37 research outputs found

    Exploring Path Computation Techniques in Software-Defined Networking: A Review and Performance Evaluation of Centralized, Distributed, and Hybrid Approaches

    Get PDF
    Software-Defined Networking (SDN) is a networking paradigm that allows network administrators to dynamically manage network traffic flows and optimize network performance. One of the key benefits of SDN is the ability to compute and direct traffic along efficient paths through the network. In recent years, researchers have proposed various SDN-based path computation techniques to improve network performance and reduce congestion. This review paper provides a comprehensive overview of SDN-based path computation techniques, including both centralized and distributed approaches. We discuss the advantages and limitations of each approach and provide a critical analysis of the existing literature. In particular, we focus on recent advances in SDN-based path computation techniques, including Dynamic Shortest Path (DSP), Distributed Flow-Aware Path Computation (DFAPC), and Hybrid Path Computation (HPC). We evaluate three SDN-based path computation algorithms: centralized, distributed, and hybrid, focusing on optimal path determination for network nodes. Test scenarios with random graph simulations are used to compare their performance. The centralized algorithm employs global network knowledge, the distributed algorithm relies on local information, and the hybrid approach combines both. Experimental results demonstrate the hybrid algorithm's superiority in minimizing path costs, striking a balance between optimization and efficiency. The centralized algorithm ranks second, while the distributed algorithm incurs higher costs due to limited local knowledge. This research offers insights into efficient path computation and informs future SDN advancements. We also discuss the challenges associated with implementing SDN-based path computation techniques, including scalability, security, and interoperability. Furthermore, we highlight the potential applications of SDN-based path computation techniques in various domains, including data center networks, wireless networks, and the Internet of Things (IoT). Finally, we conclude that SDN-based path computation techniques have the potential to significantly improvement in-order to improve network performance and reduce congestion. However, further research is needed to evaluate the effectiveness of these techniques under different network conditions and traffic patterns. With the rapid growth of SDN technology, we expect to see continued development and refinement of SDN-based path computation techniques in the future

    Scalable ReliableControllerPlacementinSoftwareDefinedNetworking

    Get PDF
    Software Defined Networking (SDN) is a new networking paradigm that facilitates a centralized system of computer networks by decoupling the control and data plane from each other, where a controller maintains the management of a global view of the network. SDN architectures can provide programmatic interfaces in communication networks that significantly simplify network management. Hence, the controllability and manageability of a network can be improved. On the one hand, the placement of controllers can significantly impact network performance in terms of controller responsiveness. On the other hand, SDN offers the ability to have controllers distributed over the network to solve the single point of failure problem at the control plane, increasing scalability and flexibility. However, there are some inevitable problems for such networks, especially for controller-related problems. For instance, scalability, reliability, and controller availability are some of the hottest aspects of SDN. More precisely, failure of the controllers themselves may lead to the impact of these aspects and the collapse of the network performance. Despite the issues mentioned above, the controller placement challenges must be appropriately addressed to take advantage of the SDN. The connections between the controller (control plane) and the switches (data plane) in SDN are established by either an in-band or an out-of-band control mechanism. New challenges still arise regardin the connection availability and provide more protection for the connection between the data and control planes. A disconnection between the two planes could result in performance degradation. Although the SDN offers the advantage of an environment of multiple distributed controllers, yet the intercommunication factor between these controllers is still a key challenge. This thesis investigates the issues mentioned above and organizes them into four stages. First, dealing with the controller placement problem as the most crucial concern in SDN, via exploiting the independent dominating set approach to ensure a distribution of controllers with lowest response times. We propose a new node degree-based algorithm named High Degree with Independent Dominating Set (HDIDS) for the controller placement problem in the SDN networks. HDIDS is composed of two phases to deal with controller placement: (1) determining candidate controller instances by selecting those nodes with the highest degree; and (2) partitioning the network into multiple domains, one controller per domain. To further improve network performance, reliability, and survivability, one solution is to deploy backup controllers to satisfy the quality of service requirements. In this regard, as a second step, we enhance the controller placement approach by designing a reliable and survivable controller placement strategy. This strategy relies on the efficient deployment of backup controllers by constructing virtual backup domains set(s) to ensure the durability and resilience of network control management. The approach design is called a Survivable Backup Controller Placement approach. Furthermore, to achieve reliable control traffic between data and control planes in an in-band control network, as a third stage, we design and implement an In-band Control Protection Module that finds a set of ideal paths for the control channel under the failure conditions. The proposed protection mechanism protects as much control traffic as possible. Finally, we present a practical approach for the controller placement problem in software defined networks aiming to minimize the inter-controller communication delay time and the delay time between controller and switches. The principal concept employed in this approach is the Connected Dominating Set. Further, we present an algorithm using the Minimum Connected Dominating Set, which minimizes the delay time between the distributed SDN controllers

