A virtualized infrastructure to offer network mapping functionality in SDN networks

The separation of control and forwarding planes in software‐defined networking (SDN) networks is a key issue of the SDN technology. This feature and the existence of the SDN controller allow the developing of dynamic, adaptable and manageable networks, networks that require adequate services, and applications. However, the separation of these planes prevents the use of existing powerful tools that were coded considering traditional networks. In this paper, we make use of the potential of network virtualization (NV) technologies to propose the use of a virtualized infrastructure that makes possible the incorporation of these existing services and/or applications to an SDN network, without the need for programming additional and complex software modules in the SDN controller. Thus, in this paper, NV is not employed to develop a network managed by SDN but to broaden and give support to the SDN control layer. As an example, we describe the incorporation of nmap (a versatile and powerful tool widely used by security experts for network exploration) into the SDN framework. It is only necessary to develop a simple control plane service that thanks to the proposed virtualized infrastructure allows the inclusion of this powerful management application. The result offers the complete functionality of the nmap utility to the network administrators, who control the SDN network through the out‐of‐band control plane. In addition, a northbound REST API has been defined to offer the main functionality of the tool (host discovery, port scanning, and operating system detection) to the application layer.     

基于SDN的多控制器部署策略的研究

随着SDN在大型网络以及广域网中的需求,如何合理、高效地部署SDN控制器,从而以较低的部署成本,获得较好的网络性能,是当前研究的热点.针对控制器数量、部署位置问题以及交换机与控制器之间的映射关系的问题,首先给出一种分布式的控制器部署方式并设定了网络相关参数,以流建立请求代价为优化目标,提出了一种基于贪心算法的控制器部署策略方案.最后通过仿真实验将所提出方案与ACL方案进行对比,证明了所提方案在性能方面有一定的提升.     

HeS‐CoP: Heuristic switch‐controller placement scheme for distributed SDN controllers in data center networks

Software‐defined networking (SDN) has been widely researched and used to manage large‐scale networks such as data center networks (DCNs). An early stage of SDN controller experienced low responsiveness, low scalability, and low reliability. To solve these problems, distributed SDN controllers have been proposed. The concept of distributed SDN controllers distributes control messages among multiple SDN controllers. However, distributed SDN controllers must assign a master controller for each networking devices. Most previous studies, however, did not consider the characteristics of DCNs. Thus, they are not suitable to operate in DCNs. In this paper, we propose HeS‐CoP, a heuristic switch‐controller placement scheme for distributed SDN controllers in DCNs. With the control traffic load and CPU load, HeS‐CoP decides when our scheme should be performed in DCNs. To show the feasibility of HeS‐CoP, we designed and implemented an orchestrator that contains our proposed scheme and then evaluated our proposed scheme. As a result, our proposed scheme well distributes the control traffic load, decreases the average CPU load, and reduces the packet delay.     

基于流量工程的软件定义网络控制资源优化机制

针对软件定义网络(SDN)分布式控制平面中由于网络分域管理所引发的控制扩张问题,该文提出了一种基于流量工程的SDN控制资源优化(TERO)机制。首先基于数据流的路径特征对流请求的控制资源消耗进行分析,指出通过调整控制器和交换机的关联关系可以降低控制资源消耗。然后将控制器关联过程分为两个阶段：先设计了最小集合覆盖算法来快速求解大规模网络中控制器关联问题;在此基础上,引入联合博弈策略来优化控制器和交换机的关联关系以减少控制资源消耗和控制流量开销。仿真结果表明,与现有的控制器和交换机就近关联机制相比,该文机制能在保证较低控制流量开销的前提下,节省约28%的控制资源消耗。

     

Exploiting the control power of SDN during the transition from IP to SDN networks

The emerging software‐defined networking (SDN) paradigm introduces new opportunities to improve network performance due to the flexibility and programmability provided by a logically centralized element named controller. However, a rapid adoption of the full SDN architecture is difficult in the short term due to economic and technical reasons. This paper faces the SDN nodes replacement problem during the transition from traditional IP networks to fully deployed SDN networks. Six different replacement methods are proposed to select the most appropriate set of traditional IP nodes to be upgraded to SDN‐enabled switches at a particular transition stage. To show the effectiveness of the proposed methods, they have been applied on an optimization problem currently studied by the research community: the power consumption problem. An integer linear programming formulation is presented to solve it and a genetic algorithm is evaluated through simulations on realistic network topologies. Results highlight that energy‐efficiency in hybrid IP/SDN networks can be significantly improved by only replacing a reduced number of IP nodes.     

