基于流粒度的OpenFlow分组缓存管理模型

基于OpenFlow的软件定义网络(SDN)技术通过在OpenFlow交换机中建立有效的缓存模型,能够大幅减少控制平面和数据平面的通信负载,但整条数据流的缓存模型会对数据流的传输造成较大延时,降低整个SDN的数据传输性能。针对该问题,引入PiBuffer流缓存模型,构建基于报文分组粒度的分组缓存模型。通过在控制平面建立流路由和流状态的缓存信息,分别对流报文之间和交换机之间的数据传输采用"分组缓存,组内保序"机制和"传输询问,完成通知"机制,并对控制平面和数据平面的通信消息进行优化,以提高数据中心网络的通信性能。软件模拟结果表明,在数据中心基于OpenFlow技术的SDN网络中,该模型比流缓存模型具有更优的通信性能。     

面向针对性攻击的SDVN控制层鲁棒性方案

将软件定义网络应用于车联网能显著提升其性能,但该方法也面临传统SDN要应对的安全问题.基于软件定义车联网体系架构中控制平面可能面临的针对性节点攻击问题,提出一种鲁棒的控制器放置方法.该方法结合传统的SDN控制平面部署问题,首先将控制平面鲁棒性问题建模为交换机与控制器的连通冗余性问题,提升交换机在极端情形下与控制器的连通...     

基于SDN网络的安全设备路由研究

SDN（Software Defined Networking,软件定义网络）是一种新型的网络架构,是网络实现自动化部署灵活管理的一个重要方式。SDN技术将网络的数据平面和控制平面相分离,从而实现了网络流量的灵活控制。因此,基于SDN技术提出了一种基于SDN网络的安全设备路由模型,该模型结合改进的内嵌式安全设备最短路由算法和旁路式最短路由算法及神经网络最短路由算法,得到一种高效的安全设备路由策略,并且在此基础上构建了一个网络安全服务调度系统,能够在安全设备混合部署的复杂网络环境中,按用户需求提供个性化的安全服务;同时,通过计算较低网络成本的最短安全路径,提高了网络的路由效率和资源利用率。     

针对大规模软件定义网络的子域划分及控制器部署方法

针对大规模软件定义网络（SDN）的多控制器部署模型计算复杂度高的问题,定义了控制链路可靠性等多个衡量网络服务质量的指标,并提出一种针对大规模SDN的子域划分及控制器部署方法。首先,该方法利用改进的标签传播算法（LPA）将网络划分成多个子域,然后在子域中分别部署控制器。在考虑控制链路平均时延、可靠性以及控制器负载均衡等多个性能指标的基础上,将问题模型的计算复杂度降低至仅与网络规模呈线性关系。实验结果表明,所提算法与原始的LPA相比,控制器负载均衡性得到明显优化;与容量受限的控制器部署（CCP）算法相比,模型的计算复杂度和网络服务质量得到明显改善：在Internet2拓扑中,控制链路平均时延最多减小9%,控制链路可靠性最多增强10%。     

基于混合制排队模型的SDN控制器性能评估研究

软件定义网络SDN将逻辑控制与数据转发相分离,提高了网络的灵活性和可编程能力,成为近年来未来网络领域的研究热点。SDN在实际应用部署时将面临控制器性能瓶颈的挑战,因而有必要理解SDN控制器的性能特性。为此,首先对SDN控制器中Packet-In消息的到达过程和处理时间进行分析,进而基于排队论提出了一种容量有限的SDN控制器性能评估模型M/M/1/m,推导得出了该模型的性能参数,包括:平均等待队长、平均等待时间、平均队列长度和平均逗留时间。最后,采用控制器性能测试工具Cbench对该模型进行了实验评估。实验结果表明:相对于现有其它模型,该模型的估计时延更接近于实际测量时延,可更精确地描述SDN控制器的性能。     

