Showing papers on "Network management published in 2016"

Software-defined networking (SDN): a survey

Abstract: With the advent of cloud computing, many new networking concepts have been introduced to simplify network management and bring innovation through network programmability. The emergence of the software-defined networking (SDN) paradigm is one of these adopted concepts in the cloud model so as to eliminate the network infrastructure maintenance processes and guarantee easy management. In this fashion, SDN offers real-time performance and responds to high availability requirements. However, this new emerging paradigm has been facing many technological hurdles; some of them are inherent, while others are inherited from existing adopted technologies. In this paper, our purpose is to shed light on SDN related issues and give insight into the challenges facing the future of this revolutionary network model, from both protocol and architecture perspectives. Additionally, we aim to present different existing solutions and mitigation techniques that address SDN scalability, elasticity, dependability, reliability, high availability, resiliency, security, and performance concerns. Copyright © 2017 John Wiley & Sons, Ltd.

Dynamically deployable self configuring distributed network management system

Abstract: Systems, software, and methods for managing networks of connected electronic devices are described. In one example, network management policy and network management applications are transferred automatically upon detection and identification of a new device, protocol or application on the network. In another example, information related to at least one aspect of the network is obtained by an NMAS, and at least one applicable management policy is identified by the NMAS; and the identified policy is used to manage at least one aspect of the network's operation.

Security in Software-Defined Networking: Threats and Countermeasures

Abstract: In recent years, Software-Defined Networking (SDN) has been a focus of research. As a promising network architecture, SDN will possibly replace traditional networking, as it brings promising opportunities for network management in terms of simplicity, programmability, and elasticity. While many efforts are currently being made to standardize this emerging paradigm, careful attention needs to be also paid to security at this early design stage. This paper focuses on the security aspects of SDN. We begin by discussing characteristics and standards of SDN. On the basis of these, we discuss the security features as a whole and then analyze the security threats and countermeasures in detail from three aspects, based on which part of the SDN paradigm they target, i.e., the data forwarding layer, the control layer and the application layer. Countermeasure techniques that could be used to prevent, mitigate, or recover from some of such attacks are also described, while the threats encountered when developing these defensive mechanisms are highlighted.

Research challenges for traffic engineering in software defined networks

Abstract: SDN is an emerging networking paradigm that separates the network control plane from the data forwarding plane with the promise to dramatically improve network resource utilization, simplify network management, reduce operating costs, and promote innovation and evolution. While traffic engineering techniques have been widely exploited for ATM and IP/MPLS networks for performance optimization in the past, the promising SDN networks require novel traffic engineering solutions that can exploit the global network view, network status, and flow patterns/characteristics in order to achieve better traffic control and management. This article discusses the state-of-the-art in traffic engineering for SDN with attention to four cores including flow management, fault tolerance, topology update, and traffic analysis. Challenging issues for SDN traffic engineering solutions are discussed in detail.

DDoS attack detection under SDN context

Abstract: Software Defined Networking (SDN) has recently emerged as a new network management platform. The centralized control architecture presents many new opportunities. Among the network management tasks, measurement is one of the most important and challenging one. Researchers have proposed many solutions to better utilize SDN for network measurement. Among them, how to detect Distributed Denial-of-Services (DDoS) quickly and precisely is a very challenging problem. In this paper, we propose methods to detect DDoS attacks leveraging on SDN's flow monitoring capability. Our methods utilize measurement resources available in the whole SDN network to adaptively balance the coverage and granularity of attack detection. Through simulations we demonstrate that our methods can quickly locate potential DDoS victims and attackers by using a constrained number of flow monitoring rules.

Rules Placement Problem in OpenFlow Networks: A Survey

Abstract: Software-defined networking (SDN) abstracts low-level network functionalities to simplify network management and reduce costs. The OpenFlow protocol implements the SDN concept by abstracting network communications as flows to be processed by network elements. In OpenFlow, the high-level policies are translated into network primitives called rules that are distributed over the network. While the abstraction offered by OpenFlow allows to potentially implement any policy, it raises the new question of how to define the rules and where to place them in the network while respecting all technical and administrative requirements. In this paper, we propose a comprehensive study of the so-called OpenFlow rules placement problem with a survey of the various proposals intending to solve it. Our study is multifold. First, we define the problem and its challenges. Second, we overview the large number of solutions proposed, with a clear distinction between solutions focusing on memory management and those proposing to reduce signaling traffic to ensure scalability. Finally, we discuss potential research directions around the OpenFlow rules placement problem.

