A genetic algorithm‐based flow update scheduler for software‐defined networks

Software‐defined networking (SDN) facilitates network programmability through a central controller. It dynamically modifies the network configuration to adapt to the changes in the network. In SDN, the controller updates the network configuration through flow updates, ie, installing the flow rules in network devices. However, during the network update, improper scheduling of flow updates can lead to a number of problems including overflowing of the switch flow table memory and the link bandwidth. Another challenge is minimizing the network update completion time during large‐network updates triggered by events such as traffic engineering path updates. The existing centralized approaches do not search the solution space for flow update schedules with optimal completion time. We proposed a hybrid genetic algorithm‐based flow update scheduling method (the GA‐Flow Scheduler). By searching the solution space, the GA‐Flow Scheduler attempts to minimize the completion time of the network update without overflowing the flow table memory of the switches and the link bandwidth. It can be used in combination with other existing flow scheduling methods to improve the network performance and reduce the flow update completion time. In this paper, the GA‐Flow Scheduler is combined with a stand‐alone method called the three‐step method. Through large‐scale experiments, we show that the proposed hybrid approach could reduce the network update time and packet loss. It is concluded that the proposed GA‐Flow Scheduler provides improved performance over the stand‐alone three‐step method. Also, it handles the above‐mentioned network update problems in SDN.     

Improving reliability of erasure codes‐based storage paradigm under correlated failures for wireless sensor networks

In distributed sensor networks, ensuring data availability and reliability in the presence of node failures and malicious attacks is an important requirement. Traditionally, redundant schemes such as erasure codes and network coding are used to improve storage efficiency. However, prior works do not consider the scenario that node failures might cut the network into multiple components and result in unsuccessful data reconstruction. To address this problem, we first devise a data segment distribution scheme that enables randomly connected component of remaining network to have enough data symbols to recreate the initial data. Because the optimal symbol distribution is Nondeterministic Polynomial (NP)‐complete problem, we further propose an approximation solution to solve it for arbitrary network model. Second, an efficient data recovery scheme with integrity check is proposed to reconstruct the initial data and repair the data saved on the disabled nodes in case of Byzantine failures. Compared with the previous approaches, the proposed scheme benefits from low data loss and storage overhead, which is confirmed by evaluations. Copyright © 2015 John Wiley & Sons, Ltd.     

CFR: A cooperative link failure recovery scheme in software‐defined networks

Software‐defined networking that separates the control plane from the data plane is envisioned as a promising technology to enable resilient and flexible network management. Tolerating link failures is a fundamental problem in enhancing such network resilience in software‐defined networking. Reactive and proactive fault tolerant schemes for conventional networks may not well balance the fault recovery time and network performance, since the proactive scheme typically underutilizes resources and the reactive scheme usually incurs a longer recovery time. In this paper, we propose a cooperative link failure recovery scheme to find a fine‐grained trade‐off between resource utilization and recovery time by combining reactive and proactive methods. We formalize the problem of link failure recovery as a multiobjective optimization problem and devise a 2‐stage algorithm for it. The first stage of the algorithm guarantees connectivity restoration in an acceptable recovery interval based on fast failover feature supported in OpenFlow protocol, meanwhile it assigns virtual local area network tags to back up paths for achieving a lower memory consumption. The second stage of the algorithm guarantees the quality of service for different applications by adjusting the backup paths after rapid connectivity restoration. Extensive simulations highlight that cooperative link failure recovery scheme can satisfy both the carrier‐grade recovery requirements and quality of service requirements in terms of delay and network bandwidth.     

Energy efficient virtual network embedding for federated software‐defined networks

In this paper, we focus on energy efficient virtual network embedding in federated (multidomain) software‐defined networks (SDNs). We first formulate an optimization problem as an integer linear program (ILP) that minimizes the energy consumption of the network links, while at the same time adhering to the bandwidth and CPU requirements of the virtual network requests. We then propose a polynomial‐time heuristic algorithm, which consists of three stages. In the first stage, the top SDN controller decides on whether to partition the virtual network request into smaller subrequests and give subrequests to multiple domains or give the enitre virtual network request to a single domain, while in the second stage, each SDN controller implements virtual network embedding in its own domain. Finally, in the third stage, the algorithm performs interdomain routing if partitioning decision had been made in the first stage. Our simulation results demonstrate that our proposed algorithm yields close performance to the solutions obtained by using the optimization software CPLEX that implements our ILP.     

