99 results on '"northbound interface"'
Search Results
2. Defense mechanism of SDN application layer against DDoS attack based on API call management
- Author
-
Yang WANG, Guangming TANG and Shuo WANG, Jiang CHU
- Subjects
ddos ,network security ,sdn ,northbound interface ,Electronic computers. Computer science ,QA75.5-76.95 - Abstract
Due to thelack of strict access control, identity authentication and abnormal call detection, attackers may develop malicious applications easily and then it leads to theabuse of the northbound interface API (application programming interface) accordingly.There are mainly two patterns of DDoS (distributed denial-of-service) attacks against application layer.1) malicious App bypass the security review of the northbound interface and make a large number of calls to some API in a short time, thus causing the controller to crash and paralyzing the whole network; 2) attackers take a legitimate SDN (software defined network) application as the target and make a large number of short-time calls to the specific API needed by the application, which makes the legitimate App unable to call the API normally.Compared with the first pattern, the second one is more subtle.Therefore, it’s necessary to distinguish whether the App is malicious or not, effectively clean the App running on the attacked controller, and redistribute the controller to the legitimate App.Based on the in-depth analysis of the development trend of the current northbound interface, the possible DDoS attack patterns were simulated and practiced.Then a DDoS defense mechanism for SDN application layer was proposed.This mechanism added an App management layer between SDN application layer and control layer.Through reputation management, initial review, mapping allocation, anomaly detection and identification migration of the App, the malicious App attack on SDN can be predicted and resisted.The proposal focused on pre-examination of malicious App before attacks occur, so as to avoid attacks.If the attack has already happened, the operation of cleaning and separating the legitimate App from the malicious App is triggered.Theoretical and experimental results show that the proposed mechanism can effectively avoid DDoS attacks in SDN application layer, and the algorithm runs efficiently.
- Published
- 2022
- Full Text
- View/download PDF
3. Application Threats to Exploit Northbound Interface Vulnerabilities in Software Defined Networks.
- Author
-
RAUF, BILAL, ABBAS, HAIDER, USMAN, MUHAMMAD, ZIA, TANVEER A., IQBAL, WASEEM, ABBAS, YAWAR, and AFZAL, HAMMAD
- Subjects
- *
SOFTWARE-defined networking , *TRUST - Abstract
Software Defined Networking (SDN) is an evolving technology that decouples the control functionality from the underlying hardware managed by the control plane. The application plane supports programmers to develop numerous applications (such as networking, management, security, etc.) that can even be executed from remote locations. Northbound interface (NBI) bridges the control and application planes to execute the thirdparty applications business logic. Due to the software bugs in applications and existing vulnerabilities such as illegal function calling, resource exhaustion, lack of trust, and so on, NBIs are susceptible to different attacks. Based on the extensive literature review, we have identified that the researchers and academia have mainly focused on the security of the control plane, data plane, and southbound interface (SBI). NBI, in comparison, has received far less attention. In this article, the security of the least explored, but a critical component of the SDN architecture, i.e., NBI, is analyzed. The article provides a brief overview of SDN, followed by a detailed discussion on the categories of NBI, vulnerabilities of NBI, and threats posed by malicious applications to NBI. Efforts of the researchers to counter malicious applications and NBI issues are then discussed in detail. The standardization efforts for the single acceptable NBI and security requirements of SDN by Open Networking Foundation (ONF) are also presented. The article concludes with the future research directions for the security of a single acceptable NBI. [ABSTRACT FROM AUTHOR]
- Published
- 2022
- Full Text
- View/download PDF
4. 基于 API 调用管理的 SDN 应用层 DDoS 攻击防御机制.
- Author
-
王洋, 汤光明, 王硕, and 楚江
- Abstract
Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
- Published
- 2022
- Full Text
- View/download PDF
5. Toward a Trust-Based Authentication Framework of Northbound Interface in Software Defined Networking
- Author
-
Duy, Phan The, Hien, Do Thi Thu, Van Vuong, Nguyen, Au, Nguyen Ngoc Hai, Pham, Van-Hau, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Xiaohua, Jia, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Duong, Trung Quang, editor, Vo, Nguyen-Son, editor, Nguyen, Loi K., editor, Vien, Quoc-Tuan, editor, and Nguyen, Van-Dinh, editor
- Published
- 2019
- Full Text
- View/download PDF
6. Software-Defined Networks and Methods to Mitigate Attacks on the Network
- Author
-
Kumar, Shubham, Kumar, Sumit, Sarimela, Valluri, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Pati, Bibudhendu, editor, Panigrahi, Chhabi Rani, editor, Misra, Sudip, editor, Pujari, Arun K., editor, and Bakshi, Sambit, editor
- Published
- 2019
- Full Text
- View/download PDF
7. An Enhanced Message Distribution Mechanism for Northbound Interfaces in the SDN Environment.
- Author
-
Wang, Chenhui, Ni, Hong, Liu, Lei, and Raffaelli, Carla
- Subjects
TELECOMMUNICATION systems ,SOFTWARE-defined networking ,DEGREES of freedom ,TCP/IP ,BANDWIDTHS - Abstract
Software-Defined Network (SDN), which is recommended as a new generation of the network, a substitute for TCP/IP network, has the characteristics of separation of data plane and control plane. Although the separation of the control plane brings a high degree of freedom and simple operation and maintenance, it also increases the cost of north–south communication. There are many additional modules for SDN to modify and enhance the basic functions of SDN. This paper proposes a message queue-based northbound communication mechanism, which pre-categorizes messages from the data plane and accurately pushes them to the apps potentially interested. This mechanism improves the efficiency of northbound communication and apps' execution. Furthermore, it supports both OpenFlow and the protocol-independent southbound interface, and it has strong compatibility. Experiments have proved that this mechanism can reduce the control-response latency by up to 41% when compared with the normal controller northbound communication system, and it also improves the network situation of the data plane, such as real-time bandwidth. [ABSTRACT FROM AUTHOR]
- Published
- 2021
- Full Text
- View/download PDF
8. Designing a RESTful Northbound Interface for Incompatible Software Defined Network Controllers
- Author
-
Alghamdi, Abdullah, Paul, David, and Sadgrove, Edmund
- Published
- 2022
- Full Text
- View/download PDF
9. An Enhanced Message Distribution Mechanism for Northbound Interfaces in the SDN Environment
- Author
-
Chenhui Wang, Hong Ni, and Lei Liu
- Subjects
SDN ,northbound interface ,message distribution mechanism ,message queue ,Technology ,Engineering (General). Civil engineering (General) ,TA1-2040 ,Biology (General) ,QH301-705.5 ,Physics ,QC1-999 ,Chemistry ,QD1-999 - Abstract
Software-Defined Network (SDN), which is recommended as a new generation of the network, a substitute for TCP/IP network, has the characteristics of separation of data plane and control plane. Although the separation of the control plane brings a high degree of freedom and simple operation and maintenance, it also increases the cost of north–south communication. There are many additional modules for SDN to modify and enhance the basic functions of SDN. This paper proposes a message queue-based northbound communication mechanism, which pre-categorizes messages from the data plane and accurately pushes them to the apps potentially interested. This mechanism improves the efficiency of northbound communication and apps’ execution. Furthermore, it supports both OpenFlow and the protocol-independent southbound interface, and it has strong compatibility. Experiments have proved that this mechanism can reduce the control-response latency by up to 41% when compared with the normal controller northbound communication system, and it also improves the network situation of the data plane, such as real-time bandwidth.
