The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load, and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-defined networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns, introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper, we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound application programming interfaces (APIs), network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms—with a focus on aspects such as resiliency, scalability, performance, security, and dependability—as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.

https://publications.uni.lu/bitstream/10993/20596/1/survey_on_SDN.pdf

Software-Defined Networking: A Comprehensive Survey

Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound APIs, network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -- with a focus on aspects such as resiliency, scalability, performance, security and dependability -- as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.

The Transmission Control Protocol.

In this chapter, you will see how the simplex method simplifies when it is applied to a class of optimization problems that are known as “network flow models.” You will also see that if a network flow model has “integer-valued data,” the simplex method finds an optimal solution that is integer-valued.

Flows in Networks

All one needs to know about fog computing and related edge computing paradigms: A complete survey

Software Defined Networking (SDN) has been proposed as a drastic shift in the networking paradigm, by decoupling network control from the data plane and making the switching infrastructure truly programmable. The key enabler of SDN, OpenFlow, has seen widespread deployment on production networks and its adoption is constantly increasing. Although openness and programmability are primary features of OpenFlow, security is of core importance for real-world deployment. In this work, we perform a security analysis of OpenFlow using STRIDE and attack tree modeling methods, and we evaluate our approach on an emulated network testbed. The evaluation assumes an attacker model with access to the network data plane. Finally, we propose appropriate counter-measures that can potentially mitigate the security issues associated with OpenFlow networks. Our analysis and evaluation approach are not exhaustive, but are intended to be adaptable and extensible to new versions and deployment contexts of OpenFlow.

OpenFlow: A security analysis

Inter-domain routing is based on a fully decentralized model, where multiple Autonomous Systems (AS) interact via the BGP protocol. Although BGP is the "glue" of the Internet, it faces a lot of problems regarding its fully distributed nature, policy enforcement capabilities, scalability, security and complexity. Due to the widespread adoption of BGP, only incrementally deployable solutions are feasible. Taking this observation into account, we describe a new, backwards-compatible routing model which is based on outsourcing and logically centralizing the routing control plane. We claim that outsourcing enables enhanced inter-domain routing. As multiple ASes outsource their routing control plane to the same outsourcing service contractor, AS clusters are being gradually formed. A logically centralized multi-AS routing control platform based on Software Defined Networking (SDN) principles is the natural point for taking efficient routing decisions, detecting policy conflicts, troubleshooting routing problems, and evolving BGP. We present the technical and financial incentives which support the feasibility of the model and also propose an implementation scheme to facilitate it.

/pdf/outsourcing-the-routing-control-logic-better-internet-33njh2bs8r.pdf

Outsourcing the routing control logic: better internet routing based on SDN principles

Design and implementation of the OFELIA FP7 facility: The European OpenFlow testbed

Distributed link-flooding attacks constitute a new class of attacks with the potential to segment large areas of the Internet. Their distributed nature makes detection and mitigation very hard. This work proposes a novel framework for the analytical modeling and optimal mitigation of such attacks. The detection is modeled as a problem of relational algebra, representing the association of potential attackers (bots) to potential targets. The analysis seeks to optimally dissolve all but the malevolent associations. The framework is implemented at the level of online Traffic Engineering (TE), which is naturally triggered on link-flooding events. The key idea is to continuously re-route traffic in a manner that makes persistent participation to link-flooding events highly improbable for any benign source. Thus, bots are forced to adopt a suspicious behavior to remain effective, revealing their presence. The load-balancing objective of TE is not affected at all. Extensive simulations on various topologies validate our analytical findings.

A novel framework for modeling and mitigating distributed link flooding attacks

Border gateway protocol (BGP) prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches (ranging from RPKI to popular third-party services), none of them solves the problem adequately in practice. In fact, they suffer from: (i) lack of detection comprehensiveness, allowing sophisticated attackers to evade detection; (ii) limited accuracy, especially in the case of third-party detection; (iii) delayed verification and mitigation of incidents, reaching up to days; and (iv) lack of privacy and of flexibility in post-hijack counteractions, on the side of network operators. In this paper, we propose ARTEMIS, a defense approach (a) based on accurate and fast detection operated by the autonomous system itself, leveraging the pervasiveness of publicly available BGP monitoring services and their recent shift towards real-time streaming and thus (b) enabling flexible and fast mitigation of hijacking events. Compared to the previous work, our approach combines characteristics desirable to network operators, such as comprehensiveness, accuracy, speed, privacy, and flexibility. Finally, we show through real-world experiments that with the ARTEMIS approach, prefix hijacking can be neutralized within a minute.

Vasileios Kotronis

Papers

OpenFlow: A security analysis

Outsourcing the routing control logic: better internet routing based on SDN principles

Design and implementation of the OFELIA FP7 facility: The European OpenFlow testbed

A novel framework for modeling and mitigating distributed link flooding attacks

ARTEMIS: Neutralizing BGP Hijacking Within a Minute