Distributed control in virtualized networks

The increasing number of the Internet connected devices requires novel solutions to control the next generation network resources. The cooperation between the Software Defined Network (SDN) and the Network Function Virtualization (NFV) seems to be a promising technology paradigm. The bottleneck of current SDN/NFV implementations is the use of a centralized controller. In this paper, different scenarios to identify the pro and cons of a distributed control-plane were investigated. We implemented a prototypal framework to benchmark different centralized and distributed approaches. The test results have been critically analyzed and related considerations and recommendations have been reported. The outcome of our research influenced the control plane design of the following European R&D projects: PLATINO, FI-WARE and T-NOVA

AEGIS: Validating Execution Behavior of Controller Applications in Software-Defined Networks

The software-defined network (SDN) controller provides an application programming interface (API) for network applications and controller modules. Malicious applications and network attackers can misuse these APIs to cause outbreaks on the controller. The controller is the heart of the SDN and should be secured from such API misuse scenarios and network attacks. Most of the prior research in security for SDN controllers focuses on a defense mechanism for a particular attack scenario that requires changes in the controller code. This research proposes dynamic access control and a policy engine-based approach for protecting the SDN controller from network attacks and application bugs, thus defending against the misuse of the controller APIs. The proposed AEGIS protects controller APIs and defines a set of access, semantic, syntactic and communication policy rules and a permission set for accessing controller APIs. It utilizes the traditional API hooking technique to control API usage. We generated various attack scenarios that included application bugs and network attacks on the Floodlight SDN controller and showed that applying AEGIS secured the Floodlight controller APIs and hence protected them from network attacks and application bugs. Finally, we discuss performance comparison tests of the new AEGIS controller implementation for memory usage, API execution time and boot-up time and conclude that AEGIS effectively protects the SDN controller for trustworthy operations

Intent-based zero-touch service chaining layer for software-defined edge cloud networks

Edge Computing, along with Software Defined Networking and Network Function Virtualization, are causing network infrastructures to become as distributed clouds extended to the edge with services provided as dynamically established sequences of virtualized functions (i.e., dynamic service chains) thereby elastically addressing different processing requirements of application data flows. However, service operators and application developers are not inclined to deal with descriptive configuration directives to establish and operate services, especially in case of service chains. Intent-based Networking is emerging as a novel approach that simplifies network management and automates the implementation of network operations required by applications. This paper presents an intent-based zero-touch service chaining layer that provides the programmable provision of service chain paths in edge cloud networks. In addition to the dynamic and elastic deployment of data delivery services, the intent-based layer offers an automated adaptation of the service chains paths according to the application's goals expressed in the intent to recover from sudden congestion events in the SDN network. Experiments have been carried out in an emulated network environment to show the feasibility of the approach and to evaluate the performance of the intent layer in terms of network resource usage and adaptation overhead