一种具有业务感知的多路径QoS路由策略

在基于IEEE 802.11e协议的无线Mesh网络多路径数据传输过程中,为了有效区分不同类型的多媒体数据,802.11e协议的EDCA机制采用了4个具有固定信道竞争参数的AC队列来实现不同业务类型数据包的存储转发,这种参数预设的竞争机制在多跳环境下不能提供有效的业务区分与QoS性能保障.同时,传统的多路径路由大多因为采用了最小跳数为其路由度量,未能反映实时的链路质量和节点状态,因而无法为不同类型的业务流提供其所需的高质量传输路径.为此,文中提出一种基于具有业务感知的多路径QoS路由策略TA2 P(Traffic-Aware AOMDV Protocol),该策略对静态EDCA信道竞争参数分配机制进行了改进,并提出了适用于不同业务类型数据传输的路由判据,以便TA2P能及时地根据MAC层反馈来的统计数据进行高质量路由的选择.仿真结果表明,该策略有效地实现了不同类型业务流之间对信道及无线链路的公平使用.     

一种基于延时PDF测量的连接接纳控制算法

相比与基于模型的连接接纳控制(CAC)算法,基于测量的CAC (MBCAC)算法能够大大提高了网络资源的利用率.准确的网络状态信息时于提高MBCAC的性能至关重要.本文提出了一种基于延时概率密度函数测量的CAC算法,它采用了两种机制有效提高了网络状态测量的准确性.一是测量网络中每个路由器出口的延时概率密度函数,二是通过混合更新方法及时更新网络状态.仿真结果表明它在保证业务服务质量要求的前提下能有效提高网络状态测量的准确性,具有较低的业务流拒绝率和较高的链路利用率.     

区分业务多链路分级流量调度应用研究

传统的IP网络是针对数据业务设计的,只能提供数据传输的服务,并不具备调节网络资源使用的能力。为了将业务流合理分配到现有的网络拓扑结构,优化网络资源的使用,解决网络资源使用的不平衡,本文首先给出了一种区分业务流量工程的模型和目标,分析了单级链路流量调度,设计了多链路分级调度共享结构和流量调度策略。仿真结果表明,该方法能有效地改进区分服务网络上的多级流量拥塞控制性能,具有较快的响应速度、较好的稳定性和公平性,并且能适应网络的异构性。     

SDN环境下基于QLearning算法的业务划分路由选路机制

随着当前网络的多元化发展,用户对于网络的需求也不断增加,网络的承载性受到极大挑战。在软件定义网络环境下,提出一种以业务属性为依据、基于QLearning算法的路由选路机制,设计了链路发现、链路分类、强化学习训练及Q值表下发4个模块,根据网络的实施情况对不同属性的业务流分配不同的路径以保障用户路由的 QoS。实验结果表明,所提算法可使数据流的总体分组丢失率低于 5%,对于部分属性的业务流可接近0分组丢失,同时对于时延也有大幅降低。     

基于SDN的物联网业务流路由策略模型

随着物联网技术广泛地应用在各个领域，物联网中业务种类及其流量也愈发丰富，业务流量的增加为物联网的管理和质量保证带来了巨大的挑战。针对物联网中流量大，特征属性多，业务繁杂等特点，提出了基于决策树的业务流分类模型，通过SDN控制平面将物联网中的业务流进行分类，然后根据不同业务流量对网络需求的不同设计了基于网络状态QoS的业务流调度策略，通过该策略为业务流量选择最优的传输路径，从而保障物联网中不同业务的数据服务质量，提高物联网的数据传输效率。     

一种基于延时PDF测量的连接接纳控制算法

相比与基于模型的连接接纳控制(CAC)算法,基于测量的CAC(MBCAC)算法能够大大提高了网络资源的利用率。准确的网络状态信息对于提高MBCAC的性能至关重要。本文提出了一种基于延时概率密度函数测量的CAC算法,它采用了两种机制有效提高了网络状态测量的准确性。一是测量网络中每个路由器出口的延时概率密度函数,二是通过混合更新方法及时更新网络状态。仿真结果表明它在保证业务服务质量要求的前提下能有效提高网络状态测量的准确性,具有较低的业务流拒绝率和较高的链路利用率。     