DSL: Dynamic and Self‐Learning Schedule Method of Multiple Controllers in SDN

For the reliability of controllers in a software defined network (SDN), a dynamic and self‐learning schedule method (DSL) is proposed. This method is original and easy to deploy, and optimizes the combination of multiple controllers. First, we summarize multiple controllers’ combinations and schedule problems in an SDN and analyze its reliability. Then, we introduce the architecture of the schedule method and evaluate multi‐controller reliability, the DSL method, and its optimized solution. By continually and statistically learning the information about controller reliability, this method treats it as a metric to schedule controllers. Finally, we compare and test the method using a given testing scenario based on an SDN network simulator. The experiment results show that the DSL method can significantly improve the total reliability of an SDN compared with a random schedule, and the proposed optimization algorithm has higher efficiency than an exhaustive search.     

Balanced multiple controllers placement with latency and capacity bound in software-defined network

Software-defined network (SDN) used a network architecture which separates the control plane and data plane. The control logic of SDN was implemented by the controller. Because controller's capacity was limited, in large scale SDN networks, single controller can not satisfy the requirement of all switches. Multiple controllers were needed to han-dle all data flows. By the reason that the latency between controller and switch would significantly affect the forwarding of new data flow, the rational placement of controllers would effectively improve the performance of entire network. By partition the network into multiple sub domains, on the base of spectral clustering, a method that added a balanced de-ployment object function into k-means was given and a balanced multiple controllers placement algorithm in SDN net-works which has the latency and capacity limitations was proposed. In this approach, a penalty function was introduced in the algorithm to avoid isolation nodes appearing. The simulations show that this algorithm can balance partition the net-work, keep the latency between controller and switch small and keep loads balancing between controllers.     

Stateful firewall‐enabled software‐defined network with distributed controllers: A network performance study

SummarySoftware‐defined network (SDN) is constructed by decoupling the control and data plane from the forwarding devices. The control plane operations are managed by centralized or distributed controllers, and the data plane operation is managed by respective forwarding devices. SDN provides an easy and efficient management solutions for software‐programmed consolidated middlebox in virtual machines. Additionally, SDN with centralized controller faces complications like scalability, network bottle neck, and single point failure. In this study, a stateful inspection firewall acts as a middlebox in distributed SDN‐controlled network. The controller is programmed with a failure detection and recovery mechanism to provide reliability and redundancy and enhance the overall performance of the network. The objective of stateful firewall on SDN architecture is to secure the network by monitoring the current connections and maintain its state information until the connection is active. In this paper, the performance of firewall‐enabled SDN with centralized and distributed controllers are measured, compared, and analyzed. The experiments are done using POX controller, and the results are verified by Mininet network emulation tool. The results show that the stateful firewall‐enabled SDN with distributed controller network improves the security, reliability, availability, and overall performance of the network. In the proposed SDN, average network throughput is improved by 43%, average network delay is reduced by 4%, average channel utilization is increased by 40%, average network overhead is reduced by 26%, and average network response time is reduced by 23%.     

TILAK: A token‐based prevention approach for topology discovery threats in SDN

Software‐defined networks (SDNs) decouple the data plane from the control plane. Thus, it provides logically centralized visibility of the entire networking infrastructure to the controller. It enables the applications running on top of the control plane to innovate through network management and programmability. To envision the centralized control and visibility, the controller needs to discover the networking topology of the entire SDN infrastructure. However, discovering and maintaining a global view of the underlying network topology is a challenging task because of (i) frequently changing network topology caused by migration of the virtual machines in the data centers, mobile, end hosts and change in the number of data plane switches because of technical faults or network upgrade; (ii) lack of authentication mechanisms and scarcity in SDN standards; and (iii) availability of security solutions during topology discovery process. To this end, the aim of this paper is threefold. First, we investigate the working methodologies used to achieve global view by different SDN controllers, specifically, POX, Ryu, OpenDaylight, Floodlight, Beacon, ONOS, and HPEVAN. Second, we identify vulnerabilities that affect the topology discovery process in the above controller implementation. In particular, we provide a detailed analysis of the threats namely link layer discovery protocol (LLDP) poisoning, LLDP flooding, and LLDP replay attack concerning these controllers. Finally, to countermeasure the identified risks, we propose a novel mechanism called TILAK which generates random MAC destination addresses for LLDP packets and use this randomness to create a flow entry for the LLDP packets. It is a periodic process to prevent LLDP packet‐based attacks that are caused only because of lack of verification of source authentication and integrity of LLDP packets. The implementation results for TILAK confirm that it covers targeted threats with lower resource penalty.     

