CFR: A cooperative link failure recovery scheme in software‐defined networks

Software‐defined networking that separates the control plane from the data plane is envisioned as a promising technology to enable resilient and flexible network management. Tolerating link failures is a fundamental problem in enhancing such network resilience in software‐defined networking. Reactive and proactive fault tolerant schemes for conventional networks may not well balance the fault recovery time and network performance, since the proactive scheme typically underutilizes resources and the reactive scheme usually incurs a longer recovery time. In this paper, we propose a cooperative link failure recovery scheme to find a fine‐grained trade‐off between resource utilization and recovery time by combining reactive and proactive methods. We formalize the problem of link failure recovery as a multiobjective optimization problem and devise a 2‐stage algorithm for it. The first stage of the algorithm guarantees connectivity restoration in an acceptable recovery interval based on fast failover feature supported in OpenFlow protocol, meanwhile it assigns virtual local area network tags to back up paths for achieving a lower memory consumption. The second stage of the algorithm guarantees the quality of service for different applications by adjusting the backup paths after rapid connectivity restoration. Extensive simulations highlight that cooperative link failure recovery scheme can satisfy both the carrier‐grade recovery requirements and quality of service requirements in terms of delay and network bandwidth.     

Service‐oriented 5G network architecture: an end‐to‐end software defining approach

With the ever‐increasing mobile demands and proliferation of mobile services, mobile Internet has penetrated into every aspect of human life. Although the 4G mobile communication system is now being deployed worldwide, simply evolving or incrementally improving the current mobile networks can no longer keep the pace with the proliferation of mobile services. Against this background, aiming to achieve service‐oriented 5G mobile networks, this article proposes an end‐to‐end software defining architecture, which introduces a logically centralized control plane and dramatically simplifies the data‐plane. The control plane decomposes the diversified mobile service requirements and, correspondingly, controls the functions and behaviors of data‐plane devices. Consequently, the network directly orients towards services, and the devices are dynamically operated according to the service requirements. Therefore, the proposed architecture efficiently guarantees the end‐to‐end QoS and quality of experience. The challenges and key technologies of our architecture are also discussed in this article. Real traces‐based simulations validate the performance advantages of proposed architecture, including energy efficiency and the whole performance. Copyright © 2015 John Wiley & Sons, Ltd.     

Traffic pattern–based load‐balancing algorithm in software‐defined network using distributed controllers

Programmability and decoupling of the data plane and control plane in software‐defined networking (SDN) make the enterprise's network to focus on this new paradigm and to deploy their applications on it. Furthermore, supporting of distributed controllers in SDN opens the opportunities to address the limitations of centralized controller's architecture, which in turn improves the overall performance of the network. This study proposes a new load‐balancing algorithm to handle the load based on the traffic pattern specifically transmission control protocol (TCP) and user datagram protocol (UDP) traffic. Additionally, this study uses a distributed SDN controller's architecture to host the load balancer application. This study also employs a failover mechanism on the distributed architecture to achieve high‐availability environment and to ensure the redundancy and reliability of the network. The obtained results prove the effectiveness of the proposed algorithm in terms of availability, which is increased by 11%, response time is reduced by 98%, transaction rate is also increased by 258%, throughput is increased by 206%, concurrency is reduced by 63%, and packet loss is reduced by 86% while comparing with random, round‐robin, and weighted round‐robin algorithms in addition to ease the integration and deployment in distributed controllers.     

ONVisor: Towards a scalable and flexible SDN‐based network virtualization platform on ONOS

Network virtualization (NV) technologies have attracted a lot of attention as an essential solution for future networking infrastructure. The NV enables multiple tenants to share the same physical infrastructure and to create independent virtual networks (VNs) by decoupling the physical network in terms of topology, address, and control functions. One feasible way to realize full NV involves considering solutions based on the software‐defined networking (SDN) paradigm using its programmability. The SDN contributes many benefits to both network operations and management including programmability, agility, elasticity, and flexibility. There are several SDN‐based NV solutions; however, they suffered from a lack of scalability, high availability. Also, they have high latency between control and data plane because of proxy‐based architecture. In this thesis, we introduce a new NV platform, named Open Network Hypervisor (ONVisor). The design objectives include, among the features, (1) multitenancy, (2) scalability, (3) flexibility, (4) isolated VNs, and (5) VN federation. ONVisor was designed and implemented by extending Open Network Operating System, an open‐source SDN controller. The main features of ONVisor are (1) isolated control and data plane per VN, (2) support of distributed operations, (3) extensible translators, (4) on‐platform VN application development and execution, and (5) support of heterogenous SDN data‐plane implementations. Several experiments are conducted on various test scenarios in different test environments in terms of control and data plane performance compared to nonvirtualized SDN network. The results show that ONVisor can provide VNs a little bit lower control plane performance and similar data plane performance.     

