Performance Implication and Analysis of the OpenFlow SDN Protocol

Software Defined Networks provide the ability to manage networks from a centralised point through separating control plane from the data plane. This brings opportunities in terms of manageability, flexibility and cost savings in network operations. This centralisation, however, also brings about a potentially serious performance bottleneck and poses a scalability issue in high performance networks. This paper investigates performance of Software Defined Networks in general, and the OpenFlow protocol, to provide insight into the components of control path delay incurred by packets and ways to optimise flow forwarding. Two Openflow controllers (Floodlight and Pox) were used to validate performance measurements in relation to their theoretical composition. Secondly, the packet processing dynamics of switches, in particular OpenVSwitch are examined, looking at the control packet forwarding behaviour in the kernel module to meet high performance network and traffic engineering demand

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Can SDN Technology Be Transported to Software-Defined WSN/IoT?

© 2016 IEEE. Wireless sensor networks (WSNs) are essential elements of the Internet of Things ecosystem, as such, they encounter numerous IoT challenging architectural, management and application issues. These include inflexible control, manual configuration and management of sensor nodes, difficulty in an orchestration of resources, and virtualizing sensor network resources for on-demand applications and services. Addressing these issues presents a real challenge for WSNs and IoTs. By separating the network control plane from the data forwarding plane, Software-defined networking (SDN) has emerged as network technology that addresses similar problems of current switched-networks. Despite the differences between switched network and wireless sensor network domains, the SDN technology has a real potential to revolutionize WSNs/IoTs and address their challenging issues. However, very little has been attempted to bring the SDN paradigm to WSNs. This paper identifies weaknesses of existing research efforts that aims to bring the benefits of SDN to WSNs by mapping the control plane, the OpenFlow protocol, and the functionality between the two network domains. In particular, the paper investigates the difficulties and challenges in the development of software-defined wireless sensor networking (SDWSN). Finally, the paper proposes VSensor, SDIoT controller, SFlow components with specific and relevant functionality for an architecture of an SDWSN or SDIoT infrastructure

Smart Flow Steering Agent for End-to-End Delay Improvement in Software-Defined Networks

لضمان الإستجابة للخطأ والإدارة الموزعة، يتم استخدام البروتوكولات الموزعة كأحد المفاهيم المعمارية الرئيسية التي تتضمنها شبكة الإنترنت. ومع ذلك، يمكن التغلب على عدم الكفاءة وعدم الاستقرار والقصور بمساعدة بنية الشبكات الجديدة التي تسمى الشبكات المعرفة بالبرمجيات SDN. الخاصية الرئيسية لهذه المعمارية هي فصل مستوى التحكم عن مستوى البيانات. إن تقليل التصادم سيؤدي إلى تحسين سرعة الإستجابة وزيادة البيانات المرسلة بصورة صحيحة، لهذا السبب يجب أن يكون هناك توزيع متجانس للحمل المروري عبر مسارات الشبكة المختلفة. تقدم هذه الورقة البحثية أداة توجيه ذكية SFSA لتوجيه تدفق البيانات بناءاً على ظروف الشبكة الحالية. لتحسين الإنتاجية وتقليل زمن الوصول، فإن الخوارزمية المقترحة SFSA تقوم بتوزيع حركة مرور البيانات داخل الشبكة على مسارات مناسبة ، بالإضافة إلى الإشراف على الإرتباطات التشعبية وحمل مسارات نقل البيانات. تم استخدام سيناريو خوارزمية توجيه شجرة الامتداد الدنياMST وأخرى مع خوارزمية التوجيه المعروفة بفتح أقصر مسار أولاً OSPF لتقييم جودة الخوارمية المقترحة SFSA . على سبيل المقارنة ، بالنسبة لخوارزميات التوجيه المذكروة آنفاً ، فقد حققت استراتيجيةSFSA المقترحة انخفاضاً بنسبة 2٪ في معدل ضياع حزم البيانات PDR ، وبنسبة تتراوح بين 15-45٪ في سرعة إستلام البيانات من المصدر إلى الالوجهة النهائية لحزمة البيانات وكذلك انخفاض بنسبة 23 ٪ في زمن رحلة ذهاب وعودة RTT . تم استخدام محاكي Mininet ووحدة التحكم POX لإجراء المحاكاة. ميزة أخرى من SFSA على MST و OSPF هي أن وقت التنفيذ والاسترداد لا يحمل تقلبات. يتقوم أداة التوجيه الذكية المقترحة في هذه الورقة البحثية من فتح أفقاً جديداً لنشر أدوات ذكية جديدة في شبكة SDN تعزز قابلية برمجة الشبكات وإدارتها .To ensure fault tolerance and distributed management, distributed protocols are employed as one of the major architectural concepts underlying the Internet. However, inefficiency, instability and fragility could be potentially overcome with the help of the novel networking architecture called software-defined networking (SDN). The main property of this architecture is the separation of the control and data planes. To reduce congestion and thus improve latency and throughput, there must be homogeneous distribution of the traffic load over the different network paths. This paper presents a smart flow steering agent (SFSA) for data flow routing based on current network conditions. To enhance throughput and minimize latency, the SFSA distributes network traffic to suitable paths, in addition to supervising link and path loads. A scenario with a minimum spanning tree (MST) routing algorithm and another with open shortest path first (OSPF) routing algorithms were employed to assess the SFSA. By comparison, to these two routing algorithms, the suggested SFSA strategy determined a reduction of 2% in packets dropped ratio (PDR), a reduction of 15-45% in end-to-end delay according to the traffic produced, as well as a reduction of 23% in round trip time (RTT). The Mininet emulator and POX controller were employed to conduct the simulation. Another advantage of the SFSA over the MST and OSPF is that its implementation and recovery time do not exhibit fluctuations. The smart flow steering agent will open a new horizon for deploying new smart agents in SDN that enhance network programmability and management