    Enhancing SDN WISE with Slicing Over TSCH

    Full text link
    [EN] IWSNs (Industrial Wireless Sensor Networks) have become the next step in the evolution of WSN (Wireless Sensor Networks) due to the nature and demands of modern industry. With this type of network, flexible and scalable architectures can be created that simultaneously support traffic sources with different characteristics. Due to the great diversity of application scenarios, there is a need to implement additional capabilities that can guarantee an adequate level of reliability and that can adapt to the dynamic behavior of the applications in use. The use of SDNs (Software Defined Networks) extends the possibilities of control over the network and enables its deployment at an industrial level. The signaling traffic exchanged between nodes and controller is heavy and must occupy the same channel as the data traffic. This difficulty can be overcome with the segmentation of the traffic into flows, and correct scheduling at the MAC (Medium Access Control) level, known as slices. This article proposes the integration in the SDN controller of a traffic manager, a routing process in charge of assigning different routes according to the different flows, as well as the introduction of the Time Slotted Channel Hopping (TSCH) Scheduler. In addition, the TSCH (Time Slotted Channel Hopping) is incorporated in the SDN-WISE framework (Software Defined Networking solution for Wireless Sensor Networks), and this protocol has been modified to send the TSCH schedule. These elements are jointly responsible for scheduling and segmenting the traffic that will be sent to the nodes through a single packet from the controller and its performance has been evaluated through simulation and a testbed. The results obtained show how flexibility, adaptability, and determinism increase thanks to the joint use of the routing process and the TSCH Scheduler, which makes it possible to create a slicing by flows, which have different quality of service requirements. This in turn helps guarantee their QoS characteristics, increase the PDR (Packet Delivery Ratio) for the flow with the highest priority, maintain the DMR (Deadline Miss Ratio), and increase the network lifetime.This work has been supported by the MCyU (Spanish Ministry of Science and Universities) under the project ATLAS (PGC2018-094151-B-I00), which is partially funded by AEI, FEDER and EU and has been possible thanks to the collaboration of the Instituto Tecnologico de Informatica (ITI) of Valencia.Orozco-Santos, F.; Sempere Paya, VM.; Albero Albero, T.; Silvestre-Blanes, J. (2021). Enhancing SDN WISE with Slicing Over TSCH. Sensors. 21(4):1-29. https://doi.org/10.3390/s21041075S12921

