Analysis of monitoring and multipath support on top of OpenFlow specification

In general, traffic is pushed through a single path despite the existence of alternative paths in networks. For example, routing solutions based on spanning tree prune the topology to prevent loops, consequently preventing also the use of alternative paths. Research on quality of service frequently advocates that the use of alternative paths is interesting for enforcing Service Level Agreements (SLAs), bypassing bottlenecks created by shortest paths. In this paper, we are interested in analyzing the support for monitoring network traffic and for provisioning of multipaths in software‐defined networking (SDN), given the strong platform it provides for experimentation of new networked solutions. Our approach firstly enriches the topology view at the control plane with data gathered through fine grain data plane monitoring. On the basis of such enriched view, our system determines the path, or multipaths, necessary to enforce the specified SLA. We propose 2 extension modules to an OpenFlow controller: SDNMon, which monitors the data plane to enrich the topology information at the control plane, and MP‐Routing, which determines a set of paths, in the absence of a single path capable of enforcing the SLA. Both modules are extensively evaluated, and the results not only demonstrate what can be achieved in terms of accuracy in SDNMon and in terms of quality of service benefits in MP‐Routing but also highlight some limitations of OpenFlow specification. On the basis of our findings, we propose a set of new counters to Per Port and Per Flow granularity levels of OpenFlow specification.     

Modeling of OpenFlow-related handover messages in mobile networks

Software defined networking (SDN) and its most popular southbound implementation OpenFlow (OF) are already greatly exploited in the existing mobile cellular networks as part of data centers and mobile core networks. Due to user’s mobility, it is of upmost importance for the operators to provide the shortest possible interruption when the mobile users are performing the procedure of handover. In this work, we proposed a novel analytical approach to model the OF-related handover messages exchanged between the OF-switches and the SDN controller. We modeled two different OF-switch implementations and we compared the results: (1) single shared buffer used for the control and data plane; (2) two priority buffers, where the data plane packets are served only when there are no packets to be processed in the control plane. We numerically evaluated the two systems and we validated the model by using simulations. The obtained results clearly point that although the priority buffering increased the complexity, it effectively provided the shortest handover delay. Therefore, the priority buffering should be the preferred mechanism for mobile networks.

     

SDN跨层回环攻击的检测与防御

软件定义网络（Software Define Network,SDN）将控制层和数据层进行分离,给网络带来灵活性、开放性以及可编程性.然而,分离引入了新的网络安全问题.我们发现通过构造特定规则可以构造跨层回环攻击,使得数据包在控制器和交换机之间不断循环转发.跨层回环会造成控制器拥塞,并导致控制器无法正常工作.现有的策略一致性检测方案并不能检测跨层回环攻击.为此,本文提出了一种实时检测和防御跨层回环的方法.通过构造基于Packet-out的转发图分析规则路径,从而快速检测和防御回环.我们在开源控制器Floodlight上实现了我们提出的回环检测和防御方案,并在Mininet仿真器上对其性能进行了评估,结果表明本方案能够实时检测并有效防御跨层回环攻击.     

SuperFlow: A Reliable and Scalable Architecture for Large-Scale Enterprise Networks

With the increasing number of users,enterprise networks have become more and more important,but it also faced new challenges in various aspects.Though OpenFlow,the promising de facto Software defined networking (SDN) scheme which can provide finegrained and flow-level control for enterprise networks,yet it still has a few undesirable designs in credibility and scalability.Inspired by OpenFlow-included many excellent studies,we have proposed a reliable and scalable architectureSuperFlow for large-scale enterprise networks in this paper.It inherits the merits of OpenFlow,and overcomes OpenFlows limitations by introducing some novel features.The prototype experiment has proved that SuperFlow possesses these features with desirable performance.     

Secure access of resources in software‐defined networks using dynamic access control list

Software‐defined networking (SDN) creates a platform to dynamically configure the networks for on‐demand services. SDN can easily control the data plane and the control plane by implementing the decoupling concept. SDN controller will regulate the traffic flow and creates the new flow label based on the packet dump received from the OpenFlow virtual switches. SDN governs both data information and control information toward the destination based on flow label, but it does not contain security measure to restrict the malicious traffic. The malicious denial‐of‐service (DoS) attack traffic is generated inside the SDN environment; it leads to the service unavailability. This paper is mainly focused on the detection of DoS attacks and also mitigates the malicious traffic by dynamically configuring the firewall. The SDN with dynamic access control list properties is emulated by mininet, and the experimental results exemplify the service unavailable gap between acceptance and rejection ratio of the packets.     