Stateful firewall‐enabled software‐defined network with distributed controllers: A network performance study

SummarySoftware‐defined network (SDN) is constructed by decoupling the control and data plane from the forwarding devices. The control plane operations are managed by centralized or distributed controllers, and the data plane operation is managed by respective forwarding devices. SDN provides an easy and efficient management solutions for software‐programmed consolidated middlebox in virtual machines. Additionally, SDN with centralized controller faces complications like scalability, network bottle neck, and single point failure. In this study, a stateful inspection firewall acts as a middlebox in distributed SDN‐controlled network. The controller is programmed with a failure detection and recovery mechanism to provide reliability and redundancy and enhance the overall performance of the network. The objective of stateful firewall on SDN architecture is to secure the network by monitoring the current connections and maintain its state information until the connection is active. In this paper, the performance of firewall‐enabled SDN with centralized and distributed controllers are measured, compared, and analyzed. The experiments are done using POX controller, and the results are verified by Mininet network emulation tool. The results show that the stateful firewall‐enabled SDN with distributed controller network improves the security, reliability, availability, and overall performance of the network. In the proposed SDN, average network throughput is improved by 43%, average network delay is reduced by 4%, average channel utilization is increased by 40%, average network overhead is reduced by 26%, and average network response time is reduced by 23%.     

Dynamic control plane management for software‐defined networks

Software‐defined network (SDN) is an emerging network paradigm that allows flexible network management by providing programmability from a separated control plane. Because of the centralized management scheme that SDN adopts, intensive control plane overhead incurs as the scale of SDN increases. The control plane overhead is mainly caused by a massive amount of control messages generated during data plane monitoring and reactive flow instantiation. By far, very few works have addressed the overhead issue on reaction flow instantiation; therefore, we mainly focus on alleviating such overhead in this work. To achieve this goal, we propose a new control plane management (CPMan) method. CPMan aims to realize the following two objectives: first, reduce the number of control messages exchanged through the control channel and second, evenly distribute the control workload across multiple controllers to mitigate the potential performance bottleneck. To realize the former, we propose a lightweight feedback loop‐based control scheme, whereas for the latter, we propose a dynamic switch‐to‐controller (DSC) placement scheme. To show the feasibility of our proposal, we implemented a prototype of the two proposed schemes on top of a carrier‐grade SDN controller and validated its performance in an emulated network. We achieved approximately 57.13% overhead reduction with feedback loop‐based control scheme, while achieved approximately 98.68% balance ratio with DSC placement scheme. Copyright © 2016 John Wiley & Sons, Ltd.     

ESLD: An efficient and secure link discovery scheme for software‐defined networking

Software‐defined networking simplifies network management by decoupling the control plane from the data plane and centralizing it to the controller. As the brain of the network, the controller gains up‐to‐date holistic network visibility via topology discovery. However, as a key service of topology discovery, the link discovery service opens problems on efficiency and security. On the one hand, sending link discovery packets to all ports wastes not only the limited controller resources (such as CPU and memory) but also control channel bandwidth. On the other hand, attackers may use these packets to create fake links and perform link fabrication attack. Because of the centralized control paradigm, wasting controller resources may degrade network performance, and all the fake links may severely poison the network topology, even causing the denial of service or man‐in‐the‐middle attack. In this paper, we propose an efficient and secure link discovery scheme to improve link discovery performance and resist link fabrication attack caused by the software‐defined networking link discovery service. By adopting port classification technique and directionally transmitting packets to appropriate ports, our approach can reduce or eliminate redundant packets and improve link discovery performance. Meanwhile, we adopt the directional packet transmitting approach and the time‐marked hash‐based message authentication code authenticate scheme to resist the link fabrication attack. A prototype system is implemented on the basis of POX controller and Mininet simulator to evaluate our scheme. Simulation results demonstrate that our scheme can solve the link fabrication problems with less overload of both the control plane and the data plane.     