- Published
- 2021
- Full Text
- View/download PDF
10. BENBI: Scalable and Dynamic Access Control on the Northbound Interface of SDN-Based VANET.
- Author
-
Weng, Jia-Si, Weng, Jian, Zhang, Yue, Luo, Weiqi, and Lan, Weiming
- Subjects
- *
VEHICULAR ad hoc networks , *SCALABILITY , *SOFTWARE-defined networking , *ACCESS control of computer networks , *DATA transmission systems - Abstract
Recently, emerging SDN-based VANET (i.e., vehicular ad hoc network based on software-defined networking) enables VANET management to be programmable and flexible. It introduces SDN controllers to maintain network-wide resources and SDN applications to program configurations through arbitrarily accessing resources via the northbound interface (NBI). However, this brings with it security issues on the NBI, such as network-wide resource exposure and configuration manipulation. Most of the existing works employed permission systems to restrict resource access; these solutions are generally controller-dependent, which means controller codes need to be modified for giving access permissions to external applications. In this paper, we propose a scalable and dynamic access control scheme on the NBI for SDN-based VANET, named BENBI. In the proposed scheme, we dynamically and flexibly control network resources by employing broadcast encryption, rather than altering source codes of the controller or updating permission lists with various degrees of granularity. Moreover, the resources are encrypted during transmission so that they are only available to authorized applications. Finally, we implement a prototype of BENBI. The experimental results demonstrate that the cost of allocating secret keys is independent of the number of SDN entities being appointed, which indicates the scalability of our scheme. [ABSTRACT FROM AUTHOR]
- Published
- 2019
- Full Text
- View/download PDF
11. Controller-Related Security Risks and Vulnerabilities in Software-Defined Networking
- Abstract
Software-Defined Networking (SDN) is a relatively new networking paradigm that proposes to separate the control and the data logic in networks. The control logic is centralized in a controller, which allows for a programmable network. SDN is promising but also intro- duces some critical security vulnerabilities to networks. This work proposes a survey of state-of-the-art research into attacks and state-of-the-art defences arising from controller place- ment, controller failure and the northbound interface. Furthermore, it proposes a comparison and analysis of the limitations of that research. Finally, it proposes future research directions to improve SDN security focused on network con- sistency and on the interoperability of different defences., CSE3000 Research Project, Computer Science and Engineering
- Published
- 2022
12. Controller-Related Security Risks and Vulnerabilities in Software-Defined Networking
- Abstract
Software-Defined Networking (SDN) is a relatively new networking paradigm that proposes to separate the control and the data logic in networks. The control logic is centralized in a controller, which allows for a programmable network. SDN is promising but also intro- duces some critical security vulnerabilities to networks. This work proposes a survey of state-of-the-art research into attacks and state-of-the-art defences arising from controller place- ment, controller failure and the northbound interface. Furthermore, it proposes a comparison and analysis of the limitations of that research. Finally, it proposes future research directions to improve SDN security focused on network con- sistency and on the interoperability of different defences., CSE3000 Research Project, Computer Science and Engineering
- Published
- 2022
13. Application Threats to Exploit Northbound Interface Vulnerabilities in Software Defined Networks
- Author
-
Bilal Rauf, Yawar Abbas, Hammad Afzal, Waseem Iqbal, Tanveer A. Zia, Muhammad Usman, and Haider Abbas
- Subjects
General Computer Science ,Northbound interface ,Exploit ,Computer science ,Interface (computing) ,020206 networking & telecommunications ,02 engineering and technology ,Computer security ,computer.software_genre ,Theoretical Computer Science ,Resource (project management) ,Software bug ,0202 electrical engineering, electronic engineering, information engineering ,Forwarding plane ,Business logic ,020201 artificial intelligence & image processing ,Software-defined networking ,computer - Abstract
Software Defined Networking (SDN) is an evolving technology that decouples the control functionality from the underlying hardware managed by the control plane. The application plane supports programmers to develop numerous applications (such as networking, management, security, etc.) that can even be executed from remote locations. Northbound interface (NBI) bridges the control and application planes to execute the third-party applications business logic. Due to the software bugs in applications and existing vulnerabilities such as illegal function calling, resource exhaustion, lack of trust, and so on, NBIs are susceptible to different attacks. Based on the extensive literature review, we have identified that the researchers and academia have mainly focused on the security of the control plane, data plane, and southbound interface (SBI). NBI, in comparison, has received far less attention. In this article, the security of the least explored, but a critical component of the SDN architecture, i.e., NBI, is analyzed. The article provides a brief overview of SDN, followed by a detailed discussion on the categories of NBI, vulnerabilities of NBI, and threats posed by malicious applications to NBI. Efforts of the researchers to counter malicious applications and NBI issues are then discussed in detail. The standardization efforts for the single acceptable NBI and security requirements of SDN by Open Networking Foundation (ONF) are also presented. The article concludes with the future research directions for the security of a single acceptable NBI.
- Published
- 2021
14. Enhanced Quality of Service Measurement Mechanism of Container-based Cloud Network Architecture
- Author
-
Jhih-Dao Jhan, Yung-Chang Lai, Yong-Ling Chen, and Fei-Hua Kuo
- Subjects
Service-level agreement ,Network architecture ,Northbound interface ,Computer science ,business.industry ,Quality of service ,Container (abstract data type) ,Network service ,Cloud computing ,Service provider ,business ,Computer network - Abstract
As the growth of development on both network architecture and cloud computing, the existing quality of service (QoS) measurement mechanism in VNF design is not sufficient for the cloud network architecture, especially the development of container technology. It is important for service provider to provide to customers a service level agreement (SLA) on cloud network service by provision of Container-as-a-Service (CaaS) and container network function (CNF). In this paper, we propose an enhanced vQOS (EvQOS) measurement mechanism for container-based network architecture that retains the vQOS in VNF architecture [1] including the TWAMP light (TWL) protocol and the northbound interface design, and provides a containerization architecture and the friendliness of system management and monitoring.
- Published
- 2021
15. SDN Intent-based conformance checking: application to security policies
- Author
-
Jacques Robin, Nicolas Herbaut, Raúl Mazo, Camilo Correa, Centre de Recherche en Informatique de Paris 1 (CRI), and Université Paris 1 Panthéon-Sorbonne (UP1)
- Subjects
Reflection (computer programming) ,Northbound interface ,Computer science ,Distributed computing ,security ,Security policy ,Conformance checking ,conformance checking ,[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI] ,Intent-based networking ,Scalability ,Forwarding plane ,Software-defined networking ,Use case - Abstract
International audience; With the popularity of software defined networking architectures, the growing complexity of its use cases dictates the need for better auditability especially for security. In this paper, we aim at facilitating high-level management-plane policy configuration conformance auditing and their reflection in the data plane, to detect missing or spurious flow rules with respect to security policies. To this end, we propose an efficient conformance checking approach based on an intentional northbound interface as well as traces of management, control and data plane. Leveraging a proof-of-concept implementation of our approach, we compare its conformance-checking runtime and precision against a direct method on virtual topologies and find that it significantly improves scalability. We conclude by proposing directions for further enhancements extending the techniques presented herein.
