VIVoNet: Visually-represented, Intent-based, Voice-assisted Networking

Networks have become considerably large, complex and dynamic. The configuration, operation, monitoring, and troubleshooting of networks is a cumbersome and time-consuming task for the network administrators as they must deal with the physical layer, underlying protocols, addressing systems, control rules, and many other low-level details. This research paper proposes an Intent-based networking system (IBNS) coupled with voice-assistance that can abstract the underlying network infrastructure and allow administrators to alter its behavior by expressing intents via voice commands. The system also displays the real-time network topology along with the highlighted intents on an interactive web application that can be used for network diagnostics. Compared to traditional networks, the concepts of software-defined networking (SDN) make it easier to integrate a voice assistant that allows configuring the network based on intents

Flow-Based Network Management: A Report from the IRTF NMRG Workshop

This is the report on the Workshop on Flow-Based Network Management, held within the 37th IRTF NMRG meeting, during IETF 93, on 24th July 2015, in Prague, Czech Republic. Following the tradition of the IRTF NMRG, the workshop focused on technologies, developments, and challenges of using flow-level traffic measurements for network management

MiniCPS: A toolkit for security research on CPS Networks

In recent years, tremendous effort has been spent to modernizing communication infrastructure in Cyber-Physical Systems (CPS) such as Industrial Control Systems (ICS) and related Supervisory Control and Data Acquisition (SCADA) systems. While a great amount of research has been conducted on network security of office and home networks, recently the security of CPS and related systems has gained a lot of attention. Unfortunately, real-world CPS are often not open to security researchers, and as a result very few reference systems and topologies are available. In this work, we present MiniCPS, a CPS simulation toolbox intended to alleviate this problem. The goal of MiniCPS is to create an extensible, reproducible research environment targeted to communications and physical-layer interactions in CPS. MiniCPS builds on Mininet to provide lightweight real-time network emulation, and extends Mininet with tools to simulate typical CPS components such as programmable logic controllers, which use industrial protocols (Ethernet/IP, Modbus/TCP). In addition, MiniCPS defines a simple API to enable physical-layer interaction simulation. In this work, we demonstrate applications of MiniCPS in two example scenarios, and show how MiniCPS can be used to develop attacks and defenses that are directly applicable to real systems.Comment: 8 pages, 6 figures, 1 code listin

A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

Graph Modeling for OpenFlow Switch Monitoring

Network monitoring allows network administrators to facilitate network activities and to resolve issues in a timely fashion. Monitoring techniques in software-defined networks are either (i) active, where probing packets are sent periodically, or (ii) passive, where traffic statistics are collected from the network forwarding elements. The centralized nature of software-defined networking implies the implementation of monitoring techniques imposes additional overhead on the network controller. We propose Graph Modeling for OpenFlow Switch Monitoring (GMSM), which is a lightweight monitoring technique. GMSM constructs a flow-graph overview using two types of asynchronous OpenFlow messages: packet-in and flow-removed, which improve monitoring and decision making. It classifies new flows based on the class of service. Experimental findings suggest that using GMSM leads to a decrease in network overhead resulting from the communication between the controller and the switches, with a reduction of 5.7% and 6.7% compared to state-of-the-art approaches. GMSM reduces the controller’s CPU utilization by more than 2% compared to other monitoring methods. Overhead reduction comes with a slight reduction of approximately 0.17 units in the estimation accuracy of links utilization because GMSM allows the user to monitor the network subject to a selected class of service, as opposed to having an exact view of the network utilization

WiBACK: A back-haul network architecture for 5G networks

Recently both academic and industry worlds has started to define the successor of Long Term Evolution (LTE), so-called 5G networks, which will most likely appear by the end of the decade. It is widely accepted that those 5G networks will have to deal with significantly more challenging requirements in terms of provided bandwidth, latency and supported services. This will lead to not only modifications in access and parts of core networks, but will trigger changes throughout the whole network, including the Back-haul segment. In this work we present our vision of a 5G Back-haul network and identify the associated challenges. We then describe our Wireless Backhaul (WiBACK) architecture, which implements Software Defined Network (SDN) concepts and further extends them into the wireless domain. Finally we present a brief overview of our pilot installations before we conclude.This work has been supported by the BATS research project which is funded by the European Union Seventh Framework Programme under contract n317533

