Scalable and responsive SDN monitoring and remediation for the Cloud-to-Fog continuum

Since the inception of the digital era the sharing of information has been revolutionary to the way we live, inspiring the continuous evolution of computer networks. Year by year, humankind becomes increasingly dependent on the use of connected services as new technologies evolve and become more widely accessible. As the widespread deployment of the Internet of Things, 5G, and connected cars rapidly approaches, with tens of billions of new devices connect- ing to the Internet, there will be a plethora of new faults and attacks that will require the need to be tracked and managed. This enormous increase on Internet reliance which is stretching the limits of current solutions to network monitoring introduces security concerns, as well as challenges of scale in operation and management. Todays conventional network monitoring and management lacks the flexibility, visibility, and intelligence required to effectively operate the next generation of the Internet. The advent of network softwarisation provides new methods for network management and operation, opening new solutions to net- work monitoring and remediation. In parallel, the increase in maturity of Edge computing lends itself to new solutions for scaling network softwarisation, by deploying services throughout the network. In this thesis, two proof-of-concept systems are presented which together harness the use of Software Defined Networking, Network Functions Virtualisation, and Cloud-to-Fog computing to address challenges of scale and network security: Siren is an open platform which manages the resources within the Internet, bridging network and infrastructure management and orchestration. Tennison is a network monitoring and remediation framework which tackles monitoring scalability through adapting to network context and providing a suitable architecture to the network topology, including the use of centralised, distributed, and hierarchical deployments

Combinatorial Auction-Based Resource Allocation in the Fog

Network service composition is becoming increasingly flexible, thanks in part to advances in virtualisation and cloud technologies. As these penetrate further into networks, providers are often looking to leverage this infrastructure to improve their service delivery. This desire poses a number of obstacles, including a diversity in device capabilities and the need for a value exchange mechanism. In this demonstration, we present a platform that seeks to address a selection of these challenges

SDQ: enabling rapid QoE experimentation using Software Defined Networking

The emerging network paradigm of Software Defined Networking (SDN) has been increasingly adopted to improve the Quality of Experiences (QoE) across multiple HTTP adaptive streaming (HAS) instances. However, there is currently a gap between research and reality in this field. QoE models, which offer user-level context to network management processes, are often tested in a simulation environment. Such environments do not consider the effects that network protocols, client programs, and other real world factors may have on the outcomes. Ultimately, this can lead to models not functioning as expected in real networks. On the other hand, setting up an experiment that reflects reality is a time consuming process requiring expert knowledge. This paper shares designs and guidelines of an SDN experimentation framework (SDQ), which offers rapid evaluation of QoE models using real network infrastructures

Siren:a platform for deployment of VNFs in distributed infrastructures

Fog computing is conceiving an Internet where general purpose compute is ubiquitous, in turn this is providing new infrastructures for Network Functions Virtualisation (NFV). However, current NFV designs focus on the Cloud, resulting in broken and suboptimal deployments when deploying to the Fog. Through a case study with preliminary results, this paper presents the e ectiveness of Siren: a new prototype platform designed as a tool to deploy and manage Virtual Network Functions in Fog environments

Closing the gap: human factors in cross-device media synchronization

The continuing growth in the mobile phone arena, particularly in terms of device capabilities and ownership is having a transformational impact on media consumption. It is now possible to consider orchestrated multi-stream experiences delivered across many devices, rather than the playback of content from a single device. However, there are significant challenges in realising such a vision, particularly around the management of synchronicity between associated media streams. This is compounded by the heterogeneous nature of user devices, the networks upon which they operate, and the perceptions of users. This paper describes IMSync, an open inter-stream synchronisation framework that is QoE-aware. IMSync adopts efficient monitoring and control mechanisms, alongside a QoE perception model that has been derived from a series of subjective user experiments. Based on an observation of lag, IMSync is able to use this model of impact to determine an appropriate strategy to catch-up with playback whilst minimising the potential detrimental impacts on a users QoE. The impact model adopts a balanced approach: trading off the potential impact on QoE of initiating a re-synchronisation process compared with retaining the current levels of non-synchronicity, in order to maintain high levels of QoE. A series of experiments demonstrate the potential of the framework as a basis for enabling new, immersive media experiences

