413 research outputs found
Algorithms for advance bandwidth reservation in media production networks
Media production generally requires many geographically distributed actors (e.g., production houses, broadcasters, advertisers) to exchange huge amounts of raw video and audio data. Traditional distribution techniques, such as dedicated point-to-point optical links, are highly inefficient in terms of installation time and cost. To improve efficiency, shared media production networks that connect all involved actors over a large geographical area, are currently being deployed. The traffic in such networks is often predictable, as the timing and bandwidth requirements of data transfers are generally known hours or even days in advance. As such, the use of advance bandwidth reservation (AR) can greatly increase resource utilization and cost efficiency. In this paper, we propose an Integer Linear Programming formulation of the bandwidth scheduling problem, which takes into account the specific characteristics of media production networks, is presented. Two novel optimization algorithms based on this model are thoroughly evaluated and compared by means of in-depth simulation results
Performance Analysis Of Firewall As Virtualized Network Function On VMware ESXi Hypervisor
Virtualization technology is slowly being used to build network infrastructure called Network Function Virtualization (NFV). It takes network functions such as firewall, load balancer, IPS out of its hardware then uses its software to be run on high specification server. It helps to reduce vendor lock-in and creates a multiplatform network function environment for telecommunication or Internet Service Provider (ISP) company. It has a lot of benefits compared to a traditional network. One of them is reducing the number of hardware that is used in the telecom industry. This technology runs on the hypervisor that is used for the hardware management. One of the important components from NFV is Virtualized Network Function (VNF). In NFV, network devices are run on a server so that a firewall is needed. If an attack occurs on the network, it will interfere the existing network components. This paper focuses on analyzing the performance of two firewall systems: pfSense, and FortiGate. Both firewalls run on the VMware ESXi hypervisor. It compares the firewall performance in normal conditions without attacks and under SYN DoS attacks. Besides, firewall failover capabilities are evaluated. Based on the overall testing results, FortiGate has better performance than pfSense. It has better ability in handling DoS SYN attack because of lower throughput performance degradation and better FTP performance. It is concluded that FortiGate has best performance if it is compared to pfSense.Virtualization technology is slowly being used to build network infrastructure called Network Function Virtualization (NFV). It takes network functions such as firewall, load balancer, IPS out of its hardware then uses its software to be run on high specification server. It helps to reduce vendor lock-in and creates a multiplatform network function environment for telecommunication or Internet Service Provider (ISP) company. It has a lot of benefits compared to a traditional network. One of them is reducing the number of hardware that is used in the telecom industry. This technology runs on the hypervisor that is used for the hardware management. One of the important components from NFV is Virtualized Network Function (VNF). In NFV, network devices are run on a server so that a firewall is needed. If an attack occurs on the network, it will interfere the existing network components. This paper focuses on analyzing the performance of two firewall systems: pfSense, and FortiGate. Both firewalls run on the VMware ESXi hypervisor. It compares the firewall performance in normal conditions without attacks and under SYN DoS attacks. Besides, firewall failover capabilities are evaluated. Based on the overall testing results, FortiGate has better performance than pfSense. It has better ability in handling DoS SYN attack because of lower throughput performance degradation and better FTP performance. It is concluded that FortiGate has best performance if it is compared to pfSense
Optimal Orchestration of Virtual Network Functions
-The emergence of Network Functions Virtualization (NFV) is bringing a set of
novel algorithmic challenges in the operation of communication networks. NFV
introduces volatility in the management of network functions, which can be
dynamically orchestrated, i.e., placed, resized, etc. Virtual Network Functions
(VNFs) can belong to VNF chains, where nodes in a chain can serve multiple
demands coming from the network edges. In this paper, we formally define the
VNF placement and routing (VNF-PR) problem, proposing a versatile linear
programming formulation that is able to accommodate specific features and
constraints of NFV infrastructures, and that is substantially different from
existing virtual network embedding formulations in the state of the art. We
also design a math-heuristic able to scale with multiple objectives and large
instances. By extensive simulations, we draw conclusions on the trade-off
achievable between classical traffic engineering (TE) and NFV infrastructure
efficiency goals, evaluating both Internet access and Virtual Private Network
(VPN) demands. We do also quantitatively compare the performance of our VNF-PR
heuristic with the classical Virtual Network Embedding (VNE) approach proposed
for NFV orchestration, showing the computational differences, and how our
approach can provide a more stable and closer-to-optimum solution
Performance Characterization and Profiling of Chained CPU-bound Virtual Network Functions
The increased demand for high-quality Internet connectivity resulting from the growing number of connected devices and advanced services has put significant strain on telecommunication networks. In response, cutting-edge technologies such as Network Function Virtualization (NFV) and Software Defined Networking (SDN) have been introduced to transform network infrastructure. These innovative solutions offer dynamic, efficient, and easily manageable networks that surpass traditional approaches. To fully realize the benefits of NFV and maintain the performance level of specialized equipment, it is critical to assess the behavior of Virtual Network Functions (VNFs) and the impact of virtualization overhead. This paper delves into understanding how various factors such as resource allocation, consumption, and traffic load impact the performance of VNFs. We aim to provide a detailed analysis of these factors and develop analytical functions to accurately describe their impact. By testing VNFs on different testbeds, we identify the key parameters and trends, and develop models to generalize VNF behavior. Our results highlight the negative impact of resource saturation on performance and identify the CPU as the main bottleneck. We also propose a VNF profiling procedure as a solution to model the observed trends and test more complex VNFs deployment scenarios to evaluate the impact of interconnection, co-location, and NFV infrastructure on performance
Packet filter performance monitor (anti-DDOS algorithm for hybrid topologies)
DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website.