Scenario based security evaluation: Generic OpenFlow network

Demand for network programmability was recognized when development of protocolsslowed down due to network inflexibilities in 1980s. Research speeded up andmany proposals were made to solve architectural issues during 2000s. Academicworld put up an initiative to build up new programmable network architecturelater 2000s. OpenFlow was born.In modern public network infrastructures the security of the network architectureis crucial to archive data confidentiality, integrity and authenticity, yet high availability.Many studies have shown that there are many security vulnerabilities andissues on current OpenFlow implementations and even in OpenFlow specificationitself. Many proposals have been made to enhance these known issues. In thisresearch, the scenario based security evaluation of the generic OpenFlow networkarchitecture was carried out using technology publications and literature. Thesecurity evaluation framework was used in security assessment.Proposed risk mitigation patterns were found to be effective on most of the casesfor all 13 identified and evaluated scenarios. Lack of mandatory encryption andauthentication in OpenFlow control channel were most critical risks on generallevel. OpenFlow specification should provide clear guidance how this should beimplemented to guarantee inter-operability between different vendors. Short termsolution is to use IPSec. Second critical issue was that bugs and vulnerabilitiesin OpenFlow controller and switch software are causing major risks for security.Proper quality assurance process, testing methods and evaluation are needed toenhance security on all phases of the software production.Current OpenFlow implementations are suffering poor security. Tolerable levelcan be reached by utilizing small enhancements. There are still many areas whichneed to be researched to archive solid foundation for software defined networks ofthe future

Forensics Based SDN in Data Centers

Recently, most data centers have adopted for Software-Defined Network (SDN) architecture to meet the demands for scalability and cost-efficient computer networks. SDN controller separates the data plane and control plane and implements instructions instead of protocols, which improves the Quality of Services (QoS) , enhances energy efficiency and protection mechanisms . However, such centralizations present an opportunity for attackers to utilize the controller of the network and master the entire network devices, which makes it vulnerable. Recent studies efforts have attempted to address the security issue with minimal consideration to the forensics aspects. Based on this, the research will focus on the forensic issue on the SDN network of data center environments. There are diverse approaches to accurately identify the various possible threats to protect the network. For this reason, deep learning approach will used to detect DDoS attacks, which is regarded as the most proper approach for detection of threat. Therefore, the proposed network consists of mobile nodes, head controller, detection engine, domain controller, source controller, Gateway and cloud center. The first stage of the attack is analyzed as serious, where the process includes recording the traffic as criminal evidence to track the criminal, add the IP source of the packet to blacklist and block all packets from this source and eliminate all packets. The second stage not-serious, which includes blocking all packets from the source node for this session, or the non-malicious packets are transmitted using the proposed protocol. This study is evaluated in OMNET ++ environment as a simulation and showed successful results than the existing approaches

Advanced SDN-Based QoS and Security Solutions for Heterogeneous Networks

This thesis tries to study how SDN can be employed in order to support Quality of Service and how the support of this functionality is fundamental for today networks. Considering, not only the present networks, but also the next generation ones, the importance of the SDN paradigm become manifest as the use of satellite networks, which can be useful considering their broadcasting capabilities. For these reasons, this research focuses its attention on satellite - terrestrial networks and in particular on the use of SDN inside this environment. An important fact to be taken into account is that the growing of the information technologies has pave the way for new possible threats. This research study tries to cover also this problem considering how SDN can be employed for the detection of past and future malware inside networks

Self-healing and SDN: bridging the gap

Achieving high programmability has become an essential aim of network research due to the ever-increasing internet traffic. Software-Defined Network (SDN) is an emerging architecture aimed to address this need. However, maintaining accurate knowledge of the network after a failure is one of the largest challenges in the SDN. Motivated by this reality, this paper focuses on the use of self-healing properties to boost the SDN robustness. This approach, unlike traditional schemes, is not based on proactively configuring multiple (and memory-intensive) backup paths in each switch or performing a reactive and time-consuming routing computation at the controller level. Instead, the control paths are quickly recovered by local switch actions and subsequently optimized by global controller knowledge. Obtained results show that the proposed approach recovers the control topology effectively in terms of time and message load over a wide range of generated networks. Consequently, scalability issues of traditional fault recovery strategies are avoided.Postprint (published version

HDDP: Hybrid Domain Discovery Protocol for heterogeneous devices in SDN

Computer networks are adopting the new Software-Defined Networking (SDN) architecture, however not all devices can support it, mainly due to power and computational constraints. This paper proposes the Hybrid Domain Discovery Protocol (HDDP), a new discovery protocol that enhances theexisting OpenFlow Discovery Protocol (OFDP). HDDP allows thediscovery of hybrid network topologies composed of both SDNand non-SDN devices, which no other state-of-the-art protocolcan achieve. HDDP has been implemented in a software switchand emulated in diverse networks, where it discovers hybrid topologies by using a number of messages similar to competitors,as they only discover SDN devices.Comunidad de MadridUniversidad de Alcal