Mejora de la Calidad en Redes WLAN Coordinadas a través de SDWN

[ES] En el presente trabajo se propone una arquitectura capaz de mejorar la calidad de las comunicaciones multimedia en redes WLAN coordinadas, mediante la utilización de SDN (Software Defined Networks). Para esto se requiere que dichas soluciones SDN sean adaptadas para poder identificar los parámetros propios de las redes Wi-Fi, tales como interferencias, movilidad, selección de canales, etc. y sean capaces de abordar los problemas derivados de los requerimientos de calidad de las estaciones que comparten la misma red inalámbrica.Este trabajo ha sido financiado parcialmente por la Comisión Europea a través del Proyecto Wi5 (H2020 G.A. no 644262), por la DGA y el fondo social europeo a través de CeNITEQ, y por el Gobierno de España a través del proyecto TISFIBE (TIN2015-64770-R).Fernández Navajas, J.; Sequeira Villarreal, L.; Ruiz Mas, J.; Saldaña Medina, JM. (2018). Mejora de la Calidad en Redes WLAN Coordinadas a través de SDWN. En XIII Jornadas de Ingeniería telemática (JITEL 2017). Libro de actas. Editorial Universitat Politècnica de València. 148-151. https://doi.org/10.4995/JITEL2017.2017.6564OCS14815

Impact of Processing-Resource Sharing on the Placement of Chained Virtual Network Functions

Network Function Virtualization (NFV) provides higher flexibility for network operators and reduces the complexity in network service deployment. Using NFV, Virtual Network Functions (VNF) can be located in various network nodes and chained together in a Service Function Chain (SFC) to provide a specific service. Consolidating multiple VNFs in a smaller number of locations would allow decreasing capital expenditures. However, excessive consolidation of VNFs might cause additional latency penalties due to processing-resource sharing, and this is undesirable, as SFCs are bounded by service-specific latency requirements. In this paper, we identify two different types of penalties (referred as "costs") related to the processingresource sharing among multiple VNFs: the context switching costs and the upscaling costs. Context switching costs arise when multiple CPU processes (e.g., supporting different VNFs) share the same CPU and thus repeated loading/saving of their context is required. Upscaling costs are incurred by VNFs requiring multi-core implementations, since they suffer a penalty due to the load-balancing needs among CPU cores. These costs affect how the chained VNFs are placed in the network to meet the performance requirement of the SFCs. We evaluate their impact while considering SFCs with different bandwidth and latency requirements in a scenario of VNF consolidation.Comment: Accepted for publication in IEEE Transactions on Cloud Computin

NFV Platforms: Taxonomy, Design Choices and Future Challenges

Due to the intrinsically inefficient service provisioning in traditional networks, Network Function Virtualization (NFV) keeps gaining attention from both industry and academia. By replacing the purpose-built, expensive, proprietary network equipment with software network functions consolidated on commodity hardware, NFV envisions a shift towards a more agile and open service provisioning paradigm. During the last few years, a large number of NFV platforms have been implemented in production environments that typically face critical challenges, including the development, deployment, and management of Virtual Network Functions (VNFs). Nonetheless, just like any complex system, such platforms commonly consist of abounding software and hardware components and usually incorporate disparate design choices based on distinct motivations or use cases. This broad collection of convoluted alternatives makes it extremely arduous for network operators to make proper choices. Although numerous efforts have been devoted to investigating different aspects of NFV, none of them specifically focused on NFV platforms or attempted to explore their design space. In this paper, we present a comprehensive survey on the NFV platform design. Our study solely targets existing NFV platform implementations. We begin with a top-down architectural view of the standard reference NFV platform and present our taxonomy of existing NFV platforms based on what features they provide in terms of a typical network function life cycle. Then we thoroughly explore the design space and elaborate on the implementation choices each platform opts for. We also envision future challenges for NFV platform design in the incoming 5G era. We believe that our study gives a detailed guideline for network operators or service providers to choose the most appropriate NFV platform based on their respective requirements. Our work also provides guidelines for implementing new NFV platforms

Graph-based feature enrichment for online intrusion detection in virtual networks

