1,940 research outputs found
Endpoint-transparent Multipath Transport with Software-defined Networks
Multipath forwarding consists of using multiple paths simultaneously to
transport data over the network. While most such techniques require endpoint
modifications, we investigate how multipath forwarding can be done inside the
network, transparently to endpoint hosts. With such a network-centric approach,
packet reordering becomes a critical issue as it may cause critical performance
degradation.
We present a Software Defined Network architecture which automatically sets
up multipath forwarding, including solutions for reordering and performance
improvement, both at the sending side through multipath scheduling algorithms,
and the receiver side, by resequencing out-of-order packets in a dedicated
in-network buffer.
We implemented a prototype with commonly available technology and evaluated
it in both emulated and real networks. Our results show consistent throughput
improvements, thanks to the use of aggregated path capacity. We give
comparisons to Multipath TCP, where we show our approach can achieve a similar
performance while offering the advantage of endpoint transparency
SDNsec: Forwarding Accountability for the SDN Data Plane
SDN promises to make networks more flexible, programmable, and easier to
manage. Inherent security problems in SDN today, however, pose a threat to the
promised benefits. First, the network operator lacks tools to proactively
ensure that policies will be followed or to reactively inspect the behavior of
the network. Second, the distributed nature of state updates at the data plane
leads to inconsistent network behavior during reconfigurations. Third, the
large flow space makes the data plane susceptible to state exhaustion attacks.
This paper presents SDNsec, an SDN security extension that provides
forwarding accountability for the SDN data plane. Forwarding rules are encoded
in the packet, ensuring consistent network behavior during reconfigurations and
limiting state exhaustion attacks due to table lookups. Symmetric-key
cryptography is used to protect the integrity of the forwarding rules and
enforce them at each switch. A complementary path validation mechanism allows
the controller to reactively examine the actual path taken by the packets.
Furthermore, we present mechanisms for secure link-failure recovery and
multicast/broadcast forwarding.Comment: 14 page
Joint Energy Efficient and QoS-aware Path Allocation and VNF Placement for Service Function Chaining
Service Function Chaining (SFC) allows the forwarding of a traffic flow along
a chain of Virtual Network Functions (VNFs, e.g., IDS, firewall, and NAT).
Software Defined Networking (SDN) solutions can be used to support SFC reducing
the management complexity and the operational costs. One of the most critical
issues for the service and network providers is the reduction of energy
consumption, which should be achieved without impact to the quality of
services. In this paper, we propose a novel resource (re)allocation
architecture which enables energy-aware SFC for SDN-based networks. To this
end, we model the problems of VNF placement, allocation of VNFs to flows, and
flow routing as optimization problems. Thereafter, heuristic algorithms are
proposed for the different optimization problems, in order find near-optimal
solutions in acceptable times. The performance of the proposed algorithms are
numerically evaluated over a real-world topology and various network traffic
patterns. The results confirm that the proposed heuristic algorithms provide
near optimal solutions while their execution time is applicable for real-life
networks.Comment: Extended version of submitted paper - v7 - July 201
- …