Vol. 71, n° 11-12, November-December 2016
Content available on Springerlink
Miguel Elias M. Campista, Universidade Federal do Rio de Janeiro, Brazil
Rafael Laufer, Nokia Bell Labs, Homdel, USA
Pedro B. Velloso, Universidade Federal do Rio de Janeiro, Brazil
Abbas Jamalipour, University of Sydney, Australia
Miguel Elias M. Campista, Rafael Laufer, Pedro B. Velloso, Abbas Jamalipour
Network function virtualization: through the looking-glass
Anandatirtha Nandugudi1, Massimo Gallo2, Diego Perino2, Fabio Pianese2
(1) INRIA Sophia-Antipolis, France
(2) Nokia Bell Labs, Nozay, France
Abstract The fields of networking and telecommunications are presently witnessing the transition of a number of Network Function Virtualization (NFV) principles and techniques from research into practice. This survey attempts to capture the NFV phenomenon in its multi-faceted historical development over the last two decades, by answering the question “What are the main goals of NFV systems?” and by highlighting the advantages and technical limits of NFV in supporting those goals. By focusing on the whys and hows of NFV, we propose a reasoned overview of the most significant design elements of NFV as a complementary synthesis to the analytical taxonomies of papers and standards that are usually found in survey documents.
Keywords Network Function Virtualization, Modularity, Performance, Hardware virtualization, Networking.
Traffic offloading techniques for 5G cellular: a three-tiered SDN architecture
Ibrahim Elgendi1, Kumudu S. Munasinghe1, Dharmendra Sharma1, Abbas Jamalipour2
(1) University of Canberra, Australia
(2) University of Sydney, Australia
Abstract There is an exponential growth in the Internet traffic and the Internet access from mobile users due to high traffic demands at core networks. The current core network capacity limits have become a major issue. Therefore, 5G will demand cellular networks with ultra low delay, high throughput and low congestion at the core network. To cope with aforementioned problems traffic at the frontline of the cellular networks are offloaded with improved mobility management for mobile users in such dense networks, which are called DenseNets by using User Rate-Perceived (URP) algorithm. Local IP Access (LIPA) and Selective IP Traffic Offloading (SIPTO) are currently used as data offloading techniques at the core network. In this paper, we propose two novel data offloading mechanisms: Femtocell IP Access (FIPA) and Selective Local Controller Traffic Offload (SLCTO) to offload traffic at the edge of the cellular network without passing through cellular core networks with decoupled control, as well as seamless handoff using URP algorithm. Also, we propose a Terrorism Prevention Control System (TPCS) to detect terrorist activities. These proposals such as FIPA, SLCTO, and URP for 3-Tiered SDN architecture achieve low delay, high throughput, and low cost over other data offloading technologies.
Keywords SDN, DenseNets, Femtocells, URP, GC, LC, 3GPP, LTE, DMM, FIPA, SLCTO.
An elastic intrusion detection system for software networks
Martin Andreoni Lopez, Diogo Menezes Ferrazani Mattos, Otto Carlos M. B. Duarte
Universidade Federal do Rio de Janeiro (UFRJ), Brazil
Abstract Internal users are the main causes of anomalous and suspicious behaviors in a communication network. Even when traditional security middleboxes are present, internal attacks may lead the network to outages or to leakage of sensitive information. In this article, we propose BroFlow, an Intrusion Detection and Prevention System based on Bro traffic analyzer and on the global network view of the software-defined networks (SDN) which is provided by the OpenFlow. BroFlow main contributions are (i) dynamic and elastic resource provision of traffic-analyzing machines under demand; (ii) real-time detection of DoS attacks through simple algorithms implemented in a policy language for network events; (iii) immediate reaction to DoS attacks, dropping malicious flows close of their sources, and (iv) near-optimal placement of sensors through a proposed heuristic for strategically positioning sensors in the network infrastructure, which is shared by multi-tenants, with a minimum number of sensors. We developed a prototype of the proposed system, and we evaluated it in a virtual environment of the Future Internet Testbed with Security (FITS). An evaluation of the system under attack shows that BroFlow guarantees the forwarding of legitimate packets at the maximal link rate, reducing up to 90 % of the maximal network delay caused by the attack. BroFlow reaches 50 % of bandwidth gain when compared with conventional firewalls approaches, even when the attackers are legitimate tenants acting in collusion. In addition, the system reduces the sensors number, while keeping full coverage of network flows.