Using P4 to Enable Scalable Intents in Software Defined Networks

When designing Software Defined Networks (SDNs), there is a risk that the additional abstractions available can result in reduced scalability and performance. One such abstraction, intents, are a way in which network administrators can express policies rather than having to define specific forwarding rules. This provides a benefit to administrators in allowing automatic network reconfiguration and fault tolerance. In this paper, we highlight the performance overheads associated with the intents framework from a popular SDN controller, ONOS. We propose a novel prototype that leverages source-based routing and programmable data planes using P4 in order to reduce the overheads of intent-based forwarding

Siren:A platform for deploying virtual network services in the cloud to Fog continuum

The burden put on network infrastructures is changing. The increasing number of connected devices, along with growing demand, are creating an unsustainable future for the Internet. The recently introduced concept of Fog computing predicts a future Internet where general compute power is ubiquitous, extending the Cloud right the way to the network edge. In turn, this acts as a catalyst for Network Functions Virtualisation (NFV), increasing the potential infrastructure locations for deploying new services, specifically ones that can cater to the demands of the changing Internet. However, current realisations of NFV typically host network functions in homogeneous, centralised servers in Cloud infrastructures. This is in contrast to the Fog where environments are both distributed and heterogeneous, thus current management and orchestration platforms suffer from suboptimal service deployment. With the use of a multiple use cases, and a novel auctioning orchestration method, this paper presents Siren, which is an orchestrator for network functions in the Cloud to Fog continuum

Tennison: A Distributed SDN Framework for Scalable Network Security

Despite the relative maturity of the Internet, the computer networks of today are still susceptible to attack. The necessary distributed nature of networks for wide area connectivity has traditionally led to high cost and complexity in designing and implementing secure networks. With the introduction of software-defined networks (SDNs) and network functions virtualization, there are opportunities for efficient network threat detection and protection. SDN's global view provides a means of monitoring and defense across the entire network. However, current SDN-based security systems are limited by a centralized framework that introduces significant control plane overhead, leading to the saturation of vital control links. In this paper, we introduce TENNISON, a novel distributed SDN security framework that combines the efficiency of SDN control and monitoring with the resilience and scalability of a distributed system. TENNISON offers effective and proportionate monitoring and remediation, compatibility with widely available networking hardware, support for legacy networks, and a modular and extensible distributed design. We demonstrate the effectiveness and capabilities of the TENNISON framework through the use of four attack scenarios. These highlight multiple levels of monitoring, rapid detection, and remediation, and provide a unique insight into the impact of multiple controllers on network attack detection at scale

Baguette:towards end-to-end service orchestration in heterogeneous networks

Network services are the key mechanism for operators to introduce intelligence and generate profit from their infrastructures. The growth of the number of network users and the stricter application network requirements have highlighted a number of challenges in orchestrating services using existing production management and configuration protocols and mechanisms. Recent networking paradigms like Software Defined Networking (SDN) and Network Function Virtualization (NFV), provide a set of novel control and management interfaces that enable unprecedented automation, flexibility and openness capabilities in operator infrastructure management. This paper presents Baguette, a novel and open service orchestration framework for operators. Baguette supports a wide range of network technologies, namely optical and wired Ethernet technologies, and allows service providers to automate the deployment and dynamic re-optimization of network services. We present the design of the orchestrator and elaborate on the integration of Baguette with existing low-level network and cloud management frameworks

Network service orchestration standardization:a technology survey

Network services underpin operator revenues, and value-added services provide income beyond core (voice and data) infrastructure capability. Today, operators face multiple challenges: a need to innovate and offer a wider choice of value-added services, whilst increasing network scale, bandwidth and flexibility. They must also reduce operational costs, and deploy services far faster - in minutes rather than days or weeks. In the recent years, the network community, motivated by the aforementioned challenges, has developed production network architectures and seeded technologies, like Software Defined Networking, Application-based Network Operations and Network Function Virtualization. These technologies enhance the highly desired properties for elasticity, agility and cost-effectiveness in the operator environment. A key requirement to fully exploit the benefits of these new architectures and technologies is a fundamental shift in management and control of resources, and the ability to orchestrate the network infrastructure: coordinate the instantiation of high-level network services across different technological domains and automate service deployment and re-optimization. This paper surveys existing standardization efforts for the orchestration - automation, coordination, and management - of complex set of network and function resources (both physical and virtual), and highlights the various enabling technologies, strengths and weaknesses, adoption challenges for operators, and areas where further research is required