基于SDN的量子密码通信网络设计与研究

软件定义网络(SDN)采用OpenFlow技术分离网络设备的数据平面和控制平面,实现灵活控制网络资源的目的。基于此,设计了量子密码通信网络模型,实现灵活控制密码通信网络整体量子密匙资源,确保了信息的安全传输。此外,提出了综合到端可用密匙和跳数的路由算法,提高了QKD生成密匙的有效利用率。由测试结果可知,通过基于SDN的量子密码通信网络及路由算法,可提高量子密匙资源利用率,提高网络性能。     

A framework for inter-domain routing in virtual coordinate based mobile networks

Routing is considered to be one the most challenging problems in mobile ad hoc networks. It has been shown that the use of virtual coordinates or identifiers for efficient routing and data management has several advantages compared to classical topology control techniques based on pre-defined addresses or geographical coordinates. However, these advantages only hold for single domain networks with limited mobility. In a previous paper, we discussed the challenges arising from using virtual coordinates for routing (to a particular destination ID or to indexed data or resources) in mobile networks in multi-domain network scenarios. We developed a solution by managing data with a distributed hash table scheme. Based on our virtual cord protocol, we then implemented inter-domain routing using appropriate indirections. That approach, however, was still limited in finding efficient routes over multiple transit networks. In this paper, we extend that work by defining a framework for optimized inter-domain routing. In particular, we investigate the use of ant colony optimization for optimizing routes between multiple network domains. We show how distributed routing tables can be created and maintained and we outline a heuristic for finding candidate routes. Simulation experiments confirm the efficiency of the selected routes both on a intra and on a inter-domain level.     

面向软件定义核心网的OpenFlow分组转发优先制排队模型研究

软件定义网络（Software-Defined Networking,SDN）作为一种数据转发与控制逻辑相解耦、并开放底层编程接口的创新网络架构,为降低核心网的部署运营成本、提升应用业务性能提供了全新的解决思路.然而,在SDN架构下,逻辑上集中的控制平面容易出现性能瓶颈,进而加大分组转发时延,因此有必要理解其分组转发性能特性.为此,本文首先介绍了软件定义核心网的典型部署场景,分析了控制平面的Packet-in消息到达过程和数据平面的分组到达过程,进而应用M/M/n/m和M/M/1/m排队模型分别刻画控制器集群的Packet-in消息处理过程和OpenFlow交换机的分组处理过程.在此基础上,建立OpenFlow分组转发优先制排队模型,进而推导出不同优先级的分组转发时延及其累积分布函数CDF.最后,借助控制器性能测量工具OFsuite_Performance进行实验评估,结果表明：与现有模型相比,本文所提的M/M/n/m模型更能准确估计控制器集群的实际性能.同时,采用数值分析的方法对比了多种情况下不同优先级的分组转发时延及CDF曲线,为软件定义核心网的实际应用部署提供有效参考.     

基于OpenFlow网络的流媒体传输QoS的研究与设计

Open Flow是软件定义网络(Software Definded Network,SDN)的产物,是一种新型的网络结构,且发展十分迅速。但Open Flow网络的Qo S功能仍待优化,针对于Open Flow网络中流媒体传输Qo S的不足,在现有网络Qo S模式基础上提出了Open Qo S,它应用于Open Flow网络的控制器上,采用动态路由的方式,使得流媒体在网络端到端传输时,能够根据网络状况,动态改变路由路径,进而提高网络Qo S。最后,通过一个小的拓扑网络对本研究进行了试验验证。     

Performance analysis of handover delay and buffer capacity in mobile OpenFlow‐based networks

Software‐defined networking (SDN) is a network concept that brings significant benefits for the mobile cellular operators. In an SDN‐based core network, the average service time of an OpenFlow switch is highly influenced by the total capacity and type of the output buffer, which is used for temporary storage of the incoming packets. In this work, the main goal is to model the handover delay due to the exchange of OpenFlow‐related messages in mobile SDN networks. The handover delay is defined as the overall delay experienced by the mobile node within the handover procedure, when reestablishing an ongoing session from the switch in the source eNodeB to the switch in the destination eNodeB. We propose a new analytical model, and we compare two systems with different SDN switch designs that model a continuous time Markov process by using quasi‐birth–death processes: (1) single shared buffer without priority (model SFB), used for all output ports for both control and user traffic, and (2) two isolated buffers with priority (model priority finite buffering [PFB]), one for control and the other for user plane traffic, where the control traffic is always prioritized. The two proposed systems are compared in terms of total handover delay and minimal buffer capacity needed to satisfy a certain packet error ratio imposed by the link. The mathematical modeling is verified via extensive simulations. In terms of handover delay, the results show that the model PFB outperforms the model SFB, especially for networks with high number of users and high probability of packet‐in messages. As for the buffer dimensioning analysis, for lower arrival rates, low number of users, and low probability of packet‐in messages, the model SFB has the advantage of requiring a smaller buffer size.     

