An official website of the United States government
The emergency of machine type and ultra-reliable low latency communication is imposing stringent constraints for service provisioning. Addressing such constraints is challenging for network and cloud service providers. As a trending paradigm, software-defined networking (SDN) plays a significant role in future networks and services. However, the classical implementation of the SDN controller has limitations in-terms-of latency and reliability since the controller is decoupled from the forwarding device. Several research works have tried to tackle these challenges by proposing solutions such as Devoflow, DIFANE, and hierarchical and distributed controller deployment. Nonetheless, these approaches are not fully addressing these challenges. This paper tries to address the problem of latency and reliability by proposing a dynamic controller role delegation architecture for forwarding devices. To align with the microservice or multi-agent-based service-based architecture, the role delegation function as a service is proposed. The dynamic role delegation enables to predict and (pre-)installed flow rules in the forwarding devices based on various considerations such as network state, packet type, and service's stringent requirements. The proposed architecture is implemented and evaluated for latency and resiliency performance in comparison to the centralized and distributed deployment of the SDN controller. We used ComNetsEmu, a softwarized network emulation tool, to emulate SDN and NFV (Network Function Virtualization). The result indicated a significant decrease in latency and improved resilience in case of failure, yielding better network performance.
more »
« less
On the feasibility of cloud-based SDN controllers for residential networks
Residential networks are home to increasingly diverse devices, including embedded devices that are part of the Internet of Things phenomenon, leading to new management and security challenges. However, current residential solutions that rely on customer premises equipment (CPE), which often remains deployed in homes for years without updates or maintenance, are not evolving to keep up with these emerging demands. Recently, researchers have proposed to outsource the tasks of managing and securing residential networks to cloud-based security services by leveraging software-defined networking (SDN). However, the use of cloud-based infrastructure may have performance implications. In this paper, we measure the performance impact and perception of a residential SDN using a cloud-based controller through two measurement studies. First, we recruit 270 residential users located across the United States to measure residential latency to cloud providers. Our measurements suggest the cloud controller architecture provides 90% of end-users with acceptable performance with judiciously selected public cloud locations. When evaluating web page loading times of popular domains, which are particularly latency-sensitive, we found an increase of a few seconds at the median. However, optimizations could reduce this overhead for top websites in practice.
more »
« less
- Award ID(s):
- 1422180
- PAR ID:
- 10055774
- Date Published:
- Journal Name:
- IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)
- Page Range / eLocation ID:
- 1 to 6
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The security of residential networks can vary greatly. These networks are often administrated by end-users who may lack security expertise or the resources to adequately defend their networks. Insecure residential networks provide attackers with opportunities to infiltrate systems and create a platform for launching powerful attacks. To address these issues, we introduce a new approach that uses software-defined networking (SDN) to allow home users to outsource their security maintenance to a cloud-based service provider. Using this architecture, we show how a novel network-based two-factor authentication approach can be used to protect Internet of Things devices. Our approach works without requiring modifications to end-devices. We further show how security modules can enforce protocol messages to limit the attack surface in vulnerable devices. Our analysis shows that the system is effective and adds less than 50 milliseconds of delay to the start of a connection with less than 100 microseconds of delay for subsequent packets.more » « less
-
null (Ed.)Wireless infrastructure is steadily evolving into wireless access for all humans and most devices, from 5G to Internet-of-Things. This widespread access creates the expectation of custom and adaptive services from the personal network to the backbone network. In addition, challenges of scale and interoperability exist across networks, applications and services, requiring an effective wireless network management infrastructure. For this reason Software-Defined Networks (SDN) have become an attractive research area for wireless and mobile systems. SDN can respond to sporadic topology issues such as dropped packets, message latency, and/or conflicting resource management, to improved collaboration between mobile access points, reduced interference and increased security options. Until recently, the main focus on wireless SDN has been a more centralized approach, which has issues with scalability, fault tolerance, and security. In this work, we propose a state of the art WAM-SDN system for large-scale network management. We discuss requirements for large scale wireless distributed WAM-SDN and provide preliminary benchmarking and performance analysis based on our hybrid distributed and decentralized architecture. Keywords: software defined networks, controller optimization, resilience.more » « less
-
null (Ed.)Residential networks are difficult to secure due to resource constraints and lack of local security expertise. These networks primarily use consumer-grade routers that lack meaningful security mechanisms, providing a safe-haven for adversaries to launch attacks, including damaging distributed denial-of-service (DDoS) attacks. Prior efforts have suggested outsourcing residential network security to experts, but motivating user adoption has been a challenge. This work explores combining residential SDN techniques with prior work on collaborative DDoS reporting to identify residential network compromises. This combination provides incentives for end-users to deploy the technique, including rapid notification of compromises on their own devices and reduced upstream bandwidth consumption, while incurring minimal performance overheads.more » « less
-
Residential networks pose a unique challenge for security since they are operated by end-users that may not have security expertise. Residential networks are also home to devices that may have lackluster security protections, such as Internet of Things (IoT) devices, which may introduce vulnerabilities. In this work, we introduce TLSDeputy, a middlebox-based system to protect residential networks from connections to inauthentic TLS servers. By combining the approach with OpenFlow, a popular software-defined networking protocol, we show that we can effectively provide residential network-wide protections across diverse devices with minimal performance overheads.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/NFV-SDN.2017.8169827