Improving Pan-African research and education networks through traffic engineering: A LISP/SDN approach

The UbuntuNet Alliance, a consortium of National Research and Education Networks (NRENs) runs an exclusive data network for education and research in east and southern Africa. Despite a high degree of route redundancy in the Alliance's topology, a large portion of Internet traffic between the NRENs is circuitously routed through Europe. This thesis proposes a performance-based strategy for dynamic ranking of inter-NREN paths to reduce latencies. The thesis makes two contributions: firstly, mapping Africa's inter-NREN topology and quantifying the extent and impact of circuitous routing; and, secondly, a dynamic traffic engineering scheme based on Software Defined Networking (SDN), Locator/Identifier Separation Protocol (LISP) and Reinforcement Learning. To quantify the extent and impact of circuitous routing among Africa's NRENs, active topology discovery was conducted. Traceroute results showed that up to 75% of traffic from African sources to African NRENs went through inter-continental routes and experienced much higher latencies than that of traffic routed within Africa. An efficient mechanism for topology discovery was implemented by incorporating prior knowledge of overlapping paths to minimize redundancy during measurements. Evaluation of the network probing mechanism showed a 47% reduction in packets required to complete measurements. An interactive geospatial topology visualization tool was designed to evaluate how NREN stakeholders could identify routes between NRENs. Usability evaluation showed that users were able to identify routes with an accuracy level of 68%. NRENs are faced with at least three problems to optimize traffic engineering, namely: how to discover alternate end-to-end paths; how to measure and monitor performance of different paths; and how to reconfigure alternate end-to-end paths. This work designed and evaluated a traffic engineering mechanism for dynamic discovery and configuration of alternate inter-NREN paths using SDN, LISP and Reinforcement Learning. A LISP/SDN based traffic engineering mechanism was designed to enable NRENs to dynamically rank alternate gateways. Emulation-based evaluation of the mechanism showed that dynamic path ranking was able to achieve 20% lower latencies compared to the default static path selection. SDN and Reinforcement Learning were used to enable dynamic packet forwarding in a multipath environment, through hop-by-hop ranking of alternate links based on latency and available bandwidth. The solution achieved minimum latencies with significant increases in aggregate throughput compared to static single path packet forwarding. Overall, this thesis provides evidence that integration of LISP, SDN and Reinforcement Learning, as well as ranking and dynamic configuration of paths could help Africa's NRENs to minimise latencies and to achieve better throughputs

Policy Conflict Management in Distributed SDN Environments

abstract: The ease of programmability in Software-Defined Networking (SDN) makes it a great platform for implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers. In this dissertation, a formalism for flow rule conflicts in SDN environments is introduced. This formalism is realized in Brew, a security policy analysis framework implemented on an OpenDaylight SDN controller. Brew has comprehensive conflict detection and resolution modules to ensure that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free security policy implementation and preventing information leakage. Techniques for global prioritization of flow rules in a decentralized environment are presented, using which all SDN flow rule conflicts are recognized and classified. Strategies for unassisted resolution of these conflicts are also detailed. Alternately, if administrator input is desired to resolve conflicts, a novel visualization scheme is implemented to help the administrators view the conflicts in an aesthetic manner. The correctness, feasibility and scalability of the Brew proof-of-concept prototype is demonstrated. Flow rule conflict avoidance using a buddy address space management technique is studied as an alternate to conflict detection and resolution in highly dynamic cloud systems attempting to implement an SDN-based Moving Target Defense (MTD) countermeasures.Dissertation/ThesisDoctoral Dissertation Computer Science 201