A SDN-Based Approach for Conflicting Energy Profiles on Partially Sustainable IoT Networks Abstract: Equipping millions of Internet of Things (IoT) devices with rechargeable batteries and energy ambient harvesters introduce a significant maintenance cost. Thus, it is realistic to expect that the IoT networks will become greener gradually, over the next years, which means that current […]
Alocação de Recursos em Redes de Distribuição Quântica de Chaves Definidas por Software Abstract: O avanço da criptografia quântica torna premente o uso de recursos em redes de Distribuição Quântica de Chaves (QKD) de forma eficiência. Sob esse contexto, o atual trabalho apresenta uma nova abordagem de arquitetura para redes QKD em conjunto com Redes
Soluções de Monitoramento de Redes Blockchain Abstract: Diante do aumento do uso de tecnologias blockchain por partes verticais da indústrias, surge a necessidade do monitoramento eficiente destas redes, para preservação da qualidade deste serviço. Este trabalho tem como objetivo investigar e documentar as informações sobre os sistemas de monitoramento presentes na literatura. Os resultados revelam
OCClient: Ferramenta para Gerenciamento integrado de Dispositivos em Redes SDN Abstract: A tarefa de integração com APIs pode ser onerosa, tanto em tempo como por conta de custo com pessoal. No caso de Redes Definidas por Software (SDN), que utilizam o controlador ONOS, essa situação é especialmente problemática já que ele não possui um SDK.
Uma abordagem de auditoria contínua com blockchain para gerenciamento de mudanças em TI Abstract: As mudanças na Tecnologia da Informação (TI) são uma parte crítica das operações diárias da maioria das organizações modernas, e uma entrega deficiente das mudanças pode representar riscos graves para a continuidade dos negócios. Neste contexto, frameworks como o COBIT procuram
Alocação de recursos em redes de distribuição quântica de chaves multiprotocolo Abstract: À medida que a criptografia quântica avança, torna-se cada vez mais importante desenvolver métodos que aprimorem a utilização de recursos em redes de Distribuição Quântica de Chaves (QKD). Enfrentando o desafio de agendar e alocar eficientemente as requisições em redes QKD, este estudo
Mitigação Inteligente de Ataques DDoS em Redes O-RAN Utilizando Aprendizado de Máquina Abstract: A transição das redes móveis para o 5G estimulou a adoção de tecnologias como NFVs, SDN, slices e de padrões abertos e interoperáveis como o Open RAN (O-RAN). Em relação à segurança, as redes O-RAN se encontram nos estágios iniciais para garantir
Minindy: Um framework para automatizar a implantação e o gerenciamento de redes blockchain hyperledger indy Abstract: A plataforma blockchain Hyperledger Indy, voltada para redes de gestão de identidade, tem ganhado importância, mas a instanciação de uma rede completa em produção é complexa e exige experiência. Para reduzir essa complexidade, este artigo apresenta o MinIndy, um
qIDS: Sistema de Detecção de Ataques baseado em Aprendizado de Máquina Quântico Híbrido Abstract: A ascensão da utilidade quântica no campo da computação quântica apresenta não apenas desafios, mas também oportunidades para aprimorar a segurança de redes. Esta mudança de paradigma nas capacidades computacionais permite o desenvolvimento de soluções avançadas para contrapor a rápida evolução
Detecção On-line e Antecipada de Ataques à Rede usando Matrix Profile Abstract: Na era digital, a crescente sofisticação e variedade de ameaças cibernéticas destacam a importância de fortalecer a cibersegurança para proteger as redes atuais. Este estudo propõe uma abordagem para a detecção antecipada de ataques, utilizando a técnica Matrix Profile (MP) para analisar de
Following decades of research, the multimedia networks remain
a great challenge; however, the modern multimedia wireless
networks with video streaming and Internet Protocol voice, have
been attracting special attention due to factors such as mobility
and heterogeneity in the devices that are used, which can
influence the quality of a user’s experience in a particular
application or service. This article compares two algorithms for
the disposal of packets in wireless networks based on the quality
of the experience of the user with video applications when there
is multimedia traffic congestion in the wireless networks and
where the results obtained surpass those of the wireless networks
which lack control of disposal.
