HeS‐CoP: Heuristic switch‐controller placement scheme for distributed SDN controllers in data center networks

Software‐defined networking (SDN) has been widely researched and used to manage large‐scale networks such as data center networks (DCNs). An early stage of SDN controller experienced low responsiveness, low scalability, and low reliability. To solve these problems, distributed SDN controllers have been proposed. The concept of distributed SDN controllers distributes control messages among multiple SDN controllers. However, distributed SDN controllers must assign a master controller for each networking devices. Most previous studies, however, did not consider the characteristics of DCNs. Thus, they are not suitable to operate in DCNs. In this paper, we propose HeS‐CoP, a heuristic switch‐controller placement scheme for distributed SDN controllers in DCNs. With the control traffic load and CPU load, HeS‐CoP decides when our scheme should be performed in DCNs. To show the feasibility of HeS‐CoP, we designed and implemented an orchestrator that contains our proposed scheme and then evaluated our proposed scheme. As a result, our proposed scheme well distributes the control traffic load, decreases the average CPU load, and reduces the packet delay.     

A channel reservation and preemption model using overlapping regions in sector‐based cellular networks

This paper presents a channel reservation and preemption (CRP) model using overlapping regions in a cellular network with multiple sectors. To fully exploit and reuse the frequencies, directional antennas are installed on base stations (BSs) to divide the coverage into a number of equal‐sized sectors. When traffic is unevenly distributed across the sectors in a BS, channel utilization in every sector may become very different; low‐traffic sectors may be underutilized while high‐traffic sectors may be overutilized. A CRP scheme is thus proposed to more efficiently utilize free channels among sectors. CRP aims at reducing the dropping probabilities of handoff calls. Specifically, when free channels in a sector are not available, a handoff call, instead of being dropped, is allowed to preempt an ongoing call residing in the overlapping region of two adjacent sectors or two neighbor cells. Under CRP, the preempted ongoing call will not be disconnected, because it can switch over its service to the BS of a neighbor cell or to another directional antenna of an adjacent sector. For the purpose of evaluation, we build an analytical model for the proposed CRP using six‐tuple Markov chains. Analytical results show that the proposed CRP can significantly reduce the dropping probabilities of inter‐sector handoff calls, particularly when traffic between two sectors is not evenly distributed. Copyright © 2013 John Wiley & Sons, Ltd.     

Limitations of current Ethernet switch architectures for enhanced flow control and service differentiation

One of the new challenges associated with full‐duplex Ethernet is that of providing for network congestion control. The IEEE 802.3x Standard does not specify the switch architecture for implementing PAUSE flow control or at what point a MAC Control entity actually generates a PAUSE frame. This is an implementation issue that is product specific and as a result many different switch architectures are possible. There are also a number of limitations of the PAUSE flow control mechanism when implemented in Ethernet switches. These issues have not been adequately addressed in the literature. In addition, multimedia traffic such as real‐time voice and streaming video are now being deployed over switched Ethernet networks, thus calling for congestion control with service differentiation for the various classes of traffic. Here we examine current Ethernet switch architectures and show that the PAUSE flow control when implemented in these architectures does not provide service selectivity and differentiation, making it unsuitable for real‐time traffic. Copyright © 2008 John Wiley & Sons, Ltd.     

Adaptive predictive congestion control of high-speed ATM networks

This paper proposes an auto regressive moving average (ARMAX)-based adaptive control methodology to prevent congestion in high-speed asynchronous transfer mode (ATM) networks. An adaptive controller is developed to control traffic where sources adjust their transmission rates in response to the feedback information from the network switches. Specifically, the buffer dynamics at a given switch is modeled as a nonlinear discrete-time system and an ARMAX controller is designed so as to predict the explicit values of the transmission rates of the sources so as to prevent congestion. Tuning methods are provided for the unknown coefficients of the ARMAX model to estimate the unpredictable and statistically fluctuating network traffic. Mathematical analysis is given to demonstrate the stability of the closed-loop system so that a desired quality of service (QoS) can be guaranteed. The QoS is defined in terms of cell loss ratio (CLR), transmission delay and buffer utilization. We derive design rules mathematically for selecting the parameters of the ARMAX algorithm such that the desired performance is guaranteed during congestion and potential tradeoffs are shown. Simulation results are provided to justify the theoretical conclusions for multiple source/single switch scenarios using both ON/OFF and MPEG data. The performance of the proposed congestion control scheme is also evaluated in the presence of feedback delays for robustness considerations.     