Multi-controller balancing deployment strategy based on reliability evaluation in SDN

The control plane has low reliability and controller loads were unbalanced in distributed software defined networks,and a multi-controller balancing deployment strategy based on reliability evaluation was proposed.Firstly,node reliability was evaluated by weighting node efficiency and path quality,optimizing the controller location with balancing factor.Then based on improved k-center clustering,the redundant functions was introduced and the switch allocation was completed according to node attractiveness degree and controller load balancing rate,achieving a reasonable SDN sub-domain planning.The simulations show that compared with the existing strategy the number of required controllers is reduced by an average of 22.1%.The control plane elasticity is enhanced,and the controller load balancing performance has been improved significantly.     

Performance Analysis of SDN/OpenFlow Controllers: POX Versus Floodlight

Software-Defined Networking (SDN) is an emerging network architecture that is adaptable, dynamic, cost-effective, and manageable. The SDN architecture is a form of network virtualization where the network controlling functions and forwarding functions are decoupled. A setup and configuration task of a control plane to work as an SDN controller is explained in this paper. This paper includes a brief survey of different SDN based OpenFlow-enabled controllers available in various programmable languages. This paper mainly focuses on two OpenFlow-enabled controllers, namely, POX—a Python-based controller and Floodlight—a Java-based controller. A performance comparison of both controllers is tested over different network topologies by analyzing network throughput and round-trip delay using an efficient network simulator called Mininet. A single, linear, tree and custom (user-defined) topologies are designed in Mininet by enabling external controllers. It is obtained that, a percentage improvement in round-trip time for Floodlight over POX is 11.5, 13.9, 19.6 and 14.4% for single, linear, tree and custom topology respectively. Similarly, a percentage improvement in throughput for Floodlight over POX is 5.4, 8.9, 3.8 and 4.9% for single, linear, tree and custom topology respectively.     

SDN/NFV‐based handover management approach for ultradense 5G mobile networks

With the great increase of connected devices and new types of applications, mobile networks are witnessing exponential growth of traffic volume. To meet emerging requirements, it is widely agreed that the fifth‐generation mobile network will be ultradense and heterogeneous. However, the deployment of a high number of small cells in such networks poses challenges for the mobility management, including frequent, undesired, and ping‐pong handovers, not to mention issues related to increased delay and failure of the handover process. The adoption of software‐defined networking (SDN) and network function virtualization (NFV) technologies into 5G networks offers a new way to address the above‐mentioned challenges. These technologies offer tools and mechanisms to make networks flexible, programmable, and more manageable. The SDN has global network control ability so that various functions such as the handover control can be implemented in the SDN architecture to manage the handover efficiently. In this article, we propose a Software‐Defined Handover (SDHO) solution to optimize the handover in future 5G networks. In particular, we design a Software‐Defined Handover Management Engine (SDHME) to handle the handover control mechanism in 5G ultradense networks. The SDHME is defined in the application plane of the SDN architecture, executed by the control plane to orchestrate the data plane. Simulation results demonstrate that, compared with the conventional LTE handover strategy, the proposed approach significantly reduces the handover failure ratio and handover delay.     

软件定义网络容错控制平面的最小覆盖布局方法

容错控制平面通过将多个控制器部署在不同的网络设备上进而增强网络的可靠性,但是大量的控制器部署带来了巨大的布局成本,严重地限制了容错控制平面在实际网络中的部署与应用。为了解决上述问题,该文首先构造了容错控制平面的最小覆盖布局模型,然后设计了一种基于局部搜索策略的启发式控制器布局算法,避免搜索结果陷入局部最优解。在不同规模网络中的仿真结果表明,相对于其他算法,所提算法可以在保证网络容错需求的同时,降低网络中部署控制器的数量。

     

Autonomous Domain Correlation-Based Cross-domain Network View Caching Method for SDN Distributed Controller

Software-defined networks (SDN) maintain a global view of the network,thus improving the intelligence of forwarding decisions.With the expansion of the network scale,distributed controllers are used in a variety of large-scale networks in which subnetworks managed by controller instance are called autonomous domains.We analyze statistic frequency of communication across the autonomous domain.We calculate the autonomous domain correlations for controller instances using acquired statistical information.We cache network views to highly correlated controller instances.Distributed controllers are capable of considering both the average response time and overall storage.An experiment shows that our method can fully take advantage of these two performance indicators.     