- Published
- 2021
16. Design and Implementation of Operation and Maintenance Support System of SDH Optical Fiber Transmission Network
- Author
-
Na Liu, Pei Tong, Lei Liu, and Cong Wang
- Subjects
Warning system ,Performance management ,Northbound interface ,Computer science ,business.industry ,Troubleshooting ,JavaScript ,Variety (cybernetics) ,Visualization ,Performance indicator ,business ,computer ,Computer network ,computer.programming_language - Abstract
SDH optical fiber transmission is widely used in various information transmission networks. It transmits a variety of information. According to the actual operation and maintenance requirements, the business management module of SDH optical fiber transmission network operation and maintenance support system is designed to realize the classified and targeted business management. The business records are information-based and scientific. Using the equipment performance data obtained from the northbound interface, the key performance indicators of the optical fiber transmission network can be extracted and displayed. It can give early warning of equipment failure and provide data support for network performance analysis and troubleshooting. Business management and device performance data are friendly displayed by the popular open source visualization tool based on JavaScript. The application of the system can improve the operation and maintenance efficiency of SDH optical fiber transmission network.
- Published
- 2021
17. Research on filling algorithm of incomplete data in north interface of optical fiber network
- Author
-
Ran Jinzhi, Yang Dewei, Lin Chushan, Zhao Weihu, Huang Bin, Zhou Xingfu, and Shen Kuo
- Subjects
Network management ,Northbound interface ,business.industry ,Computer science ,Interface (Java) ,Decision tree learning ,Random tree ,business ,Missing data ,Algorithm ,k-nearest neighbors algorithm ,Random forest - Abstract
Northbound interface is the interface for manufacturers or operators to access and manage the network. Through it, the superior network management can obtain a large number of data such as configuration performance and operation and maintenance of optical network. For various reasons, there are usually missing values in real data sets. In order to improve the accuracy of filling missing values. In this paper, from the perspective of data mining, we use a variety of processing methods to fill the missing value of the north interface. In this paper, by analyzing the principle of KNN algorithm, decision tree algorithm, random forest algorithm and extreme random tree algorithm, the four algorithms are simulated in the missing value processing of northbound interface data respectively. The performance differences of various algorithms are compared and analyzed, and their advantages and disadvantages are compared. Finally, the most suitable algorithm for missing value processing of northbound interface data is found. Based on the simulation and experimental results, it is concluded that the extreme random tree algorithm has better filling effect in dealing with the missing values of the north interface.
- Published
- 2021
18. Towards Adaptive QoS in SDN-enabled Heterogeneous Tactical Networks
- Author
-
Peter Sevenich, Sharath Maligera Eswarappa, Johannes Loevenich, Roberto Rigolin F. Lopes, and Paulo H. L. Rettore
- Subjects
Data flow diagram ,Hybrid Scheduling ,Adaptive quality of service multi-hop routing ,Northbound interface ,business.industry ,Computer science ,Network packet ,Reliability (computer networking) ,Quality of service ,Enhanced Data Rates for GSM Evolution ,business ,Computer network - Abstract
This paper introduces a mechanism to adaptively ensure Quality of Service (QoS) for user data flow by leveraging Software-Defined Networking (SDN) in heterogeneous tactical networks. We start with a hypothesis that an application using the northbound interface of the SDN controller can support the management of unreliable radio links at the edge of tactical networks. Thus, we developed applications to support adaptive shaping of user data flows over data rates supported by VHF and UHF radios, and to ensure the dropping of expired messages. We also introduce a hybrid scheduling mechanism for these user data flows using queuing discipline. The goal is to differentiate IP packets from command and control services with different QoS requirements. Our hypothesis was verified with experiments using four classes of messages with different QoS requirements, such as priority, reliability, and time of expire. Experimental results in an emulated network suggest that our solution can differentiate data flows in a heterogeneous tactical network while ensuring its QoS requirements.
- Published
- 2021
19. Considerations on the Model Selection of SDOTN Controller Northbound Interface
- Author
-
Guangquan Wang, Yanlei Zheng, and Liu Yacheng
- Subjects
Rest (physics) ,Service (systems architecture) ,Northbound interface ,Control theory ,Interface (Java) ,Computer science ,Model selection ,Digital transformation ,Control engineering ,Communications system - Abstract
In the comprehensive digital transformation work, China Unicom takes the construction of SDOTN network as the top priority. This paper analyzes the reasons for the use of REST interface in SDOTN network. Based on the interface development experience, we make an in-depth interface model analysis of two mainstream northbound interface (NBI) of SDOTN controller, and give the basis and principles of model selection. Finally, the time to create the service is actually measured and the comparison data is given based on two different interface models.
- Published
- 2021
20. BENBI: Scalable and Dynamic Access Control on the Northbound Interface of SDN-Based VANET
- Author
-
Jiasi Weng, Weiming Lan, Weiqi Luo, Jian Weng, and Yue Zhang
- Subjects
Vehicular ad hoc network ,Northbound interface ,Computer Networks and Communications ,Computer science ,business.industry ,Aerospace Engineering ,020302 automobile design & engineering ,Access control ,02 engineering and technology ,Encryption ,0203 mechanical engineering ,Automotive Engineering ,Scalability ,Electrical and Electronic Engineering ,business ,Broadcast encryption ,Computer network - Abstract
Recently, emerging SDN-based VANET (i.e., vehicular ad hoc network based on software-defined networking) enables VANET management to be programmable and flexible. It introduces SDN controllers to maintain network-wide resources and SDN applications to program configurations through arbitrarily accessing resources via the northbound interface (NBI). However, this brings with it security issues on the NBI, such as network-wide resource exposure and configuration manipulation. Most of the existing works employed permission systems to restrict resource access; these solutions are generally controller-dependent, which means controller codes need to be modified for giving access permissions to external applications. In this paper, we propose a scalable and dynamic access control scheme on the NBI for SDN-based VANET, named BENBI. In the proposed scheme, we dynamically and flexibly control network resources by employing broadcast encryption, rather than altering source codes of the controller or updating permission lists with various degrees of granularity. Moreover, the resources are encrypted during transmission so that they are only available to authorized applications. Finally, we implement a prototype of BENBI. The experimental results demonstrate that the cost of allocating secret keys is independent of the number of SDN entities being appointed, which indicates the scalability of our scheme.
- Published
- 2019
21. A RESTful Northbound Interface for Applications in Software Defined Networks
- Author
-
Abdullah Alghamdi, David Paul, and Edmund J. Sadgrove
- Subjects
Northbound interface ,Computer science ,Operating system ,computer.software_genre ,Software-defined networking ,computer - Published
- 2021
22. P-SCOR: Integration of Constraint Programming Orchestration and Programmable Data Plane
- Author
-
Franco Callegati, Marius Portmann, Marco Prandini, Siamak Layeghy, Andrea Melis, Davide Berardi, Melis A., Layeghy S., Berardi D., Portmann M., Prandini M., and Callegati F.