The increasing number of connected devices to provide the required ubiquitousness of Internet of Things paves the way for distributed network attacks at an unprecedented scale. Graph theory, strengthened by machine learning techniques, improves an automatic discovery of group behavior patterns of network threats often omitted by traditional security systems. Furthermore, Network Function Virtualization is an emergent technology that accelerates the provisioning of on-demand security function chains tailored to an application. Therefore, repeatable compliance tests and performance comparison of such function chains are mandatory. The contributions of this dissertation are divided in two parts. First, we propose an intrusion detection system for online threat detection enriched by a graph-learning analysis. We develop a feature enrichment algorithm that infers metrics from a graph analysis. By using different machine learning techniques, we evaluated our algorithm for three network traffic datasets. We show that the proposed graph-based enrichment improves the threat detection accuracy up to 15.7% and significantly reduces the false positives rate. Second, we aim to evaluate intrusion detection systems deployed as virtual network functions. Therefore, we propose and develop SFCPerf, a framework for an automatic performance evaluation of service function chaining. To demonstrate SFCPerf functionality, we design and implement a prototype of a security service function chain, composed of our intrusion detection system and a firewall. We show the results of a SFCPerf experiment that evaluates the chain prototype on top of the open platform for network function virtualization (OPNFV).O crescente número de dispositivos IoT conectados contribui para a ocorrência de ataques distribuídos de negação de serviço a uma escala sem precedentes. A Teoria de Grafos, reforçada por técnicas de aprendizado de máquina, melhora a descoberta automática de padrões de comportamento de grupos de ameaças de rede, muitas vezes omitidas pelos sistemas tradicionais de segurança. Nesse sentido, a virtualização da função de rede é uma tecnologia emergente que pode acelerar o provisionamento de cadeias de funções de segurança sob demanda para uma aplicação. Portanto, a repetição de testes de conformidade e a comparação de desempenho de tais cadeias de funções são obrigatórios. As contribuições desta dissertação são separadas em duas partes. Primeiro, é proposto um sistema de detecção de intrusão que utiliza um enriquecimento baseado em grafos para aprimorar a detecção de ameaças online. Um algoritmo de enriquecimento de características é desenvolvido e avaliado através de diferentes técnicas de aprendizado de máquina. Os resultados mostram que o enriquecimento baseado em grafos melhora a acurácia da detecção de ameaças até 15,7 % e reduz significativamente o número de falsos positivos. Em seguida, para avaliar sistemas de detecção de intrusões implantados como funções virtuais de rede, este trabalho propõe e desenvolve o SFCPerf, um framework para avaliação automática de desempenho do encadeamento de funções de rede. Para demonstrar a funcionalidade do SFCPerf, ´e implementado e avaliado um protótipo de uma cadeia de funções de rede de segurança, composta por um sistema de detecção de intrusão (IDS) e um firewall sobre a plataforma aberta para virtualização de função de rede (OPNFV)

Specification of Smart AP solutions - version 2

This document includes the specification of the second version of the Smart Access Point (AP) Solutions, which are being developed within WP3 of the Wi-5 project. After the Literature Review, a global view of the Wi-5 architecture is presented which includes not only the Smart AP Solutions but also the Cooperative Functionalities being developed in WP4. Next, the Smart AP Solutions are described including the summary of the general approach being followed based on Light Virtual APs (LVAPs). The functionalities enabling Radio Resource Management (i.e. Dynamic Channel Allocation, Load Balancing and Power Control) are reported in detail and the current status of the implementation of the solutions is detailed, with a set of improvements aimed at integrating the support of different channels within the Wi-5 framework. A multi-channel handoff scheme has been designed, requiring a good synchronisation between the different events, in order to make the LVAP switching happen at the same moment when the STA switches its channel. In addition, the beacon generation has been modified in order to improve the scalability and to give a better user experience during handoffs. Tests measuring the handoff delay are presented using three wireless cards from different manufacturers, and using as test traffic a flow of an online game with real-time constraints. The results show that fast handovers ranging from 30 to 200 milliseconds can be achieved. The savings provided by frame aggregation, and its effect on subjective quality have also been studied. A methodology including subjective tests with real users has evaluated this effect, using paired comparison. The results indicate that bandwidth usage savings and especially significant packet rate reduction can be obtained without degrading players’ Quality of Experience (QoE), as long as the overall latency is kept under 100ms. An important finding coming from these results is that the players do not register delay variation introduced by multiplexing

