-data center bandwidth usage. In experiments we find that Geode achieves an up to 360x cost reduction compared to the current centralized baseline on a range of workloads, both real and synthetic. Next, we evaluate a simple, general purpose technique for trading off bandwidth for reduced latency: initiate redundant copies of latency sensitive operations and take the first copy to complete. While redundancy has been explored in some past systems, its use is typically avoided because of a fear of the overhead that it adds. We study the latency-bandwidth tradeoff due to redundancy and (i) show via empirical evaluation that its use is indeed a net positive in a number of important applications, and (ii) provide a theoretical characterization of its effect, identifying when it should and should not be used and how systems can tune their use of redundancy to maximum effect. Our results suggest that redundancy should be used much more widely than it currently is

Optimizing Computations and Allocations on High Performance and Cloud Computing Systems

Over the last decade, many research and development projects have focused on Cloud Computing systems. After forming around the early research papers and the first commercial cloud offerings in 2006-2008, the field has seen a tremendous progress and has provided the primary infrastructure and technology for applications at small, medium, and large scales. Cloud Computing systems have provided diverse on-demand resources to individual researchers and developers, groups and entire institutions, as well as commercial companies and government organizations. Clouds have also found their niche in scientific computing applications, offering attractive alternatives to High Performance Computing models and systems. While cloud economics and technologies have significantly matured recently, there is much active research revolving around topics such as optimality, usability, manageability, and reproducibility in the latest studies. This dissertation presents our findings and relevant developments at the intersection of Cloud Computing and such “flavors” of computing as High Performance Computing and High Throughput Computing. We primarily focus on optimality issues in this area and propose solutions that address the needs of individual researchers and research groups with limited computational and financial resources

Optimizing Computations and Allocations on High Performance and Cloud Computing Systems

Over the last decade, many research and development projects have focused on Cloud Computing systems. After forming around the early research papers and the first commercial cloud offerings in 2006-2008, the field has seen a tremendous progress and has provided the primary infrastructure and technology for applications at small, medium, and large scales. Cloud Computing systems have provided diverse on-demand resources to individual researchers and developers, groups and entire institutions, as well as commercial companies and government organizations. Clouds have also found their niche in scientific computing applications, offering attractive alternatives to High Performance Computing models and systems. While cloud economics and technologies have significantly matured recently, there is much active research revolving around topics such as optimality, usability, manageability, and reproducibility in the latest studies. This dissertation presents our findings and relevant developments at the intersection of Cloud Computing and such “flavors” of computing as High Performance Computing and High Throughput Computing. We primarily focus on optimality issues in this area and propose solutions that address the needs of individual researchers and research groups with limited computational and financial resources

Doctor of Philosophy

dissertationNetwork emulation has become an indispensable tool for the conduct of research in networking and distributed systems. It offers more realism than simulation and more control and repeatability than experimentation on a live network. However, emulation testbeds face a number of challenges, most prominently realism and scale. Because emulation allows the creation of arbitrary networks exhibiting a wide range of conditions, there is no guarantee that emulated topologies reflect real networks; the burden of selecting parameters to create a realistic environment is on the experimenter. While there are a number of techniques for measuring the end-to-end properties of real networks, directly importing such properties into an emulation has been a challenge. Similarly, while there exist numerous models for creating realistic network topologies, the lack of addresses on these generated topologies has been a barrier to using them in emulators. Once an experimenter obtains a suitable topology, that topology must be mapped onto the physical resources of the testbed so that it can be instantiated. A number of restrictions make this an interesting problem: testbeds typically have heterogeneous hardware, scarce resources which must be conserved, and bottlenecks that must not be overused. User requests for particular types of nodes or links must also be met. In light of these constraints, the network testbed mapping problem is NP-hard. Though the complexity of the problem increases rapidly with the size of the experimenter's topology and the size of the physical network, the runtime of the mapper must not; long mapping times can hinder the usability of the testbed. This dissertation makes three contributions towards improving realism and scale in emulation testbeds. First, it meets the need for realistic network conditions by creating Flexlab, a hybrid environment that couples an emulation testbed with a live-network testbed, inheriting strengths from each. Second, it attends to the need for realistic topologies by presenting a set of algorithms for automatically annotating generated topologies with realistic IP addresses. Third, it presents a mapper, assign, that is capable of assigning experimenters' requested topologies to testbeds' physical resources in a manner that scales well enough to handle large environments