25 research outputs found

    Simulating and prototyping software defined networking (SDN) using Mininet approach to optimise host communication in realistic programmable networking environment

    Get PDF
    In this project, two tests were performed. On the first test, Mininet-WiFi was used to simulate a Software Defined Network to demonstrate Mininet-WiFi’ s ability to be used as the Software Defined Network emulator which can also be integrated to the existing network using a Network Virtualized Function (NVF). A typical organization’s computer network was simulated which consisted of a website hosted on the LAMP (Linux, Apache, MySQL, PHP) virtual machine, and an F5 application delivery controller (ADC) which provided load balancing of requests sent to the web applications. A website page request was sent from the virtual stations inside Mininet-WiFi. The request was received by the application delivery controller, which then used round robin technique to send the request to one of the web servers on the LAMP virtual machine. The web server then returned the requested website to the requesting virtual stations using the simulated virtual network. The significance of these results is that it presents Mininet-WiFi as an emulator, which can be integrated into a real programmable networking environment offering a portable, cost effective and easily deployable testing network, which can be run on a single computer. These results are also beneficial to modern network deployments as the live network devices can also communicate with the testing environment for the data center, cloud and mobile provides. On the second test, a Software Defined Network was created in Mininet using python script. An external interface was added to enable communication with the network outside of Mininet. The amazon web services elastic computing cloud was used to host an OpenDaylight controller. This controller is used as a control plane device for the virtual switch within Mininet. In order to test the network, a webserver hosted on the Emulated Virtual Environment – Next Generation (EVENG) software is connected to Mininet. EVE-NG is the Emulated Virtual Environment for networking. It provides tools to be able to model virtual devices and interconnect them with other virtual or physical devices. The OpenDaylight controller was able to create the flows to facilitate communication between the hosts in Mininet and the webserver in the real-life network.Electrical and Mining EngineeringM. Tech. (Electrical Engineering