Keywords DoS attacks, Intrusion detection and prevention system, Software-defined networking, Network security.
AuthFlow: authentication and access control mechanism for software defined networking
Diogo Menezes Ferrazani Mattos1,2, Otto Carlos Muniz Bandeira Duarte1
(1) Universidade Federal do Rio de Janeiro (UFRJ), Brazil
(2) UPMC, Paris, France
Abstract Software-defined networking (SDN) is being widely adopted by enterprise networks, whereas providing security features in these next generation networks is a challenge. In this article, we present the main security threats in software-defined networking and we propose AuthFlow, an authentication and access control mechanism based on host credentials. The main contributions of our proposal are threefold: (i) a host authentication mechanism just above the MAC layer in an OpenFlow network, which guarantees a low overhead and ensures a fine-grained access control; (ii) a credential-based authentication to perform an access control according to the privilege level of each host, through mapping the host credentials to the set of flows that belongs to the host; (iii) a new framework for control applications, enabling software-defined network controllers to use the host identity as a new flow field to define forwarding rules. A prototype of the proposed mechanism was implemented on top of POX controller. The results show that AuthFlow denies the access of hosts either without valid credentials or with revoked authorization. Finally, we show that our scheme allows, for each host, different levels of access to network resources according to its credential.
Keywords Access control, Authentication, Software-defined networking.
Cloudlet- and NFV-based carrier Wi-Fi architecture for a wider range of services
Fatma Ben Jemaa1,2, Guy Pujolle1, Michel Pariente2
(1) UPMC, Paris, France
(2) Meteor Network, Vitry-sur-Seine, France
Abstract Over the past few years, wireless local area networks (WLANs) have been extensively deployed and have significantly evolved. However, the deployment of large-scale WLAN still presents management issues. Moreover, while newer WLAN technologies and services have been emerging at a prolific rate, the architecture of WLAN networks has been quite static and has seen difficulties to evolve. In this paper, we present a novel architecture for carrier-managed WLAN networks which leverages network function virtualization concepts and virtualization technology in general. It is based on a WLAN Cloudlet which offloads MAC layer processing from access points and consolidates network functions and value-added services. All these functions and services are based on software instances. This brings more flexibility and adaptability and allows operators to easily implement new services while reducing CAPEX/OPEX and network equipment costs (e.g., access points).
Keywords Carrier-grade WLAN, MAC layer, Network function virtualization, WLAN emerging services, Software-based WLAN architecture, Cloudlet.
SDI: a multi-domain SDN mechanism for fine-grained inter-domain routing
Yangyang Wang1,2,3, Jun Bi1,2,3, Pingping Lin5, Yikai Lin4, Keyao Zhang1,2,3
(1) Institute for network sciences and cyberspace, Tsinghua University, Beijing, China
(2) Dpt of computer science, Tsinghua University, Beijing, China
(3) Tsinghua laboratory for information science and technology, Beijing, China
(4) Beijing University of posts and telecommunications, Beijing, China
(5) Open networking lab, Menlo Park, USA
Abstract Software-defined networking (SDN) scheme decouples network control plane and data plane, which can improve the flexibility of traffic management in networks. OpenFlow is a promising implementation instance of SDN scheme and has been applied to enterprise networks and data center networks in practice. However, it has less effort to spread SDN control scheme over the Internet to conquer the ossification of inter-domain routing. In this paper, we further innovate to the SDN inter-domain routing inspired by the OpenFlow protocol. We apply SDN flow-based routing control to inter-domain routing and propose a fine-granularity inter-domain routing mechanism, named SDI (Software Defined Inter-domain routing). It enables inter-domain routing to support the flexible routing policy by matching multiple fields of IP packet header. We also propose a method to reduce redundant flow entries for inter-domain settings. And, we implement a prototype and deploy it on a multi-domain testbed.
