Traffic Engineering with Segment Routing: SDN-based Architectural Design and Open Source Implementation

Traffic Engineering (TE) in IP carrier networks is one of the functions that can benefit from the Software Defined Networking paradigm. By logically centralizing the control of the network, it is possible to "program" per-flow routing based on TE goals. Traditional per-flow routing requires a direct interaction between the SDN controller and each node that is involved in the traffic paths. Depending on the granularity and on the temporal properties of the flows, this can lead to scalability issues for the amount of routing state that needs to be maintained in core network nodes and for the required configuration traffic. On the other hand, Segment Routing (SR) is an emerging approach to routing that may simplify the route enforcement delegating all the configuration and per-flow state at the border of the network. In this work we propose an architecture that integrates the SDN paradigm with SR-based TE, for which we have provided an open source reference implementation. We have designed and implemented a simple TE/SR heuristic for flow allocation and we show and discuss experimental results.Comment: Extended version of poster paper accepted for EWSDN 2015 (version v4 - December 2015

Integration of unidirectional technologies into wireless back-haul architecture

This thesis was submitted for the degree of Docter of Philosophy and awarded by Brunel University.Back-haul infrastructures of today's wireless operators must support the triple-play services demanded by the market or regulatory bodies. To cope with increasing capacity demand, the EU FP7 project CARMEN has developed a cost-effective heterogeneous multi-radio wireless back-haul architecture, which may also leverage the native multicast capabilities of broadcast technologies such as DVB-T to off-load high-bandwidth broadcast content delivery. However, the integration of such unidirectional technologies into a packet-switched architecture requires careful considerations. The contribution of this thesis is the investigation, design and evaluation of protocols and mechanisms facilitating the integration of such unidirectional technologies into the wireless back-haul architecture so that they can be configured and utilized by the spectrum and capacity optimization modules. This integration mainly concerns the control plane and, in particular, the aspects related to resource and capability descriptions, neighborhood, link and Multi Protocol Label Switching (MPLS) Label-Switched Path (LSP) monitoring, unicast and multicast LSP signalling as well as topology forming and maintenance. During the course of this study we have analyzed the problem space, proposed solutions to the resulting research questions and evaluated our approach. Our results show that the now Unidirectional Technology (UDT)-aware architecture can readily consider Unidirectional Technologies (UDTs) to distribute, for example, broadcast content

Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures

Abstract—Software-Defined Networking (SDN) is a new net-working paradigm that grants a controller and its applications an omnipotent power to have holistic network visibility and flexible network programmability, thus enabling new innovations in network protocols and applications. One of the core advantages of SDN is its logically centralized control plane to provide the entire network visibility, on which many SDN applications rely. For the first time in the literature, we propose new attack vectors unique to SDN that seriously challenge this foundation. Our new attacks are somewhat similar in spirit to spoofing attacks in legacy networks (e.g., ARP poisoning attack), however with significant differences in exploiting unique vulnerabilities how current S-DN operates differently from legacy networks. The successful attacks can effectively poison the network topology information, a fundamental building block for core SDN components and topology-aware SDN applications. With the poisoned network visibility, the upper-layer OpenFlow controller services/apps may be totally misled, leading to serious hijacking, denial of service or man-in-the-middle attacks. According to our study, all current major SDN controllers we find in the market (e.g., Floodlight, OpenDaylight, Beacon, and POX) are affected, i.e., they are subject to the Network Topology Poisoning Attacks. We then investigate the mitigation methods against the Network Topology Poisoning Attacks and present TopoGuard, a new security exten-sion to SDN controllers, which provides automatic and real-time detection of Network Topology Poisoning Attacks. Our evaluation on a prototype implementation of TopoGuard in the Floodlight controller shows that the defense solution can effectively secure network topology while introducing only a minor impact on normal operations of OpenFlow controllers. I

Trends in Computer Network Modeling Towards the Future Internet

This article provides a taxonomy of current and past network modeling efforts. In all these efforts over the last few years we see a trend towards not only describing the network, but connected devices as well. This is especially current given the many Future Internet projects, which are combining different models, and resources in order to provide complete virtual infrastructures to users. An important mechanism for managing complexity is the creation of an abstract model, a step which has been undertaken in computer networks too. The fact that more and more devices are network capable, coupled with increasing popularity of the Internet, has made computer networks an important focus area for modeling. The large number of connected devices creates an increasing complexity which must be harnessed to keep the networks functioning. Over the years many different models for computer networks have been proposed, and used for different purposes. While for some time the community has moved away from the need of full topology exchange, this requirement resurfaced for optical networks. Subsequently, research on topology descriptions has seen a rise in the last few years. Many different models have been created and published, yet there is no publication that shows an overview of the different approaches.

Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results

Fixed and mobile telecom operators, enterprise network operators and cloud providers strive to face the challenging demands coming from the evolution of IP networks (e.g. huge bandwidth requirements, integration of billions of devices and millions of services in the cloud). Proposed in the early 2010s, Segment Routing (SR) architecture helps face these challenging demands, and it is currently being adopted and deployed. SR architecture is based on the concept of source routing and has interesting scalability properties, as it dramatically reduces the amount of state information to be configured in the core nodes to support complex services. SR architecture was first implemented with the MPLS dataplane and then, quite recently, with the IPv6 dataplane (SRv6). IPv6 SR architecture (SRv6) has been extended from the simple steering of packets across nodes to a general network programming approach, making it very suitable for use cases such as Service Function Chaining and Network Function Virtualization. In this paper we present a tutorial and a comprehensive survey on SR technology, analyzing standardization efforts, patents, research activities and implementation results. We start with an introduction on the motivations for Segment Routing and an overview of its evolution and standardization. Then, we provide a tutorial on Segment Routing technology, with a focus on the novel SRv6 solution. We discuss the standardization efforts and the patents providing details on the most important documents and mentioning other ongoing activities. We then thoroughly analyze research activities according to a taxonomy. We have identified 8 main categories during our analysis of the current state of play: Monitoring, Traffic Engineering, Failure Recovery, Centrally Controlled Architectures, Path Encoding, Network Programming, Performance Evaluation and Miscellaneous...Comment: SUBMITTED TO IEEE COMMUNICATIONS SURVEYS & TUTORIAL

An extended fault-tolerant link-state routing protocol in the internet

2003-2004 > Academic research: refereed > Publication in refereed journalVersion of RecordPublishe

Route recovery schemes for link and node failure and link congestion

Link/Node failure occurs frequently causing service disruption in computer networks. Hardware techniques have been developed to protect the network from Link/Node failure. These techniques work in physical layer, therefore their convergence time is very small. On the other hand, many schemes have been proposed to mitigate the failure influence on the network. These schemes work in upper layers such as the network layer. However, hardware solutions faster than other schemes, but they are expensive. Link/Node failure causes all flows which were using the failed link/node are temporarily interrupted till a new path reestablished. Three recovery algorithms have been proposed that mitigate the changes occur in the network. These changes are link/node failure and link congestion. The algorithms mainly pre-compute a backup next hop for each destination in the network. This path is feasible to accommodate re-routed traffic when a failure occurs without causing congestion or loops. Simulations have been conducted to show the performance of the proposed algorithms using ns2 network simulation tool. The results show fast recovery for all flows were using the link/node failure. Furthermore, the throughput per node also increases due to decrease interruption service time

Energy-Aware Forwarding Strategy for Metro Ethernet Networks

Energy optimization has become a crucial issue in the realm of ICT. This paper addresses the problem of energy consumption in a Metro Ethernet network. Ethernet technology deployments have been increasing tremendously because of their simplicity and low cost. However, much research remains to be conducted to address energy efficiency in Ethernet networks. In this paper, we propose a novel Energy Aware Forwarding Strategy for Metro Ethernet networks based on a modification of the Internet Energy Aware Routing (EAR) algorithm. Our contribution identifies the set of links to turn off and maintain links with minimum energy impact on the active state. Our proposed algorithm could be a superior choice for use in networks with low saturation, as it involves a tradeoff between maintaining good network performance and minimizing the active links in the network. Performance evaluation shows that, at medium load traffic, energy savings of 60% can be achieved. At high loads, energy savings of 40% can be achieved without affecting the network performance

Introduction to IP multicast in production networks

The objective of this paper is to introduce the reader to the world of IP multicasting. I intend to achieve this goal by providing an introduction that bridges the gap between the existing unicast networks and the developing multicast network. The basics of multicast that is covered in the earlier chapter includes the multicast addressing scheme, different protocols used for multicast transmission, various distribution trees that are formed by these protocols and various aspects of multicast forwarding. We take a look at IGMP which is the protocol that runs between the host devices and their first hop multicast routers, enabling the host to join/leave a multicast group. The protocols used for running IP multicast over networks are discussed in detail with additional emphasis on PIM-SM which is the most common among the available selection. The paper concludes with a general overlook on the avenues where multicasting could play a major role benefitting the Internet Service Providers and eve large corporate networks, and a glance on the pros and cons of multicasting