Ad Hoc网络中SWAN模型改进及其仿真研究

SWAN是AdHoc网络中的一种无状态网络协议,利用分布式控制算法来传递分类服务。这种QoS模型把数据业务分为两类进行不同处理,即对尽力而为的UDP和TCP业务采用速率控制的策略而对实时的UDP业务采用基于源节点的接纳控制策略。然而现有模型在路由模块采用普通的路由协议,导致了路由和对整个路径资源探测两个过程分离开来;在接纳控制模块仅仅区分了节点间的业务而没有区分相同节点间的不同业务。该文针对这一问题对现有模型的修改主要体现在两个方面:(1)在路由模块用QoS路由替换了原有普通路由协议,路由和整个路径资源探测由QoS路由完成,从而减少了实时业务等待发送时间;(2)针对SWAN首次提出了基于数据流的服务,并且在接纳控制模块进行了相应修改。最后的仿真中表明了该文的修改是有效的,提高了模型的性能。     

PbRED:基于优先级的RED改进算法

随机早期检测算法RED作为一种重要的主动队列管理算法,通过有效地控制队列长度,取得较好的吞吐量性能。然而,当多个业务流存在不同优先级时,不能很好地区分服务质量。提出一种新的RED改进算法—PbRED,基于业务的优先级调整丢弃概率,通过减小高优先级的丢弃概率、增大低优先级的丢弃概率,为不同优先级的业务进行区分服务。仿真实验结果表明,在获得较高吞吐量的同时,PbRED可以使不同优先级业务流的服务质量存在合理区分度,保证高优先级业务流获得更好的吞吐量性能。     

一种PMIPv6网络中基于流的区分服务方案

PMIPv6协议是由IETF提出的基于网络的区域移动性管理解决方案,其目的在于实现无需终端参与的、基于网络的IP移动性管理.PMIPv6协议仅定义了移动管理实体如何实现终端在域内移动的过程中通信不中断,但是不提供通信的服务质量保证.针对这个问题对PMIPv6协议进行改进,提出了一种PMIPv6域内基于流的区分服务方案.为在PMIPv6城内实现区分服务,提出了通过基于逻辑隧道的业务流区分方法和业务流与逻辑隧道的绑定方法.通过基于逻辑隧道的业务流区分方法,一对区域移动管理实体之间可以建立多条逻辑隧道,以解决PMIPv6区域移动管理实体之间数据通信共享单一隧道的问题;通过业务流与逻辑隧道的绑定方法,区域移动管理实体可以根据用户的需求为不同的业务流建立具有不同服务能力和类型的逻辑隧道并将业务流与逻辑隧道绑定,以实现为业务流提供有差别的服务.基于NS2的仿真结果证明:相比PMIPv6,可以根据各种应用对于延迟、丢包、吞吐量等服务质量参数的要求,为不同的业务流提供有差别的服务,能够更好地满足不同业务对于关键服务质量参数的要求并提供一定的服务质量保证.     

MPLS的基于最小干涉的负载均衡算法研究

当MPLS网络中的业务流请求存在时间上的先后顺序时,选择一个高效的路由算法使得已存在的业务流的LSP对后续业务流的LSP路由影响最小变得很重要.在分析了常用的几种QoS保障的算法基础上,提出了一种基于最小干涉的负载均衡算法.该算法解决了MPLS网络中所有"入口/出口对"之间的业务流相互干扰的问题,为后续业务流路由预留了必要的"关键链路".     

Providing service differentiation in pure IP-based networks

The lack of an effective cooperation between the data, control and management plane of QoS routing solutions presented so far, prevents the implementation of service differentiation in the context of pure IP-based networks. Most of paths calculation proposals performed by the control plane are unaware of service characteristics of each flow. Scalable data plane QoS proposals ignore the issue about selecting the best paths to route the traffic. Proposed management plane schemes do not perform the network state maintenance and service level monitoring. Multi-service routing is a flow-based forwarding protocol that implements the service differentiation in pure IP-based networks, using a straight cooperation between data, control and management plane. This cooperation is accomplished by a data plane supporting the DiffServ model and performs route selection based on flows service class, which is exploited by the management plane to carry out the network state maintenance, and performance monitoring by using the RTCP protocol, to provide service metrics to control plane for route calculation. Simulation experiments show better performance results achieved by Multi-service routing compared to those obtained by traditional link state protocol with the DiffServ model and QoS routing in heavy loaded network scenarios of mixed traffic having different service requirements.     