Keywords Inter-domain routing, Software defined networking (SDN), Forwarding table compression, Evolvability, BGP.
An experimental feasibility study on applying SDN technology to disaster-resilient wide area networks
Kien Nguyen1, Shigeki Yamada2
(1) National Institute of Information and Communications Technology, Kanagawa, Japan
(2) National Institut of Informatics, Tokyo, Japan
Abstract The Internet may get catastrophic impacts when unexpected disasters such as earthquakes, tsunami, etc. happen. Therefore, it is necessary to equip resilient technologies for the Internet backbones in order to face challenges (e.g., link, device failures, rerouting traffic, etc.) in the disasters. The emerging software-defined networking (SDN) technology, which logically centralizes network function on a controller and remotely manages distributed SDN devices, shows a lot of potential. This paper presents an experimental feasibility study on applying SDN to wide area backbones for the disaster-resilient purpose. To show the efficiency of SDN technology in responding fast to the network situation changes, we conduct three evaluations on real SDN devices and large-scale SDN-based wide area networks (WANs) assuming disaster scenarios. In the first evaluation, we explore the proactive recovery mechanism using the fast failover on SDN devices. In the second one, we investigate the communication latency between controllers and SDN devices, which is one of the most important factors in the reactive recovery in the software-defined backbone. In the last one, we experiment the fast end-to-end reactive recovery behavior of a TCP flow in a disaster scenario. The evaluation results clearly indicate that the SDN-based WAN is technically feasible and effective for fast recovery from disasters.
Keywords Disaster-resilient, Internet backbone, WAN, SDN, OpenFlow, Fast Switchover.
Single base station hybrid localization with scatter and angle of departure in circular scattering environment
Shixun Wu, Dengyuan Xu, Shengjun Zhang, Darong Huang
Chongqing Jiaotong University, China
Abstract A single base station (BS) localization approach is proposed in this paper when the BS measures time of arrival (TOA) and angle of arrival (AOA). As the mobile stations (MSs) are gradually evolving to become sophisticated wireless access devices rather than just pocket telephones, the angle of departure (AOD) can also be obtained. Based on the circular scattering model, a nonlinear constrained optimization localization approach is formulated by introducing the coordinate of scatter. More accurate localization results with AOD and AOA informations can be achieved by reducing the feasible area among the coordinates of scatter, MS, and BS. Due to the measurement errors, the AOD and AOA measurements may decide incorrect relation among them. Then, the theoretic probabilities of wrong decision about the solo judgment of AOD measurement and joint judgment of AOD and AOA measurements are analyzed and derived, respectively. Simulation results demonstrate that the proposed approaches give better performance compared to the existing approaches, and the theoretic probabilities of wrong decision are consistent with simulation results.
Keywords Localization, Single base station, Scatter, Angle of departure (AOD), Angle of arrival (AOA).
Augmented consensus filter for simultaneous localization and tracking with limited sense range
Xiangyuan Jiang, Peng Ren
China University of Petroleum, Qingdao, China
Abstract In this paper, we investigate how to exploit distributed average consensus fusion for conducting simultaneous localization and tracking (SLAT) by using wireless sensor networks. To this end, we commence by establishing a limited sense range (LSR) nonlinear system that characterizes the coupling of target state and sensor localization with respect to each sensor. We then employ an augmented extended Kalman filter to estimate the sensor and target states of our system. Furthermore, we adopt a consensus filtering scheme which fuses the information from neighboring sensors. We thus obtain a two-stage distributed filtering framework that not only obtains updated sensor locations trough augment filtering but also provides an accurate target state estimate in consensus filtering. Additionally, our framework is computationally efficient because it only requires neighboring sensor communications. The simulation results reveal that the proposed filtering framework is much more robust than traditional information fusion methods in limited ranging conditions.
Keywords Simultaneous localization and tracking, Distributed estimation, Consensus filter, Information fusion.