Stateful firewall‐enabled software‐defined network with distributed controllers: A network performance study

SummarySoftware‐defined network (SDN) is constructed by decoupling the control and data plane from the forwarding devices. The control plane operations are managed by centralized or distributed controllers, and the data plane operation is managed by respective forwarding devices. SDN provides an easy and efficient management solutions for software‐programmed consolidated middlebox in virtual machines. Additionally, SDN with centralized controller faces complications like scalability, network bottle neck, and single point failure. In this study, a stateful inspection firewall acts as a middlebox in distributed SDN‐controlled network. The controller is programmed with a failure detection and recovery mechanism to provide reliability and redundancy and enhance the overall performance of the network. The objective of stateful firewall on SDN architecture is to secure the network by monitoring the current connections and maintain its state information until the connection is active. In this paper, the performance of firewall‐enabled SDN with centralized and distributed controllers are measured, compared, and analyzed. The experiments are done using POX controller, and the results are verified by Mininet network emulation tool. The results show that the stateful firewall‐enabled SDN with distributed controller network improves the security, reliability, availability, and overall performance of the network. In the proposed SDN, average network throughput is improved by 43%, average network delay is reduced by 4%, average channel utilization is increased by 40%, average network overhead is reduced by 26%, and average network response time is reduced by 23%.     

A cluster‐based fault‐tolerant routing protocol for wireless sensor networks

Energy conservation and fault tolerance are two critical issues in the deployment of wireless sensor networks (WSNs). Many cluster‐based fault‐tolerant routing protocols have been proposed for energy conservation and network lifetime maximization in WSNs. However, these protocols suffer from high frequency of re‐clustering as well as extra energy consumption to tolerate failures and consider only some very normal parameters to form clusters without any verification of the energy sufficiency for data routing. Therefore, this paper proposes a cluster‐based fault‐tolerant routing protocol referred as CFTR. This protocol allows higher energy nodes to become Cluster Heads (CHs) and operate multiple rounds to diminish the frequency of re‐clustering. Additionally, for the sake to get better energy efficiency and balancing, we introduce a cost function that considers during cluster formation energy cost from sensor node to CH, energy cost from CH to sink, and another significant parameter, namely, number of cluster members in previous round. Further, the proposed CFTR takes care of nodes, which have no CH in their communication range. Also, it introduces a routing algorithm in which the decision of next hop CH selection is based on a cost function conceived to select routes with sufficient energy for data transfer and distribute uniformly the overall data‐relaying load among the CHs. As well, a low‐overhead algorithm to tolerate the sudden failure of CHs is proposed. We perform extensive simulations on CFTR and compare their results with those of two recent existing protocols to demonstrate its superiority in terms of different metrics.     

Toward manageable middleboxes in software‐defined networking

Software‐defined networking (SDN) acts as a centralized management unit, especially in a network with devices that operate under the transport layer of the OSI model. However, when a network with layer 7 middleboxes (MBs) is considered, current SDNs exhibit limitations. As such, to achieve a real‐centralized management unit, a new architecture is required that decouples the data and control planes of all network devices. In this report, we propose such a complementary architecture to the current SDN in which SDN‐enabled MBs are included along with contemporary SDN‐enabled switches. The management unit of this architecture improves network performance and reduces routing cost by considering the status of the MBs during flow forwarding. This unit consists of the following two parts: an SDN controller (SDNC) and a middlebox controller (MBC). The latter selects the best MBs for each flow and the former determines the best path according to its routing algorithm and provides information via the MBC. The results show that the proposed architecture improved performance because the utilization of all network devices including MBs is manageable.     

Secure access of resources in software‐defined networks using dynamic access control list

Software‐defined networking (SDN) creates a platform to dynamically configure the networks for on‐demand services. SDN can easily control the data plane and the control plane by implementing the decoupling concept. SDN controller will regulate the traffic flow and creates the new flow label based on the packet dump received from the OpenFlow virtual switches. SDN governs both data information and control information toward the destination based on flow label, but it does not contain security measure to restrict the malicious traffic. The malicious denial‐of‐service (DoS) attack traffic is generated inside the SDN environment; it leads to the service unavailability. This paper is mainly focused on the detection of DoS attacks and also mitigates the malicious traffic by dynamically configuring the firewall. The SDN with dynamic access control list properties is emulated by mininet, and the experimental results exemplify the service unavailable gap between acceptance and rejection ratio of the packets.     