基于OpenFlow的软件定义网络路由技术研究

文中主要探索了基于OpenFlow的软件定义网络（SDN）路由技术,旨在优化和提高网络管理效率。通过深入解读SDN的核心构架、OpenFlow协议的关键组成,并将其与传统路由进行对比,发现SDN提供了一个更加灵活和集中的网络管理机制。在路由决策、性能优化和故障恢复上,基于OpenFlow的SDN明显优于传统方法。由此可见,基于OpenFlow的软件定义网络路由技术不仅可以大大提高网络的运行效率,还能简化网络管理流程,为未来的网络技术发展指明方向。     

Virtual network embedding in software-defined hybrid networks

Network virtualization provides a powerful way of sharing substrate networks. Efficient allocation of network resources for multiple virtual networks (VNs) has always been a challenging task. In particular, with the demands of the customized VN requests are increasing, many problems arise as network conditions change dynamically. Especially, when the resources conflicting appear during the lifetime of VNs, it needs service provider (SP) to provide a fast and effective solution. Recently, software defined network (SDN) has emerged as a new networking paradigm, SDN’s centralized control and customizable routing features present new opportunities for convenient and flexible embedding VNs in the network. However, due to the limitations of the SDN, in the short term, replacing all legacy devices in current operational networks by SDN-enabled switches is impractical. Thus, in our study, we focus on the scenario of VN embedding (VNE) in software-defined hybrid networks. In this work, first of all, we propose partially deploying SDN nodes, and then, we use the characteristics of SDN to allocate resources for VN requests, and redirect the path for requests conflict in hybrid SDN network. We formulate the problems and provide simple algorithms to solve them. Simulation results show that our scheme is high responsiveness and acceptance ratio.     

Dynamic control plane management for software‐defined networks

Software‐defined network (SDN) is an emerging network paradigm that allows flexible network management by providing programmability from a separated control plane. Because of the centralized management scheme that SDN adopts, intensive control plane overhead incurs as the scale of SDN increases. The control plane overhead is mainly caused by a massive amount of control messages generated during data plane monitoring and reactive flow instantiation. By far, very few works have addressed the overhead issue on reaction flow instantiation; therefore, we mainly focus on alleviating such overhead in this work. To achieve this goal, we propose a new control plane management (CPMan) method. CPMan aims to realize the following two objectives: first, reduce the number of control messages exchanged through the control channel and second, evenly distribute the control workload across multiple controllers to mitigate the potential performance bottleneck. To realize the former, we propose a lightweight feedback loop‐based control scheme, whereas for the latter, we propose a dynamic switch‐to‐controller (DSC) placement scheme. To show the feasibility of our proposal, we implemented a prototype of the two proposed schemes on top of a carrier‐grade SDN controller and validated its performance in an emulated network. We achieved approximately 57.13% overhead reduction with feedback loop‐based control scheme, while achieved approximately 98.68% balance ratio with DSC placement scheme. Copyright © 2016 John Wiley & Sons, Ltd.     

基于OpenFlow的SDN控制平面可扩展性综述

OpenFlow发展之初,主要是为了校园网络研究人员设计其创新网络架构提供真实的实验平台,形成一种新的网络构架SDN。随着其应用范围的增加,遇到的问题逐渐显现出来,尤其是可扩展性方面。文中介绍了OpenFlow的产生背景、特点及发展现状,以及几种较为典型的SDN控制器模型和控制平面框架,并对SDN可扩展性方面遇到的问题及解决方案进行了分析,并概述了其今后的发展方向。     

Multipath routing with topology aggregation for scalable inter-domain service provisioning in optical networks

In this paper, we propose to use static virtual topology for a scalable inter-domain optical service provisioning, while addressing the resource efficiency issue by using multipath routing. To this end, we discuss methods for virtual topology aggregation with consideration of inter-domain routing, and propose two heuristic algorithms for two representative applications, referred to as real-time streaming and bulk data transfer. We consider specific requirements of each application, including transmission deadline and jitter, and evaluate the impact of differential delay issue of multipath routing on the performance of proposed algorithms. Numerical results show that the proposed multipath routing algorithms yield a low blocking ratio of inter-domain connections even on the static virtual topology, which is known for poor blocking performance otherwise. The resulting differential delay is sufficiently small for the studied applications, and can be compensated with relatively small buffers. We show that a scalable inter-domain service provisioning in optical networks can be achieved by using a combination of static virtual topology and multipath routing.     