Final specification of the Smart AP solutions

This deliverable presents the final version of the specification for the mechanisms included in the Wi-5 Access Points (APs), which have been developed within WP3 of the Wi-5 project. Coordinated by a controller, these APs are able to run the Smart Access Point Solutions including resource management algorithms such as dynamic channel allocation, load balancing and power control. The seamless handover is also an important functionality to support this and the integration with the coordination entities of the Wi-5 architecture (i.e., the Wi-5 controller) and the interface with performance monitoring mechanisms are also defined. The document also includes a series of simulations aimed at studying the possibility of performing a centrally controlled coordination of the frame aggregation functionalities available in 802.11n and 802.11ac. The main section of this deliverable (section 4) is devoted to explaining the final version of the functionalities enabling all the Wi-5 features, with detailed information about their implementation, and the advances with respect to previous versions reported in Deliverables D3.2 and D3.3. These functions rely on the monitoring mechanisms defined in Deliverable D3.1. This section includes a) The framework used for the implementation based on the use of Light Virtual APs (LVAPs). b) The horizontal handover scheme, integrating multi-channel APs with the LVAPs approach, which includes extensive tests of the handover latency illustrating that they can really be seamless. c) Different applications including Channel Assignment, Mobility Management (in a reactive and a proactive way), and Load Balancing based on Received Signal (RSSI), Fittingness Factor and also considering the services being run in the terminals. Another section (section 5) details the results of a battery of measurements of the delays incurred by the system. Finally, a simulation environment is used in order to test different ways of performing a coordinated control of the frame aggregation mechanisms of 802.11. A Conclusions section surveys the work that has been carried out. The most innovative aspects are: a) The development of a method able to proactively manage the mobility of the users, also combining this with load balancing in real time. b) The proposal of central coordination for frame aggregation, which can provide a significant improvement in efficiency while still respecting the real-time requirements

XIII Jornadas de ingeniería telemática (JITEL 2017)

Las Jornadas de Ingeniería Telemática (JITEL), organizadas por la Asociación de Telemática (ATEL), constituyen un foro propicio de reunión, debate y divulgación para los grupos que imparten docencia e investigan en temas relacionados con las redes y los servicios telemáticos. Con la organización de este evento se pretende fomentar, por un lado el intercambio de experiencias y resultados, además de la comunicación y cooperación entre los grupos de investigación que trabajan en temas relacionados con la telemática. En paralelo a las tradicionales sesiones que caracterizan los congresos científicos, se desea potenciar actividades más abiertas, que estimulen el intercambio de ideas entre los investigadores experimentados y los noveles, así como la creación de vínculos y puntos de encuentro entre los diferentes grupos o equipos de investigación. Para ello, además de invitar a personas relevantes en los campos correspondientes, se van a incluir sesiones de presentación y debate de las líneas y proyectos activos de los mencionados equiposLloret Mauri, J.; Casares Giner, V. (2018). XIII Jornadas de ingeniería telemática (JITEL 2017). Editorial Universitat Politècnica de València. http://hdl.handle.net/10251/97612EDITORIA

Scylla: A Language for Virtual Network Functions Orchestration in Enterprise WLANs

Network Function Virtualization (NFV) is set to disrupt the current networking ecosystem by turning vertically-integrated middleboxes into software modules running on general purpose virtualized platforms. NFV will play a key role in future wireless and mobile networks where significant cost reductions can be obtained by virtualizing different layers and functions of the radio access and core network. Such goal raises several challenges in terms of both functional decomposition of the radio nodes and for the management and orchestration of the resulting network. In this work we present Scylla a high-level declarative language for programming network functions that allows programmers to implement per-flow custom packet processing. We also introduce a set of programming abstractions modeling the fundamental aspects of VNF orchestration. Finally, we present a proof-of-concept Controller and an SDK implementing the proposed abstractions

Scylla : a language for virtual network functions orchestration in enterprise WLANs

Network Function Virtualization (NFV) is set to disrupt the current networking ecosystem by turning vertically-integrated middleboxes into software modules running on general purpose virtualized platforms. NFV will play a key role in future wireless and mobile networks where significant cost reductions can be obtained by virtualizing different layers and functions of the radio access and core network. Such goal raises several challenges in terms of both functional decomposition of the radio nodes and for the management and orchestration of the resulting network. In this work we present Scylla a high-level declarative language for programming network functions that allows programmers to implement per-flow custom packet processing. We also introduce a set of programming abstractions modeling the fundamental aspects of VNF orchestration. Finally, we present a proof-of-concept Controller and an SDK implementing the proposed abstractions