La seguridad en redes SDN y sus aplicaciones

Introduction: The review article is the product of the research on Security in SDN networks and their applications, developed at the District University in 2020, presenting the latest advances, that have been made in security. Problem: The security weaknesses that SDN networks have had, due to being a new architecture. This has not allowed traditional networks to be replaced.   Objective: To carry out a review of the state of the art of SDN networks, focusing research on the security of the control layer and its advances. Methodology: The descriptive method is implemented, consulting databases such as Scopus, IEEE and ScienceDirect, using the following search criteria: SDN networks, security in SDN networks, applications with SDN networks and OpenFlow protocol. It is shown as a research sample: the Asian, European and American continents with years of research from 2014 to 2020. Results: Great advances have been made in terms of security for SDN networks, which allows us to see an early solution to the weaknesses that it currently faces.   Conclusion: SDN networks will solve all the challenges they face and will be consolidated as a solid and reliable architecture.   Originality: an important focus is taken on the security of SDN networks and the great development that has occurred in this regard is evident.   Limitations: SDN networks are a new architecture, so their development has been very little and advances in security have been significantly affected.Introducción: El artículo de revisión es producto de la investigación Seguridad en redes SDN y sus aplicaciones, desarrollada en la Universidad Distrital en el año 2020, presentando los últimos avances que se han logrado en seguridad. Problema: Las debilidades en seguridad que han tenido las redes SDN debido a ser una arquitectura nueva, esto no ha permitido que se reemplacen las redes tradicionales. Objetivo: realizar una revisión del estado del arte de las redes SDN enfocando la investigación la seguridad de la capa de control y sus avances. Metodología: se emplea el método descriptivo, se consultaron bases de datos como Scopus, IEEE y ScienceDirect, utilizando los siguientes criterios de búsqueda: SDN networks, security in SDN networks, applications with SDN networks y OpenFlow protocol, se tomó como muestra de investigación a los continentes asiático, europeo y americano con años de investigación desde el año 2014 hasta el año 2020. Resultados: se han desarrollado grandes avances en seguridad para las redes SDN, lo que permite ver una pronta solución a las debilidades que afronta en la actualidad. Conclusión: las redes SDN lograran resolver todos los retos a los que se enfrentan y se consolidara como una arquitectura sólida y confiable. Originalidad: se realiza un enfoque importante en la seguridad de las redes SDN y se evidencia el gran desarrollo que se ha presentado en este aspecto. Limitaciones: las redes SDN son una arquitectura nueva por lo que su desarrollo ha sido muy poco y los avances en seguridad se vieron afectados significativamente

TRIIIAD: Uma Arquitetura para Orquestração Automônica de Redes de Data Center Centrado em Servidor.

sta tese apresenta duas contribuições para as redes de data center centrado em servidores. A primeira, intitulada Twin Datacenter Interconnection Topology, foca nos aspectos topológicos e demostra como o uso de Grafos Gêmeos podem potencialmente reduzir o custo e garantir alta escalabilidade, tolerância a falhas, resiliência e desempenho. A segunda, intitulada TRIIIAD TRIple-Layered Intelligent and Integrated Architecture for Datacenters, foca no acoplamento entre a orquestração da nuvem e o controle da rede. A TRIIIAD é composta por três camadas horizontais e um plano vertical de controle, gerência e orquestração. A camada superior representa a nuvem do data center. A camada intermediária fornece um mecanismo leve e eficiente para roteamento e encaminhamento dos dados. A camada inferior funciona como um comutador óptico distribuído. Finalmente, o plano vertical alinha o funcionamento das três camadas e as mantem agnósticas entre si. Este plano foi viabilizado por um controlador SDN aumentado, que se integrou à dinâmica da orquestração, de forma a manter a consistência entre as informações da rede e as decisões tomadas na camada de virtualizaçã

Leveraging Spatial and Temporal Correlations for Network Traffic Compression

The deployment of modern network applications is increasing the network size and traffic volumes at an unprecedented pace. Storing network-related information (e.g., traffic traces) is key to enable efficient network management. However, this task is becoming more challenging due to the ever-increasing data transmission rates and traffic volumes. In this paper, we present a novel method for network traffic compression that exploits spatial and temporal patterns naturally present in network traffic. We consider a realistic scenario where traffic measurements are performed at multiple links of a network topology using tools like SNMP or NetFlow. Such measurements can be seen as multiple time series that exhibit spatial and temporal correlations induced by the network topology, routing or user behavior. Our method leverages graph learning methods to effectively exploit both types of correlations for traffic compression. The experimental results show that our solution is able to outperform GZIP, the \textit{de facto} traffic compression method, improving by 50\%-65\% the compression ratio on three real-world networks.Comment: 11 pages, 14 figure

Deliverable D2.1 - Ecosystem analysis and 6G-SANDBOX facility design

This document provides a comprehensive overview of the core aspects of the 6G-SANDBOX project. It outlines the project's vision, objectives, and the Key Performance Indicators (KPIs) and Key Value Indicators (KVIs) targeted for achievement. The functional and non-functional requirements of the 6G-SANDBOX Facility are extensively presented, based on a proposed reference blueprint. A detailed description of the updated reference architecture of the facility is provided, considering the requirements outlined. The document explores the experimentation framework, including the lifecycle of experiments and the methodology for validating KPIs and KVIs. It presents the key technologies and use case enablers towards 6G that will be offered within the trial networks. Each of the platforms constituting the 6G-SANDBOX Facility is described, along with the necessary enhancements to align them with the project's vision in terms of hardware, software updates, and functional improvements

Trustworthy Knowledge Planes For Federated Distributed Systems

In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks

Optimizing C-RAN Backhaul Topologies: A Resilience-Oriented Approach Using Graph Invariants

ABSTRACT: At the verge of the launch of the first commercial fifth generation (5G) system, trends in wireless and optical networks are proceeding toward increasingly dense deployments, supporting resilient interconnection for applications that carry higher and higher capacity and tighter latency requirements. These developments put increasing pressure on network backhaul and drive the need for a re-examination of traditional backhaul topologies. Challenges of impending networks cannot be tackled by star and ring approaches due to their lack of intrinsic survivability and resilience properties, respectively. In support of this re-examination, we propose a backhaul topology design method that formulates the topology optimization as a graph optimization problem by capturing both the objective and constraints of optimization in graph invariants. Our graph theoretic approach leverages well studied mathematical techniques to provide a more systematic alternative to traditional approaches to backhaul design. Specifically, herein, we optimize over some known graph invariants, such as maximum node degree, topology diameter, average distance, and edge betweenness, as well as over a new invariant called node Wiener impact, to achieve baseline backhaul topologies that match the needs for resilient future wireless and optical networks

Trustworthy Knowledge Planes For Federated Distributed Systems

In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks