Tietoverkkojen valvonnan yhdenmukaistaminen

As the modern society is increasingly dependant on computer networks especially as the Internet of Things gaining popularity, a need to monitor computer networks along with associated devices increases. Additionally, the amount of cyber attacks is increasing and certain malware such as Mirai target especially network devices. In order to effectively monitor computer networks and devices, effective solutions are required for collecting and storing the information. This thesis designs and implements a novel network monitoring system. The presented system is capable of utilizing state-of-the-art network monitoring protocols and harmonizing the collected information using a common data model. This design allows effective queries and further processing on the collected information. The presented system is evaluated by comparing the system against the requirements imposed on the system, by assessing the amount of harmonized information using several protocols and by assessing the suitability of the chosen data model. Additionally, the protocol overheads of the used network monitoring protocols are evaluated. The presented system was found to fulfil the imposed requirements. Approximately 21% of the information provided by the chosen network monitoring protocols could be harmonized into the chosen data model format. The result is sufficient for effective querying and combining the information, as well as for processing the information further. The result can be improved by extending the data model and improving the information processing. Additionally, the chosen data model was shown to be suitable for the use case presented in this thesis.Yhteiskunnan ollessa jatkuvasti verkottuneempi erityisesti Esineiden Internetin kasvattaessa suosiotaan, tarve seurata sekä verkon että siihen liitettyjen laitteiden tilaa ja mahdollisia poikkeustilanteita kasvaa. Lisäksi tietoverkkohyökkäysten määrä on kasvamassa ja erinäiset haittaohjelmat kuten Mirai, ovat suunnattu erityisesti verkkolaitteita kohtaan. Jotta verkkoa ja sen laitteiden tilaa voidaan seurata, tarvitaan tehokkaita ratkaisuja tiedon keräämiseen sekä säilöntään. Tässä diplomityössä suunnitellaan ja toteutetaan verkonvalvontajärjestelmä, joka mahdollistaa moninaisten verkonvalvontaprotokollien hyödyntämisen tiedonkeräykseen. Lisäksi järjestelmä säilöö kerätyn tiedon käyttäen yhtenäistä tietomallia. Yhtenäisen tietomallin käyttö mahdollistaa tiedon tehokkaan jatkojalostamisen sekä haut tietosisältöihin. Diplomityössä esiteltävän järjestelmän ominaisuuksia arvioidaan tarkastelemalla, minkälaisia osuuksia eri verkonvalvontaprotokollien tarjoamasta informaatiosta voidaan yhdenmukaistaa tietomalliin, onko valittu tietomalli soveltuva verkonvalvontaan sekä varmistetaan esiteltävän järjestelmän täyttävän sille asetetut vaatimukset. Lisäksi työssä arvioidaan käytettävien verkonvalvontaprotokollien siirtämisen kiinteitä kustannuksia kuten otsakkeita. Työssä esitellyn järjestelmän todettiin täyttävän sille asetetut vaatimukset. Eri verkonvalvontaprotokollien tarjoamasta informaatiosta keskimäärin 21% voitiin harmonisoida tietomalliin. Saavutettu osuus on riittävä, jotta eri laitteista saatavaa informaatiota voidaan yhdistellä ja hakea tehokkaasti. Lukemaa voidaan jatkossa parantaa laajentamalla tietomallia sekä kehittämällä kerätyn informaation prosessointia. Lisäksi valittu tietomalli todettiin soveltuvaksi tämän diplomityön käyttötarkoitukseen

An IDE for NETCONF management applications

The development of network and system management software typically requires data models definition, the creation of specific applications respecting the data model, and yet the implementation of communication interfaces. Skilled professionals usually perform such tasks in a predefined sequence and using different development solutions, but any error or lacks in the data model frequently force to repeat several time-consuming tasks. In this paper we present an integrated development framework that simplifies the construction of NETCONF management applications, from data model specification to deployment and evaluation. The framework is available at http://atnog.av.it.pt/∼ptavares/ yangplugin

A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

Configuration of OpenWRT System Using NETCONF Protocol

Cílem práce je konfigurace platformy OpenWrt s využitím protokolu NETCONF. Na komunikaci pomocí protokolu NETCONF byly použity stávající nástroje ve formě knihovny libnetconf a sady nástrojů Netopeer. Implementační část se zabývá vývojem modulů na konfiguraci systému a síťových rozhraní.The aim of this thesis is OpenWrt platform configuration using the NETCONF protocol. Existing tools such as libnetconf library and Netopeer toolset were used for the communication using the NETCONF protocol. Implementation part deals with the development of modules for system and network interfaces configuration.