Wireless Mesh Networks (WMNs) are increasingly deployed to enable thousands of users to share, create, and access live video streaming with different characteristics and content, such as video surveillance and football matches. In this context, there is a need for new mechanisms for assessing the quality level of videos because operators are seeking to control their delivery process and optimize their network resources, while increasing the user’s satisfaction. However, the development of in-service and non-intrusive Quality of Experience assessment schemes for real-time Internet videos with different complexity and motion levels, Group of Picture lengths, and characteristics, remains a significant challenge. To address this issue, this article proposes a non-intrusive parametric real-time video quality estimator, called MultiQoE that correlates wireless networks’ impairments, videos’ characteristics, and users’ perception into a predicted Mean Opinion Score. An instance of MultiQoE was implemented in WMNs and performance evaluation results demonstrate the efficiency and accuracy of MultiQoE in predicting the user’s perception of live video streaming services when compared to subjective, objective, and well-known parametric solutions.
The main issue related to Software-Defined Network emulators is how to replicate real behavior in experiments. Mininet and others SDN emulators have an architecture that limits both the scope of experiments and the fidelity of networking tests. Consequently, the serialization, contention, and load of background processes may produce delays that compromise the operation of events such as transmitting a packet or completing a computation, possibly invalidating the performance evaluation of a network emulation. To address these problems, this paper presents vSDNEmul, a network emulator based on Docker container virtualization. Different from Mininet, vSDNEmul isolates each node in a container and interconnects the nodes through virtual or tunnel links. By using containers, vSDNEmul allows autonomous and flexible creation of independent network elements, resulting in more realistic emulations. This paper reports performance evaluations comparing vSDNEmul and Mininet. The results obtained with the vSDNEmul emulator are more realistic and present higher accuracy.
Caching plays a central role in networked systems, reducing the load on servers and the delay experienced by users. Despite their relevance, networked caching systems still pose a number of challenges pertaining their long term behavior. In this paper, we formally show and experimentally evidence conditions under which networked caches tend to synchronize over time. Such synchronization, in turn, leads to performance degradation and aging, motivating the monitoring of caching systems for eventual rejuvenation, as well as the deployment of diverse cache replacement policies across caches to promote diversity and preclude synchronization and its aging effects. Based on trace-driven simulations with real workloads, we show how hit probability is sensitive to varying channel reliability, cache sizes, and cache separation, indicating that the mix of simple policies, such as Least Recently Used (LRU) and Least Frequently Used (LFU), provide competitive performance against state-of-art policies. Indeed, our results suggest that diversity in cache replacement policies, rejuvenation and intentional dropping of requests are strategies that build diversity across caches, preventing or mitigating performance degradation due to caching aging.
Network Slicing (NS) is an essential technique extensively used in 5G networks computing strategies, mobile edge computing, mobile cloud computing, and verticals like the Internet of Vehicles and industrial IoT, among others. NS is foreseen as one of the leading enablers for 6G futuristic and highly demanding applications since it allows the optimization and customization of scarce and disputed resources among dynamic, demanding clients with highly distinct application requirements. Various standardization organizations, like 3GPP’s proposal for new generation networks and state-of-the-art 5G/6G research projects, are proposing new NS architectures. However, new NS architectures have to deal with an extensive range of requirements that inherently result in having NS architecture proposals typically fulfilling the needs of specific sets of domains with commonalities. The Slicing Future Internet Infrastructures (SFI2) architecture proposal explores the gap resulting from the diversity of NS architectures target domains by proposing a new NS reference architecture with a defined focus on integrating experimental networks and enhancing the NS architecture with Machine Learning (ML) native optimizations, energy-efficient slicing, and slicing-tailored security functionalities. The SFI2 architectural main contribution includes the utilization of the slice-as-a-service paradigm for end-to-end orchestration of resources across multi-domains and multi-technology experimental networks. In addition, the SFI2 reference architecture instantiations will enhance the multi-domain and multi-technology integrated experimental network deployment with native ML optimization, energy-efficient aware slicing, and slicing-tailored security functionalities for the practical domain.
