Deliverable JRA1.1: Evaluation of current network control and management planes for multi-domain network infrastructure

This deliverable includes a compilation and evaluation of available control and management architectures and protocols applicable to a multilayer infrastructure in a multi-domain Virtual Network environment.The scope of this deliverable is mainly focused on the virtualisation of the resources within a network and at processing nodes. The virtualization of the FEDERICA infrastructure allows the provisioning of its available resources to users by means of FEDERICA slices. A slice is seen by the user as a real physical network under his/her domain, however it maps to a logical partition (a virtual instance) of the physical FEDERICA resources. A slice is built to exhibit to the highest degree all the principles applicable to a physical network (isolation, reproducibility, manageability, ...). Currently, there are no standard definitions available for network virtualization or its associated architectures. Therefore, this deliverable proposes the Virtual Network layer architecture and evaluates a set of Management- and Control Planes that can be used for the partitioning and virtualization of the FEDERICA network resources. This evaluation has been performed taking into account an initial set of FEDERICA requirements; a possible extension of the selected tools will be evaluated in future deliverables. The studies described in this deliverable define the virtual architecture of the FEDERICA infrastructure. During this activity, the need has been recognised to establish a new set of basic definitions (taxonomy) for the building blocks that compose the so-called slice, i.e. the virtual network instantiation (which is virtual with regard to the abstracted view made of the building blocks of the FEDERICA infrastructure) and its architectural plane representation. These definitions will be established as a common nomenclature for the FEDERICA project. Other important aspects when defining a new architecture are the user requirements. It is crucial that the resulting architecture fits the demands that users may have. Since this deliverable has been produced at the same time as the contact process with users, made by the project activities related to the Use Case definitions, JRA1 has proposed a set of basic Use Cases to be considered as starting point for its internal studies. When researchers want to experiment with their developments, they need not only network resources on their slices, but also a slice of the processing resources. These processing slice resources are understood as virtual machine instances that users can use to make them behave as software routers or end nodes, on which to download the software protocols or applications they have produced and want to assess in a realistic environment. Hence, this deliverable also studies the APIs of several virtual machine management software products in order to identify which best suits FEDERICA’s needs.Postprint (published version

The Challenges in SDN/ML Based Network Security : A Survey

Machine Learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking (SDN) emerge. Sitting at the application layer and communicating with the control layer, machine learning based SDN security models exercise a huge influence on the routing/switching of the entire SDN. Compromising the models is consequently a very desirable goal. Previous surveys have been done on either adversarial machine learning or the general vulnerabilities of SDNs but not both. Through examination of the latest ML-based SDN security applications and a good look at ML/SDN specific vulnerabilities accompanied by common attack methods on ML, this paper serves as a unique survey, making a case for more secure development processes of ML-based SDN security applications.Comment: 8 pages. arXiv admin note: substantial text overlap with arXiv:1705.0056

Creating a Worldwide Network For the Global Environment for Network Innovations (GENI) and Related Experimental Environments

Many important societal activities are global in scope, and as these activities continually expand world-wide, they are increasingly based on a foundation of advanced communication services and underlying innovative network architecture, technology, and core infrastructure. To continue progress in these areas, research activities cannot be limited to campus labs and small local testbeds or even to national testbeds. Researchers must be able to explore concepts at scale—to conduct experiments on world-wide testbeds that approximate the attributes of the real world. Today, it is possible to take advantage of several macro information technology trends, especially virtualization and capabilities for programming technology resources at a highly granulated level, to design, implement and operate network research environments at a global scale. GENI is developing such an environment, as are research communities in a number of other countries. Recently, these communities have not only been investigating techniques for federating these research environments across multiple domains, but they have also been demonstration prototypes of such federations. This chapter provides an overview of key topics and experimental activities related to GENI international networking and to related projects throughout the world