    Suporte de monitorização baseada em NETCONF

    Get PDF
    Mestrado em Engenharia de Computadores e TelemáticaA necessidade de gestão dos equipamentos das redes tem juntado em volta de organismos normalizadores como o IETF e o DMTF, a comunidade académica e os fabricantes de equipamentos. A evolução das características das redes, como por exemplo a sua dimensão, o número e a heterogeneidade dos equipamentos interligados, e a crescente diversidade de serviços de rede têm vindo a alterar os requisitos de gestão e, por conseguinte, a criar a necessidade de novas tecnologias para gerir essas redes. A tecnologia de gestão SNMP surgiu em meados dos anos 80 e, apesar de um conjunto de defeitos que rapidamente lhe foram apontados, rapidamente se tornou a tecnologia de gestão de facto, sendo omnipresente na maioria dos equipamentos de rede e estando disponível sob a forma de imensas APIs e aplicações de gestão. Sendo uma tecnologia nascida de entre a comunidade de gestão de redes IP, não incluía outros detalhes relacionados com a gestão de sistemas e serviços que entretanto foram incluídos pelo DMTF na tecnologia WBEM, segundo uma lógica de gestão integrada. O WBEM inclui já tecnologias da web para representar e codificar a informação de gestão, de forma a fomentar a interoperabilidade da gestão dos equipamentos de diferentes modelos e fabricantes. Com o advento dos Web services, e dada as suas vantagens de rápido desenvolvimento e interoperabilidade, as entidades normalizadoras da área da gestão dos sistemas propuseram novas tecnologias como o WSDM-MUWS do OASIS e o WS-MAN do DMTF. Como forma de ultrapassar os problemas desde sempre apontados ao SNMP, especialmente os relacionados com a sua segurança e falta de escalabilidade para transporte de grandes quantidade de informação, o IETF desenvolveu uma nova tecnologia designada de NETCONF que utiliza a codificação XML e alternativas de transporte de informação seguras e fiáveis. Normalizou também uma linguagem para descrição da informação de gestão, o YANG, criada especificamente para ser utilizada com este protocolo. Neste trabalho, implementou-se uma solução de monitorização utilizando a tecnologia NETCONF, que efetua o transporte da informação de gestão em SOAP. A presente dissertação documenta a implementação da solução de monitorização NETCONF proposta e da respetiva avaliação, comparado as características e capacidades da tecnologia utilizada com as tecnologias de gestão SNMP e WBEM em termos de tráfego gerado, de eficiência de sinalização e de tempos de resposta. Da análise destes testes são tiradas ilações acerca do desempenho destes protocolos e da viabilidade do NETCONF como solução futura para a gestão e monitorização de redes.The need for management of network equipment has gathered around standard setting bodies like the IETF and the DMTF, the academic community and equipment manufacturers. The evolution of network characteristics such as its size, the number and heterogeneity of devices, and the growing diversity of network services are changing the management requirements and, therefore creating the need for new technologies to manage these networks. The SNMP management technology emerged in the mid 80s and, despite a number of defects that were pointed out, it quickly became the de facto management technology, is ubiquitous in most network equipment and is available in lots of APIs and management applications. Being a technology born from IP network management community, it did not include other details related to the management of systems and services which have been included in the DMTFs WBEM standard, for integrated management. WBEM already includes web-based technologies to represent and encode management information in order to enhance interoperability among the solutions and equipment from different manufacturers. With the advent of Web services, and given its advantages of rapid development and interoperability, entities standardizing management systems proposed new technologies such as the OASIS WSDM-MUWS and the DMTF WS-MAN. To overcome the problems pointed to SNMP, especially those related to its safety and lack of scalability to transport large amount of information, the IETF has developed a new technology called NETCONF that uses the XML encoding and several alternatives for secure and reliable transport of information. They also normalized a language for describing management information, YANG, created specifically for use with this protocol. In this work, we implemented a monitoring solution using NETCONF, which makes the transport of management information in SOAP. This dissertation documents this implementation, the relevant technical assessment of the proposal and compared the features and capabilities of the technology used with the WBEM and SNMP technologies in terms of generated traffic, coding efficiency and response times. From the analysis of these tests lessons are taken about the performance of these protocols and the feasibility of NETCONF as a solution for the future of network management and monitoring

    Remote Configuration of Active Network Devices

    Get PDF
    Import 03/11/2016Práce se zabývá návrhem a implementací softwarové mezivrstvy pro vzdálenou konfiguraci síťových zařízení zaměřující se především na ovlivnění datových toků v síti s využitím síťového konfiguračního protokolu NETCONF a zvoleného softwaru určeného ke komunikaci klientského počítače se síťovými prvky a jejím následném otestováním v laboratorních podmínkách na fyzických zařízeních. V práci jsou také uvedeny a popsány technologie použité při vytváření softwarové mezivrstvy. V teoretické části je čtenář seznámen se základy řízení provozu v počítačových sítích, s popisem funkcionality síťového konfiguračního protokolu NETCONF a možnostmi zabezpečení přenosu mezi klientem a serverem. Zmíněn je také výčet komerčních a nekomerčních implementací tohoto protokolu.The work deals with design and implementation of software interlayer for remote configuration of network devices focused primarily on influencing the network traffic using a network configuration protocol NETCONF and selected software designed to communicate the client computer with network devices and its subsequently testing in laboratory conditions on a physical device. The work also lists and describes the technologies, which were used to create the software interlayer. In the theoretical part, the reader is familiar with the basics of traffic management in computer networks, with describing the functionality of the network configuration protocol NETCONF, its possibilities and transmission security between client and server. Listed is also a list of commercial and non-commercial implementations of this protocol.440 - Katedra telekomunikační technikydobř

    Guidelines for Authors and Reviewers of YANG Data Model Documents

    Full text link

    Deliverable JRA1.1: Evaluation of current network control and management planes for multi-domain network infrastructure