Network slicing (NS) is becoming an essential element of service management and orchestration in communication networks, starting from mobile cellular networks and extending to a global initiative. NS can reshape the deployment and operation of traditional services, support the introduction of new ones, vastly advance how resource allocation performs in networks, and notably change the user experience. Most of these promises still need to reach the real world, but they have already demonstrated their capabilities in many experimental infrastructures. However, complexity, scale, and dynamism are pressuring for a Machine Learning (ML)-enabled NS approach in which autonomy and efficiency are critical features. This trend is relatively new but growing fast and attracting much attention. This article surveys Artificial Intelligence-enabled NS and its potential use in current and future infrastructures. We have covered state-of-the-art ML-enabled NS for all network segments and organized the literature according to the phases of the NS life cycle. We also discuss challenges and opportunities in research on this topic.
Recently, there has been substantial progress in the formal understanding of how caching resources should be allocated when multiple caches each deploy the common LRU policy. Nonetheless, the role played by caching policies beyond LRU in a networked setting where content may be replicated across multiple caches and where channels are unreliable is still poorly understood. In this paper, we investigate this issue by first analyzing the cache miss rate in a system with two caches of unit size each, for the LRU, and the LFU caching policies, and their combination. Our analytical results show that joint use of the two policies outperforms LRU, while LFU outperforms all these policies whenever resource pooling is not optimal. We provide empirical results with larger caches to show that simple alternative policies, such as LFU, provide superior performance compared to LRU even if the space allocation is not fine tuned. We envision that fine tuning the cache space used by such policies may lead to promising additional gains.
Sistemas de Detecção de Intrusão (IDSs) baseados em aprendizado de máquina (AM) vêm sendo amplamente utilizados para detectar tráfego malicioso e ataques às redes. Entretanto, essas abordagens ainda apresentam grandes dificuldades para detectar os diferentes tipos de ataques que vêm se aprimorando. Neste contexto, dentre os passos requeridos para uma avaliação baseada em AM, a seleção de características tem grande importância para propiciar maior eficiência na detecção de anomalias e ataques de rede, sendo ainda um problema em aberto. Este artigo propõe uma abordagem que realiza a seleção de características baseada em clusters para melhorar a detecção de ataques e tráfegos anômalos na rede. A proposta cria também um ranque com as características de tráfego que mais contribuíram para o incremento nos acertos dos algoritmos. Os resultados mostraram um desempenho superior às demais propostas avaliadas para cinco diferentes tipos de ataques, considerando a métrica F1 score.
O maior desafio no desenvolvimento de emuladores de redes SDN é torná-los mais realistas, versáteis e abertos. Além disso, eles também devem oferecer aplicações reais em seus experimentos, porém, devido à complexidade de integrá-las ao emulador, estas características nem sempre são desenvolvidas. Para oferecer uma solução mais diversificada e flexível que as atuais (ex. Mininet ou vEmulab), este artigo apresenta o vSDNEmul, um emulador de redes SDN onde os nós são baseados em contêineres Docker.
Para construção de redes virtuais definidas por softwares (vSDN), também conhecidas como slices da infraestrutura física, é necessário a utilização de soluções de hipervisores SDN. No entanto, essas soluções vêm apresentando grandes limitações de escalabilidade e desempenho, por causa de sua arquitetura baseada em proxy de serviços. Este artigo apresenta uma proposta de orquestração diferente do modelo atual provendo redes virtuais definidas por softwares através da alocação de instancias de switches virtuais sob demanda diretamente em dispositivos de comutação de baixo custo.
Software Defined Networks separates the control and forwarding planes, facilitating and flexibilizing the management of networking. However, the interaction between these planes introduces different vulnerabilities to the network, raising new resilience concerns. To assist the planning phase of a Software Defined Network deployment, this paper proposes the application of topological augmentation algorithms to increase the resilience of topologies as indicated by a resilience factor, through optimizations on both control and forwarding planes. In parallel, a brute force controller placement algorithm is applied, for performance comparisons. Tests results demonstrate that the improvement on the test topologies’ resilience characteristics obtained by the joint optimization of both planes surpasses even the most optimal controller placement.
The Novel Enablers for Cloud Slicing (NECOS) project addresses the limitations of current cloud computing infrastructures to respond to the demand for new services, as presented in two use-cases, that will drive the whole execution of the project. The first use-case is focused on Telco service provider and is oriented towards the adoption of cloud computing in their large networks. The second use-case is targeting the use of edge clouds to support devices with low computation and storage capacity. The envisaged solution is based on a new concept, the Lightweight Slice Defined Cloud (LSDC), as an approach that extends the virtualization to all the resources in the involved networks and data centers and provides uniform management with a high-level of orchestration. In this position paper, we discuss the motivation, objectives, architecture, research challenges (and how to overcome them) and initial efforts for the NECOS project.