NetGlance NMS - An integrated network monitoring system

Mestrado de dupla diplomação com a Kuban State Agrarian UniversityThis work is about IT infrastructure and, in particular, computer networks in KubSAU and IPB. Also, it is about a network monitoring system “NetGlance NMS” developed for KubSAU System Administration Department. Work objective is to optimize the information structure for KubSAU and IPB. During the work, following tasks were completed: Research the existing IPB information structure, Compare the information structure for KubSAU and IPB, Model the IPB computer network (topology, services), Research bottlenecks and potential pitfalls in the data-center and in the computer network of IPB, Research information security mechanisms in the computer network of IPB, Organize monitoring process for the computer network in KubSAU. The most important impact of the work is an increasing network productivity and user experience as a result of creation and deploy a monitoring software.O trabalho descrito no âmbito desta dissertação incide sobre a infraestrutura TI e, em particular, sobre as redes de computadores da KubSAU e do IPB. Além disso, descreve-se um sistema de gestão integrada de redes, designada “NetGlance NMS”, desenvolvido para o Departamento de Administração de Sistemas da KubSAU. O objetivo do trabalho é desenvolver uma ferramenta para otimizar a gestão da estrutura de comunicações das duas instituições. Durante o trabalho, as seguintes tarefas foram concluídas: levantamento da estrutura de comunicações do IPB, comparação da estrutura de comunicações entre a KubSAU e o IPB, modelação da rede de comunicações do IPB (topologia, serviços), estudo de possíveis estrangulamentos no datacenter e na rede de comunicações doIPB, estudo de mecanismos de segurança na rede de comunicações do IPB, organização do processo de monitorização da rede de comunicações da KubSAU. O contributo mais relevante deste trabalho é o desenvolvimento de uma aplicação de gestão integrada de redes, de forma a contribuir para o aumento da produtividade da rede e da experiência dos utilizadores

Uplink data measurement and analysis for 5G eCPRI radio unit

Abstract. The new 5G mobile network generation aims to enhance the performance of the cellular network in almost every possible aspect, offering higher data rates, lower latencies, and massive number of network connections. Arguably the most important change from LTE are the new RU-BBU split options for 5G promoted by 3GPP and other organizations. Another big conceptual shift introduced with 5G is the open RAN concept, pushed forward by organizations such as the O-RAN alliance. O-RAN aims to standardize the interfaces between different RAN elements in a way that promotes vendor interoperability and lowers the entry barrier for new equipment suppliers. Moreover, the 7-2x split option standardized by O-RAN has risen as the most important option within the different low layer split options. As the fronthaul interface, O-RAN has selected the packet-based eCPRI protocol, which has been designed to be more flexible and dynamic in terms of transport network and data-rates compared to its predecessor CPRI. Due to being a new interface, tools to analyse data from this interface are lacking. In this thesis, a new, Python-based data analysis tool for UL eCPRI data was created for data quality validation purposes from any O-RAN 7-2x functional split based 5G eCPRI radio unit. The main goal for this was to provide concrete KPIs from captured data, including timing offset, signal power level and error vector magnitude. The tool produces visual and text-based outputs that can be used in both manual and automated testing. The tool has enhanced eCPRI UL datapath testing in radio unit integration teams by providing actual quality metrics and enabling test automation.Uplink datamittaukset ja -analyysi 5G eCPRI radiolla. Tiivistelmä. Uusi 5G mobiiliverkkogeneraatio tuo mukanaan parannuksia lähes kaikkiin mobiiliverkon ominaisuuksiin, tarjoten nopeamman datasiirron, pienemmät viiveet ja valtavat laiteverkostot. Luultavasti tärkein muutos LTE teknologiasta ovat 3GPP:n ja muiden organisaatioiden ehdottamat uudet radion ja systeemimoduulin väliset funktionaaliset jakovaihtoehdot. Toinen huomattava muutos 5G:ssä on O-RAN:in ajama avoimen RAN:in konsepti, jonka tarkoituksena on standardisoida verkkolaitteiden väliset rajapinnat niin, että RAN voidaan rakentaa eri valmistajien laitteista, laskien uusien laitevalmistajien kynnystä astua verkkolaitemarkkinoille. O-RAN:n standardisoima 7-2x funktionaalinen jako on noussut tärkeimmäksi alemman tason jakovaihtoehdoista. Fronthaul rajapinnan protokollaksi O-RAN on valinnut pakettitiedonsiirtoon perustuvan eCPRI:n, joka on suunniteltu dynaamisemmaksi ja joustavammaksi datanopeuksien ja lähetysverkon suhteen kuin edeltävä CPRI protokolla. Uutena protokollana, eCPRI rajapinnalle soveltuvia data-analyysityökaluja ei ole juurikaan saatavilla. Tässä työssä luotiin uusi pythonpohjainen data-analyysityökalu UL suunnan eCPRI datalle, jotta datan laatu voidaan määrittää millä tahansa O-RAN 7-2x funktionaaliseen jakoon perustuvalla 5G eCPRI radiolla. Työkalun päätarkoitus on analysoida ja kuvata datan laatua laskemalla datan ajoitusoffsettia, tehotasoa, sekä EVM:ää. Työkalu tuottaa tulokset visuaalisena ja tekstipohjaisena, jotta analyysia voidaan tehdä niin manuaalisessa kuin automaattisessa testauksessa. Työkalun käyttöönotto on tehostanut UL suunnan dataputken testausta radio-integrointitiimeissä, tarjoten datan laatua kuvaavaa metriikkaa sekä mahdollistaen testauksen automatisoinnin