A time‐efficient shrinkage algorithm for the Fourier‐based prediction enabling proactive optimisation in software‐defined networks

This paper focuses on the problem of time‐efficient traffic prediction. The prediction enables the proactive and globally scoped optimisation in software‐defined networks (SDNs). We propose the shrinkage and selection heuristic method for the trigonometric Fourier‐based traffic models in SDNs. The proposed solution allows us to optimise the network for an upcoming time window by installing flow entries in SDN nodes before the first packet of a new flow arrives. As the mechanism is designed to be a part of a sophisticated routing‐support system, several critical constraints are considered and taken into account. Specifically, the system is traffic‐ and topology‐agnostic, thus the prediction mechanism must be applicable to the networks with highly variable traffic loads (e.g., observed inside intra‐DCNs: datacentre networks). Furthermore, the system must effectively optimise routing in large‐scale SDNs comprised of numerous nodes and handling millions of flows of a dynamic nature. Therefore, the prediction must be simultaneously accurate as well as being time efficient and scalable. These requirements are met by our Fourier‐based solution, which subtracts consecutive harmonics from the original signal and compares the result with an adaptive threshold adjusted to the signal's standard deviation. The evaluation is performed by comparing the proposed heuristic with the well‐known Lasso method of proven accuracy. The results show that our solution is able to retain prediction accuracy at a comparable level. Moreover, in accordance with our main aim, we operate in a manner which is always significantly faster. In some cases, computation times are reduced by as much as 50 times.     

Vehicular HetNet load distribution using centralized control of software‐defined network

Current vehicular communication systems experience from nonflexible and costly devices, complicated control‐plane protocols, and vendor‐specific configuration interfaces. In the next generation vehicular communication, a mobile device (MD) will be installed on a car capable of accessing multiple services from different networks. So heterogeneous networks (HetNets) may play a vital role in vehicular communication. Despite heterogeneity, flawless connectivity between different systems is a basic need of the travellers. The key challenge for seamless connectivity is the design of a vertical handover (VHO) scheme. We claim that software‐defined networking (SDN) can make things easier in the design and supervision of VHO in vehicular HetNet. The proposed method maximizes the HetNet utilization with lesser handover by balancing the load among the HetNets. Simulation results performed in MATLAB justified that this novel architecture with proper VHO technique boosts the performance by balancing the load, reducing unnecessary VHO, etc. Performance is analyzed by considering four studies, ie, handover served ratio (HSR), on board units (OBUs), OBU served ratio (OSR), and total throughput and total capacities of road side units (RSUs) to serve handover demands from OBUs. It is observed that the HSR increases rapidly as the number of OBUs increases, which indicates almost all the handover requested OBUs are allocated resources by a connected RSU. We also studied the served total throughput by considering VHO with SDN, without SDN in the average case and without SDN in the best case, and it is observed that with SDN as a central controller, the total OSR and total throughput is increased.     

Nature‐inspired meta‐heuristic algorithms for solving the load balancing problem in the software‐defined network

The growth of the networks has difficult network management. Recently, a concept called software‐defined network (SDN) has been proposed to address this issue, which makes network management more adaptable. Control and forwarding planes are separated in SDN. The control plane is a centralized logical controller that controls the network. The forwarding plane that consists of transfer devices is responsible for transmitting packets. Because the network resources are limited, optimizing the use of resources in the networks is an important issue. Load balancing improves the balanced distribution of loads across multiple resources in order to maximize the reliability and network resources efficiency. SDN controllers can create an optimal load balancing compared to traditional networks because they have a network global view. The load‐balancing problem can be solved using many different nature‐inspired meta‐heuristic techniques because it has the NP‐complete nature. Hence, for solving load balancing problem in SDN, nature‐inspired meta‐heuristic techniques are important methods. However, to the best of our knowledge, there is not a survey or systematic review on studying these matters. Accordingly, in the area of the load balancing in the SDN, this paper reviews systematically the nature‐inspired meta‐heuristic techniques. Also, this study demonstrates advantages and disadvantages regarded of the chosen nature‐inspired meta‐heuristic techniques and considers their algorithms metrics. Moreover, to apply better load balancing techniques in the future, the important challenges of these techniques have been investigated.     

