98 research outputs found
Traffic Engineering with Segment Routing: SDN-based Architectural Design and Open Source Implementation
Traffic Engineering (TE) in IP carrier networks is one of the functions that
can benefit from the Software Defined Networking paradigm. By logically
centralizing the control of the network, it is possible to "program" per-flow
routing based on TE goals. Traditional per-flow routing requires a direct
interaction between the SDN controller and each node that is involved in the
traffic paths. Depending on the granularity and on the temporal properties of
the flows, this can lead to scalability issues for the amount of routing state
that needs to be maintained in core network nodes and for the required
configuration traffic. On the other hand, Segment Routing (SR) is an emerging
approach to routing that may simplify the route enforcement delegating all the
configuration and per-flow state at the border of the network. In this work we
propose an architecture that integrates the SDN paradigm with SR-based TE, for
which we have provided an open source reference implementation. We have
designed and implemented a simple TE/SR heuristic for flow allocation and we
show and discuss experimental results.Comment: Extended version of poster paper accepted for EWSDN 2015 (version v4
- December 2015
D-STREAMON: from middlebox to distributed NFV framework for network monitoring
Many reasons make NFV an attractive paradigm for IT security: lowers costs,
agile operations and better isolation as well as fast security updates,
improved incident responses and better level of automation. On the other side,
the network threats tend to be increasingly complex and distributed, implying
huge traffic scale to be monitored and increasingly strict mitigation delay
requirements. Considering the current trend of the net- working and the
requirements to counteract to the evolution of cyber-threats, it is expected
that also network monitoring will move towards NFV based solutions. In this
paper, we present D- StreaMon an NFV-capable distributed framework for network
monitoring realized to face the above described challenges. It relies on the
StreaMon platform, a solution for network monitoring originally designed for
traditional middleboxes. An evolution path which migrates StreaMon from
middleboxes to Virtual Network Functions (VNFs) has been realized.Comment: Short paper at IEEE LANMAN 2017. arXiv admin note: text overlap with
arXiv:1608.0137
OSHI - Open Source Hybrid IP/SDN networking (and its emulation on Mininet and on distributed SDN testbeds)
The introduction of SDN in IP backbones requires the coexistence of regular
IP forwarding and SDN based forwarding. The former is typically applied to best
effort Internet traffic, the latter can be used for different types of advanced
services (VPNs, Virtual Leased Lines, Traffic Engineering...). In this paper we
first introduce the architecture and the services of an "hybrid" IP/SDN
networking scenario. Then we describe the design and implementation of an Open
Source Hybrid IP/SDN (OSHI) node. It combines Quagga for OSPF routing and Open
vSwitch for OpenFlow based switching on Linux. The availability of tools for
experimental validation and performance evaluation of SDN solutions is
fundamental for the evolution of SDN. We provide a set of open source tools
that allow to facilitate the design of hybrid IP/SDN experimental networks,
their deployment on Mininet or on distributed SDN research testbeds and their
test. Finally, using the provided tools, we evaluate key performance aspects of
the proposed solutions. The OSHI development and test environment is available
in a VirtualBox VM image that can be downloaded.Comment: Final version (Last updated August, 2014
Are crowd-sourced CTI datasets ready for supporting anti-cybercrime intelligence?
Cyber crimes rapidly increased over the past years, with attackers performing large-scale activities, using sophisticated and complex tactics and techniques, that have targeted governments, companies, and even strategic infrastructures. To tackle these attacks, the cyber-security community usually shares Cyber Threat Intelligence (CTI) that includes the collected Indicators of Compromise (IoC) using several open or private sharing platforms. In this paper, we study the informativeness and relevance of the IoCs related to cyber crimes following a major real-world event such as the war in Ukraine, which started in February 2022. To this end, we analyze different kinds of attacks available in a crowd-sourced dataset of Cyber Threat Intelligence (CTI) reports. Our analysis shows that while this data is able to capture major trends such as the ones following major events, the degree of miscellaneous information inside the reports makes it difficult to discern the association of a specific trace unequivocally.The work of UC3M has been supported by the Spanish Ministry of Economic Affairs and Digital Transformation and the European UnionNextGenerationEU through the UNICO 5G I+D project 6G-RIEMANN. The work of NEC Laboratories Europe has been supported by the EU research projects MARSAL (Grant Agreement 101017171) and DESIRE6G (Grant Agreement 101096466)Publicad
On the Fly Orchestration of Unikernels: Tuning and Performance Evaluation of Virtual Infrastructure Managers
Network operators are facing significant challenges meeting the demand for
more bandwidth, agile infrastructures, innovative services, while keeping costs
low. Network Functions Virtualization (NFV) and Cloud Computing are emerging as
key trends of 5G network architectures, providing flexibility, fast
instantiation times, support of Commercial Off The Shelf hardware and
significant cost savings. NFV leverages Cloud Computing principles to move the
data-plane network functions from expensive, closed and proprietary hardware to
the so-called Virtual Network Functions (VNFs). In this paper we deal with the
management of virtual computing resources (Unikernels) for the execution of
VNFs. This functionality is performed by the Virtual Infrastructure Manager
(VIM) in the NFV MANagement and Orchestration (MANO) reference architecture. We
discuss the instantiation process of virtual resources and propose a generic
reference model, starting from the analysis of three open source VIMs, namely
OpenStack, Nomad and OpenVIM. We improve the aforementioned VIMs introducing
the support for special-purpose Unikernels and aiming at reducing the duration
of the instantiation process. We evaluate some performance aspects of the VIMs,
considering both stock and tuned versions. The VIM extensions and performance
evaluation tools are available under a liberal open source licence
Re-designing Dynamic Content Delivery in the Light of a Virtualized Infrastructure
We explore the opportunities and design options enabled by novel SDN and NFV
technologies, by re-designing a dynamic Content Delivery Network (CDN) service.