- Subjects
Northbound interface ,Computer Networks and Communications ,Computer science ,Programmable Data Plane ,Security ,Pfour ,Context (language use) ,02 engineering and technology ,Constraint Programming ,SDN ,Real-time system ,0202 electrical engineering, electronic engineering, information engineering ,Constraint programming ,Forwarding plane ,Constraint handling ,Protocol ,Process control ,Orchestration (computing) ,Electrical and Electronic Engineering ,business.industry ,020206 networking & telecommunications ,Network management ,Computer architecture ,Programming ,Software-defined networking ,business ,Switches - Abstract
In this manuscript we present an original implementation of network management functions in the context of Software Defined Networking. We demonstrate a full integration of an artificial intelligence driven management, an SDN control plane, and a programmable data plane. Constraint Programming is used to implement a management operating system that accepts high level specifications, via a northbound interface, in terms of operational objective and directives. These are translated in technology-specific constraints and directives for the SDN control plane, leveraging the programmable data plane, which is enriched with functionalities suited to feed data that enable the most effective operation of the “intelligent” control plane, by exploiting the P4 language.
- Published
- 2021
23. An Adaptive Authenticated Model for Big Data Stream SAVI in SDN-Based Data Center Networks
- Author
-
Junqing Yu, Dong Li, and Qizhao Zhou
- Subjects
Data stream ,Spoofing attack ,Science (General) ,Northbound interface ,Article Subject ,Computer Networks and Communications ,Computer science ,Network packet ,business.industry ,Big data ,Packet forwarding ,Q1-390 ,T1-995 ,Network performance ,Software-defined networking ,business ,Technology (General) ,Information Systems ,Computer network - Abstract
With the rapid development of data-driven and bandwidth-intensive applications in the Software Defined Networking (SDN) northbound interface, big data stream is dynamically generated with high growth rates in SDN-based data center networks. However, a significant issue faced in big data stream communication is how to verify its authenticity in an untrusted environment. The big data stream traffic has the characteristics of security sensitivity, data size randomness, and latency sensitivity, putting high strain on the SDN-based communication system during larger spoofing events in it. In addition, the SDN controller may be overloaded under big data stream verification conditions on account of the fast increase of bandwidth-intensive applications and quick response requirements. To solve these problems, we propose a two-phase adaptive authenticated model (TAAM) by introducing source address validation implementation- (SAVI-) based IP source address verification. The model realizes real-time data stream address validation and dynamically reduces the redundant verification process. A traffic adaptive SAVI that utilizes a robust localization method followed by the Sequential Probability Ratio Test (SPRT) has been proposed to ensure differentiated executions of the big data stream packets forwarding and the spoofing packets discarding. The TAAM model could filter out the unmatched packets with better packet forwarding efficiency and fundamental security characteristics. The experimental results demonstrate that spoofing attacks under big data streams can be directly mitigated by it. Compared with the latest methods, TAAM can achieve desirable network performance in terms of transmission quality, security guarantee, and response time. It drops 97% of the spoofing attack packets while consuming only 9% of the controller CPU utilization on average.
- Published
- 2021
24. An Improved Flow Rule Verification Against the Priority-passing attack in SDN
- Author
-
Sipra Sahoo, Pravati Swain, and Romil Kumar
- Subjects
Network architecture ,Northbound interface ,Binary search tree ,Interface (Java) ,business.industry ,Control theory ,Computer science ,Control system ,Forwarding plane ,Computer security model ,business ,Computer network - Abstract
Software-Defined Networking (SDN) is an emerging network architecture. Its property of network programmability makes the network technology more open and flexible. It is achievable by decoupling the data plane and control plane. The control plane has bridged the data plane and application plane by northbound interface and southbound interface, respectively. By using the interfaces of SDN controllers, different applications can enforce their own rules into the control. The controller applies the highest priority rules to the switches. The attacker can manipulate the SDN network by malicious rules with low priority. This paper discusses different scenarios of priority passing attack and proposes a security module. The proof of the proposed module explains that it nullifies the threat proposed by the attacker. Moreover, the Hashmap using Binary Search Tree (BST) is implemented in the security model to minimize the search time for matching flow rules. It is observed that the latency remains as low as 40ms even with 10 thousand rules.
- Published
- 2020
25. Service Chain Orchestration Based on Deep Reinforcement Learning in Intent-Based IoT
- Author
-
Zanhong Wu, Ying Zeng, and Zhan Shi
- Subjects
Service (systems architecture) ,Network management ,Cost efficiency ,Northbound interface ,Computer science ,business.industry ,Quality of service ,Distributed computing ,Reinforcement learning ,Orchestration (computing) ,Reference architecture ,business - Abstract
Intent-based network (IBN) is a novel approach to network management and automation designed to simplify a generic high-level policy called intent to a specific low-level network configuration. At present, plenty of researches have focused more on definition of intent-based northbound interface (NBI) but less on methods for intent-based service orchestration. In this paper, an IBN reference architecture is presented to manage IoT infrastructure and deliver end-to-end services across multi-domains. After that, this paper introduces a DDQN-based heuristic algorithm to solve the dynamic service chain orchestration problem. Simulation results clearly show that the proposed algorithm has better cost efficiency and convergence than those of compared algorithms, and can also guarantee the QoS requirements and make the traffic balanced.
- Published
- 2020
26. Architecture of Segmentation Service of Software Defined Networks
- Author
-
Dmitry Perepelkin, Ilya Tsyganov, and Maria Ivanchikova
- Subjects
Service (systems architecture) ,Network architecture ,Northbound interface ,business.industry ,Computer science ,020206 networking & telecommunications ,02 engineering and technology ,Application layer ,Networking hardware ,Abstraction layer ,Network management ,Computer architecture ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,business ,Software-defined networking - Abstract
Software defined networks (SDN) – is an innovative network architecture that provides centralized management of networks with a complex structure SDN consists of three layers: the infrastructure layer of network equipment, the network management layer (represented by SDN controllers) and the application layer. SDN controllers provide open programming interfaces that allow network applications to manage the network. Architecture and software implementation of the service for the development and implementation of SDN segmentation algorithms are proposed in paper. The aim of creating the presented service is to optimize the network resources usage through the use of an additional layer of abstraction – a layer of network segments.
