Despite the relative maturity of the Internet, the computer networks of today are still susceptible to attack. The necessary distributed nature of networks for wide area connectivity has traditionally led to high cost and complexity in designing and implementing secure networks. With the introduction of Software Defined Networks (SDN) and Network Functions Virtualisation (NFV), there are opportunities for efficient network threat detection and protection. SDN's global view provides a means of monitoring and defence across the entire network. However, current SDN-based security systems are limited by a centralised framework that introduces significant control plane overhead, leading to the saturation of vital control links. In this paper, we introduce TENNISON, a novel distributed SDN security framework that combines the efficiency of SDN control and monitoring with the resilience and scalability of a distributed system. TENNISON offers effective and proportionate monitoring and remediation, compatibility with widely-available networking hardware, support for legacy networks, and a modular and extensible distributed design. We demonstrate the effectiveness and capabilities of the TENNISON framework through the use of four attack scenarios. These highlight multiple levels of monitoring, rapid detection and remediation, and provide a unique insight into the impact of multiple controllers on network attack detection at scale.
Abstract-Network service composition is becoming increasingly flexible, thanks in part to advances in virtualisation and cloud technologies. As these penetrate further into networks, providers are often looking to leverage this infrastructure to improve their service delivery. This desire poses a number of obstacles, including a diversity in device capabilities and the need for a value exchange mechanism. In this demonstration, we present a platform that seeks to address a selection of these challenges.
Network services are the key mechanism for operators to introduce intelligence and generate profit from their infrastructures. The growth of the number of network users and the stricter application network requirements have highlighted a number of challenges in orchestrating services using existing production management and configuration protocols and mechanisms. Recent networking paradigms like Software Defined Networking (SDN) and Network Function Virtualization (NFV), provide a set of novel control and management interfaces that enable unprecedented automation, flexibility and openness capabilities in operator infrastructure management. This paper presents Baguette, a novel and open service orchestration framework for operators. Baguette supports a wide range of network technologies, namely optical and wired Ethernet technologies, and allows service providers to automate the deployment and dynamic re-optimization of network services. We present the design of the orchestrator and elaborate on the integration of Baguette with existing low-level network and cloud management frameworks.
When designing Software Defined Networks (SDNs), there is a risk that the additional abstractions available can result in reduced scalability and performance. One such abstraction, intents, are a way in which network administrators can express policies rather than having to define specific forwarding rules. This provides a benefit to administrators in allowing automatic network reconfiguration and fault tolerance. In this paper, we highlight the performance overheads associated with the intents framework from a popular SDN controller, ONOS. We propose a novel prototype that leverages source-based routing and programmable data planes using P4 in order to reduce the overheads of intent-based forwarding.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.