An ICT-oriented Management Solution for NGNs

NGN architecture reused several standards from the IP world, as exemplified by the Session Initiation Protocol SIP, which is ubiquitous in the majority of these network components. However, the NGN management architecture simply presented a very generic management model that follows TMN. Several management technologies are proposed, such as Web services, CORBA and SNMP, to implement management solutions. Network and systems management standardizing bodies currently promote newer technologies that aim to solve known shortcomings to these. This paper proposes a management solution for NGNs based on recent IP world technologies. The presented solution was implemented in the form of a middleware to manage NGN elements. This middleware was used in the management of an element belonging to the IP Multimedia Subsystem platform, namely the Policy and Charging Rules Function

Wieloplatformowy system zarządzania przełącznikiem Ethernetowym czasu rzeczwistego

Mestrado em Engenharia Electrónica e TelecomunicaçõesAo longo dos últimos anos, o agora onipresente protocolo Ethernet, embora não dotado de mecanismos eficazes de gestão de QoS, foi ganhando uma grande aceitação no campo das comunicações industriais. Esta crescente aceitação deveu-se, em grande parte, a novos protocolos, baseados em Ethernet (por exemplo, Profinet, Ethernet Industrial, etc), capazes de fornecer comunicações com garantias deterministas ou de tempo-real. O comutador Ethernet Hartes (Hard Real-Time Ethernet Switch), foi desenvolvido para disponibilizar uma infra-estrutura de comutação Ethernet capaz de fornecer garantias de pontualidade, de bom uso da largura de banda e para suportar, de modo eficiente, a flexibilidade operacional necessária em aplicações de tempo-real distribuídas, de sistemas embarcados dinâmicos. O desenvolvimento do comutador Hartes, foi baseado em trabalho anterior do paradigma de comunicação FTT (Flexible Time-Triggered), e teve por objetivo o projeto de um comutador Ethernet com melhor controlo de transmissão, escalonamento do tráfego e integração transparente de nodos não tempo-real. NetConf é uma tecnologia recente de gestão de redes que tem vindo progressivamente a substituir a tecnologia SNMP (Simple Network Management Protocol), o standard de facto há muito adoptado pela indústria. A maior diferença entre NetConf e o SNMP é que o NetConf adopta um mecanismo de comunicação baseado em XML-RPC, que, graças às ferramentas desenvolvidas no âmbito de outras tecnologias web, permite ciclos mais rápidos e mais simples de desenvolvimento e de gestão. O comutador Hartes não dispõe de uma plataforma de gestão com uma interface padronizada para os protocolos SNMP ou NetConf, de modo a permitir a sua gestão remota. Assim, o objetivo principal deste trabalho é o desenvolvimento de componentes-chave de apoio à gestão multiplataforma do comutador Ethernet Hartes, bem como a respectiva avaliação de desempenho dos componentes desenvolvidos.In recent years, the now ubiquitous Ethernet protocol that lacks effective QoS management functions, has gained momentum in the field of industrial communication, by means of novel, Ethernet-based protocols (e.g. Profinet, Industrial Ethernet, etc.), which are able to provide deterministic communications. HaRTES – Hard Real-Time Ethernet Switch, aimed to develop an Ethernet switching infrastructure, able to provide timeliness guarantees, efficient bandwidth usage and support for operational flexibility as required by dynamic real-time distributed embedded systems. The project was built upon previous work on the FTT (Flexible Time-Triggered) communication paradigm to develop Ethernet switches with enhanced transmission control, traffic scheduling, and transparent integration of non-real-time nodes. NetConf is a recent network management technology that is replacing the Simple Network Management Protocol (SNMP) – widely used and long adopted by industry standard. The biggest difference between NetConf and SNMP is that the former use a communication mechanism based on XML-RPC, which, thanks to the tools developed in the scope of other web technologies, allows a simpler and faster development and management cycle. The HaRTES project had not provided a management platform with a standardized interface for SNMP or NetConf protocols, enabling remote switch management. Thus the main objective of this work was to develop key components for the support of the standardized multiplatform management interfaces for the HaRTES switch and their performance assessment