Scheduling Wireless Virtual Networks Functions

Abstract: Network function virtualization (NFV) sits firmly on the networking evolutionary path. By migrating network functions from dedicated devices to general purpose computing platforms, NFV can help reduce the cost to deploy and operate large IT infrastructures. In particular, NFV is expected to play a pivotal role in mobile networks where significant cost reductions can be obtained by dynamically deploying and scaling virtual network functions (VNFs) in the core network. However, in order to achieve its full potential, NFV needs to extend its reach also to the radio access segment. Here, mobile virtual network operators shall be allowed to request radio access VNFs with custom resource allocation solutions. Such a requirement raises several challenges in terms of performance isolation and resource provisioning. In this work, we formalize the wireless VNF placement problem in the radio access network as an integer linear programming problem and we propose a VNF placement heuristic, named wireless network embedding (WiNE), to solve the problem. Moreover, we present a proof-of-concept implementation of an NFV management and orchestration framework for enterprise WLANs. The proposed architecture builds on a programmable network fabric where pure forwarding nodes are mixed with radio and packet processing capable nodes.

SoftWater: Software-defined networking for next-generation underwater communication systems

Abstract: Underwater communication systems have drawn the attention of the research community in the last 15 years. This growing interest can largely be attributed to new civil and military applications enabled by large-scale networks of underwater devices (e.g., underwater static sensors, unmanned autonomous vehicles (AUVs), and autonomous robots), which can retrieve information from the aquatic and marine environment, perform in-network processing on the extracted data, and transmit the collected information to remote locations. Currently underwater communication systems are inherently hardware-based and rely on closed and inflexible architectural design. This imposes significant challenges into adopting new underwater communication and networking technologies, prevent the provision of truly-differentiated services to highly diverse underwater applications, and induce great barriers to integrate heterogeneous underwater devices. Software-defined networking (SDN), recognized as the next-generation networking paradigm, relies on the highly flexible, programmable, and virtualizable network architecture to dramatically improve network resource utilization, simplify network management, reduce operating cost, and promote innovation and evolution. In this paper, a software-defined architecture, namely SoftWater, is first introduced to facilitate the development of the next-generation underwater communication systems. More specifically, by exploiting the network function virtualization (NFV) and network virtualization concepts, SoftWater architecture can easily incorporate new underwater communication solutions, accordingly maximize the network capacity, can achieve the network robustness and energy efficiency, as well as can provide truly differentiated and scalable networking services. Consequently, the SoftWater architecture can simultaneously support a variety of different underwater applications, and can enable the interoperability of underwater devices from different manufacturers that operate on different underwater communication technologies based on acoustic, optical, or radio waves. Moreover, the essential network management tools of SoftWater are discussed, including reconfigurable multi-controller placement, hybrid in-band and out-of-band control traffic balancing, and utility-optimal network virtualization. Furthermore, the major benefits of SoftWater architecture are demonstrated by introducing software-defined underwater networking solutions, including the throughput-optimal underwater routing, SDN-enhanced fault recovery, and software-defined underwater mobility management. The research challenges to realize the SoftWater are also discussed in detail.

Control Plane Optimization in Software-Defined Vehicular Ad Hoc Networks

Abstract: The vehicle ad hoc network (VANET) is an emerging network technology that is expected to be cost-effective and adaptable, making it ideal to provide network connection service to drivers and passengers on today's roads. In the next generation of VANETs with fifth-generation (5G) networks, software-defined networking (SDN) technology will play a very important role in network management. However, for infotainment applications, high latency in VANET communication imposes a great challenge for network management, whereas direct communication through the cellular networks brings high cost. In this paper, we present an optimizing strategy to balance the latency requirement and the cost on cellular networks, in which we encourage vehicles to send the SDN control requests through the cellular networks by rebating network bandwidth. Furthermore, we model the interaction of the controller and vehicles as a two-stage Stackelberg game and analyze the game equilibrium. From the experimental results, the optimal rebating strategy provides smaller latency than other control plane structures.