Our system, named MOSTO, provides performance levels comparable to that of a
regular CDN, but does not require the deployment of a large distributed
infrastructure. In the process of designing the system, we identify relevant
functions that could be integrated in the future Internet infrastructure. Such
functions greatly simplify the design and effectiveness of services such as
MOSTO. We demonstrate our system using a mixture of simulation, emulation,
testbed experiments and by realizing a proof-of-concept deployment in a
planet-wide commercial cloud system.Comment: Extended version of the paper accepted for publication in JSAC
special issue on Emerging Technologies in Software-Driven Communication -
November 201
PMSR - Poor Man's Segment Routing, a minimalistic approach to Segment Routing and a Traffic Engineering use case
The current specification of the Segment Routing (SR) architecture requires
enhancements to the intra-domain routing protocols (e.g. OSPF and IS-IS) so
that the nodes can advertise the Segment Identifiers (SIDs). We propose a
simpler solution called PMSR (Poor Man's Segment Routing), that does not
require any enhancement to routing protocol. We compare the procedures of PMSR
with traditional SR, showing that PMSR can reduce the operation and management
complexity. We analyze the set of use cases in the current SR drafts and we
claim that PMSR can support the large majority of them. Thanks to the drastic
simplification of the Control Plane, we have been able to develop an Open
Source prototype of PMSR. In the second part of the paper, we consider a
Traffic Engineering use case, starting from a traditional flow assignment
optimization problem which allocates hop-by-hop paths to flows. We propose a SR
path assignment algorithm and prove that it is optimal with respect to the
number of segments allocated to a flow.Comment: September 2015 - Paper accepted to the Mini-conference track of NOMS
201
Flammability reduction in a pressurised water electrolyser based on a thin polymer electrolyte membrane through a Pt-alloy catalytic approach
Various Pt-based materials (unsupported Pt, PtRu, PtCo) were investigated as catalysts for
recombining hydrogen and oxygen back into water. The recombination performance correlated
well with the surface Pt metallic state. Alloying cobalt to platinum was observed to produce an
electron transfer favouring the occurrence of a large fraction of the Pt metallic state on the
catalyst surface. Unsupported PtCo showed both excellent recombination performance and
dynamic behaviour. In a packed bed catalytic reactor, when hydrogen was fed at 4% vol. in the
oxygen stream (flammability limit), 99.5% of the total H 2 content was immediately converted to
water in the presence of PtCo thus avoiding safety issues. The PtCo catalyst was thus integrated in
the anode of the membrane-electrode assembly of a polymer electrolyte membrane electrolysis
cell. This catalyst showed good capability to reduce the concentration of hydrogen in the oxygen
stream under differential pressure operation (1-20 bar), in the presence of a thin (90 µm)
Aquivion® membrane. The modified system showed lower hydrogen concentration in the oxygen
flow than electrolysis cells based on state-of-the-art thick polymer electrolyte membranes and
allowed to expand the minimum current density load down to 0.15 A cm -2 . The electrolysis cell
equipped with a dual layer PtCo/IrRuOx oxidation catalyst achieved a high operating current
density (3 A cm -2 ) as requested to decrease the system capital costs, under high efficiency
conditions (about 77% efficiency at 55°C and 20 bar). Moreover, the electrolysis system showed
reduced probability to reach the flammability limit under both high differential pressure (20 bar)
and partial load operation (5%), as needed to properly address grid-balancing service
- …