基于OpenFlow的SDN可靠性综述

软定义网络(SDN)是一种新型的网络架构,其将控制平面和数据转发平面分离,并为网络管理提供了可编程的接口,简化了网络管理。随着基于OpenFlow的SDN技术在现实中的广泛应用,其所存在的问题也凸显出来,可靠性就是其中的一个重要方面。文中针对基于OpenFlow的SDN在可靠性方面存在的问题,分析总结了导致OpenFlow网络失效的因素,将网络失效划分为控制器、链路和节点失效,并归纳出相应的解决方案,探讨了未来基于OpenFlow的SDN在可靠性方面的研究方向与趋势。     

A consistent QoS routing strategy for video streaming services in SDN networks

The software‐defined networking (SDN) paradigm proposes to decouple the control plane (decision‐making process) and the data plane (packet forwarding) to overcome the limitations of traditional network infrastructures, which are known to be difficult to manage, especially at scale. Although there are previous works focusing on the problem of quality of service (QoS) routing in SDN networks, only few solutions have taken into consideration the network consistency, which reflects the adequacy between the decisions made and the decisions that should be taken. Therefore, we propose a network architecture that guarantees the consistency of the decisions to be taken in an SDN network. A consistent QoS routing strategy is then introduced in a way that avoids any quality degradation of prioritized traffic while optimizing resources usage. Thus, we proposed a traffic dispersion heuristic in order to achieve this goal. We compared our approach with several existing framework in terms of best‐effort flows average throughput, average video bitrate, and video quality of experience (QoE). The emulation results, which are performed using the Mininet environment, clearly demonstrate the effectiveness of the proposed approach that outperforms existing frameworks.     

层次型多中心的SDN控制器部署

软件定义网络(SDN)通过转发与控制分离,借助控制面的集中化实现网络的灵活性和开放性.控制器部署是SDN部署运行的基础和前提.针对层次型多中心SDN的控制器部署问题,该文采用多层k路划分方法实现大规模SDN网络的区域划分,将传统的SDN多控制器直接部署转化为区域划分和域内控制器部署,同时通过减少图划分的域间割边数以降低SDN跨域流数量以提高流表构建效率.通过实验验证,较其他传统方法,该文提出的层次型多中心控制器部署方法可有效减少网络通信代价,降低流表构建代价.     

Dynamic switch migration with noncooperative game towards control plane scalability in SDN

As software‐defined networking (SDN) is a logically centralized technology, the control plane scalability in SDN is increasingly important with the network scale increasing. Load balancing and maximizing resource utilization are very critical to the control plane in SDN, while switch migration is an effective approach to achieve these two performance metrics. However, switch migration is NP‐hard problem because it belongs to the problem of combinatorial optimization. To avoid the NP‐hard problem, we propose a switch migration scheme by adopting noncooperative game to improve the control plane scalability in SDN. First, we design a novel load balancing monitoring scheme to detect the load imbalance between controllers and trigger migrating switches. Then, we use noncooperative game among controllers to decide switch migration to get the maximizing overall profits. Last, we prove that our proposed approach can get Pareto optimality. Extensive simulations prove that our method is able to achieve a more scalable control plane with load balancing and maximizing resource utilization.     

DDoS attack detection and defense based on hybrid deep learning model in SDN

Software defined network (SDN) is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.     

SO-CPP: Sailfish optimization-based controller placement in IoT-enabled software-defined wireless sensor networks

One of the expanding network topologies that is frequently utilized to improve network development by successfully separating the control plane and data plane is software-defined networking (SDN). In order to function inside complex sensor networks, the SDWSN system frequently relies on centralized controller logic that pulls global network information. In wireless sensor networks (WSNs), using several SDN controllers is known as a promising strategy due to reliability and performance considerations. However, using numerous controllers increases the synchronization overhead between the controllers. Consequently, it is a difficult research challenge to discover the best placement of SDN controllers to enhance the performance of a WSN, subject to the maximum number of controllers calculated based on the synchronization overhead. This research introduces a novel technique to overcome the controller placement problem (CPP) by optimizing multi-constraints within the sensor networks. For selecting the optimal controllers and placing them in an optimal location, a novel sailfish optimization (SO) strategy is introduced that can enhance the search space and maintain optimal global values throughout the iteration. Then, node clustering is performed using the fuzzy-C-means (FCM) clustering technique, which can reduce energy consumption and path delay within the network. The overall latency obtained by the proposed method is about 0.51 and 0.56 ms, and a total run time of 4 ms for both single sink and multi-sink, respectively. The proposed method is implemented in the MATLAB platform, and different performance metrics are analyzed and compared with existing techniques.