Flow-level QoS for a dynamic load of rate adaptive sessions sharing a bottleneck link

We consider the flow-level quality of service (QoS) seen by a dynamic load of rate adaptive sessions sharing a bottleneck link based on fair share bandwidth allocation. This is of interest both in considering wired networks supporting rate adaptive multimedia sessions and wireless networks supporting voice with rate adaptation to realize graceful degradation during congested periods. Two QoS metrics are considered: the time-average instantaneous utility of the allocated bandwidth, and the time-average of transition penalties associated with the changes in allocation seen by a flow. We present a simple model for rate adaptation, where (heterogeneous) flows can vary their rates within (different) ranges, and present closed-form results for these perceived flow-level QoS metrics. We then prove asymptotic results for large capacity systems exhibiting the salient features of rate adaptation in a dynamic network. Finally, we provide a concrete example, showing how the QoS seen by sessions with different degrees of adaptivity would vary under a natural fair bandwidth allocation policy.     

A quantitative framework for security assurance evaluation and selection of cloud services: a case study

Due to the high adoption of cloud services, the protection of data and information is critical. Cloud service customers (CSCs) need help to obtain the authoritative assurances required for the cloud services and negotiate the cloud service contract based on the terms and conditions set by cloud service providers (CSPs). Several standards and guidelines are available for assessing cloud security. However, most of these standards and guidelines are complex and time-consuming to select a service or make an informed decision for CSCs. Moreover, the existing methods are insufficient to solve this problem because they are process-oriented, neglect the importance of stakeholder requirements, and lack a comprehensive and rigid analytic method that can aid decision-makers in making the right decisions. In this paper, we developed two evaluation techniques: (i) a quantitative cloud security assurance method to assess the security level of cloud services by measuring the critical security properties and (ii) a novel and rigid categorical analytical method that enables CSPs to identify the major problems in the system and assess how much gain can be achieved by solving each of them. The cloud security assurance method is based on two important metrics: security requirement and vulnerability. It assists CSCs in avoiding severe mistakes and making informed decisions while selecting a cloud service. Moreover, these methods support CSPs in improving the security level of cloud services and meet customer requirements. The proposed methods are validated using different case scenarios on a private cloud platform.

     

可编程数据平面的业务相关路由方法

传统软件定义网络（SDN）通过在控制器上进行算法改进保证业务的服务质量,而数据面只做普通转发,并没有参与对具体业务的划分,导致分类速度慢。同时,路由决策存在链路状态信息时效性不足导致选路不好。针对这些问题,提出了一种基于业务相关的选路方法,通过在可编程数据平面上灵活设计数据包的处理流程,实现流量的业务区分;并根据可编程数据面得到的网络状态参数,为特定的业务规划出合适的路径。实验表明,该方法可以对业务快速自动分类并为不同业务提供合适有效的传输路径,保证了不同业务的服务质量。     

Automating identification of services and their variability for product lines using NSGA-II

Architecture-level business services are identified based on business processes; and likewise, in service-oriented product lines, identifying the domain architecture-level business services and their variability is preferred to be based on business processes and their variability. Identification of business services for a product line satisfying a set of given design metrics (such as cohesion and coupling) is extremely difficult for a domain architect, since there are many product configurations for which the services must be proper at the same time. This means that the identified services must have proper values for n metrics in m different configurations at the same time. The problem becomes more serious when there are high degrees of variability and complexity embedded in the business processes that are the basis for service identification.We contribute to solve the multi-objective optimization problem of identifying business services for a product line by partitioning the graph of a business process variability model utilizing Non-dominated Sorting Genetic Algorithm-II. The service specification is achieved based on the results of the partitioning. The variability of the services is then determined in terms of mandatory and optional services as well as variability relationships, which are all represented in a Service Variability Model. The method was empirically evaluated through experimentation, and showed proper levels of reusability and variability. Furthermore, the resulting models were fully consistent.     

