Software defined networks (SDNs) are emerging as the first choice for network administrators due to their agility, modularity and dynamism. network operators can change the network topology, routes and other parameter...
详细信息
Software defined networks (SDNs) are emerging as the first choice for network administrators due to their agility, modularity and dynamism. network operators can change the network topology, routes and other parameters as per their current requirement. Like traditional computer networks SDNs are also prone to various denial of service attacks (DDoS). Link flooding attacks are a class of DDoS attack that aims to choke crucial network connections and can fully detach the victim from the network. In this paper we have discussed two link flooding-based denial of service attacks, namely Coremelt and Crossfire, in the context of SDN along with the possible mitigation. These attacks are aimed at disconnecting services from the network. We demonstrate the usage of network function virtualisation along with SDN features to mitigate these attacks by recreating replicas of the services under attack and connecting them to the network.
network function virtualisation (NFV) represents one of the key enablers of the next generation mobile network systems (5G). NFV allows running virtual network functions (NFs) as software components on top of a virtua...
详细信息
network function virtualisation (NFV) represents one of the key enablers of the next generation mobile network systems (5G). NFV allows running virtual network functions (NFs) as software components on top of a virtualisation system (i.e. virtual machines or containers) hosted in a cloud, allowing high flexibility and elasticity to deploy network services and functions. Therefore, the NFs in 5G core network can be deployed on the common hardware platform in the form of software. In this study, network repository function (NRF) is implemented in Docker-based NFV platform in the form of JSON+HTTP/2.0 that supports service discovery function. The performance of NRF is also tested on real hardware platforms, including NF Register, NF Update, and NF Deregister. From the experimental data, it can be seen that the NRF in the NFV-based 5G architecture has good performance, and Docker-based NFV platform is more flexible than traditional communication networks.
This article presents an architecture for encryption automation in interconnected network Function virtualization (NFV) domains. Current NFV implementations are designed for deployment within trusted domains, where ov...
详细信息
This article presents an architecture for encryption automation in interconnected network Function virtualization (NFV) domains. Current NFV implementations are designed for deployment within trusted domains, where overlay networks with static trusted links are utilized for enabling network security. Nevertheless, within a Service Function Chain (SFC), virtualnetwork Function (VNF) flows cannot be isolated and end-to-end encrypted because each VNF requires direct access to the overall SFC data-flow. This restricts both end-users and Service Providers from enabling end-to-end security, and in extended VNF isolation within the SFC data traffic. Encrypting data flows on a per-flow basis results in an extensive amount of secure tunnels, which cannot scale efficiently in manual configurations. Additionally, creating secure data plane tunnels between NFV providers requires secure exchange of key parameters, and the establishment of an east-west control plane protocol. In this article, we present an architecture focusing on these two problems, investigating how overlay networks can be created, isolated, and secured dynamically. Accordingly, we propose an architecture for automated establishment of encrypted tunnels in NFV, which introduces a novel, tiered east-west communication channel between network controllers in a multi-domain environment.
The service chain,which is not dependent on the special hardware facilities and the network topology is changeable,is studied,and an authenticated group key management scheme suitable for service chain is *** scheme i...
详细信息
The service chain,which is not dependent on the special hardware facilities and the network topology is changeable,is studied,and an authenticated group key management scheme suitable for service chain is *** scheme is based on the bilinear mapping cryptosystem and combines the threshold idea with the identity authentication method,which improves the efficiency and security of the *** scheme also realizes the connection security between the virtual network functions in the service chain while carrying out group key updating,and proves its correctness and *** analysis results show that the scheme is suitable for the dynamic key management of service chain with the advantages of small number of wheels and small computing overhead in ensuring the safety of each instance in the service chain.
Thanks to the recent advancements in the Software-Defined networking (SDN) and network Function virtualization research domains, telecom operators are encouraged to upgrade their optical transport networks towards pro...
详细信息
Thanks to the recent advancements in the Software-Defined networking (SDN) and network Function virtualization research domains, telecom operators are encouraged to upgrade their optical transport networks towards programmable, energy-efficient, service-oriented, and interoperable architectures. The availability of a large set of open-source building blocks, supported by different standardization bodies makes the selection and the integration of such technologies a very complex task. In this context, the INTENTO project has the objective to create an innovative simulation framework by selecting the best technologies and use it to test applications, services, and advanced optimization algorithms in a real environment. In the initial phase, the project designed a large-scale, distributed, and hierarchical Transport SDN architecture, where optical switches and networking functionalities are monitored and dynamically configured through a two-level structure of SDN controllers. On top of that, virtual network functions are optimally deployed and managed by a centralized orchestrator, based on network condition, user requests, and application requirements. Based on this architecture, the project team started to develop a complex simulation environment that harmoniously integrates within the OpenStack cloud: optical node simulators composed by simulation agent and a suitable hardware emulation layer; proprietary SDN network controller designed to enable the innovative optical nodes characteristics; Open network Operating System as the second level controller, enabling the integration of third-party or standardized models (multivendor environment), based on standardized interfaces and communication protocols. After having described the main components and functionalities already implemented into the simulation framework, the paper concludes by highlighting future research and development activities.
networkfunctionsvirtualization (NFV) is a new network paradigm that has been strongly promoted from both scientific community and telecom industry, where networkfunctions (NFs) such as firewalls, load balancers, ga...
详细信息
networkfunctionsvirtualization (NFV) is a new network paradigm that has been strongly promoted from both scientific community and telecom industry, where networkfunctions (NFs) such as firewalls, load balancers, gateways among others, are virtualized, isolated from middleboxes and housed on one or more industry standard computing nodes. One of the main challenges for service providers when they try to deploy the NFV-based networks is to efficiently make use of substrate network resources to facilitate the design, delivery and operation of network services in a dynamic and scalable manner. This challenge is known as NFV Resource Allocation. Service Function Chain (SFC) composition is the first stage of the NFV Resource Allocation problem and we solve it in this paper. We formally define the service requests (VNFRs) in terms of NFs and propose a metaheuristic algorithm for solving the SFC composition stage. Our evaluation focuses primarily on minimizing the total bandwidth demanded by the constructed network service. The results show that our proposed approach is applicable to large and complex VNFRs and finds, in reasonable running times, close-to-optimal solutions with minimal bandwidth requirements.
暂无评论