Fronthaul network design for radio access network virtualization from a CAPEX/OPEX perspective
Hassan Yeganeh1, Elaheh Vaezpour2
(1) Iran Telecommunication Research Center, Tehran, Iran
(2) Amirkabir University of Technology, Tehran, Iran
Abstract With the increase of mobile traffic demand and the need to reduce expenses to handle this demand, a novel solution, known as Cloud Radio Access Network (C-RAN), has been proposed for future radio access network. This solution involves virtualizing base stations and centralizing processing resources into a baseband processing unit (BBU) pool. C-RAN also helps fully deploying cooperative schemes used in LTE and LTE-Advanced. In this paper, we analyze C-RAN cost structure. Then, unlike previous works, we mathematically formulate cell-BBU pool assignment, taking into account fronthaul network expenditure. Two optimization models are proposed for two different architectures. We then use these formulations to develop solutions to our problem, which optimize the C-RAN costs subject to demand constraints. Through extensive experiments, cost efficiency of C-RAN architecture is discussed and the effect of different parameters is analyzed. We also derive conditions where utilizing C-RAN architecture can help cost savings.
Keywords Radio access network, Virtualization, C-RAN, CAPEX, OPEX.
On the error performance of network-coded error-prone DF-relaying in multiple access relay channel
Polytechnic School of Tunisia, University of Carthage, Tunis, Tunisia
Abstract This paper deals with bit error performance analysis of network-coded (NC) multiple access relay channels that operate in the decode and forward mode with error-prone relaying under quasi-static Rayleigh fading channels. It shows that the combination of channel coding and NC relaying can be regarded as a distributed coding scheme (DCS) if the error propagation problem is adequately addressed. For this purpose, methods based on NC soft information relaying (NC-SIR) and NC hard information relaying (NC-HIR) are investigated. In the framework of NC-SIR, the recently proposed Rayleigh-Gaussian log-likelihood-ratio-based Model is used for modelling the soft estimated symbols at the output of the relay soft encoder. The resulting scheme is referred to as NC-SIR-DCS. On the other hand, two NC-HIR-based schemes are studied and analyzed. The first employs automatic repeat request (ARQ) protocols between the relay node and each source node to ensure error-free propagation and is referred to as NC-ARQ-DCS, while the second performs a limiter function at the destination during iterative decoding as introduced in Thobaben (1) distributed and is referred to as NC-LFD-DCS. The SNR of the one-hop link, the equivalent to the sources-relay-destination links, is estimated in the case of NC-SIR-DCS and is lower bounded in the case of NC-LFD-DCS, while in the case of NC-ARQ-DCS, the average SNR cost per information bit due to the ARQ protocol is estimated. These processes allow tractable analysis of the bit error rate performances of the presented network-coded DCSs. Simulation results are carried out to assess the accuracy of the proposed bounds for different relay positions between source nodes and destination.
Keywords Network coding, Decode and forward, Soft information relaying, Automatic repeat request, Error-prone relaying, Equivalent one-hop link.
Study of I/Q imbalances in QAM communication systems adopting multi-antenna receivers
Embry-Riddle Aeronautical University, Daytona Beach, USA
Abstract This paper investigates the inphase/quadrature phase (I/Q) imbalance problem in quadrature amplitude modulation (QAM) communication systems with multi-antenna receivers. Two application scenarios are considered: adaptive beamforming and multi-user detection based on blind source separation (BSS). Our analysis illustrates that, in both scenarios, the effect of the transmitter and receiver I/Q imbalance can be mitigated through straightforward digital signal processing methods. For adaptive beamforming systems, increasing the number of receiver branches automatically suppresses the interference induced by transceiver I/Q imbalances. For the multi-user detection application, a simple alternative expression of the signal model can be adopted, which separately lists the inphase and quadrature phase components of the received signals and the source signals. As a result, the BSS estimation of all user signals can be conducted in the presence of transceiver I/Q imbalances. Simulation results confirmed the effectiveness of the presented I/Q imbalance correction techniques.
Keywords Interference suppression, Multi-antenna receivers, I/Q imbalance.