    Towards Autonomous Defense of SDN Networks Using MuZero Based Intelligent Agents

    Get PDF
    The Software Defined Networking (SDN) paradigm enables the development of systems that centrally monitor and manage network traffic, providing support for the deployment of machine learning-based systems that automatically detect and mitigate network intrusions. This paper presents an intelligent system capable of deciding which countermeasures to take in order to mitigate an intrusion in a software defined network. The interaction between the intruder and the defender is posed as a Markov game and MuZero algorithm is used to train the model through self-play. Once trained, the model is integrated with an SDN controller, so that it is able to apply the countermeasures of the game in a real network. To measure the performance of the model, attackers and defenders with different training steps have been confronted and the scores obtained by each of them, the duration of the games and the ratio of games won have been collected. The results show that the defender is capable of deciding which measures minimize the impact of the intrusion, isolating the attacker and preventing it from compromising key machines in the network.This work was supported in part by the Spanish Centre for the Development of Industrial Technology (CDTI) through the Project EGIDA-RED DE EXCELENCIA EN TECNOLOGIAS DE SEGURIDAD Y PRIVACIDAD under Grant CER20191012, in part by the Spanish Ministry of Science and Innovation under Grant PID2019-104966GB-I00, in part by the Basque Business Development Agency (SPRI)-Basque Country Government ELKARTEK Program through the projects TRUSTIND under Grant KK-2020/00054 and 3KIA under Grant KK-2020/00049, and in part by the Basque Country Program of Grants for Research Groups under Grant IT-1244-19

    Hybrid SDN Evolution: A Comprehensive Survey of the State-of-the-Art

    Full text link
    Software-Defined Networking (SDN) is an evolutionary networking paradigm which has been adopted by large network and cloud providers, among which are Tech Giants. However, embracing a new and futuristic paradigm as an alternative to well-established and mature legacy networking paradigm requires a lot of time along with considerable financial resources and technical expertise. Consequently, many enterprises can not afford it. A compromise solution then is a hybrid networking environment (a.k.a. Hybrid SDN (hSDN)) in which SDN functionalities are leveraged while existing traditional network infrastructures are acknowledged. Recently, hSDN has been seen as a viable networking solution for a diverse range of businesses and organizations. Accordingly, the body of literature on hSDN research has improved remarkably. On this account, we present this paper as a comprehensive state-of-the-art survey which expands upon hSDN from many different perspectives

    A Cognitive Routing framework for Self-Organised Knowledge Defined Networks

    Get PDF
    This study investigates the applicability of machine learning methods to the routing protocols for achieving rapid convergence in self-organized knowledge-defined networks. The research explores the constituents of the Self-Organized Networking (SON) paradigm for 5G and beyond, aiming to design a routing protocol that complies with the SON requirements. Further, it also exploits a contemporary discipline called Knowledge-Defined Networking (KDN) to extend the routing capability by calculating the “Most Reliable” path than the shortest one. The research identifies the potential key areas and possible techniques to meet the objectives by surveying the state-of-the-art of the relevant fields, such as QoS aware routing, Hybrid SDN architectures, intelligent routing models, and service migration techniques. The design phase focuses primarily on the mathematical modelling of the routing problem and approaches the solution by optimizing at the structural level. The work contributes Stochastic Temporal Edge Normalization (STEN) technique which fuses link and node utilization for cost calculation; MRoute, a hybrid routing algorithm for SDN that leverages STEN to provide constant-time convergence; Most Reliable Route First (MRRF) that uses a Recurrent Neural Network (RNN) to approximate route-reliability as the metric of MRRF. Additionally, the research outcomes include a cross-platform SDN Integration framework (SDN-SIM) and a secure migration technique for containerized services in a Multi-access Edge Computing environment using Distributed Ledger Technology. The research work now eyes the development of 6G standards and its compliance with Industry-5.0 for enhancing the abilities of the present outcomes in the light of Deep Reinforcement Learning and Quantum Computing

    A framework for Traffic Engineering in software-defined networks with advance reservation capabilities