自治系统内IP子网和SDN子网的互联机制

SDN网络与传统IP网络的互联机制是当前学术界的研究热点,但现有解决方案并不能适用于所有应用场景。为此提出了一个基于OSPF协议的IMISA架构,在一个包含 SDN 子网（基于OpenFlow）和IP子网的自治系统范围内,通过给SDN控制器添加一个OSPF路由模块,利用OSPF协议交换各自的网络信息,最终实现了2种网络的互联。     

A consistent QoS routing strategy for video streaming services in SDN networks

The software‐defined networking (SDN) paradigm proposes to decouple the control plane (decision‐making process) and the data plane (packet forwarding) to overcome the limitations of traditional network infrastructures, which are known to be difficult to manage, especially at scale. Although there are previous works focusing on the problem of quality of service (QoS) routing in SDN networks, only few solutions have taken into consideration the network consistency, which reflects the adequacy between the decisions made and the decisions that should be taken. Therefore, we propose a network architecture that guarantees the consistency of the decisions to be taken in an SDN network. A consistent QoS routing strategy is then introduced in a way that avoids any quality degradation of prioritized traffic while optimizing resources usage. Thus, we proposed a traffic dispersion heuristic in order to achieve this goal. We compared our approach with several existing framework in terms of best‐effort flows average throughput, average video bitrate, and video quality of experience (QoE). The emulation results, which are performed using the Mininet environment, clearly demonstrate the effectiveness of the proposed approach that outperforms existing frameworks.     

A cognitive model‐based approach for autonomic fault management in OpenFlow networks

Autonomic network management is an approach to the management of complex networks and services that incorporates the detection, diagnosis and reconfiguration, as well as optimization, of their performance. A control loop is fundamental as it facilitates the capture of the current state of the networks and the reconfiguration of network elements without human intervention. For new networking architectures such as software‐defined networking and OpenFlow networks, in which the control plane is moved onto a centralized controller, an efficient control loop and decision making are more crucial. In this paper, we propose a cognitive control loop based on a cognitive model for efficient problem resolving and accurate decision making. In contrast to existing control loops, the proposed control loop provides reactive, deliberative and reflective loops for managing systems based on analysis of current status. In order to validate the proposed control loop, we applied it to fault management in OpenFlow networks and found that the protection mechanism provides fast recovery from single failures in OpenFlow networks, but it cannot cover multiple‐failure cases. We therefore also propose a fast flow setup (FFS) algorithm for our control loop to manage multiple‐failure scenarios. The proposed control loop adaptively uses protection and FFS based on analysis of failure situations. We evaluate the proposed control loop and the FFS algorithm by conducting failure recovery experiments and comparing its recovery time to those of existing methods. Copyright © 2013 John Wiley & Sons, Ltd.     

Design of an optimized traffic-aware routing algorithm using integer linear programming for software-defined networking

The number of internet users and connected devices has dramatically expanded due to the recent technological boom and the benefits that the internet of things offers to ease our lives. Network scheduling, quality of service, resource allocation, and security issues are now being addressed via software-defined networking (SDN). SDN has several benefits over traditional networks, including global centralized control, managing network traffic, and separating the forwarding and control plane. The work done in this paper aims to design and implement a traffic-aware routing framework based on routing optimization presented as an integer linear programming (ILP) to improve heterogeneous traffic flows' quality of service (QoS) in a simulated SDN environment. With the knowledge that the routing problem is a nondeterministic polynomial-time-hard problem, the proposed scheme aims to decrease the computational routing time to make the ILP-based routing system more suitable for real-time processing. The simulation results illustrate that the proposed framework reduces the computational time by 23% and 49% for Abilene and Goodnet topology, respectively. Additionally, with 1000 flows in the network, the suggested scheme reduces the number of network flows that violate the QoS by 9% and 22% (with Abilene topology) and 16% and 51% (with Goodnet topology) as compared to the existing shortest path delay and sway methods, respectively.     

Hierarchical routing and traffic grooming in IP/MPLS-based ASON/GMPLS multi-domain networks

Routing, connection setup, and path computation are well-known problems in multi-domain networks, which have been largely analyzed in pure IP (packet) networks. In circuit-switched optical multi-domain networks, there remain, however, a number of routing and path computation challenges. Traffic grooming means combining a number of low-speed traffic streams so that the high capacity of each lightpath may be used as efficiently as possible, as path computation implements the core of the grooming function, it is obvious that solutions for the traffic grooming problem in optical multi-domain networks are still not sufficiently investigated. In this study we propose a methodology to address the problems of routing, connection setup, and traffic grooming in optical multi-domain networks, which adapts a two-level hierarchical routing scheme and full-mesh topology abstraction algorithm to improve routing scalability and lower inter-domain blocking probabilities; additionally our proposed methodology adapts a scheme for traffic grooming in DWDM multi-domain networks to improve the resources usage. To test our proposed methodology we propose a detailed IP/MPLS-based ASON/GMPLS multi-domain multilayer test framework.