- Published
- 2020
27. Multi-Tenancy Cloud-Enabled Small Cell Security
- Author
-
Babangida Albaba Abubakar and Haralambos Mouratidis
- Subjects
Network architecture ,Multitenancy ,Northbound interface ,business.industry ,Computer science ,Cloud computing ,Computer security ,computer.software_genre ,Virtualization ,Software-defined networking ,business ,Virtual network ,computer ,Requirements analysis - Abstract
The anticipated technological advancement of 5th Generation (5G) network is the ability to apply intelligence directly to network’s edge, in the form of virtual network appliances through the archetypes of Network Functions Virtualisation (NFV) and Edge Cloud Computing.The adoption and use of innovative technologies, such as Software Defined Networking (SDN) and NFV is the key to making 5G networks more promising. However, implementing these technologies yield to the imaging of new security challenges. A Cloud-Enabled Small Cell (CESC) provides multi-operator platform to integrates and execute at the virtualised environment. Providing services to multiple operators/tenants to access technologies and protocols in unified network architecture requires well-define security approach in order to deliver secured data communication, privacy and integrity. The CESC security requirement analysis was carried out using Secure Tropos (SecTro) methodology. The paper will thoroughly examine the CESC security challenges and provide possible solutions to mitigate those challenges.
- Published
- 2019
28. Busoni: Policy Composition and Northbound Interface for IPv6 Segment Routing Networks
- Author
-
Stefano Salsano, Xiaoming Fu, Pier Luigi Ventre, and Osamah L. Barakat
- Subjects
Northbound interface ,business.industry ,Computer science ,Network packet ,020206 networking & telecommunications ,02 engineering and technology ,Source routing ,IPv6 ,Chaining ,0202 electrical engineering, electronic engineering, information engineering ,Routing (electronic design automation) ,Software-defined networking ,business ,Implementation ,Computer network - Abstract
Segment Routing is a source routing based architecture that provides an opportunity to include a list of instructions called segments in the packet headers. The segments may allow the inclusion of detours for responding to Traffic Engineering needs or Service Function Chaining implementations. Even though there is an increasing interest towards enhancing and adopting Segment Routing, the administrators are still burdened with the task of manually write and maintain the segment lists. Such type of management presents several challenges ranging from error-prone configurations to increased response time for network updates. In this paper, we present a Segment Routing management framework named Busoni, which automates and simplifies the process of segments lists management. Additionally, we also provide programming tools to compose and manage Segment Routing policies that operate efficiently, even under multi-tenancy environments. Using different use cases, we show the programming capabilities offered by our framework.
- Published
- 2019
29. The Research of Data Collection for Communication Equipment Based on Device Direct Connection and Northbound Interface
- Subjects
Data collection ,Northbound interface ,business.industry ,Computer science ,business ,Computer network ,Connection (mathematics) - Published
- 2018
30. B-DAC: A decentralized access control framework on Northbound interface for securing SDN using blockchain.
- Author
-
Duy, Phan The, Hoang, Hien Do, Hien, Do Thi Thu, Nguyen, Anh Gia-Tuan, and Pham, Van-Hau
- Subjects
- *
SOFTWARE-defined networking , *COMPUTER network architectures , *OPENFLOW (Computer network protocol) , *DATA integrity , *ACCESS control - Abstract
Software-Defined Network (SDN) is a new arising terminology of network architecture with outstanding features of orchestration by decoupling the control plane and the data plane in each network element. Even though it brings several benefits, SDN is vulnerable to a diversity of attacks. Abusing the single point of failure in the SDN controller component, hackers can shut down all network operations. More specifics, a malicious OpenFlow application can access to SDN controller to carry out harmful actions without any limitation owing to the lack of the access control mechanism as a standard in the Northbound. The sensitive information about the whole network such as network topology, flow information, and statistics can be gathered and leaked out. Even worse, the entire network can be taken over by the compromised controller. Hence, it is vital to build a scheme of access control for SDN's Northbound. Furthermore, it must also protect the data integrity and availability during data exchange between application and controller. To address such limitations, we introduce B-DAC, a blockchain-based framework for decentralized authentication and fine-grained access control for the Northbound interface to assist administrators in managing and protecting critical resources. With strict policy enforcement, B-DAC can perform decentralized access control for each request to keep network applications under surveillance for preventing over-privileged activities or security policy conflicts. To demonstrate the feasibility of our approach, we also implement a prototype of this framework to evaluate the security impact, effectiveness, and performance through typical use cases. [ABSTRACT FROM AUTHOR]
- Published
- 2022
- Full Text
- View/download PDF
31. Attack Modeling and Risk Assessments in Software Defined networking (SDN)
- Abstract
Software Defined Networking (SDN) is a technology which provides a network architecture with three distinct layers that is, the application layer which is made up of SDN applications, the control layer which is made up of the controller and the data plane layer which is made up of switches. However, the exits different types of SDN architectures some of which are interconnected with the physical network. At the core of SDN, the control plane is physically and logically separated from the data plane. The controller is connected to the application layer through an interface known as the northbound interface and to the data plane through another interface known as the southbound interface. The centralized control plane uses APIs to communicate through the northbound and southbound interface with the application layer and the data plane layer respectively. By default, these APIs such as Restful and OpenFlow APIs do not implement security mechanisms like data encryption and authentication thus, this introduces new network security threats to the SDN architecture. This report presents a technique known as threat modeling in SDN. To achieve this technique, attack scenarios are created based on the OpenFlow SDN vulnerabilities. After which these vulnerabilities are defined as predicates or facts and rules, a framework known as multihost multistage vulnerability analysis (MulVAL) then takes these predicates and rules to produce a threat model known as attack graph. The attack graph is further used to performed quantitative risk analysis using a metric to depict the risks associated to the OpenFlow SDN model
- Published
- 2019
32. Attack Modeling and Risk Assessments in Software Defined networking (SDN)
- Abstract
Software Defined Networking (SDN) is a technology which provides a network architecture with three distinct layers that is, the application layer which is made up of SDN applications, the control layer which is made up of the controller and the data plane layer which is made up of switches. However, the exits different types of SDN architectures some of which are interconnected with the physical network. At the core of SDN, the control plane is physically and logically separated from the data plane. The controller is connected to the application layer through an interface known as the northbound interface and to the data plane through another interface known as the southbound interface. The centralized control plane uses APIs to communicate through the northbound and southbound interface with the application layer and the data plane layer respectively. By default, these APIs such as Restful and OpenFlow APIs do not implement security mechanisms like data encryption and authentication thus, this introduces new network security threats to the SDN architecture. This report presents a technique known as threat modeling in SDN. To achieve this technique, attack scenarios are created based on the OpenFlow SDN vulnerabilities. After which these vulnerabilities are defined as predicates or facts and rules, a framework known as multihost multistage vulnerability analysis (MulVAL) then takes these predicates and rules to produce a threat model known as attack graph. The attack graph is further used to performed quantitative risk analysis using a metric to depict the risks associated to the OpenFlow SDN model
- Published
- 2019
33. An Enhanced Message Distribution Mechanism for Northbound Interfaces in the SDN Environment
- Author
-
Hong Ni, Lei Liu, and Chenhui Wang
- Subjects
Technology ,OpenFlow ,Northbound interface ,QH301-705.5 ,computer.internet_protocol ,Computer science ,QC1-999 ,Interface (computing) ,02 engineering and technology ,message distribution mechanism ,Communications system ,SDN ,Internet protocol suite ,0202 electrical engineering, electronic engineering, information engineering ,Forwarding plane ,General Materials Science ,Biology (General) ,QD1-999 ,Instrumentation ,Fluid Flow and Transfer Processes ,business.industry ,Physics ,Process Chemistry and Technology ,Bandwidth (signal processing) ,General Engineering ,020206 networking & telecommunications ,northbound interface ,Engineering (General). Civil engineering (General) ,Computer Science Applications ,message queue ,Chemistry ,020201 artificial intelligence & image processing ,TA1-2040 ,business ,Message queue ,computer ,Computer network - Abstract
Software-Defined Network (SDN), which is recommended as a new generation of the network, a substitute for TCP/IP network, has the characteristics of separation of data plane and control plane. Although the separation of the control plane brings a high degree of freedom and simple operation and maintenance, it also increases the cost of north–south communication. There are many additional modules for SDN to modify and enhance the basic functions of SDN. This paper proposes a message queue-based northbound communication mechanism, which pre-categorizes messages from the data plane and accurately pushes them to the apps potentially interested. This mechanism improves the efficiency of northbound communication and apps’ execution. Furthermore, it supports both OpenFlow and the protocol-independent southbound interface, and it has strong compatibility. Experiments have proved that this mechanism can reduce the control-response latency by up to 41% when compared with the normal controller northbound communication system, and it also improves the network situation of the data plane, such as real-time bandwidth.