Real-time verification of network properties using atomic predicates

Abstract: Network management will benefit from automated tools based upon formal methods. Several such tools have been published in the literature. We present a new formal method for a new tool, Atomic Predicates (AP) Verifier, which is much more time and space efficient than existing tools. Given a set of predicates representing packet filters, AP Verifier computes a set of atomic predicates, which is minimum and unique. The use of atomic predicates dramatically speeds up computation of network reachability. We evaluated the performance of AP Verifier using forwarding tables and ACLs from three large real networks. The atomic predicate sets of these networks were computed very quickly and their sizes are surprisingly small. Real networks are subject to dynamic state changes over time as a result of rule insertion and deletion by protocols and operators, failure and recovery of links and boxes, etc. In a software-defined network, the network state can be observed in real time and thus may be controlled in real time. AP Verifier includes algorithms to process such events and check compliance with network policies and properties in real time. We compare time and space costs of AP Verifier with Header Space and NetPlumber using datasets from the real networks.

"Anything as a Service" for 5G Mobile Systems

Abstract: 5G network architecture and its functions are yet to be defined. However, it is generally agreed that cloud computing, network function virtualization (NFV), and software defined networking (SDN) will be key enabling technologies for 5G. Indeed, putting all these technologies together ensures several advantages in terms of network configuration flexibility, scalability, and elasticity, which are highly needed to fulfill the numerous requirements of 5G. Furthermore, 5G network management procedures should be as simple as possible, allowing network operators to orchestrate and manage the lifecycle of their virtual network infrastructures (VNIs) and the corresponding virtual network functions (VNFs), in a cognitive and programmable fashion. To this end, we introduce the concept of “Anything as a Service” (ANYaaS), which allows a network operator to create and orchestrate 5G services on demand and in a dynamic way. ANYaaS relies on the reference ETSI NFV architecture to orchestrate and manage important services such as mobile Content Delivery Network as a Service (CDNaaS), Traffic Offload as a Service (TOFaaS), and Machine Type Communications as a Service (MTCaaS). Ultimately, ANYaaS aims for enabling dynamic creation and management of mobile services through agile approaches that handle 5G network resources and services.

Multilevel pattern mining architecture for automatic network monitoring in heterogeneous wireless communication networks

Abstract: The rapid development of network technology and its evolution toward heterogeneous networks has increased the demand to support automatic monitoring and the management of heterogeneous wireless communication networks. This paper presents a multilevel pattern mining architecture to support automatic network management by discovering interesting patterns from telecom network monitoring data. This architecture leverages and combines existing frequent itemset discovery over data streams, association rule deduction, frequent sequential pattern mining, and frequent temporal pattern mining techniques while also making use of distributed processing platforms to achieve high-volume throughput.

Service Usage Classification with Encrypted Internet Traffic in Mobile Messaging Apps

Abstract: The rapid adoption of mobile messaging Apps has enabled us to collect massive amount of encrypted Internet traffic of mobile messaging. The classification of this traffic into different types of in-App service usages can help for intelligent network management, such as managing network bandwidth budget and providing quality of services. Traditional approaches for classification of Internet traffic rely on packet inspection, such as parsing HTTP headers. However, messaging Apps are increasingly using secure protocols, such as HTTPS and SSL, to transmit data. This imposes significant challenges on the performances of service usage classification by packet inspection. To this end, in this paper, we investigate how to exploit encrypted Internet traffic for classifying in-App usages. Specifically, we develop a system, named CUMMA, for classifying service usages of mobile messaging Apps by jointly modeling user behavioral patterns, network traffic characteristics, and temporal dependencies. Along this line, we first segment Internet traffic from traffic-flows into sessions with a number of dialogs in a hierarchical way. Also, we extract the discriminative features of traffic data from two perspectives: (i) packet length and (ii) time delay. Next, we learn a service usage predictor to classify these segmented dialogs into single-type usages or outliers. In addition, we design a clustering Hidden Markov Model (HMM) based method to detect mixed dialogs from outliers and decompose mixed dialogs into sub- dialogs of single-type usage. Indeed, CUMMA enables mobile analysts to identify service usages and analyze end-user in-App behaviors even for encrypted Internet traffic. Finally, the extensive experiments on real-world messaging data demonstrate the effectiveness and efficiency of the proposed method for service usage classification.

