The traffic explosion and the rising of diverse requirements lead to many challenges for traditional mobile network architecture on flexibility, scalability, and deployability. To meet new requirements in the 5 G era,...The traffic explosion and the rising of diverse requirements lead to many challenges for traditional mobile network architecture on flexibility, scalability, and deployability. To meet new requirements in the 5 G era, service based architecture is introduced into mobile networks. The monolithic network elements(e.g., MME, PGW, etc.) are split into smaller network functions to provide customized services. However, the management and deployment of network functions in service based 5 G core network are still big challenges. In this paper, we propose a novel management architecture for 5 G service based core network based on NFV and SDN. Combined with SDN, NFV and edge computing, the proposed framework can provide distributed and on-demand deployment of network functions, service guaranteed network slicing, flexible orchestration of network functions and optimal workload allocation. Simulations are conducted to show that the proposed framework and algorithm are effective in terms of reducing network operating cost.展开更多
Software-Defined Network (SDN) empowers the evolution of Internet with the OpenFlow, Network Virtualization and Service Slicing strategies. With the fast increasing requirements of Mobile Internet services, the Inte...Software-Defined Network (SDN) empowers the evolution of Internet with the OpenFlow, Network Virtualization and Service Slicing strategies. With the fast increasing requirements of Mobile Internet services, the Internet and Mobile Networks go to the convergence. Mobile Networks can also get benefits from the SDN evolution to fulfill the 5th Generation (5G) capacity booming. The article implements SDN into Frameless Network Architecture (FNA) for 5G Mobile Network evolution with proposed Mobile-oriented OpenFlow Protocol (MOFP). The Control Plane/User Plane (CP/UP) separation and adaptation strategy is proposed to support the User-Centric scenario in FNA. The traditional Base Station is separated with Central Processing Entity (CPE) and Antenna Element (AE) to perform the OpenFlow and Network Virtualization. The AEs are released as new resources for serving users. The mobile-oriented Service Slicing with different Quality of Service (QoS) classification is proposed and Resource Pooling based Virtualized Radio Resource Management (VRRM) is optimized for the Service Slicing strategy with resource-limited feature in Mobile Networks. The capacity gains are provided to show the merits of SDN based FNA. And the MiniNet based Trial Network with Service Slicing is implemented with experimental results.展开更多
With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)sat...With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.展开更多
With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages i...With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers(IDC),such as high cost and lack of flexibility.With the implementation of software defined networking(SDN),network security solution could be more flexible and efficient,such as SDN based firewall service and SDN based DDoS-attack mitigation service.Moreover,combined with cloud computing and SDN technology,network security services could be lighter-weighted,more flexible,and on-demanded.This paper analyzes some typical SDN based network security services,and provide a research on SDN based cloud security service(network security service pool)and its implementation in IDCs.展开更多
Over-the-top services and cloud services have created great challenges for telecom operators. To better meet the requirements of cloud services, we propose a decoupled network architecture. Software-defined networkin...Over-the-top services and cloud services have created great challenges for telecom operators. To better meet the requirements of cloud services, we propose a decoupled network architecture. Software-defined networking/network function virtualization (SDN/ NFV) will be vital in the construction of cloud-oriented broadband infrastructure, especially within data centers and for intercon nection between data centers. We also propose introducing SDN/NFV in the broadband access network in order to realize a virtu- alized residential gateway (VRG). We discuss the deployment modes of VRG.展开更多
Software-defined networking (SDN) is a generic term and one of the major interests of the telecoms industry (and beyond) over the past two years. However, defining SDN is a somewhat controversial exercise. The cla...Software-defined networking (SDN) is a generic term and one of the major interests of the telecoms industry (and beyond) over the past two years. However, defining SDN is a somewhat controversial exercise. The claimed flexibility, as well as other presumed assets of SDN, should be carefully investigated. In particular, the use of SDN to dynamically provision network services suggests the introduction of a certain level of automation in the overall network service delivery process, from service parameter negotiation to delivery and operation. This paper aims to clarify the SDN landscape and focuses on two main aspects of the SDN framework: net- work abstraction, and dynamic parameter exposure and negotiation.展开更多
Software defined network(SDN)and network function virtualization(NFV)have become a new paradigm of a new generation of network architecture.SDN and NFV can effectively improve the flexibility of deploying and managing...Software defined network(SDN)and network function virtualization(NFV)have become a new paradigm of a new generation of network architecture.SDN and NFV can effectively improve the flexibility of deploying and managing service function chains(SFCs).By combining SDN and NFV and applying them to the resource orchestration problem of SFC deployment,the three-tier architecture consisting of SDN controller,network function virtualization and physical underlying computing resource layer in the process of heterogeneous network resource mapping is considered.And an optimization algorithm for active control resources based on SDN and NFV is proposed.Firstly,the user’s utility is modeled by the multistandard aggregated multi-criteria utility algorithm,and the optimization goal is transformed into the problem of maximizing the user’s utility.Then the controller,based on the algorithm’s prediction of the future state and realtime monitoring of the network utilization,makes decisions and issues control commands for the arriving SFC requests,based on which it occupies the underlying resources held by the virtualized network function(VNF).The simulation results show that,compared with the static timing resource allocation algorithm,the active control resource deployment algorithm proposed in the article has better performance in terms of resource utilization,acceptance rate,and user creation utility.展开更多
Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The s...Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The same concept has recently resurfaced under the guise of cloud computing and virtualized computing.Although cloud computing was originally used in IT for server virtualization,the ICT industry is taking a new look at virtualization.This paradigm shift is shaking up the computing,storage,networking,and ser vice industries.The hope is that virtualizing and automating configuration and service management/orchestration will save both capes and opex for network transformation.A complimentary trend is the separation(over an open interface)of control and transmission.This is commonly referred to as software defined networking(SDN).This paper reviews trends in network/service functions,efforts to standardize these functions,and required management and orchestration.展开更多
Multiple wireless access technology has been embedded into a single mobile device as a fundamental feature, aiming to give end users ubiquitous access at any time. To allow the users to enjoy the ubiquitous connectivi...Multiple wireless access technology has been embedded into a single mobile device as a fundamental feature, aiming to give end users ubiquitous access at any time. To allow the users to enjoy the ubiquitous connectivity, the mobile device has to consume higher energy for the simultaneous activation of multiple wireless interface and the continuous connectivity. In addition, a seamless vertical handover between the access technologies is a mandatory requirement to insure the quality, reliability and continuity of real time services. In this paper, the continuity of real time services as well as energy saving for mobile devices has been taken into account. The conceptual idea is that whenever traffic rate is lower than a threshold it will be smoothly handed over to a low energy consumption technology, i.e., Bluetooth. When the traffic exceeds the limitation of Bluetooth bandwidth, it will be handed over to a wider bandwidth technology, i.e., Wi-Fi. In the considered scenarios, the technologies are not interconnected;hence, the vertical handover management must be fully controlled by the mobile devices. The performance of the system including energy saving and maintaining the continuity of real time services has been evaluated by direct measurements in a real testbed.展开更多
The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,t...Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.展开更多
软件定义网络(software defined networking,SDN)已经迅速成为一种新的网络通信管理模式,极大地改变了传统网络架构.SDN可以通过将控制层与数据层分离来实现更细粒度的网络控制与管理.但是,转控分离的SDN架构也使得控制器极易成为DoS攻...软件定义网络(software defined networking,SDN)已经迅速成为一种新的网络通信管理模式,极大地改变了传统网络架构.SDN可以通过将控制层与数据层分离来实现更细粒度的网络控制与管理.但是,转控分离的SDN架构也使得控制器极易成为DoS攻击的目标.为解决这一问题,现对SDN中的DoS攻击进行全面的研究,并提出一种轻量有效的MinDoS防御机制,该机制主要由简化的DoS攻击探测模块和优先级管理模块这2个核心模块实现.该机制可以根据用户信任值将流请求分类并将其划分到具有不同优先级的多个缓冲队列,然后使用SDN控制器以双轮询机制来调度处理这些流请求,从而在DoS攻击下更好地保护控制器.另外,MinDoS还结合了多控制器动态调度策略来降低全局响应时间,提高用户服务质量.最后,分别在SDN单控制器和多控制器实验环境中对MinDoS防御性能进行综合评估,实验结果表明:MinDoS防御效果良好,系统设计满足预期目标.展开更多
基金supported by China Ministry of Education-CMCC Research Fund Project No.MCM20160104National Science and Technology Major Project No.No.2018ZX03001016+1 种基金Beijing Municipal Science and technology Commission Research Fund Project No.Z171100005217001Fundamental Research Funds for Central Universities NO.2018RC06
文摘The traffic explosion and the rising of diverse requirements lead to many challenges for traditional mobile network architecture on flexibility, scalability, and deployability. To meet new requirements in the 5 G era, service based architecture is introduced into mobile networks. The monolithic network elements(e.g., MME, PGW, etc.) are split into smaller network functions to provide customized services. However, the management and deployment of network functions in service based 5 G core network are still big challenges. In this paper, we propose a novel management architecture for 5 G service based core network based on NFV and SDN. Combined with SDN, NFV and edge computing, the proposed framework can provide distributed and on-demand deployment of network functions, service guaranteed network slicing, flexible orchestration of network functions and optimal workload allocation. Simulations are conducted to show that the proposed framework and algorithm are effective in terms of reducing network operating cost.
基金This material is supported by the National Natural Science Foundation of China under Grant No.61001116 and 61121001,Beijing Nova Programme No.Z131101000413030,the National Major Project No.2013ZX03003002 and Program for Changjiang Scholars and Innovative Research Team in University No.IRT1049
文摘Software-Defined Network (SDN) empowers the evolution of Internet with the OpenFlow, Network Virtualization and Service Slicing strategies. With the fast increasing requirements of Mobile Internet services, the Internet and Mobile Networks go to the convergence. Mobile Networks can also get benefits from the SDN evolution to fulfill the 5th Generation (5G) capacity booming. The article implements SDN into Frameless Network Architecture (FNA) for 5G Mobile Network evolution with proposed Mobile-oriented OpenFlow Protocol (MOFP). The Control Plane/User Plane (CP/UP) separation and adaptation strategy is proposed to support the User-Centric scenario in FNA. The traditional Base Station is separated with Central Processing Entity (CPE) and Antenna Element (AE) to perform the OpenFlow and Network Virtualization. The AEs are released as new resources for serving users. The mobile-oriented Service Slicing with different Quality of Service (QoS) classification is proposed and Resource Pooling based Virtualized Radio Resource Management (VRRM) is optimized for the Service Slicing strategy with resource-limited feature in Mobile Networks. The capacity gains are provided to show the merits of SDN based FNA. And the MiniNet based Trial Network with Service Slicing is implemented with experimental results.