SYN‐Guard: An effective counter for SYN flooding attack in software‐defined networking

In software‐defined networking (SDN), TCP SYN flooding attack is considered as one of the most effective attacks to perform control plane and target server saturation. In this attack, an attacker generates a large number of malicious SYN requests, and because of the absence of the forwarding rules, the data plane switches have to forward these SYN messages to the controller. This excessive forwarding causes congestion over the communication channel between a data plane and control plane, and it also exhausts computational resources at both the planes. In this paper, we propose a novel countermeasure called SYN‐Guard to detect and prevent SYN flooding in SDN networks. We fully implement SYN‐Guard on the SDN controller to validate the incoming TCP connection requests. The controller installs forwarding rules for the SYN requests that successfully clear the validation test of SYN‐Guard. The host of the fake SYN request is detected, and SYN‐Guard prevents it from sending any further SYN requests to the data plane switch. The performance evaluation done using the simulation results shows that SYN‐Guard exhibits low side effect for genuine TCP requests, and when compared with standard SDN and state‐of‐art proposals, it reduces the average response time up to 21% during an ongoing SYN flooding attack.     

Software‐defined networking approach for enhanced evolved packet core network

The evolved packet core (EPC) network is the mobile network standardized by the 3rd Generation Partnership Project and represents the recent evolution of mobile networks providing high‐speed data rates and on‐demand connectivity services. Software‐defined networking (SDN) is recently gaining momentum in network research as a new generation networking technique. An SDN‐based EPC is expected to introduce gains to the EPC control plane architecture in terms of simplified, and perhaps even software‐based, vendor independent infrastructure nodes. In this paper, we propose a novel SDN‐based EPC architecture along with the protocol‐level detailed implementation and provide a mechanism for identifying information fields exchanged between SDN‐EPC entities that maintains correct functionality with minimal impact on the conventional design. Furthermore, we present the first comprehensive network performance evaluation for the SDN‐based EPC versus the conventional EPC and provide a comparative analysis of 2 networks performances identifying potential bottlenecks and performance issues. The evaluation focuses on 2 network control operations, namely, the S1‐handover and registration operations, taking into account several factors, and assessing performance metrics such as end‐to‐end delay (E2ED) for completion of the respective control operation, and EPC nodes utilization figures.     

Intent‐based service management for heterogeneous software‐defined infrastructure domains

One of the main challenges in delivering end‐to‐end service chains across multiple software‐defined networking (SDN) and network function virtualization (NFV) domains is to achieve unified management and orchestration functions. A very critical aspect is the definition of an open, vendor‐agnostic, and interoperable northbound interface (NBI) that should be as abstract as possible and decoupled from domain‐specific data and control plane technologies. In this paper, we propose a reference architecture and an intent‐based NBI for end‐to‐end service management across multiple technological domains. The general approach is tested in a heterogeneous OpenFlow/Internet‐of‐Things (IoT) SDN test bed, where the proposed solution is applied to a rather complex service provisioning scenario spanning three different technological domains: an IoT infrastructure deployment, a cloud‐based data collection, processing, and publishing platform, and a transport domain over a geographic network interconnecting the IoT domain and the data center hosting the cloud services.     

A cognitive model‐based approach for autonomic fault management in OpenFlow networks

Autonomic network management is an approach to the management of complex networks and services that incorporates the detection, diagnosis and reconfiguration, as well as optimization, of their performance. A control loop is fundamental as it facilitates the capture of the current state of the networks and the reconfiguration of network elements without human intervention. For new networking architectures such as software‐defined networking and OpenFlow networks, in which the control plane is moved onto a centralized controller, an efficient control loop and decision making are more crucial. In this paper, we propose a cognitive control loop based on a cognitive model for efficient problem resolving and accurate decision making. In contrast to existing control loops, the proposed control loop provides reactive, deliberative and reflective loops for managing systems based on analysis of current status. In order to validate the proposed control loop, we applied it to fault management in OpenFlow networks and found that the protection mechanism provides fast recovery from single failures in OpenFlow networks, but it cannot cover multiple‐failure cases. We therefore also propose a fast flow setup (FFS) algorithm for our control loop to manage multiple‐failure scenarios. The proposed control loop adaptively uses protection and FFS based on analysis of failure situations. We evaluate the proposed control loop and the FFS algorithm by conducting failure recovery experiments and comparing its recovery time to those of existing methods. Copyright © 2013 John Wiley & Sons, Ltd.     