    Get PDF
    298 p.En esta tesis doctoral se presenta una arquitectura software para facilitar la introducción de técnicas de ingeniería de tráfico en redes definidas por software. La arquitectura ha sido diseñada de forma modular, de manera que soporte múltiples casos de uso, incluyendo su aplicación en redes académicas. Cabe destacar que las redes académicas se caracterizan por proporcionar servicios de alta disponibilidad, por lo que la utilización de técnicas de ingeniería de tráfico es de vital importancia a fin de garantizar la prestación del servicio en los términos acordados. Uno de los servicios típicamente prestados por las redes académicas es el establecimiento de circuitos extremo a extremo con una duración determinada en la que una serie de recursos de red estén garantizados, conocido como ancho de banda bajo demanda, el cual constituye uno de los casos de uso en ingeniería de tráfico más desafiantes. Como consecuencia, y dado que esta tesis doctoral ha sido co-financiada por la red académica GÉANT, la arquitectura incluye soporte para servicios de reserva avanzada. La solución consiste en una gestión de los recursos de red en función del tiempo, la cual mediante el empleo de estructuras de datos y algoritmos específicamente diseñados persigue la mejora de la utilización de los recursos de red a la hora de prestar este tipo de servicios. La solución ha sido validada teniendo en cuenta los requisitos funcionales y de rendimiento planteados por la red GÉANT. Así mismo, cabe destacar que la solución será utilizada en el despliegue piloto del nuevo servicio de ancho de banda bajo demanda de la red GÉANT a finales del 2017

    Intrusion Detection System against Denial of Service attack in Software-Defined Networking

    Get PDF
    Das exponentielle Wachstum der Online-Dienste und des über die Kommunikationsnetze übertragenen Datenvolumens macht es erforderlich, die Struktur traditioneller Netzwerke durch ein neues Paradigma zu ersetzen, das sich den aktuellen Anforderungen anpasst. Software-Defined Networking (SDN) ist hierfür eine fortschrittliche Netzwerkarchitektur, die darauf abzielt, das traditionelle Netzwerk in ein flexibleres Netzwerk umzuwandeln, das sich an die wachsenden Anforderungen anpasst. Im Gegensatz zum traditionellen Netzwerk ermöglicht SDN die Entkopplung von Steuer- und Datenebene, um Netzwerkressourcen effizient zu überwachen, zu konfigurieren und zu optimieren. Es verfügt über einen zentralisierten Controller mit einer globalen Netzwerksicht, der seine Ressourcen über programmierbare Schnittstellen verwaltet. Die zentrale Steuerung bringt jedoch neue Sicherheitsschwachstellen mit sich und fungiert als Single Point of Failure, den ein böswilliger Benutzer ausnutzen kann, um die normale Netzwerkfunktionalität zu stören. So startet der Angreifer einen massiven Datenverkehr, der als Distributed-Denial-of-Service Angriff (DDoSAngriff) von der SDN-Infrastrukturebene in Richtung des Controllers bekannt ist. Dieser DDoS-Angriff führt zu einer Sättigung der Steuerkanal-Bandbreite und belegt die Ressourcen des Controllers. Darüber hinaus erbt die SDN-Architektur einige Angriffsarten aus den traditionellen Netzwerken. Der Angreifer fälscht beispielweise die Pakete, um gutartig zu erscheinen, und zielt dann auf die traditionellen DDoS-Ziele wie Hosts, Server, Anwendungen und Router ab. In dieser Arbeit wird das Verhalten von böswilligen Benutzern untersucht. Anschließend wird ein Intrusion Detection System (IDS) zum Schutz der SDN-Umgebung vor DDoS-Angriffen vorgestellt. Das IDS berücksichtigt dabei drei Ansätze, um ausreichendes Feedback über den laufenden Verkehr durch die