Will 5G See its Blind Side? Evolving 5G for Universal Internet Access

Internet has shown itself to be a catalyst for economic growth and social equity but its potency is thwarted by the fact that the Internet is off limits for the vast majority of human beings. Mobile phones---the fastest growing technology in the world that now reaches around 80\% of humanity---can enable universal Internet access if it can resolve coverage problems that have historically plagued previous cellular architectures (2G, 3G, and 4G). These conventional architectures have not been able to sustain universal service provisioning since these architectures depend on having enough users per cell for their economic viability and thus are not well suited to rural areas (which are by definition sparsely populated). The new generation of mobile cellular technology (5G), currently in a formative phase and expected to be finalized around 2020, is aimed at orders of magnitude performance enhancement. 5G offers a clean slate to network designers and can be molded into an architecture also amenable to universal Internet provisioning. Keeping in mind the great social benefits of democratizing Internet and connectivity, we believe that the time is ripe for emphasizing universal Internet provisioning as an important goal on the 5G research agenda. In this paper, we investigate the opportunities and challenges in utilizing 5G for global access to the Internet for all (GAIA). We have also identified the major technical issues involved in a 5G-based GAIA solution and have set up a future research agenda by defining open research problems

Linux XIA: an interoperable meta network architecture to crowdsource the future Internet

With the growing number of proposed clean-slate redesigns of the Internet, the need for a medium that enables all stakeholders to participate in the realization, evaluation, and selection of these designs is increasing. We believe that the missing catalyst is a meta network architecture that welcomes most, if not all, clean-state designs on a level playing field, lowers deployment barriers, and leaves the final evaluation to the broader community. This paper presents Linux XIA, a native implementation of XIA [12] in the Linux kernel, as a candidate. We first describe Linux XIA in terms of its architectural realizations and algorithmic contributions. We then demonstrate how to port several distinct and unrelated network architectures onto Linux XIA. Finally, we provide a hybrid evaluation of Linux XIA at three levels of abstraction in terms of its ability to: evolve and foster interoperation of new architectures, embed disparate architectures inside the implementation’s framework, and maintain a comparable forwarding performance to that of the legacy TCP/IP implementation. Given this evaluation, we substantiate a previously unsupported claim of XIA: that it readily supports and enables network evolution, collaboration, and interoperability—traits we view as central to the success of any future Internet architecture.This research was supported by the National Science Foundation under awards CNS-1040800, CNS-1345307 and CNS-1347525

Multi-controller Based Software-Defined Networking: A Survey

Software-Defined Networking (SDN) is a novel network paradigm that enables flexible management for networks. As the network size increases, the single centralized controller cannot meet the increasing demand for flow processing. Thus, the promising solution for SDN with large-scale networks is the multi-controller. In this paper, we present a compressive survey for multi-controller research in SDN. First, we introduce the overview of multi-controller, including the origin of multi-controller and its challenges. Then, we classify multi-controller research into four aspects (scalability, consistency, reliability, load balancing) depending on the process of implementing the multi-controller. Finally, we propose some relevant research issues to deal with in the future and conclude the multi-controller research

Analyzing performance of openstate in software defined network with multiple failures scenarios

Software Defined Network (SDN) is an emerging network that decouples the control plane and data planes. Like other networks, SDN undergoes a recovery process upon occurrences of link or node failures. Openflow is considered as the popular standard used in SDN. In Openflow, the process of detecting the failure and communications with controller to recompute alternative path result to long recovery time. However, there is limit with regards time taken to recover from the failures. If it takes more than 50 msec, a lot of packet will be lost, and communication overhead and Round Trip Time (RTT) between switch – controller may be high. Openstate is an Openflow extension that allows a programmer to specify how forwarding rules should be adapted in a stateful fashion. Openstate has been tested only on single failure. This research conduct experiment based on Openstate pipeline design that provides detections mechanism based on switches periodic link probing and fast reroute of traffic flow even when controller is not reachable. In this research, the experiments use Mininet simulation software to analyse and evaluate the performance of Openstate with multiple failure scenarios. The research has compared Overhead communication, Round Trip Time (RTT) between switch – controller and number of packet loss with Openflow and Openstate. On the average, in Openstate packet loss is zero when the recovery time is less than or equal to 70 msec while communication overhead involves 60 packet-in. In Openflow, packet loss is zero when the recovery time is less than or equal to 85 msec while communication overhead involves 100 packet-in. Finally, the average RTTs for Openstate and Openflow are 65 msec and 90 msec respectively. Based on the results obtained, it can be concluded that Openstate has better performance compare to Openflow