With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security appliances are not strong enough to handle the overwhelming traffic that accompanies current DDoS attacks. There is also a limited research on solutions to mitigate DDoS attacks. Therefore, there is a need for a means of mitigating DDoS attacks in order to minimize downtime. One possible solution is for organizations to implement their own architectures that are meant to mitigate DDoS attacks.
In this dissertation, we present and implement an architecture that utilizes an activity monitor to change the states of firewalls based on their performance in a hybrid network. Both firewalls are connected inline. The monitor is mirrored to monitor the firewall states. The monitor reroutes traffic when one of the firewalls become overwhelmed due to a HTTP DDoS flooding attack. The monitor connects to the API of both firewalls. The communication between the rewalls and monitor is encrypted using AES, based on PyCrypto Python implementation.
This dissertation is structured in three parts. The first found the weakness of the hardware firewall and determined its threshold based on spike and endurance tests. This was achieved by flooding the hardware firewall with HTTP packets until the firewall became overwhelmed and unresponsive. The second part implements the same test as the first, but targeted towards the virtual firewall. The same parameters, test factors, and determinants were used; however a different load tester was utilized. The final part was the implementation and design of the firewall performance monitor. The main goal of the dissertation is to minimize downtime when network firewalls are overwhelmed as a result of a DDoS attack
Will SDN be part of 5G?
For many, this is no longer a valid question and the case is considered
settled with SDN/NFV (Software Defined Networking/Network Function
Virtualization) providing the inevitable innovation enablers solving many
outstanding management issues regarding 5G. However, given the monumental task
of softwarization of radio access network (RAN) while 5G is just around the
corner and some companies have started unveiling their 5G equipment already,
the concern is very realistic that we may only see some point solutions
involving SDN technology instead of a fully SDN-enabled RAN. This survey paper
identifies all important obstacles in the way and looks at the state of the art
of the relevant solutions. This survey is different from the previous surveys
on SDN-based RAN as it focuses on the salient problems and discusses solutions
proposed within and outside SDN literature. Our main focus is on fronthaul,
backward compatibility, supposedly disruptive nature of SDN deployment,
business cases and monetization of SDN related upgrades, latency of general
purpose processors (GPP), and additional security vulnerabilities,
softwarization brings along to the RAN. We have also provided a summary of the
architectural developments in SDN-based RAN landscape as not all work can be
covered under the focused issues. This paper provides a comprehensive survey on
the state of the art of SDN-based RAN and clearly points out the gaps in the
technology.Comment: 33 pages, 10 figure
Integração de funções de rede virtualizadas e funções de rede físicas
Network Functions Virtualization (NFV) and Software Defined Networking (SDN)
have been in the center of network evolution, promising a more flexible and efficient
way of managing networks through the on-demand instantiation of network
functions (NFs) and reconfigurability of the network as necessary. Nevertheless,
as new mechanisms are developed, such technologies require testing before their
adoption into real-world deployments. This is where this dissertation contributes,
by proposing and evaluating a system architecture that integrates a physical wireless
testbed with a cloud-based environment. This allows physical wireless nodes to
become part of the cloud environment, enabling its use and configuration as virtual
NFs (VNFs). Results showcased the system feasibility, with the testbed being able
to instantiate on-demand virtual and physical NFs, in the physical wireless nodes
and in an OpenStack data-center.A Virtualização de Funções de Rede e as Redes Definidas por Software têm estado
no centro da evolução das redes, prometendo uma forma mais flexível e eficiente
de as gerenciar através da instanciação on-demand de Funções de Rede e da sua
reconfiguração conforme o necessário. No entanto, à medida que novos mecanismos
são desenvolvidos, é também necessário a realização de testes sobre estas
tecnologias antes destas serem adotadas em implementações em contexto real.
É aqui que esta dissertação contribui, propondo e avaliando uma arquitetura de
sistema que integra um testbed físico sem fios, com um ambiente baseado em
nuvem. Isto permite que os nós sem fios físicos se tornem parte do ambiente de
nuvem, permitindo o seu uso e configuração como Funções de Rede Virtuais. Os
resultados demonstraram a viabilidade do sistema, dada a capacidade da testbed
em instanciar Funções de Rede virtuais e físicas quando requisitadas tanto nos nós
sem fios físicos quanto no servidor OpenStack.Mestrado em Engenharia Eletrónica e Telecomunicaçõe
The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions
In recent years, the current Internet has experienced an unexpected paradigm
shift in the usage model, which has pushed researchers towards the design of
the Information-Centric Networking (ICN) paradigm as a possible replacement of
the existing architecture. Even though both Academia and Industry have
investigated the feasibility and effectiveness of ICN, achieving the complete
replacement of the Internet Protocol (IP) is a challenging task.
Some research groups have already addressed the coexistence by designing
their own architectures, but none of those is the final solution to move
towards the future Internet considering the unaltered state of the networking.
To design such architecture, the research community needs now a comprehensive
overview of the existing solutions that have so far addressed the coexistence.
The purpose of this paper is to reach this goal by providing the first
comprehensive survey and classification of the coexistence architectures
according to their features (i.e., deployment approach, deployment scenarios,
addressed coexistence requirements and architecture or technology used) and
evaluation parameters (i.e., challenges emerging during the deployment and the
runtime behaviour of an architecture). We believe that this paper will finally
fill the gap required for moving towards the design of the final coexistence
architecture.Comment: 23 pages, 16 figures, 3 table
Network Security Automation
L'abstract è presente nell'allegato / the abstract is in the attachmen
- …