Simplifying datacenter network debugging with pathdump

Abstract: Datacenter networks continue to grow complex due to larger scales, higher speeds and higher link utilization. Existing tools to manage and debug these networks are even more complex, requiring in-network techniques like collecting per-packet per-switch logs, dynamic switch rule updates, periodically collecting data plane snapshots, packet mirroring, packet sampling, traffic replay, etc.This paper calls for a radically different approach to network management and debugging: in contrast to implementing the functionality entirely in-network, we should carefully partition the debugging tasks between the edge devices and the network elements. We present the design, implementation and evaluation of PathDump, a minimalistic tool that utilizes resources at edge devices for network debugging. PathDump currently runs over a real network comprising only of commodity hardware, and yet, can support a surprisingly large class of network debugging problems. Evaluation results show that Path-Dump requires minimal switch and edge resources, while enabling network debugging at fine-grained time scales.

Cognitive Cellular Networks: A Q-Learning Framework for Self-Organizing Networks

Abstract: Self-organizing networks (SON) aim at simplifying network management (NM) and optimizing network capital and operational expenditure through automation. Most SON functions (SFs) are rule-based control structures, which evaluate metrics and decide actions based on a set of rules. These rigid structures are, however, very complex to design since rules must be derived for each SF in each possible scenario. In practice, rules only support generic behavior, which cannot respond to the specific scenarios in each network or cell. Moreover, SON coordination becomes very complicated with such varied control structures. In this paper, we propose to advance SON toward cognitive cellular networks (CCN) by adding cognition that enables the SFs to independently learn the required optimal configurations. We propose a generalized Q-learning framework for the CCN functions and show how the framework fits to a general SF control loop. We then apply this framework to two functions on mobility robustness optimization (MRO) and mobility load balancing (MLB). Our results show that the MRO function learns to optimize handover performance while the MLB function learns to distribute instantaneous load among cells.

Information-Centric Networking (ICN) Research Challenges

Abstract: This memo describes research challenges for Information-Centric Networking (ICN), an approach to evolve the Internet infrastructure to directly support information distribution by introducing uniquely named data as a core Internet principle. Data becomes independent from location, application, storage, and means of transportation, enabling or enhancing a number of desirable features, such as security, user mobility, multicast, and in-network caching. Mechanisms for realizing these benefits is the subject of ongoing research in the IRTF and elsewhere. This document describes current research challenges in ICN, including naming, security, routing, system scalability, mobility management, wireless networking, transport services, in-network caching, and network management. This document is a product of the IRTF Information-Centric Networking Research Group (ICNRG).

A Survey on Applications of Model-Free Strategy Learning in Cognitive Wireless Networks

Abstract: The framework of cognitive wireless networks is expected to endow the wireless devices with the cognition-intelligence ability with which they can efficiently learn and respond to the dynamic wireless environment. In many practical scenarios, the complexity of network dynamics makes it difficult to determine the network evolution model in advance. Thus, the wireless decision-making entities may face a black-box network control problem and the model-based network management mechanisms will be no longer applicable. In contrast, model-free learning enables the decision-making entities to adapt their behaviors based on the reinforcement from their interaction with the environment and (implicitly) build their understanding of the system from scratch through trial-and-error. Such characteristics are highly in accordance with the requirement of cognition-based intelligence for devices in cognitive wireless networks. Therefore, model-free learning has been considered as one key implementation approach to adaptive, self-organized network control in cognitive wireless networks. In this paper, we provide a comprehensive survey on the applications of the state-of-the-art model-free learning mechanisms in cognitive wireless networks. According to the system models on which those applications are based, a systematic overview of the learning algorithms in the domains of single-agent system, multiagent systems, and multiplayer games is provided. The applications of model-free learning to various problems in cognitive wireless networks are discussed with the focus on how the learning mechanisms help to provide the solutions to these problems and improve the network performance over the model-based, non-adaptive methods. Finally, a broad spectrum of challenges and open issues is discussed to offer a guideline for the future research directions.