DDoS protection with stateful software‐defined networking

Distributed denial of service (DDoS) attacks represent one of the most critical security challenges facing network operators. Software‐defined networking (SDN) permits fast reactions to such threats by dynamically enforcing simple forwarding/blocking rules as countermeasures. However, the centralization of the control plane requires that the SDN controller, besides network management operations, should also collect information to identify and mitigate the security menaces. A major drawback of this approach is that it may overload the controller and the control channel. On the other hand, stateful SDN represents a new concept, developed to improve reactivity and offload the controller by delegating local treatments to the switches. In this article, we embrace this paradigm to protect end‐hosts from DDoS attacks. We propose StateSec, a novel approach based on in‐switch processing capabilities to detect and mitigate flooding threats. StateSec monitors packets matching configurable traffic features without resorting to the controller. By feeding an entropy‐based detection algorithm with such monitoring features, it detects and mitigates several threats such as (D)DoS with high accuracy. We implemented StateSec in an SDN platform comparing it with state‐of‐the‐art approaches. We show that StateSec is far more efficient: It achieves very accurate detection levels, reducing at the same time the control plane overhead. We have also evaluated the memory footprint of StateSec for a possible use in production. Finally, we deployed StateSec over a real network to tune its parameters and assess its suitability to real‐world deployments.     

An analytical approach to the performance evaluation of the balanced gamma switch under multicast traffic

This paper presents the performance evaluation of a new cell‐based multicast switch for broadband communications. Using distributed control and a modular design, the balanced gamma (BG) switch features high performance for unicast, multicast and combined traffic under both random and bursty conditions. Although it has buffers on input and output ports, the multicast BG switch follows predominantly an output‐buffered architecture. The performance is evaluated under uniform and non‐uniform traffic conditions in terms of cell loss ratio and cell delay. An analytical model is presented to analyse the performance of the multicast BG switch under multicast random traffic and used to verify simulation results. The delay performance under multicast bursty traffic is compared with those from an ideal pure output‐buffered multicast switch to demonstrate how close its performance is to that of the ideal but impractical switch. Performance comparisons with other published switches are also studied through simulation for non‐uniform and bursty traffic. It is shown that the multicast BG switch achieves a performance close to that of the ideal switch while keeping hardware complexity reasonable. Copyright © 2006 John Wiley & Sons, Ltd.     

Fog‐SDN: A light mitigation scheme for DDoS attack in fog computing framework

Cloud computing is one of the most tempting technologies in today's computing scenario as it provides a cost‐efficient solutions by reducing the large upfront cost for buying hardware infrastructures and computing power. Fog computing is an added support to cloud environment by leveraging with doing some of the less compute intensive task to be done at the edge devices, which reduces the response time for end user computing. But the vulnerabilities to these systems are still a big concern. Among several security needs, availability is one that makes the demanded services available to the targeted customers all the time. Availability is often challenged by external attacks like Denial of service (DoS) and distributed denial of service (DDoS). This paper demonstrates a novel source‐based DDoS mitigating schemes that could be employed in both fog and cloud computing scenarios to eliminate these attacks. It deploys the DDoS defender module which works on a machine learning–based light detection method, present at the SDN controller. This scheme uses the network traffic data to analyze, predict, and filter incoming data, so that it can send the filtered legitimate packets to the server and blocking the rest.     

Performance analysis of handover delay and buffer capacity in mobile OpenFlow‐based networks

Software‐defined networking (SDN) is a network concept that brings significant benefits for the mobile cellular operators. In an SDN‐based core network, the average service time of an OpenFlow switch is highly influenced by the total capacity and type of the output buffer, which is used for temporary storage of the incoming packets. In this work, the main goal is to model the handover delay due to the exchange of OpenFlow‐related messages in mobile SDN networks. The handover delay is defined as the overall delay experienced by the mobile node within the handover procedure, when reestablishing an ongoing session from the switch in the source eNodeB to the switch in the destination eNodeB. We propose a new analytical model, and we compare two systems with different SDN switch designs that model a continuous time Markov process by using quasi‐birth–death processes: (1) single shared buffer without priority (model SFB), used for all output ports for both control and user traffic, and (2) two isolated buffers with priority (model priority finite buffering [PFB]), one for control and the other for user plane traffic, where the control traffic is always prioritized. The two proposed systems are compared in terms of total handover delay and minimal buffer capacity needed to satisfy a certain packet error ratio imposed by the link. The mathematical modeling is verified via extensive simulations. In terms of handover delay, the results show that the model PFB outperforms the model SFB, especially for networks with high number of users and high probability of packet‐in messages. As for the buffer dimensioning analysis, for lower arrival rates, low number of users, and low probability of packet‐in messages, the model SFB has the advantage of requiring a smaller buffer size.     