Dynamic wireless spectrum access using GNU Radio and software‐defined radios

This paper presents the design, implementation, and results from a dynamic wireless spectrum access system built using GNU Radio and software‐defined radios (SDRs) as part of an undergraduate senior design project. The project involved designing and implementing a dynamic wireless spectrum access system in which the secondary user (SU) learns the unknown transmission behavior (channel occupancy and time slots) of the primary user (PU) and then opportunistically transmits during time slots and using channels when they are not being used by the PUs. The main design objective was to maximize the throughput of the SU while minimizing the interference to the PU. A transmitted signal energy detection algorithm with an adaptive threshold was employed to set the channel states as occupied or not occupied. Channel state information was used to determine the PU behavior in a deterministic manner such that the unused time slots and channels could be exploited. A channel allocation scheme for the SU is proposed using the PU channel occupancy information to calculate the channel(s) and time slots available to the SU at any given time. Simulation and physical testing of the system validate the proposed algorithms. Students' feedback affirms GNU Radio and SDRs to be an effective platform for introducing abstract mathematical communications theory concepts, such as cognitive radios and dynamic spectrum allocation, in a hands‐on manner.     

A novel software‐defined networking approach for vertical handoff in heterogeneous wireless networks

We propose a novel vertical handoff scheme with the support of the software‐defined networking technique for heterogeneous wireless networks. The proposed scheme solves two important issues in vertical handoff: network selection and handoff timing. In this paper, the network selection is formulated as a 0‐1 integer programming problem, which maximizes the sum of channel capacities that handoff users can obtain from their new access points. After the network selection process is finished, a user will wait for a time period. Only if the new access point is consistently more appropriate than the current access point during this time period, will the user transfer its inter‐network connection to the new access point. Our proposed scheme ensures that a user will transfer to the most appropriate access point at the most appropriate time. Comprehensive simulation has been conducted. It is shown that the proposed scheme reduces the number of vertical handoffs, maximizes the total throughput, and user served ratio significantly. Copyright © 2016 John Wiley & Sons, Ltd.     

A fault‐tolerant group key agreement protocol exploiting dynamic setting

A fault‐tolerant group key agreement is an essential infrastructure for Internet communication among all involved participants; it can establish a secure session key no matter how many malicious participants exit simultaneously in an effort to disrupt the key agreement process. Recently, Zhao et al. proposed an efficient fault‐tolerant group key agreement protocol named efficient group key agreement that can resist denial‐of‐service attacks, reply attacks, man‐in‐middle attacks, and common modulus attacks; it can also preserve forward secrecy with lower computational cost than previous protocols. We show that it is still vulnerable to active attacks by malicious participants and modify the corresponding security weakness adaptively. Furthermore, we propose an efficient fault‐tolerant group key agreement based on a binary tree structure and enhance it to a dynamic setting where participants can leave or join the group arbitrarily according to their preferences with instant session key refreshment. Additionally, our session key refreshment is based on secure key updating to protect forward/backward confidentiality and is resistant to active/passive attacks. The performance analysis shows that our proposed protocol has lower computational cost and little additional communication cost exploiting dynamic setting. Copyright © 2013 John Wiley & Sons, Ltd.     

SYN‐Guard: An effective counter for SYN flooding attack in software‐defined networking

In software‐defined networking (SDN), TCP SYN flooding attack is considered as one of the most effective attacks to perform control plane and target server saturation. In this attack, an attacker generates a large number of malicious SYN requests, and because of the absence of the forwarding rules, the data plane switches have to forward these SYN messages to the controller. This excessive forwarding causes congestion over the communication channel between a data plane and control plane, and it also exhausts computational resources at both the planes. In this paper, we propose a novel countermeasure called SYN‐Guard to detect and prevent SYN flooding in SDN networks. We fully implement SYN‐Guard on the SDN controller to validate the incoming TCP connection requests. The controller installs forwarding rules for the SYN requests that successfully clear the validation test of SYN‐Guard. The host of the fake SYN request is detected, and SYN‐Guard prevents it from sending any further SYN requests to the data plane switch. The performance evaluation done using the simulation results shows that SYN‐Guard exhibits low side effect for genuine TCP requests, and when compared with standard SDN and state‐of‐art proposals, it reduces the average response time up to 21% during an ongoing SYN flooding attack.     