On Denial of Service Attacks in Software Defined Networks

Abstract: Software defined networking greatly simplifies network management by decoupling control functions from the network data plane. However, such a decoupling also opens SDN to various denial of service attacks: an adversary can easily exhaust network resources by flooding short-lived spoofed flows. Toward this issue, we present a comprehensive study of DoS attacks in SDN, and propose multi-layer fair queueing (MLFQ), a simple but effective DoS mitigation method. MLFQ enforces fair sharing of an SDN controller’s resources with multiple layers of queues, which can dynamically expand and aggregate according to controller load. Both testbed-based and emulation-based experiments demonstrate the effectiveness of MLFQ in mitigating DoS attacks targeted at SDN controllers.

Detection of distributed denial of service attacks in software defined networks

Abstract: Software Defined Network (SDN) architecture is a new and novel way of network management. In SDN, switches do not process the incoming packets. They match for the incoming packets in the forwarding tables and if there is none it will be sent to the controller for processing which is the operating system of the SDN. A Distributed Denial of Service (DDoS) attack is a biggest threat to cyber security in SDN network. The attack will occur at the network layer or the application layer of the compromised systems that are connected to the network. In this paper we discuss the DDoS attacks from the traces of the traffic flow. We use different machine learning algorithms such as Naive Bayes, K-Nearest neighbour, K-means and K-medoids to classify the traffic as normal and abnormal. Then these algorithms are measured using parameters such as detection rate and efficiency. The algorithm having more accuracy is chosen to implement Signature IDS and results of it are then processed by Advanced IDS which detects anomalous behaviour based on open connections and provides accurate results of the hosts specifying which hosts is involved in the DDOS attack.

Mobile Network Traffic Prediction Using MLP, MLPWD, and SVM

Abstract: Mobile networks are critical for today's social mobility and the Internet. More and more people are subscribing to mobile networks, which has led to substantial demands. The network operators need to find ways of meeting the huge demands. Since mobile network resources, such as spectrum, are expensive, there is a need for efficient management of network resources as well as finding a way to predict future use for network management and planning. Network planning is crucial for network operators to provide services that are both cost effective and have high degree of quality of service (QoS). The aim of this research is to apply data analysis techniques to support network operators to maximize the resource usage for network operators, that is, to prevent both under-provisioning and over-provisioning. Therefore, this paper investigates the prediction accuracy of machine learning techniques -- Multi-Layer Perceptron (MLP), Multi-Layer Perceptron with Weight Decay (MLPWD), and Support Vector Machines (SVM) -- using a dataset from a commercial trial mobile network. The experimental results show that SVM outperforms MLP and MLPWD in predicting the multidimensionality of the real-life network traffic data, while MLPWD has better accuracy in predicting the unidimensional data. Our experimental results can help network operators predict future demands and facilitate provisioning and placement of mobile network resources for effective resource management.

Distributed PID-Based Scheduling for 6TiSCH Networks

Abstract: Industrial low-power networks are becoming the nexus of operational technologies and the Internet thanks to the standardization of networking layer interfaces. One of the main promoters of this shift is the IETF 6TiSCH WG, which addresses network management and IP integration of time synchronized channel hopping (TSCH) networks as those developed by the IEEE802.15.4 TG. The 6TiSCH WG is defining the operational interface and mechanism by which the network schedule can be distributed amongst the devices in the network. This operational sublayer, called 6top, supports distributed scheduling and enables implementers to define the scheduling policy, only standardizing the distribution mechanism. This letter proposes a novel distributed scheduling policy based on the well-known industrial control paradigm referred as proportional, integral, and derivative (PID) control. The proposed technique is completely decentralized, enabling each node to determine the number of cells to schedule to one another, according to its traffic demand. The mechanism is reactive to sudden or bursty traffic patterns, while staying conservative in over-provisioning cells.