SDN/IP网络动态路由系统设计

传统IP网络到SDN的网络升级会经历一段两种网络共存的过渡期。本文为SDN/IP网络设计了一种普适和灵活的动态路由系统,系统为混合网络提供动态路由功能,解决不同网络设备间无法协作执行动态路由的问题。动态路由系统部署于SDN控制器中,由动态路由引擎、路由应用和网络管理应用等组成。系统中,网络管理应用根据外部信息配置网络,动态路由引擎为SDN交换机计算路由表,路由应用将路由表转化为流表下发至SDN交换机,SDN交换机按照流表转发数据包。经过实验验证,本系统能够实现传统路由器与SDN交换机之间的路由消息互通,两种网络设备能够根据各自计算出的路由信息转发数据包。本系统对IP网络与SDN的混合组网具有重要意义。     

SDN控制器部署中的可靠性优化研究

软件定义网络(SDN)将传统网络结构中的控制层和转发层解耦,其将所有转发设备与一个逻辑集中的控制器相连接。为避免网络规模不断扩大引起的单点失效,向分布式控制结构发展成为Open Flow广域网部署的趋势,其中控制层多控制器的部署问题是SDN设计中的一个关键环节。提出基于控制路径连通度的控制器部署方案来最大化SDN控制器部署的可靠性,并使用3种不同的算法对比控制器部署性能。仿真结果表明,该方案可以在可接受时延范围内提升部署SDN控制器的可靠性。     

面向软件定义网络的入侵容忍控制器架构及实现

针对软件定义网络(SDN)这一集中式网络控制环境中控制平面存在单点失效问题,提出一种基于入侵容忍思想的控制器架构,通过冗余、多样的中央控制器平台来提高网络可用性与可靠性。该架构利用一种控制器消息的比对方法来检测被入侵的控制器。首先,规定了需比对的关键消息类型和字段;其次,运用一致性裁决算法对不同控制器消息进行比对;最后,将消息异常的控制器进行网络隔离并重启恢复。基于Mininet的入侵容忍可靠性测试表明,该入侵容忍控制器架构可检测并过滤异常控制器消息。基于Mininet的控制器响应延迟测试表明,当容忍度设置为1和3时,下层网络请求延时分别增加16%和42%。基于Cbench的控制器响应延迟和吞吐量测试表明,该入侵容忍控制器性能处在各个子控制器(Ryu,Floodlight)性能水平之间,且向性能高的子控制器趋近。在实际应用中,可根据应用场景的安全级别配置子控制器的数量和类型,以满足对响应速度和入侵容忍度的要求。     

SDN控制器部署和基于流的动态管理方案*

软件定义网络（Software Defined Networking, SDN）通过构建独立的控制平面,极大地降低了网络设备及管理的复杂性。但在大规模广域网部署中,这种逻辑集中的方法在性能和扩展性方面存在诸多限制。因此控制平面多控制器的部署是一个非常重要的任务,其可以通过配置有限的资源来满足多样化需求。这些需求包括延迟限制、容错能力和负载均衡。本文首先提出一种控制器部署方法,该方法用于在给定的网络拓扑中完成控制器位置的部署。其次针对该部署方法设计了两种算法：交换机迁移算法将过载控制器域内交换机迁移到未过载控制器管理域中去,实现控制器间负载均衡;控制器池伸缩容量算法（Controller pool Scalable Capacity Algorithm, CSCA）实现池内控制器数目的动态伸缩,提高网络资源利用率。最后,仿真结果表明,相较LG方法,该方案在完成部署任务的同时,能够减少系统管理开销。     

考虑拜占庭属性的SDN安全控制器多目标优化部署方案

通过赋予软件定义网络分布式控制平面拜占庭属性可以有效提高其安全性。在实现拜占庭属性过程中，控制器部署的数量、位置，以及交换机与控制器之间的连接关系会直接影响全局网络关键性能指标。为此，提出了一种考虑拜占庭属性的 SDN 安全控制器多目标优化部署方案。首先，构建了综合考量交互时延、同步时延、负载差异程度和控制器部署数量等优化指标的拜占庭控制器部署问题（MOSBCPP）模型；然后，针对该模型个性化设计了包括控制器部署策略初始化函数、变异函数，快速非支配排序函数及精英策略选择函数等在内的NASG-II求解算法。相关仿真结果表明，该部署方案能够在有效降低交互时延、同步时延、负载差异程度和控制器部署数量等性能指标的同时提高控制平面安全性。     

