Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration

Growing traffic demands and increasing security awareness are driving the need for secure services. Current solutions require manual configuration and deployment based on the customer's requirements. In this work, we present an architecture for an automatic intent-based provisioning of a secure service in a multilayer - IP, Ethernet, and optical - network while choosing the appropriate encryption layer using an open-source software-defined networking (SDN) orchestrator. The approach is experimentally evaluated in a testbed with commercial equipment. Results indicate that the processing impact of secure channel creation on a controller is negligible. As the time for setting up services over WDM varies between technologies, it needs to be taken into account in the decision-making process.Comment: Parts of the presented work has received funding from the European Commission within the H2020 Research and Innovation Programme, under grant agreeement n.645127, project ACIN

Intent-Based In-flight Service Encryption in Multi-Layer Transport Networks

We demonstrate multi-layer encrypted service provisioning via the ACINO orchestrator. ACINO combines a novel intent interface with an ONOS-based SDN orchestrator to facilitate encrypted services at IP, Ethernet and optical network layers.Comment: Optical Fiber Communication Conferenc

ICONA: a peer-to-peer approach for Software Defined Wide Area Networks using ONOS

Several Internet Service Providers (ISP) are plan- ning to innovate their infrastructures through a process of network softwarisation and programmability. The Software- Defined-Network (SDN) paradigm aims at improving the design, configuration, maintenance and service provisioning agility of the network through a centralised software control plane which is in charge of managing the entire system. This is easily achievable for local area networks, typical of data centres, where the benefits of having programmable access to the entire network is not restricted by latency. However, in Wide Area Networks, a centralised control plane limits the speed of responsiveness in reaction to time-constrained network events due to unavoidable latencies caused by physical distances. A logical step towards robustness in SDN is to distribute the load of the control plane between entities, each taking care of a portion of the entire geographical network and each providing an east-west communication interface to enable programmability of the entire network. Moreover, a key objective of an SDN control plane targeting an ISP networks is the east-west interface with external domains under the control of other providers. In this article we present ICONA (Inter Cluster Onos Network Application), a tool that has the objective of enabling programmable networks to span multiple clusters of controllers within either a single or multiple administrative domains. In particular, the paper describes the architecture behind ICONA and provides an initial evaluation obtained on a preliminary version of the tool, built on top of the cutting-edge network controller ONOS, Hummingbird release

Hybrid IP/SDN networking: open implementation and experiment management tools

The introduction of SDN in large-scale IP provider networks is still an open issue and different solutions have been suggested so far. In this paper we propose a hybrid approach that allows the coexistence of traditional IP routing with SDN based forwarding within the same provider domain. The solution is called OSHI - Open Source Hybrid IP/SDN networking as we have fully implemented it combining and extending Open Source software. We discuss the OSHI system architecture and the design and implementation of advanced services like Pseudo Wires and Virtual Switches. In addition, we describe a set of Open Source management tools for the emulation of the proposed solution using either the Mininet emulator or distributed physical testbeds. We refer to this suite of tools as Mantoo (Management tools). Mantoo includes an extensible web-based graphical topology designer, which provides different layered network "views" (e.g. from physical links to service relationships among nodes). The suite can validate an input topology, automatically deploy it over a Mininet emulator or a distributed SDN testbed and allows access to emulated nodes by opening consoles in the web GUI. Mantoo provides also tools to evaluate the performance of the deployed nodes.Comment: Accepted for publication in IEEE Transaction of Network and Service Management - December 2015 http://dx.doi.org/10.1109/TNSM.2015.250762

ACINO: Second year report on dissemination and communication activities

This ACINO deliverable presents the communication and dissemination activities performed by the consortium during the first two years of the project. We have communicated using our website, Twitter account and by various communication actions: The website saw over 3000 unique visitors during the first year and over 4000 during the second year; The consortium Twitter account had 49 followers at the end of the first year and 80 at the end of the second year. We posted 50 tweets during the first year and 40 more during the second year; We also held a press release and an interview in a magazine during the first year, and had three more similar communication actions during the second year. The dissemination activities have been composed of participation in public events where the goals and concepts of ACINO were presented via publications, presentation, workshops, courses and demonstrations. Overall, over forty different dissemination activities have been performed: An article has been published in peer-reviewed, open access Journal of Green Engineering; Eighteen articles have been published in conferences: four during the first year and fourteen during the second. One of them was a post-deadline and six were invited papers; We have co-organised three workshops: the Workshop on Network Function Virtualization and Programmable Networks at EUCNC 2015, the first Workshop on Multi-Layer Network Orchestration (NetOrch) at ICTON 2016 and the stand-alone ONOS/CORD workshop; We have held 16 talks, tutorial, courses and demonstrations; Consortium members have won two prizes for work related to ACINO: a team of developers won the 3rd prize of the ONOS Build Hackathon, and Telefónica won the Best SDN-NFV solution award at the LTE and 5G World conference by presenting a solution in which Sedona Systems was involved; We have contributed to six IETF standardisation documents and done some implementation and test of these standards. We have contributed to two open source projects: the NetPhony and ONOS controllers, with the implementation of main features being accepted and merged to the core code of these open source projects. Finally, the project has devised detailed plans for its dissemination activities for the last year of the project. We have: Confirmed plans for the organisation of a workshop, the second edition of the NetOrch workshop, co-located with the ICTON conference; A solid plan for continued dissemination in conferences (already five accepted conference papers, five talk invitations and a list of conferences of interest) and in peer-reviewed journals, with one article accepted for publication in the Journal of Lightwave Technology, two articles under review and plans for four more; Some more planned contribution to open source projects

A Proposal for End-to-End QoS Provisioning in Software-Defined Networks

This paper describes a framework application for the control plane of a network infrastructure; the objective is to feature end-user applications with the capability of requesting at any time a customised end-to-end Quality-of-Service profile in the context of dynamic Service-Level-Agreements. Our solution targets current and future real-time applications that require tight QoS parameters, such as a guaranteed end-to-end delay bound. These applications include, but are not limited to, health-care, mobility, education, manufacturing, smart grids, gaming and much more. We discuss the issues related to the previous Integrated Service and the reason why the RSVP protocol for guaranteed QoS did not take off. Then we present a new signaling and resource reservation framework based on the cutting-edge network controller ONOS. Moreover, the presented system foresees the need of considering the edges of the network, where terminal applications are connected to, to be piloted by distinct logically centralised controllers. We discuss a possible inter-domain communication mechanism to achieve the end-to-end QoS guarantee

Tunable clustering of magnetic nanoparticles in microgels: enhanced magnetic relaxivity by modulation of network architecture

The demonstration presents the first implementation of a resource negotiation scheme between users and a network for the provisioning of application-aware connectivity services. This active interaction enables the users, who request connectivity services with multiple application requirements, to select an alternative solution when the network does not have enough resources to satisfy the original requests

Intent-based in-flight service encryption in multi-layer transport networks

We demonstrate multi-layer encrypted service provisioning via the ACINO orchestrator. ACINO combines a novel intent interface with an ONOS-based SDN orchestrator to facilitate encrypted services at IP, Ethernet and optical network layers