    Get PDF
    This deliverable includes a compilation and evaluation of available control and management architectures and protocols applicable to a multilayer infrastructure in a multi-domain Virtual Network environment.The scope of this deliverable is mainly focused on the virtualisation of the resources within a network and at processing nodes. The virtualization of the FEDERICA infrastructure allows the provisioning of its available resources to users by means of FEDERICA slices. A slice is seen by the user as a real physical network under his/her domain, however it maps to a logical partition (a virtual instance) of the physical FEDERICA resources. A slice is built to exhibit to the highest degree all the principles applicable to a physical network (isolation, reproducibility, manageability, ...). Currently, there are no standard definitions available for network virtualization or its associated architectures. Therefore, this deliverable proposes the Virtual Network layer architecture and evaluates a set of Management- and Control Planes that can be used for the partitioning and virtualization of the FEDERICA network resources. This evaluation has been performed taking into account an initial set of FEDERICA requirements; a possible extension of the selected tools will be evaluated in future deliverables. The studies described in this deliverable define the virtual architecture of the FEDERICA infrastructure. During this activity, the need has been recognised to establish a new set of basic definitions (taxonomy) for the building blocks that compose the so-called slice, i.e. the virtual network instantiation (which is virtual with regard to the abstracted view made of the building blocks of the FEDERICA infrastructure) and its architectural plane representation. These definitions will be established as a common nomenclature for the FEDERICA project. Other important aspects when defining a new architecture are the user requirements. It is crucial that the resulting architecture fits the demands that users may have. Since this deliverable has been produced at the same time as the contact process with users, made by the project activities related to the Use Case definitions, JRA1 has proposed a set of basic Use Cases to be considered as starting point for its internal studies. When researchers want to experiment with their developments, they need not only network resources on their slices, but also a slice of the processing resources. These processing slice resources are understood as virtual machine instances that users can use to make them behave as software routers or end nodes, on which to download the software protocols or applications they have produced and want to assess in a realistic environment. Hence, this deliverable also studies the APIs of several virtual machine management software products in order to identify which best suits FEDERICA’s needs.Postprint (published version

    Time-Sensitive Networking for Industrial Automation: Challenges, Opportunities, and Directions

    Full text link
    With the introduction of Cyber-Physical Systems (CPS) and Internet of Things (IoT) into industrial applications, industrial automation is undergoing tremendous change, especially with regard to improving efficiency and reducing the cost of products. Industrial automation applications are often required to transmit time- and safety-critical data to monitor and control industrial processes, especially for critical control systems. There are a number of solutions to meet these requirements (e.g., priority-based real-time schedules and closed-loop feedback control systems). However, due to their different processing capabilities (e.g., in the end devices and network switches), different vendors may come out with distinct solutions, and this makes the large-scale integration of devices from different vendors difficult or impossible. IEEE 802.1 Time-Sensitive Networking (TSN) is a standardization group formed to enhance and optimize the IEEE 802.1 network standards, especially for Ethernet-based networks. These solutions can be evolved and adapted into a cross-industry scenario, such as a large-scale distributed industrial plant, which requires multiple industrial entities working collaboratively. This paper provides a comprehensive review on the current advances in TSN standards for industrial automation. We present the state-of-the-art IEEE TSN standards and discuss the opportunities and challenges when integrating each protocol into the industry domains. Finally, we discuss some promising research about applying the TSN technology to industrial automation applications

    OpenDaylight SDN controller platform

    Get PDF
    Implementació d'una solució SDN amb opendaylightImplementación of a SDN solution based on OpenDaylight: controller architecture and developer guideImplementación de una solución SDN basada en OpenDaylight: arquitectura y guia de desarrollo.Implementació d'una solució SDN basada en OpenDaylight: arquitectura del controlador i guia de desenvolupament

