3,799 research outputs found
Automatic configuration of OpenFlow in wireless mobile ad hoc networks
A Mobile wireless Ad hoc NETwork (MANET) is a decentralized wireless network in which mobile wireless nodes either directly communicate with each other or communicate via other wireless nodes in the network. In addition, OpenFlow has disruptive potential in designing a flexible programmable network which can foster innovation, reduce complexity and deliver right economics. In recent years, there are significant interests from research communities to deploy OpenFlow in MANETs. This paper proposes a configuration method with which OpenFlow can be deployed automatically in a MANET without any manual configuration. The proposed configuration method is tested in an emulated MANET created on the Fed4FIRE testbed using Mininet-WiFi (an emulator for wireless software-defined wireless networks). Experimentation includes automatic configuration of OpenFlow in linear, sparse, and dense mobile ad hoc networks. Results show the effectiveness of the method in configuring OpenFlow in wireless mobile ad hoc networks
Optical Network Virtualisation using Multi-technology Monitoring and SDN-enabled Optical Transceiver
We introduce the real-time multi-technology transport layer monitoring to
facilitate the coordinated virtualisation of optical and Ethernet networks
supported by optical virtualise-able transceivers (V-BVT). A monitoring and
network resource configuration scheme is proposed to include the hardware
monitoring in both Ethernet and Optical layers. The scheme depicts the data and
control interactions among multiple network layers under the software defined
network (SDN) background, as well as the application that analyses the
monitored data obtained from the database. We also present a re-configuration
algorithm to adaptively modify the composition of virtual optical networks
based on two criteria. The proposed monitoring scheme is experimentally
demonstrated with OpenFlow (OF) extensions for a holistic (re-)configuration
across both layers in Ethernet switches and V-BVTs
Demo abstract: a demonstration of automatic configuration of OpenFlow in wireless ad hoc networks
Using OpenFlow, a network can be controlled from
one or more servers called controllers. In the demonstration, we show automatic configuration of OpenFlow in a wireless ad hoc network, deployed on a portable testbed, using MININET-WiFi (an emulator for software defined wireless networks). Automatic configuration is shown using a GUI (Graphical User Interface) which shows wireless nodes discovered by the controller. In addition, a video clip is streamed from one node to another and displayed in real time. The demonstration includes automatic configuration in the scenarios in which nodes move from one location to another
A Survey on the Contributions of Software-Defined Networking to Traffic Engineering
Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567
Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-
Know Your Enemy: Stealth Configuration-Information Gathering in SDN
Software Defined Networking (SDN) is a network architecture that aims at
providing high flexibility through the separation of the network logic from the
forwarding functions. The industry has already widely adopted SDN and
researchers thoroughly analyzed its vulnerabilities, proposing solutions to
improve its security. However, we believe important security aspects of SDN are
still left uninvestigated. In this paper, we raise the concern of the
possibility for an attacker to obtain knowledge about an SDN network. In
particular, we introduce a novel attack, named Know Your Enemy (KYE), by means
of which an attacker can gather vital information about the configuration of
the network. This information ranges from the configuration of security tools,
such as attack detection thresholds for network scanning, to general network
policies like QoS and network virtualization. Additionally, we show that an
attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk
of being detected. We underline that the vulnerability exploited by the KYE
attack is proper of SDN and is not present in legacy networks. To address the
KYE attack, we also propose an active defense countermeasure based on network
flows obfuscation, which considerably increases the complexity for a successful
attack. Our solution offers provable security guarantees that can be tailored
to the needs of the specific network under consideratio
Routing-Verification-as-a-Service (RVaaS): Trustworthy Routing Despite Insecure Providers
Computer networks today typically do not provide any mechanisms to the users
to learn, in a reliable manner, which paths have (and have not) been taken by
their packets. Rather, it seems inevitable that as soon as a packet leaves the
network card, the user is forced to trust the network provider to forward the
packets as expected or agreed upon. This can be undesirable, especially in the
light of today's trend toward more programmable networks: after a successful
cyber attack on the network management system or Software-Defined Network (SDN)
control plane, an adversary in principle has complete control over the network.
This paper presents a low-cost and efficient solution to detect misbehaviors
and ensure trustworthy routing over untrusted or insecure providers, in
particular providers whose management system or control plane has been
compromised (e.g., using a cyber attack). We propose
Routing-Verification-as-a-Service (RVaaS): RVaaS offers clients a flexible
interface to query information relevant to their traffic, while respecting the
autonomy of the network provider. RVaaS leverages key features of
OpenFlow-based SDNs to combine (passive and active) configuration monitoring,
logical data plane verification and actual in-band tests, in a novel manner
- …