Mobile Fog Computing by Using SDN/NFV on 5G Edge Nodes

Fog computing provides quality of service for cloud infrastructure. As the data computation intensifies, edge computing becomes difficult. Therefore, mobile fog computing is used for reducing traffic and the time for data computation in the network. In previous studies, software-defined networking (SDN) and network functions virtualization (NFV) were used separately in edge computing. Current industrial and academic research is tackling to integrate SDN and NFV in different environments to address the challenges in performance, reliability, and scalability. SDN/NFV is still in development. The traditional Internet of things (IoT) data analysis system is only based on a linear and time-variant system that needs an IoT data system with a high-precision model. This paper proposes a combined architecture of SDN and NFV on an edge node server for IoT devices to reduce the computational complexity in cloud-based fog computing. SDN provides a generalization structure of the forwarding plane, which is separated from the control plane. Meanwhile, NFV concentrates on virtualization by combining the forwarding model with virtual network functions (VNFs) as a single or chain of VNFs, which leads to interoperability and consistency. The orchestrator layer in the proposed software-defined NFV is responsible for handling real-time tasks by using an edge node server through the SDN controller via four actions: task creation, modification, operation, and completion. Our proposed architecture is simulated on the EstiNet simulator, and total time delay, reliability, and satisfaction are used as evaluation parameters. The simulation results are compared with the results of existing architectures, such as software-defined unified virtual monitoring function and ASTP, to analyze the performance of the proposed architecture. The analysis results indicate that our proposed architecture achieves better performance in terms of total time delay (1800 s for 200 IoT devices), reliability (90%), and satisfaction (90%).     

Resource Allocation for Reliable Communication Between Controllers and Switches in SDN

In software-defined networking (SDN), the communication between controllers and switches is very important, for switch can only work by relying on flow tables received from its controller. Therefore, how to ensure the reliability of the communication between controllers and switches is a key problem in SDN. In this paper, we study this problem from two aspects: the controller placement and the resource backup aspect. Firstly, in order to implement the reliable communication and meet the required propagation delay between controllers and switches, a min-cover based controller placement approach is proposed. Then, in order to protect both controllers and control paths from regional failure, a backup method based on an exponential decay failure model is proposed, which considers the regional influence and the survivability of backup controllers and control paths. Simulations show that our controller placement approach can meet the reliability and delay requirement with appropriate controller allocation scheme, and our backup method can improve the survivability of backup controllers and control paths while ensuring the performance of control network.     

基于拜占庭容错的软件定义网络控制面的抗攻击性研究

软件定义网络（SDN）的集中化控制面给网络管理带来了很大的便利,但也引入了很多安全隐患。针对控制器的单点故障、未知的漏洞和后门、静态配置等安全性问题,提出一种基于拜占庭协议的安全结构,控制器之间执行拜占庭协议,每个交换设备由一个控制器视图管理,多控制器裁决后给出控制信息。此外,将动态性、异构性引入到结构中,打破了攻击链,增强了网络的主动防御能力;通过对控制器异构性的量化,设计了两阶段控制器视图的选举算法,保证了网络的可用性和视图的安全性。仿真结果表明,与传统结构相比,所提结构的抗攻击能力更强。     

分布式SDN控制器放置问题研究

软件定义网络(Software-Defined Networking,SDN)通过控制平面与数据平面的分离和逻辑集中的控制构建了新的网络范式.考虑性能、可扩展性和可靠性等方面的需求,大规模网络通常采用分布式SDN控制平面,即通过放置多个控制器共同管理整个网络.这需要确定控制器的放置数量、放置位置以及交换机到控制器的分配...     

Enhancing the performance of futurewireless networks with software-defined networking

To provide ubiquitous Internet access under the explosive increase of applications and data traffic, the current network architecture has become highly heterogeneous and complex, making network management a challenging task. To this end, software-defined networking (SDN) has been proposed as a promising solution. In the SDN architecture, the control plane and the data plane are decoupled, and the network infrastructures are abstracted and managed by a centralized controller. With SDN, efficient and flexible network control can be achieved, which potentially enhances network performance. To harvest the benefits of SDN in wireless networks, the software-defined wireless network (SDWN) architecture has been recently considered. In this paper, we first analyze the applications of SDN to different types of wireless networks. We then discuss several important technical aspects of performance enhancement in SDN-based wireless networks. Finally, we present possible future research directions of SDWN.     