A Simple Solution to Scale-Free Internet Host Mobility

We introduce a simple solution for the support of host mobility in the Internet called DIME (Dynamic Internet Mobility for End-Systems). DIME is based on dynamic address translation between the transport and network layers of end hosts, combined with a new out-of-band protocol that updates host-address bindings between communicating hosts opportunistically. It does not require modifications to the end-host operating systems, end-user applications, existing communication protocols or hardware, or the domain name system and any host-identifier namespace. A number of experiments based on a Linux daemon implementation of DIME are used to show that DIME is deployable on a wide range of hardware, and that it outperforms existing mobility proposals such as MIPv6 and HIP across a wide range of performance metrics

Linux XIA: an interoperable meta network architecture

With the growing number of clean-slate redesigns of the Internet, the need for a medium that enables all stakeholders to participate in the realization, evaluation, and selection of these designs is increasing. We believe that the missing catalyst is a meta network architecture that welcomes most, if not all, clean-state designs on a level playing field, lowers deployment barriers, and leaves the final evaluation to the broader community. This thesis presents the eXpressive Internet (Meta) Architecture (XIA), itself a clean-slate design, as well as Linux XIA, a native implementation of XIA in the Linux kernel, as a candidate. As a meta network architecture, XIA is highly flexible, leaving stakeholders to choose an expressive set of network principals to instantiate a given network architecture within the XIA framework. Central to XIA is its novel, non-linear network addressing format, from which derive key architectural features such as evolvability, intrinsically secure identifiers, and a low degree of principal isolation. XIP, the network layer protocol of XIA, forwards packets by navigating these structured addresses and delegating the decision-making and packet processing to appropriate principals, accordingly. Taken together, these mechanisms work in tandem to support a broad spectrum of interoperable principals. We demonstrate how to port four distinct and unrelated network architectures onto Linux XIA, none of which were designed for interoperability with this platform. We then show that, notwithstanding this flexibility, Linux XIA's forwarding performance remains comparable to that of the more mature legacy TCP/IP stack implementation. Moreover, the ported architectures, namely IP, Serval, NDN, and ANTS, empower us to present a deployment plan for XIA, to explore design variations of the ported architectures that were impossible in their original form due to the requirement of self-sufficiency that a standalone network architecture bears, and to substantiate the claim that XIA readily supports and enables network evolution. Our work highlights the benefits of specializing network designs that XIA affords, and comprises instructive examples for the network researcher interested in design and implementation for future interoperability

Interconexión de centros de datos mediante técnicas SDN

En este trabajo final de grado se ha contribuido a la interconexión de centros de datos distribuidos geográficamente, integrando para ello nuevas funcionalidades en la arquitectura Application-Based Network Operations (ABNO) y configurando los componentes software necesarios. ABNO engloba distintas tecnologías que recogen la información sobre los recursos disponibles en la red con el objetivo de proporcionar rutas específicas para el tráfico. La solución que se presenta en este trabajo se basa en las redes definidas por software (Software-Defined Networking, SDN), como solución innovadora para mejorar la gestión y el control de las infraestructuras que pertenecen a múltiples dominios administrativos, pero trabajan en colaboración en una federación común mejorando la calidad del servicio ofrecido. La conectividad entre los diferentes dominios es posible gracias a los Túneles GRE. Cada centro de datos supone un dominio administrativo diferenciado, disponiendo cada uno de ellos del software de gestión en la nube OpenStack para la creación de las máquinas virtuales (VM) que posteriormente serán interconectadas. Además, cada centro de datos también contará con el controlador Ryu SDN que se encargará del control de la conectividad, siendo también independiente para cada uno de estos dominios. Con el objetivo de mantener una visión integral de todos los recursos de la red disponibles, y de proporcionar una conectividad extremo a extremo (E2E) requerida por los centros de datos, la arquitectura ABNO ha tenido que ser modificada para soportar estas nuevas funcionalidades, así como validada en un escenario con infraestructuras multidominio

