31,944 research outputs found

    A Lightweight, Non-intrusive Approach for Orchestrating Autonomously-managed Network Elements

    Full text link
    Software-Defined Networking enables the centralized orchestration of data traffic within a network. However, proposed solutions require a high degree of architectural penetration. The present study targets the orchestration of network elements that do not wish to yield much of their internal operations to an external controller. Backpressure routing principles are used for deriving flow routing rules that optimally stabilize a network, while maximizing its throughput. The elements can then accept in full, partially or reject the proposed routing rule-set. The proposed scheme requires minimal, relatively infrequent interaction with a controller, limiting its imposed workload, promoting scalability. The proposed scheme exhibits attracting network performance gains, as demonstrated by extensive simulations and proven via mathematical analysis.Comment: 6 pages 7, figures, IEEE ISCC'1

    SDNsec: Forwarding Accountability for the SDN Data Plane

    Full text link
    SDN promises to make networks more flexible, programmable, and easier to manage. Inherent security problems in SDN today, however, pose a threat to the promised benefits. First, the network operator lacks tools to proactively ensure that policies will be followed or to reactively inspect the behavior of the network. Second, the distributed nature of state updates at the data plane leads to inconsistent network behavior during reconfigurations. Third, the large flow space makes the data plane susceptible to state exhaustion attacks. This paper presents SDNsec, an SDN security extension that provides forwarding accountability for the SDN data plane. Forwarding rules are encoded in the packet, ensuring consistent network behavior during reconfigurations and limiting state exhaustion attacks due to table lookups. Symmetric-key cryptography is used to protect the integrity of the forwarding rules and enforce them at each switch. A complementary path validation mechanism allows the controller to reactively examine the actual path taken by the packets. Furthermore, we present mechanisms for secure link-failure recovery and multicast/broadcast forwarding.Comment: 14 page

    Next Generation Cloud Computing: New Trends and Research Directions

    Get PDF
    The landscape of cloud computing has significantly changed over the last decade. Not only have more providers and service offerings crowded the space, but also cloud infrastructure that was traditionally limited to single provider data centers is now evolving. In this paper, we firstly discuss the changing cloud infrastructure and consider the use of infrastructure from multiple providers and the benefit of decentralising computing away from data centers. These trends have resulted in the need for a variety of new computing architectures that will be offered by future cloud infrastructure. These architectures are anticipated to impact areas, such as connecting people and devices, data-intensive computing, the service space and self-learning systems. Finally, we lay out a roadmap of challenges that will need to be addressed for realising the potential of next generation cloud systems.Comment: Accepted to Future Generation Computer Systems, 07 September 201
    • …
    corecore