- Published
- 2021
34. NBI Modeling Realization for SDOTN Based on ACTN
- Author
-
Yanlei Zheng, Guangquan Wang, Zhou Yantao, and Liu Yacheng
- Subjects
Open software ,Northbound interface ,Computer architecture ,Transmission network ,Interface model ,Control theory ,Computer science ,Realization (systems) ,Abstraction (linguistics) - Abstract
The open Software Defined Network (SDN) capability of optical transmission network under telecom operation is always the core problem concerned by operators. Based on the idea of Abstraction and Control of TE Networks (ACTN), this paper analyzes the northbound interface (NBI) modeling of the controller system and explains how the interface model can meet the needs of the upper application system.
- Published
- 2019
35. Risk Assessment Approach to Secure Northbound Interface of SDN Networks
- Author
-
Marcin Jekot, Piotr Borylo, Piotr Jaglarz, Piotr Cholda, and Marcin Niemiec
- Subjects
Northbound interface ,business.industry ,Computer science ,media_common.quotation_subject ,Numerical verification ,Reputation system ,Network cost ,Communication source ,Approaches of management ,business ,Risk assessment ,Computer network ,Reputation ,media_common - Abstract
The most significant threats to networks usually originate from external entities. As such, the Northbound interface of SDN networks which ensures communication with external applications requires particularly close attention. In this paper we propose the Risk Assessment and Management approach to SEcure SDN (RAMSES). This novel solution is able to estimate the risk associated with traffic demand requests received via the Northbound-API in SDN networks. RAMSES quantifies the impact on network cost incurred by expected traffic demands and specifies the likelihood of adverse requests estimated using the reputation system. Accurate risk estimation allows SDN network administrators to make the right decisions and mitigate potential threat scenarios. This can be observed using extensive numerical verification based on an network optimization tool and several scenarios related to the reputation of the sender of the request. The verification of RAMSES confirmed the usefulness of its risk assessment approach to protecting SDN networks against threats associated with the Northbound-API.
- Published
- 2019
36. Attack Modeling and Risk Assessments in Software Defined networking (SDN)
- Author
-
Frankeline, Tanyi
- Subjects
SDN ,Northbound Interface ,data plane OpenFlow ,Southbound Interface ,Attack Graph ,Application layer ,Attack Trees ,Other Engineering and Technologies not elsewhere specified ,Threat Model ,MulVAL ,Övrig annan teknik ,Controller ,Risk Analysis - Abstract
Software Defined Networking (SDN) is a technology which provides a network architecture with three distinct layers that is, the application layer which is made up of SDN applications, the control layer which is made up of the controller and the data plane layer which is made up of switches. However, the exits different types of SDN architectures some of which are interconnected with the physical network. At the core of SDN, the control plane is physically and logically separated from the data plane. The controller is connected to the application layer through an interface known as the northbound interface and to the data plane through another interface known as the southbound interface. The centralized control plane uses APIs to communicate through the northbound and southbound interface with the application layer and the data plane layer respectively. By default, these APIs such as Restful and OpenFlow APIs do not implement security mechanisms like data encryption and authentication thus, this introduces new network security threats to the SDN architecture. This report presents a technique known as threat modeling in SDN. To achieve this technique, attack scenarios are created based on the OpenFlow SDN vulnerabilities. After which these vulnerabilities are defined as predicates or facts and rules, a framework known as multihost multistage vulnerability analysis (MulVAL) then takes these predicates and rules to produce a threat model known as attack graph. The attack graph is further used to performed quantitative risk analysis using a metric to depict the risks associated to the OpenFlow SDN model
- Published
- 2019
37. Toward a Trust-Based Authentication Framework of Northbound Interface in Software Defined Networking
- Author
-
Phan The Duy, Do Thi Thu Hien, Nguyen Van Vuong, Nguyen Ngoc Hai Au, and Van-Hau Pham
- Subjects
Network management ,Network administrator ,OpenFlow ,Northbound interface ,business.industry ,Computer science ,Authentication protocol ,Forwarding plane ,Single point of failure ,business ,Software-defined networking ,Computer network - Abstract
Software Defined Networking (SDN) – a new rising terminology of network is recently gained more and more interest in both academic and industrial field. Not only decoupling of its control plane and data plane, SDN also provides the whole view of entire network for better and more flexible network management. Despite the benefits of the global view of the whole network, SDN with a single point of failure at the controller encounters some drawbacks and additional challenge for security. A malicious OpenFlow application (OF app) can access to SDN controller to perform illegal activities due to the lack of the authentication protocol in Northbound interface to ensure that only trusted, and authorized applications access critical network resources. The information about the whole network, such as topology data, flow information or statistics can be retrieved. Even worse the entire network can be controlled from the compromised controller. In this paper, we introduce Trust Trident - a framework of securing trustworthy authentication between applications and controller, with the controller-independent capability. It gives network administrator a fully and fine-grained observation of OF apps communicating with the controller. Threats in Northbound interface and counter measurements by our plugin are classified and evaluated according to the threat categories from the STRIDE methodology.
- Published
- 2019
38. Standardized Northbound Interface Testing Automation on the Open and Disaggregated Optical Transport Equipment
- Author
-
Chongjin Xie, Liang Dou, Tao Wang, Ming Xia, Yawei Yin, and Shuai Zhang
- Subjects
NETCONF ,Northbound interface ,computer.internet_protocol ,business.industry ,Computer science ,02 engineering and technology ,computer.software_genre ,Network configuration ,01 natural sciences ,Automation ,GeneralLiterature_MISCELLANEOUS ,010309 optics ,020210 optoelectronics & photonics ,0103 physical sciences ,0202 electrical engineering, electronic engineering, information engineering ,Operating system ,business ,computer ,Protocol (object-oriented programming) - Abstract
The proposed demonstration will showcase a live testing of the northbound API on optical DCI equipment which is compliant with the NETCONF network configuration protocol and OpenConfig YANG data models.