Statistical performance guarantees in large-scale cross-path packet switch

We develop a general framework for a novel switch architecture, the cross-path switch, to provide per-session statistical quality of service (QoS) guarantees. With characterizing the service each session receives by service curves, we derive a set of statistical bounds on the delay, backlog, and departure processes at the switch on a per-session manner using exponential bounded burstiness processes as source session traffic models. These bounds show that the service guarantees offered by the cross-path switch depend on the way of token assignment in the central stage of the switch. To provide better performance guarantees, we determine the criteria for designing a token assignment algorithm for the cross-path switch. Also, we quantify the service guaranteed by the cross-path switch with the central stage implemented in optical domain, which is important for the provision of QoS guarantees to each session in semioptical networks.     

Terminal‐Assisted Hybrid MAC Protocol for Differentiated QoS Guarantee in TDMA‐Based Broadband Access Networks

This paper presents a terminal‐assisted frame‐based packet reservation multiple access (TAF‐PRMA) protocol, which optimizes random access control between heterogeneous traffic aiming at more efficient voice/data integrated services in dynamic reservation TDMA‐based broadband access networks. In order to achieve a differentiated quality‐of‐service (QoS) guarantee for individual service plus maximal system resource utilization, TAF‐PRMA independently controls the random access parameters such as the lengths of the access regions dedicated to respective service traffic and the corresponding permission probabilities, on a frame‐by‐frame basis. In addition, we have adopted a terminal‐assisted random access mechanism where the voice terminal readjusts a global permission probability from the central controller in order to handle the ‘fair access’ issue resulting from distributed queuing problems inherent in the access network. Our extensive simulation results indicate that TAF‐PRMA achieves significant improvements in terms of voice capacity, delay, and fairness over most of the existing medium access control (MAC) schemes for integrated services.     

A new charging scheme for ATM based on QoS

This paper describes a new approach to charging for ATM called the ‘quality of service (QoS)‐based charging scheme’. In this scheme, traffic resources are distributed among buffers established to support combinations of ATM transfer capabilities and qualities of service. The buffers are dimensioned according to M/D/1/K and ND/D/1 queuing analysis to determine the buffer efficiency and quality of service requirements. This dimensioning provides the basis for fixing the price per unit of resource and time. The actual resource used by a connection is based on the volume of cells transmitted or peak cell rate allocation in combination with traffic shapers if appropriate. Shapers are also dimensioned using the quality of service parameters. Since the buffer efficiency is dependent on the quality of service requirements, customers of ATM networks buy quality of service. The actual price of a connection is also related to the amount of the resource purchased as well as the time of the day at which a connection is made, and the geographical location of the destination switch. The QoS‐based charging scheme meets the requirements of customers and of network operators. Its performance compares very favourably with that of a number of well‐known existing ATM charging schemes. Copyright © 2002 John Wiley & Sons, Ltd.     

Design and implementation of a scalable switch architecture for efficient high‐speed data multicasting

This paper presents the design and implementation of a new scalable cell‐based multicast switch fabric for broadband communications. Using distributed control and modular design, the multicast balanced gamma switch features a scalable, high performance architecture for unicast, multicast and combined traffic under both uniform and non‐uniform traffic conditions. The important design characteristic of the switch is that a distributed cell replication function for multicast cells is integrated into the functionality of the switch element with the self‐routing and contention resolution functions. Thus, no dedicated copy network is required. In the paper, we discuss in detail the design issues associated with the multicast functionality of the switch using 0.18 µm CMOS technology and discuss the scalability of the switch in terms of architectural, implementation, and performance scalability. Synthesized results are provided for measures of circuit complexity and timing. Copyright © 2006 John Wiley & Sons, Ltd.     