SDN‐based dynamic multipath forwarding for inter–data center networking

Equal‐cost multipath (ECMP)–based traffic engineering (TE) methods are commonly used in intra–data center (DC) networks to improve the transmission performance for east‐west traffic (ie, traffic from server to server within a DC). However, applying ECMP on inter‐DC wide area network (WAN) offers limited performance enhancement as a result of irregular network topology. Since TE can be intelligently and efficiently realized with software‐defined networking (SDN), SDN‐based multipath becomes a popular option. However, SDN suffers from scalability issue caused by limited ternary content‐addressable memory (TCAM) size. In this paper, we propose an SDN‐based TE method called dynamic flow‐entry‐saving multipath (DFSM) for inter‐DC traffic forwarding. DFSM adopts source‐destination–based multipath forwarding and latency‐aware traffic splitting to reduce the consumption of flow entries and achieve load balancing. The evaluation results indicate that DFSM saves 15% to 30% of system flow entries in practical topologies and reduces the standard deviation of path latencies from 10% to 7% than do label‐switched tunneling, and also reduces average latency by 10% to 48% by consuming 6% to 20% more flow entries than do ECMP in less‐interconnected topologies. Note that the performance gain may not always be proportional to flow entry investment, with the interconnectivity between nodes being an important factor. The evaluation also indicates that per‐flow provision consumes several times the flow entries consumed by DFSM but reduces latency by 10% at most. Besides, DFSM reduces the standard deviation of path latencies from 14% to 7% than do even traffic splitting.     

A survey and comparison on overlay‐underlay mapping techniques in peer‐to‐peer overlay networks

Peer‐to‐peer (P2P) overlay networks were developed initially for file sharing such as Napster and Gnutella; but later, they have become popular for content sharing, media streaming, telephony applications, etc. Underlay‐unawareness in P2P systems can result in suboptimal peer selection for overlay routing and hence poor performance. In this paper, we present a comprehensive survey of the research work carried out to solve the overlay‐underlay mapping problems up till now. The majority of underlay‐aware proposals for peer selection focus on finding the shortest overlay routes by selecting nearest nodes according to proximity information. Another class of approaches is based on passive or active probing for provision of underlay information to P2P applications. Some other optimizations propose use of P2P middleware to extract, process, and refine underlay information and provide it to P2P overlay applications. Another class of approaches strive to use ISPs or third parties to provide underlay information to P2P overlay applications according to their requirements. We have made a state‐of‐the‐art review and comparison for addressing the overlay‐underlay mismatch in terms of their operation, merits, limitations, and future directions.     

Characterizing Overlay Multicast Networks and Their Costs

Overlay networks among cooperating hosts have recently emerged as a viable solution to several challenging problems, including multicasting, routing, content distribution, and peer-to-peer services. Application-level overlays, however, incur a performance penalty over router-level solutions. This paper quantifies and explains this performance penalty for overlay multicast trees via: 1) Internet experimental data; 2) simulations; and 3) theoretical models. We compare a number of overlay multicast protocols with respect to overlay tree structure, and underlying network characteristics. Experimental data and simulations illustrate that the mean number of hops and mean per-hop delay between parent and child hosts in overlay trees generally decrease as the level of the host in the overlay tree increases. Overlay multicast routing strategies, overlay host distribution, and Internet topology characteristics are identified as three primary causes of the observed phenomenon. We show that this phenomenon yields overlay tree cost savings: Our results reveal that the normalized cost L(n)/U(n) is propn^0.9 for small n, where L(n) is the total number of hops in all overlay links, U(n) is the average number of hops on the source to receiver unicast paths, and n is the number of members in the overlay multicast session. This can be compared to an IP multicast cost proportional to n^0.6 to n^0.8     

SDN/NFV‐based handover management approach for ultradense 5G mobile networks

With the great increase of connected devices and new types of applications, mobile networks are witnessing exponential growth of traffic volume. To meet emerging requirements, it is widely agreed that the fifth‐generation mobile network will be ultradense and heterogeneous. However, the deployment of a high number of small cells in such networks poses challenges for the mobility management, including frequent, undesired, and ping‐pong handovers, not to mention issues related to increased delay and failure of the handover process. The adoption of software‐defined networking (SDN) and network function virtualization (NFV) technologies into 5G networks offers a new way to address the above‐mentioned challenges. These technologies offer tools and mechanisms to make networks flexible, programmable, and more manageable. The SDN has global network control ability so that various functions such as the handover control can be implemented in the SDN architecture to manage the handover efficiently. In this article, we propose a Software‐Defined Handover (SDHO) solution to optimize the handover in future 5G networks. In particular, we design a Software‐Defined Handover Management Engine (SDHME) to handle the handover control mechanism in 5G ultradense networks. The SDHME is defined in the application plane of the SDN architecture, executed by the control plane to orchestrate the data plane. Simulation results demonstrate that, compared with the conventional LTE handover strategy, the proposed approach significantly reduces the handover failure ratio and handover delay.     

