Open-Source Software Defined Networking Controllers:State-of-the-Art,Challenges and Solutions for Future Network Providers

Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN technology.Various versions of SDN controllers exist as a response to the diverse demands and functions expected of them.There are several SDN controllers available in the open market besides a large number of commercial controllers;some are developed tomeet carrier-grade service levels and one of the recent trends in open-source SDN controllers is the Open Network Operating System(ONOS).This paper presents a comparative study between open source SDN controllers,which are known as Network Controller Platform(NOX),Python-based Network Controller(POX),component-based SDN framework(Ryu),Java-based OpenFlow controller(Floodlight),OpenDayLight(ODL)and ONOS.The discussion is further extended into ONOS architecture,as well as,the evolution of ONOS controllers.This article will review use cases based on ONOS controllers in several application deployments.Moreover,the opportunities and challenges of open source SDN controllers will be discussed,exploring carriergrade ONOS for future real-world deployments,ONOS unique features and identifying the suitable choice of SDN controller for service providers.In addition,we attempt to provide answers to several critical questions relating to the implications of the open-source nature of SDN controllers regarding vendor lock-in,interoperability,and standards compliance,Similarly,real-world use cases of organizations using open-source SDN are highlighted and how the open-source community contributes to the development of SDN controllers.Furthermore,challenges faced by open-source projects,and considerations when choosing an open-source SDN controller are underscored.Then the role of Artificial Intelligence(AI)and Machine Learning(ML)in the evolution of open-source SDN controllers in light of recent research is indicated.In addition,the challenges and limitations associated with deploying open-source SDN controllers in production networks,how can they be mitigated,and finally how opensource SDN controllers handle network security and ensure that network configurations and policies are robust and resilient are presented.Potential opportunities and challenges for future Open SDN deployment are outlined to conclude the article.

Threshold-Based Software-Defined Networking(SDN)Solution for Healthcare Systems against Intrusion Attacks

The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.

Security Monitoring and Management for the Network Services in the Orchestration of SDN-NFV Environment Using Machine Learning Techniques

Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.

A Dormant Multi-Controller Model for Software Defined Networking

In order to improve the scalability and reliability of Software Defined Networking(SDN),many studies use multiple controllers to constitute logically centralized control plane to provide load balancing and fail over.In this paper,we develop a flexible dormant multi-controller model based on the centralized multi-controller architecture.The dormant multi-controller model allows part of controllers to enter the dormant state under light traffic condition for saving system cost.Meanwhile,through queueing analysis,various performance measures of the system can be obtained.Moreover,we analyze the real traffic of China Education Network and use the results as the parameters of computer simulation and verify the effects of parameters on the system characteristics.Finally,a total expected cost function is established,and genetic algorithm is employed to find the optimal values of various parameters to minimize system cost for the deployment decision making.

A Novel Load Balancing Strategy of Software-Defined Cloud/Fog Networking in the Internet of Vehicles

The Internet of Vehicles(IoV)has been widely researched in recent years,and cloud computing has been one of the key technologies in the IoV.Although cloud computing provides high performance compute,storage and networking services,the IoV still suffers with high processing latency,less mobility support and location awareness.In this paper,we integrate fog computing and software defined networking(SDN) to address those problems.Fog computing extends computing and storing to the edge of the network,which could decrease latency remarkably in addition to enable mobility support and location awareness.Meanwhile,SDN provides flexible centralized control and global knowledge to the network.In order to apply the software defined cloud/fog networking(SDCFN) architecture in the IoV effectively,we propose a novel SDN-based modified constrained optimization particle swarm optimization(MPSO-CO) algorithm which uses the reverse of the flight of mutation particles and linear decrease inertia weight to enhance the performance of constrained optimization particle swarm optimization(PSO-CO).The simulation results indicate that the SDN-based MPSO-CO algorithm could effectively decrease the latency and improve the quality of service(QoS) in the SDCFN architecture.

Contrastive Analysis of Software Networks Based on Different Coupling Relationships

Several software network models are constructed based on the relationships between classes in the object-oriented software systems.Then,a variety of well-known open source software applications are statistically analyzed by using these models.The results show that: (1) Dependency network does play a key role in software architecture;(2) The exponents of in-degree and total-degree distribution functions of different networks differ slightly,while the exponent of out-degree varies obviously;(3) Weak-coupling relationships have greater impact on software architecture than strong-coupling relationships.Finally,a theoretically analysis on these statistical phenomena is proposed from the perspectives of software develop technology,develop process and developer’s habits,respectively.

The Impact of Delay in Software-Defined Integrated Terrestrial-Satellite Networks

Satellite communication networks have been evolving from standalone networks with ad-hoc infrastructures to possibly interconnected portions of a wider Future Internet architecture. Experts belonging to the fifth-generation(5 G) standardization committees are considering satellites as a technology to integrate in the 5 G environment. Software Defined Networking(SDN) is one of the paradigms of the next generation of mobile and fixed communications. It can be employed to perform different control functionalities, such as routing, because it allows traffic flow identification based on different parameters and traffic flow management in a centralized way. A centralized set of controllers makes the decisions and sends the corresponding forwarding rules for each traffic flow to the involved intermediate nodes that practically forward data up to the destination. The time to perform this process in integrated terrestrial-satellite networks could be not negligible due to satellite link delays. The aim of this paper is to introduce an SDN-based terrestrial satellite network architecture and to estimate the mean time to deliver the data of a new traffic flow from the source to the destination including the time required to transfer SDN control actions. The practical effect is to identify the maximum performance than can be expected.