Um dos maiores desafios para emuladores de redes SDN são faze-los cada vez mais realistas, versáteis e abertos. Além disso, eles também devem oferecer aplicações reais em seus experimentos, porém, devido a complexidade de integra-los ao emulador estas características não são desenvolvidas. Portanto, para oferecer uma solução mais diversificada que as atuais (ex. Mininet ou vEmulab). Este artigo propõe o vSDNEmul, uma alternativa de emulador de redes SDN onde os nós são baseados em contêineres. Além disso, o artigo também descreve a sua arquitetura e API.
Os switches whitebox vêm sendo uma alternativa vantajosa para o plano de dados SDN. Eles permitem tanto a redução nas despesas como também a ampliação dos níveis de heterogeneidade de fabricantes na infraestrutura de rede. Recentes ferramentas possibilitaram que os whiteboxes baseados em software-switches pudessem ampliar seus desempenhos apenas com otimizações feitas via softwares abertos em hardwares genéricos. A partir disso, propõe-se o vSDNBox, uma alternativa de whitebox software-switched para redes definidas por software, capaz de reduzir ainda mais os custos e ampliar o desempenho através de seu gerenciamento e otimizações feitas via software no espaço do usuário. Os resultados obtidos comprovam que a proposta consegue ter um desempenho igual ou aproximado de um whitebox hardwareswitched através de avaliações de vazão e latência.
Software Defined Networks is a paradigm that flexibilizes the management of networking, separating the control and forwarding planes. This separation introduces new concerns towards the resilience of the network, which now presents different vulnerabilities related to the interaction between these planes. A resilience factor for Software Defined Networks is proposed, using multiple metrics to analyze intrinsic features of its architecture, serving as an indication for its resilience. Beyond that, topological augmentation algorithms are employed to increase the resilience of test topologies, as indicated by the proposed factor. Tests results demonstrate an improvement of the topologies’ resilience characteristics.
Redes Definidas por Software é um paradigma que exibilizaa gerência de redes de computadores ao separar os planos de controle e de dados. Essa separação introduz novas preocupações quanto a resiliência da rede, que passa a apresentar diferentes vulnerabilidades relacionadas a interação entre os planos. É proposto um fator de resiliência para Redes Definidas por Software, utilizando múltiplas métricas para analisar características intrínsecas da arquitetura, servindo como indicativo de resiliência da rede. Além disso, algoritmos de aprimoramento topológico são empregados para aperfeiçoar a resiliência das topologias utilizadas. Os resultados de monstram melhoria nas características de resiliência.
As Redes virtuais Definidas por Software (vSDNs) são a junção de SDN e Virtualização. Neste contexto, o hipervisor de rede é responsável pela gestão da rede física, enquanto a rede SDN não virtualizada mantém esta função no controlador. Este artigo apresenta o Search Path, um buscador de caminhos baseado em grafos que evita traduções desnecessárias entre o hipervisor de rede e os controladores no contexto de vSDNs. A fatia encaminhada pelo hipervisor de rede é recebida pelo Search Path em forma de grafos, facilitando o desenvolvimento de lógicas de encaminhamento específicas para cada rede, através da manipulação de grafos. Os testes realizados demonstram que o Search Path possui resultados melhores quando comparado com hipervisor de rede e controlador tradicionais.
Software-Defined Networking (SDN) has turned the Data Center Network (DCN) environment into a more flexible one by decoupling control plane from data plane, allowing an innovative and easily extensible network management solutions. Nowadays, OpenFlow is the most successful protocol for SDN. However, SDN based on OpenFlow protocol presents performance issues on forwarding table increasing and packet match cost. Our proposal named Tag-and-Forward (TF) is a data plane that reduces the number of flow table required in the Fat-Tree software-defined DCNs to optimize forwarding. The results noticebly outperformed RTT and packet transmission rate when compared to usual OpenFlow data plane.