    AUTOMATED NETWORK SECURITY WITH EXCEPTIONS USING SDN

    Get PDF
    Campus networks have recently experienced a proliferation of devices ranging from personal use devices (e.g. smartphones, laptops, tablets), to special-purpose network equipment (e.g. firewalls, network address translation boxes, network caches, load balancers, virtual private network servers, and authentication servers), as well as special-purpose systems (badge readers, IP phones, cameras, location trackers, etc.). To establish directives and regulations regarding the ways in which these heterogeneous systems are allowed to interact with each other and the network infrastructure, organizations typically appoint policy writing committees (PWCs) to create acceptable use policy (AUP) documents describing the rules and behavioral guidelines that all campus network interactions must abide by. While users are the audience for AUP documents produced by an organization\u27s PWC, network administrators are the responsible party enforcing the contents of such policies using low-level CLI instructions and configuration files that are typically difficult to understand and are almost impossible to show that they do, in fact, enforce the AUPs. In other words, mapping the contents of imprecise unstructured sentences into technical configurations is a challenging task that relies on the interpretation and expertise of the network operator carrying out the policy enforcement. Moreover, there are multiple places where policy enforcement can take place. For example, policies governing servers (e.g., web, mail, and file servers) are often encoded into the server\u27s configuration files. However, from a security perspective, conflating policy enforcement with server configuration is a dangerous practice because minor server misconfigurations could open up avenues for security exploits. On the other hand, policies that are enforced in the network tend to rarely change over time and are often based on one-size-fits-all policies that can severely limit the fast-paced dynamics of emerging research workflows found in campus networks. This dissertation addresses the above problems by leveraging recent advances in Software-Defined Networking (SDN) to support systems that enable novel in-network approaches developed to support an organization\u27s network security policies. Namely, we introduce PoLanCO, a human-readable yet technically-precise policy language that serves as a middle-ground between the imprecise statements found in AUPs and the technical low-level mechanisms used to implement them. Real-world examples show that PoLanCO is capable of implementing a wide range of policies found in campus networks. In addition, we also present the concept of Network Security Caps, an enforcement layer that separates server/device functionality from policy enforcement. A Network Security Cap intercepts packets coming from, and going to, servers and ensures policy compliance before allowing network devices to process packets using the traditional forwarding mechanisms. Lastly, we propose the on-demand security exceptions model to cope with the dynamics of emerging research workflows that are not suited for a one-size-fits-all security approach. In the proposed model, network users and providers establish trust relationships that can be used to temporarily bypass the policy compliance checks applied to general-purpose traffic -- typically by network appliances that perform Deep Packet Inspection, thereby creating network bottlenecks. We describe the components of a prototype exception system as well as experiments showing that through short-lived exceptions researchers can realize significant improvements for their special-purpose traffic

    Policy Conflict Management in Distributed SDN Environments

    Get PDF
    abstract: The ease of programmability in Software-Defined Networking (SDN) makes it a great platform for implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers. In this dissertation, a formalism for flow rule conflicts in SDN environments is introduced. This formalism is realized in Brew, a security policy analysis framework implemented on an OpenDaylight SDN controller. Brew has comprehensive conflict detection and resolution modules to ensure that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free security policy implementation and preventing information leakage. Techniques for global prioritization of flow rules in a decentralized environment are presented, using which all SDN flow rule conflicts are recognized and classified. Strategies for unassisted resolution of these conflicts are also detailed. Alternately, if administrator input is desired to resolve conflicts, a novel visualization scheme is implemented to help the administrators view the conflicts in an aesthetic manner. The correctness, feasibility and scalability of the Brew proof-of-concept prototype is demonstrated. Flow rule conflict avoidance using a buddy address space management technique is studied as an alternate to conflict detection and resolution in highly dynamic cloud systems attempting to implement an SDN-based Moving Target Defense (MTD) countermeasures.Dissertation/ThesisDoctoral Dissertation Computer Science 201
    corecore