SDN Architecture and Southbound APIs for IPv6 Segment Routing Enabled Wide Area Networks

The SRv6 architecture (Segment Routing based on IPv6 data plane) is a promising solution to support services like Traffic Engineering, Service Function Chaining and Virtual Private Networks in IPv6 backbones and datacenters. The SRv6 architecture has interesting scalability properties as it reduces the amount of state information that needs to be configured in the nodes to support the network services. In this paper, we describe the advantages of complementing the SRv6 technology with an SDN based approach in backbone networks. We discuss the architecture of a SRv6 enabled network based on Linux nodes. In addition, we present the design and implementation of the Southbound API between the SDN controller and the SRv6 device. We have defined a data-model and four different implementations of the API, respectively based on gRPC, REST, NETCONF and remote Command Line Interface (CLI). Since it is important to support both the development and testing aspects we have realized an Intent based emulation system to build realistic and reproducible experiments. This collection of tools automate most of the configuration aspects relieving the experimenter from a significant effort. Finally, we have realized an evaluation of some performance aspects of our architecture and of the different variants of the Southbound APIs and we have analyzed the effects of the configuration updates in the SRv6 enabled nodes

Secure Configuration and Management of Linux Systems using a Network Service Orchestrator.

Manual management of the configuration of network devices and computing devices (hosts) is an error-prone task. Centralized automation of these tasks can lower the costs of management, but can also introduce unknown or unanticipated security risks. Misconfiguration (deliberate (by outsiders) or inadvertent (by insiders)) can expose a system to significant risks. Centralized network management has seen significant progress in recent years, resulting in model-driven approaches that are clearly superior to previous "craft" methods. Host management has seen less development. The tools available have developed in separate task-specific ways. This thesis explores two aspects of the configuration management problem for hosts: (1) implementing host management using the model-driven (network) management tools; (2) establishing the relative security of traditional methods and the above proposal for model driven host management. It is shown that the model-driven approach is feasible, and the security of the model driven approach is significantly higher than that of existing approaches

Centralized model driven trace route mechanism for TCP/IP routers : Remote traceroute invocation using NETCONF API and YANG data model

During the recent years, utilizing programmable APIs and YANG data model for service configuration and monitoring of TCP/IP open network devices from a centralized network management system as an alternative to SNMP based network management solutions has gained popularity among service providers and network engineers. However, both SNMP and YANG lacks any data model for tracing the routes between different routers inside and outside the network that has not addressed. Having a centralized traceroute tool provides a central troubleshooting point in the network. And rather than having to individually connect to each router terminal, traceroute can be invoked remotely on different routers. And the responses can be collected on the network management system. The aim of this thesis is to develop a centralized traceroute tool called Trace that invokes traceroute CLI tool with a unique syntax from a centralized network management system on a TCP/IP router, traces the hops and BGP AS and measures RTT between a router and specific destination and returns the response back to the network management system. And evaluates the possibility of utilizing this traceroute tool along with YANG based network management solutions. This implementation has shown that YANG based data models enables a unique syntax on the network management system for invoking traceroute command on different TCP/IP devices. This unique syntax can be used to invoke the traceroute CLI command on the routers with the different operating systems. And the evaluation has shown that using NETCONF as an API between the network management system and the network devices, enables the Trace to be utilized in YANG and NETCONF based network management solutions

Centralized model driven trace route mechanism for TCP/IP routers : Remote traceroute invocation using NETCONF API and YANG data model

During the recent years, utilizing programmable APIs and YANG data model for service configuration and monitoring of TCP/IP open network devices from a centralized network management system as an alternative to SNMP based network management solutions has gained popularity among service providers and network engineers. However, both SNMP and YANG lacks any data model for tracing the routes between different routers inside and outside the network that has not addressed. Having a centralized traceroute tool provides a central troubleshooting point in the network. And rather than having to individually connect to each router terminal, traceroute can be invoked remotely on different routers. And the responses can be collected on the network management system. The aim of this thesis is to develop a centralized traceroute tool called Trace that invokes traceroute CLI tool with a unique syntax from a centralized network management system on a TCP/IP router, traces the hops and BGP AS and measures RTT between a router and specific destination and returns the response back to the network management system. And evaluates the possibility of utilizing this traceroute tool along with YANG based network management solutions. This implementation has shown that YANG based data models enables a unique syntax on the network management system for invoking traceroute command on different TCP/IP devices. This unique syntax can be used to invoke the traceroute CLI command on the routers with the different operating systems. And the evaluation has shown that using NETCONF as an API between the network management system and the network devices, enables the Trace to be utilized in YANG and NETCONF based network management solutions