- Published
- 2019
39. A Fine-Grained Detection Mechanism for SDN Rule Collision
- Author
-
Qiu Xiaochen, Zheng Shihui, Gu Lize, and Cai Yong-mei
- Subjects
OpenFlow ,Dependency (UML) ,Northbound interface ,Computer science ,Control theory ,Distributed computing ,Throughput ,Function (mathematics) ,Software-defined networking ,Collision - Abstract
The rules issued by third-party applications may have direct violations or indirect violations with existing security flow rules in the SDN (software-defined network), thereby leading to the failure of security rules. Currently, existing methods cannot detect the rule collision in a comprehensive and fine-grained manner. This paper proposes a deep detection mechanism for rule collision that can detect grammatical errors in the flow rules themselves, and can also detect direct and indirect rule collisions between third-party and security applications based on the set intersection method. In addition, our mechanism can effectively and automatically resolve the rule collision. Finally, we implement the detection mechanism in the RYU controller, and use Mininet to evaluate the function and performance. The results show that the mechanism proposed in this paper can accurately detect the static, dynamic and dependency collisions of flow rules, and ensure that the decline of throughput of the northbound interface of the SDN network is controlled at 20%.
- Published
- 2019
40. A Security-Enhanced Monitoring System for Northbound Interface in SDN using Blockchain
- Author
-
Hien Do Hoang, Phan The Duy, and Van-Hau Pham
- Subjects
Immutability ,Authentication ,Northbound interface ,business.industry ,Control theory ,Computer science ,Key (cryptography) ,Single point of failure ,business ,Software-defined networking ,Credential ,Computer network - Abstract
In Software-Defined Networking (SDN), Northbound Interface provides APIs, which allow network applications to communicate with SDN controllers. However, a malicious application can access to SDN controller and perform illegal activities via these APIs. Although some studies proposed AAA (Authentication, Authorization, Accounting) systems to protect SDN controllers from malicious applications, their proposed systems also exist several limitations. Attackers can compromise a system, then modify its database or files to gain higher privileges. This system can be taken down because of Single Point of Failure threat. To enhance security for the Northbound interface, we propose a novel system using blockchain, namely BlockAS. It is used to authenticate, authorize and monitor accessing critical controller resources from applications. Specifically, BlockAS leverages blockchain features to maintain the immutability and decentralization of credential data. Our proposed system has five key properties: immutability of database, decentralization, authentication, authorization, and accounting to enhance security for SDN controller and its offered services.
- Published
- 2019
41. Software-Defined Networks and Methods to Mitigate Attacks on the Network
- Author
-
Valluri Sarimela, Sumit Kumar, and Shubham Kumar
- Subjects
OpenFlow ,Exploit ,Northbound interface ,business.industry ,Computer science ,Interface (computing) ,Forwarding plane ,Denial-of-service attack ,business ,Software-defined networking ,Networking hardware ,Computer network - Abstract
Software-defined network (SDN) is becoming an advance technology. It is not only used to manage IP networks but also manages data centers as well as cloud data and it can be applied in various types of networks. Earlier approaches for IP networks were more complex and IP networks are now a big network; thus, it is very difficult to manage those networks in terms of configuring thenetwork devices, applying policies on the network dynamically and get the knowledge of the faults, load and changes in the network. Software-defined approach made it easy to manage and configure the network. The role of the SDN controller in network devices can be extended with an application that effectively solves a particular problem and provide a flexible management service. One of the protocols used for this technology is OpenFlow. It basically works on southbound interface, i.e., between controller and network devices. Many solutions to utilize the network and exploit as much information possible from the network is one of the aim of researchers and many solutions have been proposed for the same. One of the most important and distinct features is to detect denial-of-service (DoS) attack quickly and precisely. In this paper, we are going to give an introduction about how and why SDN is trending and also analysis of solutions to detect and save a network from DDoS attacks.
- Published
- 2018
42. Implementation of Northbound Interface in Multi-domain Coordinate Control Framework
- Author
-
Yaqiong Liu, Guochu Shou, Wenqi Bai, and Yihong Hu
- Subjects
Northbound interface ,Computer science ,Interface (Java) ,business.industry ,Distributed computing ,Interoperability ,Network topology ,Coordinate control ,GeneralLiterature_MISCELLANEOUS ,Multi domain ,Software ,Computer Science::Networking and Internet Architecture ,business ,Abstraction (linguistics) - Abstract
We implement IETF YANG models interface and test its interoperability through a multi-domain coordinate experiment according to ACTN (Abstraction and Control of Traffic Engineered Networks) framework. We validate YANG models are well-suited for multi-domain coordination.
- Published
- 2018
43. A Software Engineering Perspective on SDN Programmability
- Author
-
Robson do Nascimento Fidalgo, Felipe A. Lopes, Marcelo Santos, and Stenio Fernandes
- Subjects
Network architecture ,Social software engineering ,Resource-oriented architecture ,Northbound interface ,business.industry ,Computer science ,Software development ,020206 networking & telecommunications ,Cloud computing ,02 engineering and technology ,Software deployment ,Software construction ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Electrical and Electronic Engineering ,business ,Software engineering - Abstract
Software-defined networking (SDN) has received a great deal of attention from both academia and industry in recent years. Studies on SDN have brought a number of interesting technical discussions on network architecture design, along with scientific contributions. Researchers, network operators, and vendors are trying to establish new standards and provide guidelines for proper implementation and deployment of such novel approach. It is clear that many of these research efforts have been made in the southbound of the SDN architecture, while the northbound interface still needs improvements. By focusing in the SDN northbound, this paper surveys the body of knowledge and discusses the challenges for developing SDN software. We investigate the existing solutions and identify trends and challenges on programming for SDN environments. We also discuss future developments on techniques, specifications, and methodologies for programmable networks, with the orthogonal view from the software engineering discipline.
- Published
- 2016
44. Opening up ROADMs: a filterless add/drop module for coherent-detection signals
- Author
-
Josef Vojtech, Jaroslav Jedlinsky, Jan Kundrat, Ondrej Havlis, and Jan Radil
- Subjects
NETCONF ,Northbound interface ,Computer Networks and Communications ,Computer science ,computer.internet_protocol ,business.industry ,Electrical engineering ,020206 networking & telecommunications ,02 engineering and technology ,Multiplexer ,020210 optoelectronics & photonics ,Wavelength-division multiplexing ,Frequency grid ,0202 electrical engineering, electronic engineering, information engineering ,Drop (telecommunication) ,Heterodyne detection ,business ,computer - Abstract
We present an open design of a filterless add/drop reconfigurable optical add/drop multiplexer module with a NETCONF northbound interface. Compared to commercial offerings, the device design is openly documented and available for detailed inspection. Performance is evaluated with up to seven adjacent high-speed 100 Gbps signals on a 50 GHz frequency grid.
- Published
- 2020
45. Towards Application-Aware Networking: ML-Based End-to-End Application KPI/QoE Metrics Characterization in SDN
- Author
-
Andrew Hines, Declan T. Delanev, and Hamed Z. Jahromi
- Subjects
Northbound interface ,Computer science ,Quality of service ,Interface (computing) ,05 social sciences ,050801 communication & media studies ,02 engineering and technology ,Metrics ,0508 media and communications ,End-to-end principle ,Computer architecture ,Server ,0202 electrical engineering, electronic engineering, information engineering ,Resource allocation (computer) ,020201 artificial intelligence & image processing ,Software-defined networking - Abstract
Software Defined Networking (SDN) presents a unique networking paradigm that facilitates the development of network innovations. This paper aims to improve application awareness by incorporating Machine Learning (ML) techniques within an open source SDN architecture. The paper explores how end-to-end application Key Performance Indicator (KPI) metrics can be designed and utilized for the purpose of application awareness in networks. The main goal of this research is to characterize application KPI metrics using a suitable ML approach based on available network data. Resource allocation and network orchestration tasks can be automated based on the findings. A key facet of this research is introducing a novel feedback interface to the SDN's Northbound Interface that receives realtime performance feedback from applications. This paper aim to show how could we exploit the applications feedback to determine useful characteristics of an application's traffic. A mapping application with a defined KPI is used for experimentation. Linear multiple regression is used to derive a characteristic relationship between the application KPI and the network metrics.
- Published
- 2018
46. SDNKeeper: Lightweight Resource Protection and Management System for SDN-Based Cloud
- Author
-
Yan Chen, Kaiyu Hou, Libin Song, Xue Leng, and Kai Bu
- Subjects
Access network ,Northbound interface ,business.industry ,Computer science ,020206 networking & telecommunications ,Cloud computing ,Access control ,02 engineering and technology ,Network management ,Management system ,0202 electrical engineering, electronic engineering, information engineering ,Overhead (computing) ,020201 artificial intelligence & image processing ,business ,Software-defined networking ,Computer network - Abstract
SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.
- Published
- 2018
47. Social Data Driven SDN Network Operation using Northbound Interface
- Author
-
Shu Yamamoto, Akihiro Nakao, Masato Oguchi, Saneyasu Yamaguchi, and Tsumugi Tairaku
- Subjects
Northbound interface ,User experience design ,Computer science ,business.industry ,Traffic engineering ,Wide area network ,Testbed ,Routing (electronic design automation) ,business ,Software-defined networking ,Data-driven ,Computer network - Abstract
Software Defined Networking (SDN) enables highly flexible routing and traffic engineering. The network using the centralized SDN control can be operated by globally viewing the entire network. On the other hand, the network operation of the routing and traffic engineering based on internal network traffic monitoring does not immediately perform the network recovery specifically in case of the multiple network failures induced by the large scale disaster such as Great East Japan Earthquake. Hence, we will investigate the new network operation utilizing the external information abstracted from the social data. The social data contains the real-time user experience of the network quality degradation due to the emergency events, natural disaster etc. and useful for the immediate network recovery. The integration of the social data with SDN will enable the new network operation. In order to obtain the real-time information from the social data, Twitter is most relevant for our purpose. First, we constructed the SDN enabled network testbed in the wide area network controlled by the centralized system using th northbound interface (NBI). Next using the testbed, the network restoration experiment was successfully performed by the network path computation algorithm using actual Tweet logs of the Great East Japan Earthquake.
- Published
- 2018
48. A Behavior-Driven Approach to Intent Specification for Software-Defined Infrastructure Management
- Author
-
Gianluca Davoli, Flavio Esposito, Chiara Contoli, Jiayi Wang, Walter Cerroni, Franco Callegati, Flavio. Esposito, Jiayi Wang, C. Contoli, G. Davoli, W. Cerroni, and F. Callegati
- Subjects
Firewall (construction) ,Service (systems architecture) ,Network management ,Northbound interface ,Computer science ,business.industry ,Chaining ,Software-defined data center ,Use case ,Software-defined networking ,business ,Software engineering ,NFV, SDN, intent-based networking - Abstract
One of the goals of Software-Defined Networking (SDN) is to allow users to specify high-level policies into lower level network rules. Managing a network and decide what policy set is appropriate requires, however, expertise and low level know-how. An emerging SDN paradigm is to allow higher-level network level decisions wishes in the form of "intents". Despite its importance in simplifying network management, intent specification is not yet standardized. In this work, we propose a northbound interface (NBI) for intent declaration, based on Behavior-Driven Development. In our approach, intents are specified in plain English and translated by our system into pre-compiled network policies, that are in turn, converted into low-level rules by the software-defined infrastructure e.g. an SDN controller. We demonstrated our behavior-driven approach with two practical use cases: service function chaining deployed on OpenStack, supported by both ONOS and Ryu controllers, and dynamic firewall programming. We also measured the overhead and response time of our NBI. We believe that our approach is far more general and paves the way for a more expressive and simplified northbound interface for intent-driven networking.
- Published
- 2018
49. A Generic Emulation Framework for Reusing and Evaluating VNF Placement Algorithms
- Author
-
Stefan Schneider, Manuel Peuster, and Holger Karl
- Subjects
Emulation ,Northbound interface ,Computer science ,Interface (Java) ,Testbed ,Container (abstract data type) ,Network topology ,Algorithm ,Virtual network ,Abstraction layer - Abstract
In recent years, a variety of different approaches have been proposed to tackle the problem of scaling and placing network services, consisting of interconnected virtual network functions (VNFs). This paper presents a placement abstraction layer (PAL) that provides a clear and simple northbound interface for using such algorithms while hiding their internal functionality and implementation. Through its southbound interface, PAL can connect to different back ends that evaluate the calculated placements, e.g., using simulations, emulations, or testbed approaches. As an example for such evaluation back ends, we introduce a novel placement emulation framework (PEF) that allows executing calculated placements using real, container- based VNFs on real-world network topologies. In a case study, we show how PAL and PEF facilitate reusing and evaluating placement algorithms as well as validating their underlying models and performance claims.
- Published
- 2018
- Full Text
- View/download PDF
50. Secure northbound interface for SDN applications with NTRU public key infrastructure
- Author
-
Mohammad Reza Majma and Seyed Bagher Hashemi Natanzi
- Subjects
Authentication ,021103 operations research ,Northbound interface ,NTRU ,Computer science ,business.industry ,Interface (computing) ,0211 other engineering and technologies ,Public key infrastructure ,02 engineering and technology ,Encryption ,020202 computer hardware & architecture ,Public-key cryptography ,Digital signature ,0202 electrical engineering, electronic engineering, information engineering ,business ,Computer network - Abstract
The most important features of software-defined networking is the flexibility and network development capability by the ability of the network to be programmable. Accordingly, the controller delivers network resources to the third party applications or other networks through the Northbound Interface (NBI) of SDN. But this interface has some defects, including the lack of necessary security features such as authentication and access level determination. In this paper, we presented a new solution for using third party applications from network resources based on the NTRU algorithm and the NSS digital signature, which by the controller can provide network information only for approved and reliable programs through a safe REST API. The results show that using the NTRU against algorithms such as RSA and ECC presents low memory consumption, high speed, and low computing, although it does not work faster on small Networks.
- Published
- 2017
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.