Building a Standard Measurement Platform

Network management is achieved through a large number of disparate solutions for different technologies and parts of the end-to-end network. Gaining an overall view, and especially predicting the impact on a service user, is difficult. Recently, a number of proprietary platforms have emerged to conduct end-to-end testing from user premises; however, these are limited in scale, interoperability, and the ability to compare like-for-like results. In this article we show that these platforms share similar architectures and can benefit from the standardization of key interfaces, test definitions, information model, and protocols. We take the SamKnows platform as a use case and propose an evolution from its current proprietary protocols to standardized protocols and tests. In particular, we propose to use extensions of the IETF's IPFIX and NETCONF/YANG in the platform. Standardization will allow measurement capabilities to be included on many more network elements and user devices, providing a much more comprehensive view of user experience and enabling problems and performance bottlenecks to be identified and addressed.Publicad

Overview of South-Bound Interfaces for Software-Defined Optical Networks

In SDN-enabled networks, the control plane and data plane interaction relies on open SouthBound Interfaces (SBIs) so that the SDN controller exercises direct control over the data plane elements. In this paper, we review current initiatives of SBI to control optical components which include ad-hoc extensions of OpenFlow and YANG modelling proposals combined with the NETCONF / RESTCONF protocols. Then we overview different tools and frameworks available for quick prototyping and deployment of software services that are compliant with such interfaces. Finally, we discuss the advantages and drawbacks of the reviewed initiatives considered key enablers for standardized end-to-end network programmability

A mid-level framework for independent network services configuration management

Tese doutoramento do Programa Doutoral em TelecomunicaçõesDecades of evolution in communication network’s resulted in a high diversity of solutions, not only in terms of network elements but also in terms of the way they are managed. From a management perspective, having heterogeneous elements was a feasible scenario over the last decades, where management activities were mostly considered as additional features. However, with the most recent advances on network technology, that includes proposals for future Internet as well as requirements for automation, scale and efficiency, new management methods are required and integrated network management became an essential issue. Most recent solutions aiming to integrate the management of heterogeneous network elements, rely on the application of semantic data translations to obtain a common representation between heterogeneous managed elements, thus enabling their management integration. However, the realization of semantic translations is very complex to be effectively achieved, requiring extensive processing of data to find equivalent representation, besides requiring the administrator’s intervention to create and validate conversions, since contemporary data models lack a formal semantic representation. From these constrains a research question arose: Is it possible to integrate the con g- uration management of heterogeneous network elements overcoming the use of manage- ment translations? In this thesis the author uses a network service abstraction to propose a framework for network service management, which comprehends the two essential management operations: monitoring and configuring. This thesis focus on describing and experimenting the subsystem responsible for the network services configurations management, named Mid-level Network Service Configuration (MiNSC), being the thesis most important contribution. The MiNSC subsystem proposes a new configuration management interface for integrated network service management based on standard technologies that includes an universal information model implemented on unique data models. This overcomes the use of management translations while providing advanced management functionalities, only available in more advanced research projects, that includes scalability and resilience improvement methods. Such functionalities are provided by using a two-layer distributed architecture, as well as over-provisioning of network elements. To demonstrate MiNSC’s management capabilities, a group of experiments was conducted, that included, configuration deployment, instance migration and expansion using a DNS management system as test bed. Since MiNSC represents a new architectural approach, with no direct reference for a quantitative evaluation, a theoretical analysis was conducted in order to evaluate it against important integrated network management perspectives. It was concluded that there is a tendency to apply management translations, being the most straightforward solution when integrating the management of heterogeneous management interfaces and/or data models. However, management translations are very complex to be realized, being its effectiveness questionable for highly heterogeneous environments. The implementation of MiNSC’s standard configuration management interface provides a simplified perspective that, by using universal configurations, removes translations from the management system. Its distributed architecture uses independent/universal configurations and over-provisioning of network elements to improve the service’s resilience and scalability, enabling as well a more efficient resource management by dynamically allocating resources as needed

Design, deployment and validation of SDN controller for metro/access optical switching nodes

This document presents the design and implementation of OPTNODE. OPTNODE is a new SDN application that runs on top of Opendaylight's abstraction layer. The application has been designed using a set of models (MD-SAL), which define its configuration and behaviour. OPTNODE is intended to manage optical switching nodes, that is, capturing the node's most important information such as ID, IP address, number of ports, port data, and wavelength data, among others