SDN-based distributed mobility management for 5G networks

Abstract: Software-Defined Networking (SDN) is transforming the networking ecosystem. SDN allows network operators to easily and quickly introduce new services and flexibly adapt to their requirements, while simplifying the network management to reduce the cost of operation, maintenance and deployment. On the other hand, mobility is a key aspect for the future mobile networks. In this context, Distributed Mobility Management (DMM) has been recently introduced as a new trend to overcome the limitations of the today's mobility management protocols which are highly centralized and hierarchical. Driven from the fact that DMM and SDN share the same principle in which the data and control plane are decoupled, we propose a DMM solution based on SDN architecture called S-DMM. This solution offers a lot of advantages including no need to deploy any mobility-related component at the access router, independence of the underlying technologies, and per-flow mobility support. On one hand, the numerical results prove that S-DMM is more scalable than the legacy DMM. On the other hand, the experiment results from a real implementation show that S-DMM comes at no performance penalty (in terms of handover latency and end-to-end delay) compared to legacy DMM, yet at a slightly better management cost, which makes S-DMM a promising candidate for a mobility management solution in the context of 5G networks.

System and methods for network management and orchestration for network slicing

Abstract: Systems and methods for implementing virtualized functions in control and data planes for a communications network are described herein A method for managing a User Equipment (UE) attach request includes instantiating a Global Connection and Mobility Management (G-CMM) function configured to operate across a plurality of network slices in the communications network, determining an appropriate network slice from the plurality of network slices with the G-CMM function, and attaching the UE to the appropriate network slice

Simplifying software-defined network optimization using SOL

Abstract: Realizing the benefits of SDN for many network management applications (e.g., traffic engineering, service chaining, topology reconfiguration) involves addressing complex optimizations that are central to these problems. Unfortunately, such optimization problems require (a) significant manual effort and expertise to express and (b) non-trivial computation and/or carefully crafted heuristics to solve. Our goal is to simplify the deployment of SDN applications using general high-level abstractions for capturing optimization requirements from which we can efficiently generate optimal solutions. To this end, we present SOL, a framework that demonstrates that it is possible to simultaneously achieve generality and efficiency. The insight underlying SOL is that many SDN applications can be recast within a unifying path-based optimization abstraction. Using this, SOL can efficiently generate near-optimal solutions and device configurations to implement them. We show that SOL provides comparable or better scalability than custom optimization solutions for diverse applications, allows a balancing of optimality and route churn per reconfiguration, and interfaces with modern SDN controllers.

How to make public networks really work: a qualitative comparative analysis

Abstract: Many studies have striven to understand which factors affect the performance of public networks. However, there are very few studies in the field of public management that investigate the joint, interactive effects of different determinants on network performance. This article uses the relatively new method of qualitative comparative analysis (QCA) to investigate the complex causality of determinants and network performance. It examines the combination of resource munificence, centralization of the network structure, formalization of coordination mechanisms, network management and their joint effects on network performance. An analysis of 12 Swiss networks providing home and social care services shows that there are a range of possible paths. Various combinations of the above-mentioned factors can in fact lead to high network performance. The paths provide insight into how to make public networks really work.

Robotron: Top-down Network Management at Facebook Scale

Abstract: Network management facilitates a healthy and sustainable network. However, its practice is not well understood outside the network engineering community. In this paper, we present Robotron, a system for managing a massive production network in a top-down fashion. The system's goal is to reduce effort and errors on management tasks by minimizing direct human interaction with network devices. Engineers use Robotron to express high-level design intent, which is translated into low-level device configurations and deployed safely. Robotron also monitors devices' operational state to ensure it does not deviate from the desired state. Since 2008, Robotron has been used to manage tens of thousands of network devices connecting hundreds of thousands of servers globally at Facebook.