Deep learning : enhancing the security of software-defined networks

Software-defined networking (SDN) is a communication paradigm that promotes network flexibility and programmability by separating the control plane from the data plane. SDN consolidates the logic of network devices into a single entity known as the controller. SDN raises significant security challenges related to its architecture and associated characteristics such as programmability and centralisation. Notably, security flaws pose a risk to controller integrity, confidentiality and availability. The SDN model introduces separation of the forwarding and control planes. It detaches the control logic from switching and routing devices, forming a central plane or network controller that facilitates communications between applications and devices. The architecture enhances network resilience, simplifies management procedures and supports network policy enforcement. However, it is vulnerable to new attack vectors that can target the controller. Current security solutions rely on traditional measures such as firewalls or intrusion detection systems (IDS). An IDS can use two different approaches: signature-based or anomaly-based detection. The signature-based approach is incapable of detecting zero-day attacks, while anomaly-based detection has high false-positive and false-negative alarm rates. Inaccuracies related to false-positive attacks may have significant consequences, specifically from threats that target the controller. Thus, improving the accuracy of the IDS will enhance controller security and, subsequently, SDN security. A centralised network entity that controls the entire network is a primary target for intruders. The controller is located at a central point between the applications and the data plane and has two interfaces for plane communications, known as northbound and southbound, respectively. Communications between the controller, the application and data planes are prone to various types of attacks, such as eavesdropping and tampering. The controller software is vulnerable to attacks such as buffer and stack overflow, which enable remote code execution that can result in attackers taking control of the entire network. Additionally, traditional network attacks are more destructive. This thesis introduces a threat detection approach aimed at improving the accuracy and efficiency of the IDS, which is essential for controller security. To evaluate the effectiveness of the proposed framework, an empirical study of SDN controller security was conducted to identify, formalise and quantify security concerns related to SDN architecture. The study explored the threats related to SDN architecture, specifically threats originating from the existence of the control plane. The framework comprises two stages, involving the use of deep learning (DL) algorithms and clustering algorithms, respectively. DL algorithms were used to reduce the dimensionality of inputs, which were forwarded to clustering algorithms in the second stage. Features were compressed to a single value, simplifying and improving the performance of the clustering algorithm. Rather than using the output of the neural network, the framework presented a unique technique for dimensionality reduction that used a single value—reconstruction error—for the entire input record. The use of a DL algorithm in the pre-training stage contributed to solving the problem of dimensionality related to k-means clustering. Using unsupervised algorithms facilitated the discovery of new attacks. Further, this study compares generative energy-based models (restricted Boltzmann machines) with non-probabilistic models (autoencoders). The study implements TensorFlow in four scenarios. Simulation results were statistically analysed using a confusion matrix, which was evaluated and compared with similar related works. The proposed framework, which was adapted from existing similar approaches, resulted in promising outcomes and may provide a robust prospect for deployment in modern threat detection systems in SDN. The framework was implemented using TensorFlow and was benchmarked to the KDD99 dataset. Simulation results showed that the use of the DL algorithm to reduce dimensionality significantly improved detection accuracy and reduced false-positive and false-negative alarm rates. Extensive simulation studies on benchmark tasks demonstrated that the proposed framework consistently outperforms all competing approaches. This improvement is a further step towards the development of a reliable IDS to enhance the security of SDN controllers