7,532 research outputs found
DISCO: Distributed Multi-domain SDN Controllers
Modern multi-domain networks now span over datacenter networks, enterprise
networks, customer sites and mobile entities. Such networks are critical and,
thus, must be resilient, scalable and easily extensible. The emergence of
Software-Defined Networking (SDN) protocols, which enables to decouple the data
plane from the control plane and dynamically program the network, opens up new
ways to architect such networks. In this paper, we propose DISCO, an open and
extensible DIstributed SDN COntrol plane able to cope with the distributed and
heterogeneous nature of modern overlay networks and wide area networks. DISCO
controllers manage their own network domain and communicate with each others to
provide end-to-end network services. This communication is based on a unique
lightweight and highly manageable control channel used by agents to
self-adaptively share aggregated network-wide information. We implemented DISCO
on top of the Floodlight OpenFlow controller and the AMQP protocol. We
demonstrated how DISCO's control plane dynamically adapts to heterogeneous
network topologies while being resilient enough to survive to disruptions and
attacks and providing classic functionalities such as end-point migration and
network-wide traffic engineering. The experimentation results we present are
organized around three use cases: inter-domain topology disruption, end-to-end
priority service request and virtual machine migration
Design and implementation of the node identity internetworking architecture
The Internet Protocol (IP) has been proven very flexible, being able to accommodate all kinds of link technologies and supporting a broad range of applications. The basic principles of the original Internet architecture include end-to-end addressing, global routeability and a single namespace of IP addresses that unintentionally serves both as locators and host identifiers. The commercial success and widespread use of the Internet have lead to new requirements, which include internetworking over business boundaries, mobility and multi-homing in an untrusted environment. Our approach to satisfy these new requirements is to introduce a new internetworking layer, the node identity layer. Such a layer runs on top of the different versions of IP, but could also run directly on top of other kinds of network technologies, such as MPLS and 2G/3G PDP contexts. This approach enables connectivity across different communication technologies, supports mobility, multi-homing, and security from ground up. This paper describes the Node Identity Architecture in detail and discusses the experiences from implementing and running a prototype
IPv6 Network Mobility
Network Authentication, Authorization, and Accounting has
been used since before the days of the Internet as we know it
today. Authentication asks the question, âWho or what are
you?â Authorization asks, âWhat are you allowed to do?â And fi nally,
accounting wants to know, âWhat did you do?â These fundamental
security building blocks are being used in expanded ways today. The
fi rst part of this two-part series focused on the overall concepts of
AAA, the elements involved in AAA communications, and highlevel
approaches to achieving specifi c AAA goals. It was published in
IPJ Volume 10, No. 1[0]. This second part of the series discusses the
protocols involved, specifi c applications of AAA, and considerations
for the future of AAA
AMISEC: Leveraging Redundancy and Adaptability to Secure AmI Applications
Security in Ambient Intelligence (AmI) poses too many challenges due to the inherently insecure nature of wireless sensor nodes. However, there are two characteristics of these environments that can be used effectively to prevent, detect, and confine attacks: redundancy and continuous adaptation. In this article we propose a global strategy and a system architecture to cope with security issues in AmI applications at different levels. Unlike in previous approaches, we assume an individual wireless node is vulnerable. We present an agent-based architecture with supporting services that is proven to be adequate to detect and confine common attacks. Decisions at different levels are supported by a trust-based framework with good and bad reputation feedback while maintaining resistance to bad-mouthing attacks. We also propose a set of services that can be used to handle identification, authentication, and authorization in intelligent ambients. The resulting approach takes into account practical issues, such as resource limitation, bandwidth optimization, and scalability
Securing personal distributed environments
The Personal Distributed Environment (PDE) is a new concept being developed by Mobile VCE allowing future mobile users flexible access to their information and services. Unlike traditional mobile communications, the PDE user no longer needs to establish his or her personal communication link solely through one subscribing network but rather a diversity of disparate devices and access technologies whenever and wherever he or she requires. Depending on the servicesâ availability and coverage in the location, the PDE communication configuration could be, for instance, via a mobile radio system and a wireless ad hoc network or a digital broadcast system and a fixed telephone network. This new form of communication configuration inherently imposes newer and higher security challenges relating to identity and authorising issues especially when the number of involved entities, accessible network nodes and service providers, builds up. These also include the issue of how the subscribed service and the userâs personal information can be securely and seamlessly handed over via multiple networks, all of which can be changing dynamically. Without such security, users and operators will not be prepared to trust their information to other networks
A Survey on the Contributions of Software-Defined Networking to Traffic Engineering
Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567
Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-
An Overview on Application of Machine Learning Techniques in Optical Networks
Today's telecommunication networks have become sources of enormous amounts of
widely heterogeneous data. This information can be retrieved from network
traffic traces, network alarms, signal quality indicators, users' behavioral
data, etc. Advanced mathematical tools are required to extract meaningful
information from these data and take decisions pertaining to the proper
functioning of the networks from the network-generated data. Among these
mathematical tools, Machine Learning (ML) is regarded as one of the most
promising methodological approaches to perform network-data analysis and enable
automated network self-configuration and fault management. The adoption of ML
techniques in the field of optical communication networks is motivated by the
unprecedented growth of network complexity faced by optical networks in the
last few years. Such complexity increase is due to the introduction of a huge
number of adjustable and interdependent system parameters (e.g., routing
configurations, modulation format, symbol rate, coding schemes, etc.) that are
enabled by the usage of coherent transmission/reception technologies, advanced
digital signal processing and compensation of nonlinear effects in optical
fiber propagation. In this paper we provide an overview of the application of
ML to optical communications and networking. We classify and survey relevant
literature dealing with the topic, and we also provide an introductory tutorial
on ML for researchers and practitioners interested in this field. Although a
good number of research papers have recently appeared, the application of ML to
optical networks is still in its infancy: to stimulate further work in this
area, we conclude the paper proposing new possible research directions
- âŠ