面向智慧医疗云的SDN动态负载均衡方法

文中 引入软件定义网络(Software Defined Network,SDN)对智慧医疗云进行网络管理,并且针对传统SDN控制器存在单点失效和负载均衡的问题,设计了智慧医疗分布式SDN控制器系统。SDN控制系统分为SDN控制器集群、数据转发平面和智慧医疗云服务系统3层。在此基础上,提出一种实时负载动态自调节的快速负载均衡算法DAF(Dynamic Adaptive and Fast Load Balancing)。在该算法中,负载信息感知组件周期性地采集自己的负载信息,自动地进行控制器间的负载信息交互;控制器的负载值超过阈值时,会触发交换机迁移动作,以动态配置交换机与控制器之间的映射关系。实验结果表明,面向智慧医疗云的分布式SDN控制系统的性能良好,且DAF算法能够快速地实现SDN控制器间的负载均衡,提升了智慧医疗云的网络吞吐量。     

An SDN-enhanced load-balancing technique in the cloud system

The vast majority of Web services and sites are hosted in various kinds of cloud services, and ordering some level of quality of service (QoS) in such systems requires effective load-balancing policies that choose among multiple clouds. Recently, software-defined networking (SDN) is one of the most promising solutions for load balancing in cloud data center. SDN is characterized by its two distinguished features, including decoupling the control plane from the data plane and providing programmability for network application development. By using these technologies, SDN and cloud computing can improve cloud reliability, manageability, scalability and controllability. SDN-based cloud is a new type cloud in which SDN technology is used to acquire control on network infrastructure and to provide networking-as-a-service (NaaS) in cloud computing environments. In this paper, we introduce an SDN-enhanced Inter cloud Manager (S-ICM) that allocates network flows in the cloud environment. S-ICM consists of two main parts, monitoring and decision making. For monitoring, S-ICM uses SDN control message that observes and collects data, and decision-making is based on the measured network delay of packets. Measurements are used to compare S-ICM with a round robin (RR) allocation of jobs between clouds which spreads the workload equitably, and with a honeybee foraging algorithm (HFA). We see that S-ICM is better at avoiding system saturation than HFA and RR under heavy load formula using RR job scheduler. Measurements are also used to evaluate whether a simple queueing formula can be used to predict system performance for several clouds being operated under an RR scheduling policy, and show the validity of the theoretical approximation.     

Improving the performance of load balancing in software-defined networks through load variance-based synchronization

Software-Defined Networking (SDN) is a new network technology that decouples the control plane logic from the data plane and uses a programmable software controller to manage network operation and the state of network components. In an SDN network, a logically centralized controller uses a global network view to conduct management and operation of the network. The centralized control of the SDN network presents a tremendous opportunity for network operators to refactor the control plane and to improve the performance of applications. For the application of load balancing, the logically centralized controller conducts Real-time Least loaded Server selection (RLS) for multiple domains, where new flows pass by for the first time. The function of RLS is to enable the new flows to be forwarded to the least loaded server in the entire network. However, in a large-scale SDN network, the logically centralized controller usually consists of multiple distributed controllers. Existing multiple controller state synchronization schemes are based on Periodic Synchronization (PS), which can cause undesirable situations. For example, frequent synchronizations may result in high synchronization overhead of controllers. State desynchronization among controllers during the interval between two consecutive synchronizations could lead to forwarding loops and black holes. In this paper, we propose a new type of controller state synchronization scheme, Load Variance-based Synchronization (LVS), to improve the load-balancing performance in the multi-controller multi-domain SDN network. Compared with PS-based schemes, LVS-based schemes conduct effective state synchronizations among controllers only when the load of a specific server or domain exceeds a certain threshold, which significantly reduces the synchronization overhead of controllers. The results of simulations show that LVS achieves loop-free forwarding and good load-balancing performance with much less synchronization overhead, as compared with existing schemes.     

LTSS: Load-Adaptive Traffic Steering and Forwarding for Security Services in Multi-Tenant Cloud Datacenters

Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.