SDN-Architektur zu erhalten: die Informationen von einem externen Gerät, den OpenFlow-Kanal und die Flow-Tabelle. Daher besteht das vorgeschlagene IDS aus drei Komponenten. Das Inspector Device verhindert, dass böswillige Benutzer einen Sättigungsangriff auf den SDN-Controller starten. Die Komponente Convolutional Neural Network (CNN) verwendet eindimensionale neuronale Faltungsnetzwerke (1D-CNN), um den Verkehr des Controllers über den OpenFlow-Kanal zu analysieren. Die Komponente Deep Learning Algorithm(DLA) verwendet Recurrent Neural Networks (RNN), um die vererbten DDoS-Angriffe zu erkennen. Sie unterstützt auch die Unterscheidung zwischen bösartigen und gutartigen Benutzern als neue Gegenmaßnahme. Am Ende dieser Arbeit werden alle vorgeschlagenen Komponenten mit dem Netzwerkemulator Mininet und der Programmiersprache Python modelliert, um ihre Machbarkeit zu testen. Die Simulationsergebnisse zeigen hierbei, dass das vorgeschlagene IDS im Vergleich zu mehreren Benchmarking- und State-of-the-Art-Vorschlägen überdurchschnittliche Leistungen erbringt.The exponential growth of online services and the data volume transferred over the communication networks raises the need to change the structure of traditional networks to a new paradigm that adapts to the development’s demands. Software- Defined Networking (SDN) is an advanced network architecture aiming to evolve and transform the traditional network into a more flexible network that responds to the new requirements. In contrast to the traditional network, SDN allows decoupling of the control and data planes functionalities to monitor, configure, and optimize network resources efficiently. It has a centralized controller with a global network view to manage its resources using programmable interfaces. The central control brings new security vulnerabilities and acts as a single point of failure, which the malicious user might exploit to disrupt the network functionality. Thus, the attacker launches massive traffic known as Distributed Denial of Service (DDoS) attack from the SDN infrastructure layer towards the controller. This DDoS attack leads to saturation of control channel bandwidth and destroys the controller resources. Furthermore, the SDN architecture inherits some attacks types from the traditional networks. Therefore, the attacker forges the packets to appear benign and then targets the traditional DDoS objectives such as hosts, servers, applications, routers. This work observes the behavior of malicious users. It then presents an Intrusion Detection System (IDS) to safeguard the SDN environment against DDoS attacks. The IDS considers three approaches to obtain sufficient feedback about the ongoing traffic through the SDN architecture: the information from an external device, the OpenFlow channel, and the flow table. Therefore, the proposed IDS consists of three components; Inspector Device prevents the malicious users from launching the saturation attack towards the SDN controller. Convolutional Neural Network (CNN) Component employs the One- Dimensional Convolutional Neural Networks (1D-CNN) to analyze the controller’s traffic through the OpenFlow Channel. The Deep Learning Algorithm (DLA) component employs Recurrent Neural Networks (RNN) to detect the inherited DDoS attacks. The IDS also supports distinguishing between malicious and benign users as a new countermeasure. At the end of this work, the network emulator Mininet and the programming language python model all the proposed components to test their feasibility. The simulation results demonstrate that the proposed IDS outperforms compared several benchmarking and state-of-the-art suggestions