Internet上集成服务到区分服务的映射

研究了在集成服务用于用户子网和区分服务结构用于主干网时,为保证服务质量而进行 服务映射的问题.基于已有的分类方法,建立了应用类与集成服务(integrated service,简称 IS)类、集成服务类和区分服务(differentiated service,简称DS)类、数据流和PHB(par ho p bahavior)的对应和映射关系.标识是服务映射中的关键,该文把它分为预标识和标识两个 过程,IS域确定的预标识码携带单个数据流的特性到DS域,DS域的边界路由器根据预标识码准 确地标识数据包和映射P     

Trust management towards service-oriented applications

In service-oriented computing (SOC) environments, service clients interact with service providers for services or transactions. From the point view of service clients, the trust status of a service provider is a critical issue to consider, particularly when the service provider is unknown to them. Typically, the trust evaluation is based on the feedback on the service quality provided by service clients. In this paper, we first present a trust management framework that is event-driven and rule-based. In this framework, trust computation is based on formulae. But rules are defined to determine which formula to use and what arguments to use, according to the event occurred during the transaction or service. In addition, we propose some trust evaluation metrics and a formula for trust computation. The formula is designed to be adaptable to different application domains by setting suitable arguments. Particularly, the proposed model addresses the incremental characteristics of trust establishment process. Furthermore, we propose a fuzzy logic based approach for determining reputation ranks that particularly differentiates new service providers and old (long-existing) ones. This is further incentive to new service providers and penalize poor quality services from service providers. Finally, a set of empirical studies has been conducted to study the properties of the proposed approaches, and the method to control the trust changes in both trust increment and decrement cases. The proposed framework is adaptable for different domains and complex trust evaluation systems.

流感知网络的可扩展性研究

流感知网络作为新型综合业务区分服务质量保障体系,为关键业务提供了端到端的性能保障。它需要维护每个流的状态信息并基于单流实现策略控制,因此可扩展性便成为其应用基础。流感知网络可扩展性问题可分解为每流调度可扩展性和进程流规模控制策略两个方面,证明单流调度策略独立于链路速率且调度流数量有限是核心内容,流规模的控制策略说明流感知网络是基于有限流进行控制和管理,体系具有应用可扩展性。     

基于SDN的微服务负载均衡方案研究

微服务是互联网分布式服务设计的新理念,通过服务拆分成细粒度、功能独立的微服务模块,达到功能解耦,服务独立演进的能力。微服务架构在业务需求日益复杂的庞大系统中发挥越来越重要的作用,研究适合微服务特点的负载均衡具有现实的意义和重要性。软件定义网络作为新型互联网架构,将数据平面与控制平面分离,简化了网络管理的复杂性,具有全局网络状态视图,能够灵活地实现网络流量控制,为微服务架构中服务之间的负载均衡提供了一种新的解决方案。文中研究将微服务与SDN网络相结合,利用SDN的全局网络视图和对网络流精细化的控制能力,为微服务调用提供更精细化的负载均衡能力。通过虚IP与IP改写技术将微服务的负载均衡决策上移到SDN控制平面,进而通过控制平面对微服务调用链路进行分析,得到基于调用链路分析的负载均衡算法。在负载过高时还提供了基于VLAN与流表优先级的限流策略,保护微服务的正常运行。最后通过实验验证了该方案的可行性。     

SDN数据中心网络基于流分类的负载均衡方案

随着数据中心内的数据流量不断增加,导致网络中部分链路负载过重。传统的ECMP机制由于没有考虑链路状态以及流量特征,因此不再适用数据中心网络。同时ECMP可能会将多条大流映射到同一条路径上,造成大流映射冲突,导致链路瓶颈问题。基于SDN（Software Defined Network）架构提出一种面向Fat-Tree拓扑的动态流量负载均衡机制（Load Balancing based on Flow Classification,LBFC）,同时考虑了链路状态信息与流量特征进行负载均衡。LBFC机制动态调整流分类阈值来判定大流和小流,采用不同的方式为大流和小流选择转发路径,以满足大流和小流不同的传输性能需求。仿真结果表明LBFC机制能够根据网络链路状态以及流量特征动态地判定大流和小流并实现负载均衡,与ECMP、GFF和DLB算法相比,LBFC机制提高了网络吞吐量以及链路利用率,降低了传输时延。