Performance Evaluation of Service‐Aware Optical Transport System

We propose and experimentally demonstrate a service‐aware optical transport system. The proposed service‐aware optical transport system makes a flow based on service type and priority of traffic. The generated flow is mapped to a corresponding sub‐λ for transport over an optical network. Using sub‐λ provided by the centralized control plane, we could effectively provide quality‐of‐service guaranteed Ethernet service and best‐effort service simultaneously in a single link. The committed information rate (CIR) traffic and best‐effort traffic are assigned to different sub‐λs. The bandwidth of the CIR traffic is guaranteed without being affected by violation traffic because the bandwidth is managed per each sub‐λ. The failure detection time and restoration time from a link failure is measured to be about 60 µs and 22 ms, respectively, in the ring network. The measured restoration time is much smaller than the 50 ms industry requirement for real‐time services. The fast restoration time allows the proposed service‐aware optical transport system to offer high availability and reliability which is a requirement for transport networks.     

HSDN‐GRA: A hybrid software‐defined networking‐based geographic routing protocol with multi‐agent approach

We propose in this paper a Hybrid Software‐Defined Networking‐based Geographical Routing Protocol (HSDN‐GRA) with a clustering approach. It takes into account three different criteria to select the best relay to send data: (1) the contact duration between vehicles, (2) the available load of each vehicle, (3) and the log of encountered communication errors embedded in each cluster head. The multi‐criteria strategy allows the selection of the most reliable vehicles by avoiding communication problems and ensuring connection availability. Once the hybrid control plane has found out the next eligible neighbor, the data plane will be in charge of dividing and sending data. To validate our approach, HSDN‐GRA has been modeled and implemented in JADE, a multi‐agent platform, to be compared to other multi‐agent based protocols. Simulation results show that HSDN‐GRA achieves good performance with respect to the average routing overhead, the packet drop rate, and the throughput.     

Subgrouping‐based multicast transmission over high‐throughput satellite systems with beam cooperation

This paper investigates the multicast transmission for multicast services in high‐throughput satellite (HTS) systems. Considering the multibeam multicast feature of HTSs, cooperative transmission among beams is involved in to improve the efficiency of the multicast transmission. Since the multicast transmission rate depends on the worst user channel state, all the users experience an unreasonably low rate. In this situation, subgrouping techniques are employed to increase transmission rates of users. A subgrouping‐based multicast transmission problem aiming at maximizing the lowest transmission rate of the users is studied to guarantee fairness among users. We formulate the problem as a max–min optimization problem and propose two low‐complex subgrouping algorithms for this problem. Additionally, we also consider multicasting in a single beam and devise a two‐layer transmission scheme for it. In the performance evaluation part, besides the impact of parameters on subgrouping performance, we analyze the performance and the computational complexity of the proposed algorithms. The results indicate that the two subgrouping algorithms can achieve favorable performance with low complexity.     

Overlay,Borůvka‐based,Ad‐hoc multicast Protocol: description and performance analysis

This paper presents a novel Mobile Ad‐hoc NETworks (MANET) multicast protocol, named Overlay Borůvka‐based Ad‐hoc Multicast Protocol (OBAMP), and evaluates its performance. OBAMP is an overlay protocol: it runs only in the end‐systems belonging to the multicast group. OBAMP has three distinctive features, which give to the protocol a good performance in terms of distribution efficiency: (i) its distribution tree closely resembles the minimum spanning tree; (ii) it exploits broadcast communications; (iii) its design limits not only overlay signaling but also network‐layer signaling. In addition, OBAMP can cope with node failures in a very short time. As a consequence, OBAMP has a low latency and a high delivery ratio, even when the group size increases. To prove these statements, we analyze the performance of OBAMP with ns‐2 and compare it with three state‐of‐the‐art protocols, namely ODMRP (a network‐layer protocol), ALMA, and AMRoute (two overlay protocols). The overlay protocols are assumed to use AODV as underlying routing protocol. Also, we stress that we have implemented OBAMP, in Java, and we have tested it on the field, to prove its feasibility; to allow fellow researchers to reproduce and test our work we published all simulation and implementation codes. Copyright © 2007 John Wiley & Sons, Ltd.     

The research on a novel structure of two‐layer distributed controllers in software‐defined networking

Distributed controllers have been proposed for solving the scalability and reliability of the centralized controllers problems in software‐defined networking. This paper has presented a new two‐layer distributed controller structure Cacc with the features of overlap management and dynamic management. Cacc has advantages of load balancing and manageability. Furthermore, this paper has conducted the performance modeling of controller topologies and has proposed a new placement problem for Cacc: capacitated multi‐controller placement problem, in which one local controller is assigned to 2 or more root controllers with capacity limitation to achieve a high reliability. Both of the analysis and experiment results have verified the reliability advantages of capacitated multi‐controller placement problem.