    Towards a software defined network based multi-domain architecture for the internet of things

    Get PDF
    The current communication networks are heterogeneous, with a diversity of devices and services that challenge traditional networks, making it difficult to meet quality of service (QoS) requirements. With the advent of software-defined networks (SDN), new tools have emerged to design more flexible networks. SDN offers centralized management for data streams in distributed sensor networks. Thus, the main goal of this dissertation is to investigate a solution that meets the QoS requirements of traffic originating on Internet of Things (IoT) devices. This traffic is transmitted to the Internet in a distributed system with multiple SDN controllers. To achieve the goal, we designed a multi-controller network topology, each managed by its controller. Communication between the domains is done via an SDN traffic domain with the Open Network Operating System (ONOS) controller SDN-IP application. We also emulated a network to test QoS through OpenvSwitch queues. The goal is to create traffic priorities in a network with traditional and simulated IoT devices. According to our tests, we have been able to ensure the SDN inter-domain communication and have proven that our proposal is reactive to a topology failure. In the QoS scenario we have shown that through the insertion of OpenFlow rules, we are able to prioritize traffic and provide guarantees of quality of service. This proves that our proposal is promising for use in scenarios with multiple administrative domains.As redes atuais de comunicação são heterogéneas, com uma diversidade de dispositivos e serviços, que desafiam as redes tradicionais, dificultando a satisfação dos requisitos de qualidade de serviço (QoS). Com o advento das Redes Definidas por Software (SDN), novas ferramentas surgiram para projetar redes mais flexíveis. O SDN oferece uma gestão centralizada para os fluxos de dados em redes distribuídas de sensores. Assim, o principal objetivo desta dissertação é de investigar uma solução que cumpra os requisitos de QoS do tráfego originado em dispositivos de Internet das coisas (IoT). Este tráfego é transmitido para a Internet, num sistema distribuído com múltiplos controladores SDN. Para atingir o objetivo, projetamos uma topologia de rede com múltiplos domínios, cada um gerido pelo seu controlador. A comunicação entre os domínios, é feita através dum domínio de trânsito SDN com a aplicação SDN-IP do controlador Sistema Operativo de Rede Aberta (ONOS). Emulamos também uma rede para testar a QoS através de filas de espera do OpenvSwitch. O objetivo é criar prioridades de tráfego numa rede com dispositivos tradicionais e de IoT simulados. De acordo com os testes realizados, conseguimos garantir a comunicação entre domínios SDN e comprovamos que a nossa proposta é reativa a uma falha na topologia. No cenário do QoS demostramos que, através da inserção de regras OpenFlow, conseguimos priorizar o tráfego e oferecer garantias de qualidade de serviço. Desta forma comprovamos que a nossa proposta é promissora para ser utilizada em cenários com múltiplos domínios administrativos

    Utilizing Advanced Network Context to Optimize Software-Defined Networks

    Get PDF
    Legacy network systems and protocols are mostly static and keep state information in silo-style storage, thus making state migration, transformation and re-use difficult. Software-Defined Network (SDN) approaches in unison with Network Function Virtualization (NFV) allow for more flexibility, yet they are currently restricted to a limited set of state migration options. Additionally, existing systems and protocols are mostly tailored to meet the requirements of specific application scenarios. As a result, the protocols cannot easily be adapted to novel application demands, organically growing networks, etc. Impeding the sharing of networking and system state, along with lacking support for dynamic transitions between systems and protocols, severely limits the ability to optimally manage resources and dynamically adapt to a desirable overall configuration. These limitations not only affect the network performance but also hinder the deployment of new and innovative protocols as a hard break is usually not feasible and thus full support for legacy systems is required. On the one hand, we propose a generalized way to collect, store, transform, and share context between systems and protocols in both the legacy Internet as well as NFV/SDN-driven networks. This allows us to share state information between multiple systems and protocols from NFs over BGP routers to protocols on all layers of the network stack. On the other hand, we introduce an architecture for designing modular protocols that are built with transition in mind. We argue that the modular design of systems and protocols can remove the key limitations of today’s monolithic protocols and allow for a more dynamic network management. First, we design and implement a Storage and Transformation Engine for Advanced Net- working context (STEAN) which constitutes a shared context storage, making network state information available to other systems and protocols. Its pivotal feature is the ability to allow for state transformation as well as for persisting state to enable future re-use. Second, we provide a Blueprint for Switching Between Mechanisms that serves as a framework and guideline for developers to standardize and ease the process of designing and implementing systems and protocols that support transitions as a first order principle. By means of experimentation, we show that our architecture covers a diverse set of challenging use cases in legacy systems—such as Wireless Multihop Networks (WMNs)—as well as in NFV/SDN-enabled systems. In particular, we demonstrate the feasibility of our approach by migrating state information between two instances of the PRADS NF in a virtualized Mininet environment, and show that our solution outperforms state of the art frameworks that are specifically built for NF migration. We further demonstrate that a dynamic switch between WMN routing protocols is possible at runtime and that the state information can be reutilized for bootstrapping novel protocol modules, thus minimizing the control overhead
    corecore