Optical Network Models and their Application to Software-Defined Network Management

Software-defined networking is finding its way into optical networks. Here, it promises a simplification and unification of network management for optical networks allowing automation of operational tasks despite the highly diverse and vendor-specific commercial systems and the complexity and analog nature of optical transmission. A fundamental component for software-defined optical networking are common abstractions and interfaces. Currently, a number of models for optical networks are available. They all claim to provide open and vendor agnostic management of optical equipment. In this work, we survey and compare the most important models and propose an intent interface for creating virtual topologies that is integrated in the existing model ecosystem.Comment: Parts of the presented work has received funding from the European Commission within the H2020 Research and Innovation Programme, under grant agreeement n.645127, project ACIN

A unifying orchestration operating platform for 5G

5G will revolutionize the way ICT and Telecommunications infrastructures work. Indeed, businesses can greatly benefit from innovation introduced by 5G and exploit the new deep integration between ICT and networking capabilities to generate new value-added services. Although a plethora of solutions for virtual resources and infrastructures management and orchestration already exists (e.g., OpenDaylight, ONOS, OpenStack, Apache Mesos, Open Source MANO, Docker Swarm, LXD/LXC, etc.), they are still not properly integrated to match the 5G requirements. In this paper, we present the 5G Operating Platform (5G-OP) which has been conceived to fill in this gap and integrate management, control and orchestration of computing, storage and networking resources down to the end-user devices and terminals (e.g., smart phone, machines, robots, drones, autonomous vehicles, etc.). The 5G-OP is an overarching framework capable to provide agnostic interfaces and a universal set of abstractions in order to implement seamless 5G infrastructure control and orchestration. The functional structure of the 5G-OP, including the horizontal and vertical interworking of functions in it, has been designed to allow Network Operators and Service Providers to exploit diverse roles and business strategies. Moreover, the functional decoupling of the 5G-OP from the underneath management, control and orchestration solutions allows pursuing faster innovation cycles, being ready for the emergence of new service models

A Gateway-based MUD Architecture to Enhance Smart Home Security

Smart home systems, including consumer-grade Internet of Things (IoT) devices, are in a dangerous situation. On the one hand, the number of smart homes is increasing. On the other hand, the devices in these dwellings are often affected by vulnerabilities that could be exploited to generate massive (distributed) attacks. To mitigate the issue of having compromised devices involved in such attacks, the Internet Engineering Task Force (IETF) recently proposed a new standard: the Manufacturer Usage Description (MUD). The main contribution of this paper is to propose a slightly extended version of the MUD architecture. This architecture is centered around a smart home gateway (SHG) that can be extended through the contributions of plug-in developers. Indeed, our proposed approach allows developers to specify which endpoints their plug-ins need to reach. These requirements will then be processed to generate a consolidated gateway-level MUD file exposed by the SHG itself. Thus, thanks to this solution and developers’ intervention, even devices that are not natively “MUD-enabled” would be protected by the MUD standard if integrated through a proper plug-in. Moreover, these requirements are transparent for the device itself. To demonstrate the feasibility of this approach, we realized a proof-of-concept for a widespread open-source smart home gateway: Home Assistant

Transport Northbound Interface:The need for Specification and Standards coordination

Next generation optical transport networks have high benchmarks for flexibility, reliability, and operational simplicity. These requirements underline a common, technology-independent orchestration paradigm that can be extended to represent and configure specific optical technology attributes. Although, orchestration is an ongoing aspect of the current optical transport network evolution, the meaning and scope of orchestration is often only implied, and various Specification and Standards communities cannot always agree the requirements and objectives. This paper describes the high-level requirements facing optical transport networks to provide well-defined Transport Northbound Interface (T-NBI) for optical resource programmability, control, and management automation. It explores the overall functionality that must be provided, whether encompassed in a single large-scale orchestration wrapper or partitioned into several sub-functions, of which only one component is designated as a transport orchestrator. It highlights the early efforts for optical transport resource modeling across Specification and Standardisation organisations. The paper will report on recent Internet Engineering Task Force (IETF) Transport NBI Team Design Team efforts to collaborate across Standards Development Organisations (SDOs) to unify transport interface requirements and objectives. Finally, the paper will highlight use cases and applicability examples, and outline research gaps and challenges, opportunities for researchers, and areas for further collaboration between academia and industry

The impact of Manufacturer Usage Description (MUD) on IoT security

With the growing number of IoT (Internet of Things) devices and their particular characteristics compared to traditional systems, incumbent security mechanisms need to be advanced for secure and resilient IoT operation in current ICT systems. One particular standard, which tries to improve IoT security in that regard, is the Manufacturer Usage Description (MUD) by IETF. In this paper, as our main focus is to highlight the security gains of using MUD, we first discuss the critical threats to IoT devices based on available research. In the second step, we analyze the MUD technology to delineate where MUD is beneficial (or not) to address these security issues

A Framework for eBPF-Based Network Functions in an Era of Microservices

By moving network functionality from dedicated hardware to software running on end-hosts, Network Functions Virtualization (NFV) pledges the benefits of cloud computing to packet processing. While most of the NFV frameworks today rely on kernel-bypass approaches, no attention has been given to kernel packet processing, which has always proved hard to evolve and to program. In this article, we present Polycube, a software framework whose main goal is to bring the power of NFV to in-kernel packet processing applications, enabling a level of flexibility and customization that was unthinkable before. Polycube enables the creation of arbitrary and complex network function chains, where each function can include an efficient in-kernel data plane and a flexible user-space control plane with strong characteristics of isolation, persistence, and composability. Polycube network functions, called Cubes, can be dynamically generated and injected into the kernel networking stack, without requiring custom kernels or specific kernel modules, simplifying the debugging and introspection, which are two fundamental properties in recent cloud environments. We validate the framework by showing significant improvements over existing applications, and we prove the generality of the Polycube programming model through the implementation of complex use cases such as a network provider for Kubernetes