Integration of Voice and Data in the Wideband Packet Satellite Network

The Wideband (packet satellite) network is an experimental 3 Mbit/s communications system developed under sponsorship of the Defense Advanced Research Projects Agency and the Defense Communications Agency. This system is being used to evaluate the use of packet transmission for efficient voice communication, voice conferencing, and integration of voice and data over a satellite channel. Each station in the Wideband network consists of an earth terminal (dedicated 5 m antenna plus associated IF/RF equipment), a burst-modem and codec unit, and a station controller. Station controllers provide interfaces to host computers (including packet speech sources) and manage the allocation of the satellite channel on a TDMA demand-assigned basis. TDMA demand-assignment is implemented using a reservation-based packet-oriented protocol capableof handling traffic at multiple priority levels. The channel protocol provides a reservation-per-message mode of service (datagrams) to support transmission from bursty traffic sources and a reservation-per-call mode of service (streams) to support traffic with more regular arrival statisticS (e.g., vioce). A distributed scheduler running in every station controller eliminates the need for a central control station and minimizes network transit delay for datagram transmission as well as stream creation, modification, and deletion. In this paper we describe the protocols and mechanisms upon which the Wideband packet satellite network is based.     

A high-performance two-stage packet switch architecture

This paper contributes a distributed packet controller which reduces queueing to a single stage in two-stage packet switches. Software and neural network based controllers are described. Simulations under a range of traffic conditions for a 1024×1024 switch size shows the simplest architecture has the best performance     

Measurement-based performance evaluation of an ATM switch withexternal multicasting engine and multiple-priority classes

This paper uses measurement-based traffic models to evaluate a shared-memory ATM switch with 32×32 155 Mbit/s ports and an external multicasting engine; this is the design of Cisco System's next-generation ATM switch, the LightStream-1010 (LS-1010). Assuming that the multicast traffic can take approximately 30% of the total switch load, we find that an external multicasting engine requires a 32 (8) cell buffer at a replication rate of 16 (64) cells per cell service time. We discover that in a multimedia environment, the shared-memory architecture requires 10-30 times less total memory than the bus architecture; a 64 K cell buffer is sufficient to handle 90% utilization with the nonuniform traffic that we investigated. Multiple-priority classes are considered     

交换式以太网实时消息可调度性分析

针对交换式以太网不能满足工业数据通信的实时性要求问题,首先提出了一种改进的,在站点和交换机端均使用EDF算法的消息调度模型,并由源站点和目标站点以分布式方式对实时消息在链路的可调度性进行判定,从而简化了交换机的设计.另外,为保证实时消息在交换式以太网传输的实时性,分别给出了实时消息在发送和接收链路的可调度性判定条件,并进行了相应的理论证明.     

Performance of a nonblocking space-division packet switch in a timevariant nonuniform traffic environment

The authors study the performance of a nonblocking space-division packet switch, given that the traffic intensities at the switch not only are nonuniform but also change as a function of time. A finite-state Markov chain is used as an underlying process to govern the time variation of traffic for the entire switch. The packet arrivals at each input form an independent Bernoulli process modulated by the underlying Markov chain. The output address of each packet is independently and randomly assigned with probability distributions, which are also modulated by the Markov chain. Provided that the traffic on each output is not dominated by individual inputs the service time of each output queue for sufficiently large switches can be characterized by an independent Markov modulated phase-type process. A matrix geometric solution for the resultant quasi-birth-death type queuing process is presented. The maximum throughput is obtained at the system saturation. The performance of the switch is numerically examined under various traffic conditions. A contention priority scheme to improve the switch performance is proposed     

Guaranteed frame rate: a better service for TCP/IP in ATM networks

Guaranteed frame rate, approved by the ATM Forum, is expected to become an important service category to efficiently support TCP/IP traffic in ATM networks. We first describe the GFR traffic contract in detail. We then present different types of switch implementations that have been proposed to support GFR. We analyze the performance of three of these switch implementations by simulations in two different network environments. These simulations show that the scheduler-based implementations provide a much better performance than the simple switch implementation. However, we also show that coupling an active packet discard mechanism to a scheduler-based switch implementation does not produce a performance gain when many TCP connections are multiplexed inside one ATM VC     

Secure access of resources in software‐defined networks using dynamic access control list

Software‐defined networking (SDN) creates a platform to dynamically configure the networks for on‐demand services. SDN can easily control the data plane and the control plane by implementing the decoupling concept. SDN controller will regulate the traffic flow and creates the new flow label based on the packet dump received from the OpenFlow virtual switches. SDN governs both data information and control information toward the destination based on flow label, but it does not contain security measure to restrict the malicious traffic. The malicious denial‐of‐service (DoS) attack traffic is generated inside the SDN environment; it leads to the service unavailability. This paper is mainly focused on the detection of DoS attacks and also mitigates the malicious traffic by dynamically configuring the firewall. The SDN with dynamic access control list properties is emulated by mininet, and the experimental results exemplify the service unavailable gap between acceptance and rejection ratio of the packets.