SDN assisted Stackelberg Game model for LTE-WiFi offloading in 5G networks

The data traffic that is accumulated at the Macro Base Station(MBS)keeps on increasing as almost all the people start using mobile phones.The MBS cannot accommodate all user’s demands,and attempts to offload some users to the nearby small cells so that the user could get the expected service.For the MBS to offload data traffic to an Access Point(AP),it should offer an optimal economic incentive in a way its utility is maximized.Similarly,the APs should choose an optimal traffic to admit load for the price that it gets from MBS.To balance this tradeoff between the economic incentive and the admittance load to achieve optimal offloading,Software Defined Networking(SDN)assisted Stackelberg Game(SaSG)model is proposed.In this model,the MBS selects the users carefully to aggregate the service with AP,so that the user experiencing least service gets aggregated first.The MBS uses the Received Signal Strength Indicator(RSSI)value of the users as the main parameter for aggregating a particular user for a contract period with LTE and WiFi.Each player involved in the game tries to maximize their payoff utilities,and thus,while incorporating those utilities in real-time scenario,we obtain maximum throughput per user which experiences best data service without any lack in Quality of Experience(QoE).Thus,the proposed SaSG model proves better when compared with other game theory models,and hence an optimal data offloading is achieved.

A Methodology for Reliability of WSN Based on Software Defined Network in Adaptive Industrial Environment

As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.

Autonomic QoS Management Mechanism in Software Defined Network

With the increase of network complexity,the flexibility of network control and management becomes a nontrivial problem.Both Software Defined Network(SDN) and Autonomic Network technologies are sophisticated technologies for the network control and management.These two technologies could be combined together to construct a software defined self-managing solution for the future network.An autonomic QoS management mechanism in Software Defined Network(AQSDN) is proposed in this paper.In AQSDN,the various QoS features can be configured autonomically in an OpenFlow switch through extending the OpenFlow and OF-Config protocols.Based on AQSDN,a novel packet context-aware QoS model(PCaQoS) is also introduced for improving the network QoS.PCaQoS takes packet context into account when packet is marked and managed into forwarding queues.The implementation of a video application's prototype which evaluates the self-configuration feature of the AQSDN and the enhancement ability of the PCaQoS is presented in order to validate this design.

Software defined satellite networks:A survey

In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.

Programmable Adaptive Security Scanning for Networked Microgrids

Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.

Service Function Chain in Small Satellite-Based Software Defined Satellite Networks

Software Defined Satellite Networks(SDSN) are proposed to solve the problems in traditional satellite networks, such as time-consuming configuration and inflexible traffic scheduling. The emerging application of small satellite and research of SDSN make it possible for satellite networks to provide flexible network services. Service Function Chain(SFC) can satisfy this need. In this paper, we are motivated to investigate applying SFC in the small satellite-based SDSN for service delivery. We introduce the structure of the multi-layer constellation-based SDSN. Then, we describe two deployment patterns of SFC in SDSN, the Multi-Domain(MD) pattern and the Satellite Formation(SF) pattern. We propose two algorithms, SFP-MD, and SFP-SF, to calculate the Service Function Path(SFP). We implement the algorithms and conduct contrast experiments in our prototype. Finally, we summarize the applicable conditions of two deployment patterns according to the experimental results in terms of hops, delay, and packet loss rate.

Software Defined Optical Networks and Its Innovation Environment

Software defined optical networks （SDONs） integrate software defined technology with optical communication networks and represent the promising development trend of future optical networks. The key technologies for SDONs include software-defined optical transmission, switching, and networking. The main features include control and transport separation, hard-ware universalization, protocol standardization, controllable optical network, and flexible optical network applications. This paper introduces software defined optical networks and its innovation environment, in terms of network architecture, protocol extension solution, experiment platform and typical applications. Batch testing has been conducted to evaluate the performance of this SDON testbed. The results show that the SDON testbed has good scalability in different sizes. Meanwhile, we notice that controller output bandwidth has great influence on lightpath setup delay.

DDoS Attack in Software Defined Networks: A Survey

Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.

GPP Based Open Cellular Network Towards 5G

Due to 5G's stringent and uncertainty traffic requirements,open ecosystem would be one inevitable way to develop 5G.On the other hand,GPP based mobile communication becomes appealing recently attributed to its striking advantage in flexibility and re-configurability.In this paper,both the advantages and challenges of GPP platform are detailed analyzed.Furthermore,both GPP based software and hardware architectures for open 5G are presented and the performances of real-time signal processing and power consumption are also evaluated.The evaluation results indicate that turbo and power consumption may be another challengeable problem should be further solved to meet the requirements of realistic deployments.

A Survivability Routing Mechanism in SDN Enabled Wireless Mesh Networks:Design and Evaluation

In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by converting the survivability problem into two sub-problems:constructing an elastic-aware routing tree and controller selection.Based on the shortest path tree,this scheme continuously attempts to prune the routing tree to enhance network survivability.After a certain number of iterations,elastic-aware routing continues to improve network resiliency by increasing the number of edges in this tree.Simulation results demonstrate this fault-tolerant mechanism performs better than the traditional method in terms of the number of protected nodes and network fragility indicator.

Dynamic Threshold-Based Approach to Detect Low-Rate DDoS Attacks on Software-Defined Networking Controller

The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.

Edge-Computing with Graph Computation:A Novel Mechanism to Handle Network Intrusion and Address Spoofing in SDN

Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.

Application-aware routing with QoS support in SDN networks

Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.