Cloud-Native Realization of Network Configuration Protocol

Many of the telecommunication companies aim to support Network Configuration Protocol (NETCONF) to manage their large network in cloud-native environment. The NETCONF protocol provides automation and security using permanent SSH and TLS connections as well as cloudnative brings scalability advantages. However, supporting the NETCONF protocol in cloud-native environment represents challenges since the NETCONF protocol is not stateless. The thesis implements a proof of concept for cloud-native Network Configuration Protocol and investigates issues of such an implementation. The approach in this thesis is to have two implementations of standard Network Configuration Protocol and Network Configuration Protocol Call Home in cloud-native environment. A solution is applied together with these implementations by terminating the permanent established sessions in the end of messaging. The evaluations are made by analysing changing number of connections and events per connection in the both implementations. Based on the evaluation of the proof of concept, the results indicate that terminating the established NETCONF sessions in the end of messaging is an operable solution. However, it is also observed that throughput and CPU could be limitations for such an implementation in cloud-native environment. In addition, it must be considered that authentication time is affected based on chosen security provider

An ICT-oriented Management Solution for NGNs

NGN architecture reused several standards from the IP world, as exemplified by the Session Initiation Protocol SIP, which is ubiquitous in the majority of these network components. However, the NGN management architecture simply presented a very generic management model that follows TMN. Several management technologies are proposed, such as Web services, CORBA and SNMP, to implement management solutions. Network and systems management standardizing bodies currently promote newer technologies that aim to solve known shortcomings to these. This paper proposes a management solution for NGNs based on recent IP world technologies. The presented solution was implemented in the form of a middleware to manage NGN elements. This middleware was used in the management of an element belonging to the IP Multimedia Subsystem platform, namely the Policy and Charging Rules Function

Performance Evaluation of SNMPv1/2c/3 using Different Security Models on Raspberry Pi

The Simple Network Management Protocol (SNMP) is one of the dominant protocols for network monitoring and configuration. The first two versions of SNMP (v1 and v2c) use the Community-based Security Model (CSM), where the community is transferred in clear text, resulting in a low level of security. With the release of SNMPv3, the User-based Security Model (USM) and Transport Security Model (TSM) were proposed, with strong authentication and privacy at different levels. The Raspberry Pi family of Single-Board Computers (SBCs) is widely used for many applications. To help their integration into network management systems, it is essential to study the impact of the different versions and security models of SNMP on these SBCs. In this work, we carried out a performance analysis of SNMP agents running in three different Raspberry Pis (Pi Zero W, Pi 3 Model B, and Pi 3 Model B+). Our comparisons are based on the response time, defined as the time required to complete a request/response exchange between a manager and an agent. Since we did not find an adequate tool for our assessments, we developed our own benchmarking tool. We did numerous experiments, varying different parameters such as the type of requests, the number of objects involved per request, the security levels of SNMPv3/USM, the authentication and privacy protocols of SNMPv3/USM, the transport protocols, and the versions and security models of SNMP. Our experiments were executed with Net-SNMP, an open-source and comprehensive distribution of SNMP. Our tests indicate that SNMPv1 and SNMPv2c have similar performance. SNMPv3 has a longer response time, due to the overhead caused by the security services (authentication and privacy). The Pi 3 Model B and Pi 3 Model B+ have comparable performance, and significantly outperform the Pi Zero W

Advanced concept of voice communication server on embedded platform

The paper deals with a design of an embedded Voice communication server which was developed within the scope of the BESIP project (Bright Embedded Solution for IP Telephony). The project brings a modular architecture with additional functionality such as a speech quality monitoring and a protection against security threats.The speech quality assessment is carried out in a simplified computational E-model and we implemented our proposal into the BESIP as an optional component. In the security module. We applied a standard approach to the intrusion detection and protection and in addition to the mentioned modules we come up with an idea of unified configuration based on the NETCONF protocol. We implemented ntegrated the complex support of NETCONF configuration protoco into OpenWRT and our modifications were accepted by OpenWRT community. The paper describes the inidvidual modules, their features and entire BESIP concept.Scopus892b23322

CLI Crawler

Many systems within the IT infrastructure have a Command Line Interface (CLI) for configuration changes. Some of these systems may expose a Configuration Management interface over a web service but this web service usually only exposes a fraction of the configuration possibilities in a CLI. Thus it would be of great help to investigate how a framework for automated CLI discovery can be developed, which is what this bachelor’s thesis is about. One objective of the bachelor’s thesis was to determine the best possible way to access the command structure of CLIs and to determine how a CLI discovery application can be developed. The other objective was to develop such a prototype. Such a CLI discovery application must support exporting the result of the discovery process into a YANG model (a hierarchical modeling language for NETCONF) in the future. A prototype, CLI Crawler, was developed. CLI Crawler was designed to be as automated as possible, however during the discovery process user interaction is required in order to help CLI Crawler get past certain obstacles. Such an obstacle could be when a CLI requires a certain input that only the user has knowledge of. At first CLI Crawler connects to a remote system with the use of Secure Shell (SSH) or Terminal Network (Telnet). Thereafter the discovery process is started which traverses all of the possible commands, modes and attributes in a certain CLI. During such a discovery process the command structure is both being printed in real-time in the GUI as a hierarchical tree structure and added to a database which will be used for exporting the command structure as YANG in the future. CLI Crawler shows that it is possible to develop a framework for automated CLI discovery. However more work and research has to be done before CLI Crawler will become a viable way of discovering and representing a CLI’s command structure. For instance more CLIs have to be integrated with CLI Crawler in order to make them compatible with the discovery process