FMD: A DoS mitigation scheme based on flow migration in software‐defined networking

Software‐defined networking (SDN) emerges as the next generation of networking architecture, aiming to improve the network manageability and adaptability. However, because of the centralized control policy, SDN is liable to suffering from the denial of service attack in both the data plane and the control plane. To resist the attack and prevent the network from being paralyzed, we propose a novel mitigation scheme named flow migration defense, which uses a slave controller as a substitution to endure flooding requests mitigated from the master controller. Considering the special case that the normal requests may be regarded as the malicious ones, these requests are reforwarded back to the master controller on the basis of the round‐robin scheduling. To prevent the master controller from being flooded by the reforwarded requests, we design the adaptive rate adjustment method to adjust the reforwarding rate. Compared with multilevel feedback queue and FloodDefender, simulations demonstrate that flow migration defense can mitigate the SDN‐aimed denial of service attack efficiently with a better performance in terms of request response time, packet loss rate, and mitigation time.     

Incentive edge caching in software‐defined internet of vehicles: A Stackelberg game approach

In this paper, we investigate an incentive edge caching mechanism for an internet of vehicles (IoV) system based on the paradigm of software‐defined networking (SDN). We start by proposing a distributed SDN‐based IoV architecture. Then, based on this architecture, we focus on the economic side of caching by considering competitive cache‐enablers market composed of one content provider (CP) and multiple mobile network operators (MNOs). Each MNO manages a set of cache‐enabled small base stations (SBS). The CP incites the MNOs to store its popular contents in cache‐enabled SBSs with highest access probability to enhance the satisfaction of its users. By leasing their cache‐enabled SBSs, the MNOs aim to make more monetary profit. We formulate the interaction between the CP and the MNOs, using a Stackelberg game, where the CP acts first as the leader by announcing the popular content quantity that it which to cache and fixing the caching popularity threshold, a minimum access probability under it a content cannot be cached. Then, MNOs act subsequently as followers responding by the content quantity they accept to cache and the corresponding caching price. A noncooperative subgame is formulated to model the competition between the followers on the CP's limited content quantity. We analyze the leader and the follower's optimization problems, and we prove the Stackelberg equilibrium (SE). Simulation results show that our game‐based incentive caching model achieves optimal utilities and outperforms other incentive caching mechanisms with monopoly cache‐enablers whilst enhancing 30% of the user's satisfaction and reducing the caching cost.     

Software‐defined networking to improve handover in mobile edge networks

Mobility management and handover for a seamless connection are among all‐time challenges of wireless networks. Software‐defined networking (SDN) has opened new horizons toward research by adding intelligence in edge networks while decoupling the control and data planes. The flexibility and centralized nature of SDN further improve the handover decision algorithms. In this paper, we have improved the network performance with respect to the number of handovers and the handover delay by applying an LTE‐SDN architecture and a novel handover decision algorithm based on predicting the future locations of a moving vehicle. The proposed algorithm decouples the handover procedure into two phases of preparation and execution. In the preparation phase, which occurs in the control plane, the handover decision and resource allocation take place, and in the execution phase, handover gets executed similar to the LTE architecture. The results of our research indicate that our proposed LTE‐SDN performance is improved with respect to the number of handovers, handover delay, and signaling overhead by 24%, 16%, and 20%, respectively. On the other hand, average Reference Signal Received Quality (RSRQ) value is decreased by 4% as a tradeoff for the improvements gained.     

SDN‐DMM for intelligent mobility management in heterogeneous mobile IP networks

Mobility management applied to the traditional architecture of the Internet has become a great challenge because of the exponential growth in the number of devices that can connect to the network. This article proposes a Software‐Defined Networking (SDN)‐based architecture, called SDN‐DMM (SDN‐Distributed Mobility Management), that deals with the distributed mode of mobility management in heterogeneous access networks in a simplified and efficient way, ensuring mainly the continuity of IP sessions. Intent‐based mobility management with an IP mapping schema for mobile node identification offers optimized routing without tunneling techniques, hence, an efficient use of the network infrastructure. The simplified mobility control API reduces both signaling and handover latency costs and provides a better scalability and performance in comparison with traditional and SDN‐based DMM approaches. An analytical evaluation of such costs demonstrated the better performance of SDN‐DMM, and a proof of concept of the proposal was implemented in a real environment.