Software-Defined Networking (SDN) has been one of the most successfull networking model over the past few years. The model decouples the network control and forwarding functions enabling the underlying infrastructure complexity to be programmed by applications. Although control plane is the cern for all the benefits, it is also the most crucial drawback of the SDN model to keep up working. Therefore, this paper presents a performance analysis on mainstream open-source SDN controllers. The results show that a well-perfomed control plane not only depends on controller throughput and response time, but also relies on topology discovery time. Our results show that Beacon controller has the highest performance on controller troughput because it uses multicore feature better than others. However, there is a few difference on topology building delay when compared to ONOS, Floodlight and OpenDaylight, which are also Java-based controllers. The worst one is Ryu for building network topology.
O paradigma de redes definidas por software (SDN) está sendo investigado como a solução mais promissora para o atual engessamento da internet, uma vez que propõe a dissociação entre o plano de dados e o plano de controle, proporcionando maior programabilidade às redes de computadores. No entanto, ainda há lacunas em serviços disponíveis nessa arquitetura, dentre as quais se observa o serviço de cálculos de caminhos, que não está evoluindo consideravelmente entre os controladores. Por exemplo, a reserva de recursos, a partir dos requisitos necessários de cada aplicação, permanece como um desafio a ser vencido. Este artigo apresenta uma estratégia de cálculo de caminhos para redes SDN. O objetivo é oferecer um serviço mais flexível no estabelecimento de fluxos OpenFlow, além de possibilitar restrições determinísticas de qualidade vindas das aplicações. A proposta contribui também com uma arquitetura que pode ser aplicada a controladores SDN, um algoritmo de busca, baseado em uma métrica de qualidade de serviço (QoS), e uma análise de desempenho, mostrando que o algoritmo é capaz de minimizar o tempo de busca, processamento e consumo de memória pelo controlador na rede SDN.
The combination of Network Function Virtualization (NFV) and Software Defined Networking (SDN) can improve the control and utilization of network resources. However, this issue still requires proper solutions to virtualize large-scale networks, which would allow the use of SDN and Virtualization in real environments.Thus, this paper proposes a virtualization architecture for SDN that relies on a proxy-based approach. The NVP (Network Virtualization Proxy) is a virtualization proxy that intercepts messages exchanged between controllers and switches SDN enabling network virtualization. An implementation of the proposal was developed as a proof of concept and load testing was performed showing that the solution can provide network virtualization in a scalable manner, using less than 2.5 MB of memory to manage 100 switches performing simultaneous requests, whereas FlowVisor requires more than 200 MB.
One way to provide more flexibility for computer networks is through software defined networks (SDN). This paradigm supports network applications, whose behavior is defined by the controllers. However, management applications SDN is a solution under explored, such applications are scattered in various repositories codes on-line, or are still embedded in the factory switches. This article proposes a model of organization and distribution of applications, called SDNrepo, may specify and model all the way that applications must do to reach the end user, in this case the controllers.
This paper describes the experience of RNP, the Brazilian research and education network, in creating a large scale research facility for experimentation on Future Internet as a member of the FIBRE (Future Internet testbeds experimentation between BRazil and Europe) project. Its main goal is to create common space between Brazil and EU for Future Internet experimental research into network infrastructure and distributed applications, by building and operating a federated EU-Brazil Future Internet experimental facility. The FIBRE testbed is currently composed by a federation of 13 local testbeds (a.k.a. experimental islands), located in different R&E organizations. The FIBRE infrastructure combines heterogeneous physical resources and different technologies, including OpenFlow, wireless and optical communications. We also present the architecture of FIBRE, which allows users to access the testbed through an integrated interface for either experimental or control planes, and provides a common access to the different underlying Control and Monitoring Frameworks (CMFs) for Future Internet experimentation
The Future Internet approach requires new solutions to support novel usage scenarios driven by the technological evolution and the new service demands. However, this paradigm shift requires deeper changes in the existing systems, which makes Internet providers reluctant in deploying the full transformation required for the Future Internet. The Entity Title Architecture (ETArch) is a holistic clean-slate Future Internet system embedding new services for these scenarios leveraging the Software Defined Networking (SDN) concept materialized by the OpenFlow. However, legacy ETArch deploys a fully per-flow approach to provision the same transport model for all sessions (equivalent to the Internet best-effort), while suffering with performance drawbacks and lacking Quality of Service (QoS) control. To that, we evolved ETArch with SMART (Support of Mobile Sessions with High Transport Network Resource Demand) QoS control approach, which coordinates admission control and dynamic control of super-dimensioned resources to accommodate multimedia sessions with QoS-guaranteed over time, while keeping scalability/performance and users with full Quality of Experience (QoE). The SMART-enabled ETArch system evaluation was carried out using a real Testbed of the OFELIA Brazilian Island, confirming its benefits in both data and control planes over the legacy ETArch.
Software Defined Networking (SDN) has emerged as a new paradigm that highly increase the network management flexibility through simple but powerful abstractions. The key idea is decoupling the control plane, which makes the forward decisions, from the data plane, which effectively makes the forward. However, the OpenFlow, the main SDN enabler, is designed mainly by wired networks characteristics. As consequence, Wireless Mesh Networks (WMNs) is not suitable for operating as control plane and many wireless networks features are neglected in the OpenFlow, e.g.: power control and network ID. In addition, there are few effort research to extend SDN to wireless networks and these existing works focus on very specific issues of this integration. In this paper, we propose an architecture to extent the OpenFlow functionalities in order to proper deal with wireless networks, including an approach for transporting the control plane over wireless multihop networks. The extensions include new rules, actions, and commands, which bring the network management flexibility to the wireless context. We validated our proposal by implementing and testing some extensions in a small real world testbed. As a proof of concept, we illustrate the OpenFlow capability of isolation between research and production traffics in a wireless backhaul.
. On the context of OpenFlow networks, the FlowVisor has emerged as a tool to enable the network virtualization, creating an environment for running multiple concurrent and independent experiments. However, this solution still has some limitations, such as the definition of mechanisms to allocate resources to different virtual networks. Although newer versions of the tool allow the queue assignment network slice, to provide resource control among them, device configurations are on the dependency of external tools. Therefore, this article aims to propose a solution to extend the FlowVisor functionality, creating a structure to allow traffic control configuration parameters in the network device, to ensure resource isolation and interference mitigation between the different virtual networks.
Packet scheduling is essential to properly support applications on Software-Defined Networking (SDN) model. However, on OpenFlow/SDN, QoS is only performed with bandwidth guarantees and by a well-known FIFO scheduling. Facing this limitation, this paper presents the QoSFlow proposal, which controls multiple packet schedulers of Linux kernel and improve the flexibility of QoS control. The paper assesses QoSFlow performance, by analysing response time of packet scheduler operations running on datapath level, maximum bandwidth capacity, hardware resource utilization rate, bandwidth isolation and QoE. Our outcomes show an increase more than 48% on PSNR value of QoE by using SFQ scheduling.
The increase in complexity of computer networks and their services have boosted the development of standardizations, models, and solutions for network management over the years. Lately, the Distributed Management Task Force (DMTF) defined the Common Information Model (CIM) for describing computational entities and businesses on the Internet. This paper proposes an extension of the CIM for Software-Defined Networking (SDN) by adding new elements (Controllers, Apps, Slices and others) to improve the system management performance. Furthermore, we define a metamodel to help the process of creating and understanding the proposed model. The proposal was validated by creating a script that generates the FlowVisor configuration file using the network model as input and using Object Constraint Language (OCL) to find inconsistencies in the network.
Currently, there is a philosophical problem that arises between the real need for current support to OpenFlow and legacy network infrastructure. Among them, the legacy networking has not been compatible with OpenFlow network, and for that, it needs to be replaced or a few cases upgraded, as a consequence there are additional spending with new equipment OpenFlow-based. This paper introduces a proposal of hybrid SDN solution based on OpenFlow protocol and called of LegacyFlow, which is able to control Legacy equipment (non-OpenFlow) through OpenFlow protocol 1.0. Results show that it is possible used the LegacyFlow together with OpenFlow switches keeping a good performance time with OpenFlow application.
The OpenFlow technology enables the creation of a programmable layer over the control-plane of a network, in this way dictating the data-plane forwarding behaviour through the use of applications plugged to a network controller. Dynamic Circuit Network is an architecture that permits the scheduling of network resources on virtual circuits, such as bandwidth, over multiple domains with heterogeneous technologies. Recently, researches were conducted in order to integrate both technologies so that dynamic circuits can be dynamically provisioned over OpenFlow domains. The objective of this work is to propose an architecture that enables such provision, maintaining the QoS requisites of a DCN architecture.