基金supported in part by the National Natural Science Foundation of China(NSFC)under grant numbers U22A2007 and 62171010the Open project of Satellite Internet Key Laboratory in 2022(Project 3:Research on Spaceborne Lightweight Core Network and Intelligent Collaboration)the Beijing Natural Science Foundation under grant number L212003.
文摘With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.
文摘With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers(IDC),such as high cost and lack of flexibility.With the implementation of software defined networking(SDN),network security solution could be more flexible and efficient,such as SDN based firewall service and SDN based DDoS-attack mitigation service.Moreover,combined with cloud computing and SDN technology,network security services could be lighter-weighted,more flexible,and on-demanded.This paper analyzes some typical SDN based network security services,and provide a research on SDN based cloud security service(network security service pool)and its implementation in IDCs.
文摘Over-the-top services and cloud services have created great challenges for telecom operators. To better meet the requirements of cloud services, we propose a decoupled network architecture. Software-defined networking/network function virtualization (SDN/ NFV) will be vital in the construction of cloud-oriented broadband infrastructure, especially within data centers and for intercon nection between data centers. We also propose introducing SDN/NFV in the broadband access network in order to realize a virtu- alized residential gateway (VRG). We discuss the deployment modes of VRG.
文摘Software-defined networking (SDN) is a generic term and one of the major interests of the telecoms industry (and beyond) over the past two years. However, defining SDN is a somewhat controversial exercise. The claimed flexibility, as well as other presumed assets of SDN, should be carefully investigated. In particular, the use of SDN to dynamically provision network services suggests the introduction of a certain level of automation in the overall network service delivery process, from service parameter negotiation to delivery and operation. This paper aims to clarify the SDN landscape and focuses on two main aspects of the SDN framework: net- work abstraction, and dynamic parameter exposure and negotiation.
基金This work was supported by the National Natural Science Foundation of China(61871058).
文摘Software defined network(SDN)and network function virtualization(NFV)have become a new paradigm of a new generation of network architecture.SDN and NFV can effectively improve the flexibility of deploying and managing service function chains(SFCs).By combining SDN and NFV and applying them to the resource orchestration problem of SFC deployment,the three-tier architecture consisting of SDN controller,network function virtualization and physical underlying computing resource layer in the process of heterogeneous network resource mapping is considered.And an optimization algorithm for active control resources based on SDN and NFV is proposed.Firstly,the user’s utility is modeled by the multistandard aggregated multi-criteria utility algorithm,and the optimization goal is transformed into the problem of maximizing the user’s utility.Then the controller,based on the algorithm’s prediction of the future state and realtime monitoring of the network utilization,makes decisions and issues control commands for the arriving SFC requests,based on which it occupies the underlying resources held by the virtualized network function(VNF).The simulation results show that,compared with the static timing resource allocation algorithm,the active control resource deployment algorithm proposed in the article has better performance in terms of resource utilization,acceptance rate,and user creation utility.
文摘Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The same concept has recently resurfaced under the guise of cloud computing and virtualized computing.Although cloud computing was originally used in IT for server virtualization,the ICT industry is taking a new look at virtualization.This paradigm shift is shaking up the computing,storage,networking,and ser vice industries.The hope is that virtualizing and automating configuration and service management/orchestration will save both capes and opex for network transformation.A complimentary trend is the separation(over an open interface)of control and transmission.This is commonly referred to as software defined networking(SDN).This paper reviews trends in network/service functions,efforts to standardize these functions,and required management and orchestration.
文摘Multiple wireless access technology has been embedded into a single mobile device as a fundamental feature, aiming to give end users ubiquitous access at any time. To allow the users to enjoy the ubiquitous connectivity, the mobile device has to consume higher energy for the simultaneous activation of multiple wireless interface and the continuous connectivity. In addition, a seamless vertical handover between the access technologies is a mandatory requirement to insure the quality, reliability and continuity of real time services. In this paper, the continuity of real time services as well as energy saving for mobile devices has been taken into account. The conceptual idea is that whenever traffic rate is lower than a threshold it will be smoothly handed over to a low energy consumption technology, i.e., Bluetooth. When the traffic exceeds the limitation of Bluetooth bandwidth, it will be handed over to a wider bandwidth technology, i.e., Wi-Fi. In the considered scenarios, the technologies are not interconnected;hence, the vertical handover management must be fully controlled by the mobile devices. The performance of the system including energy saving and maintaining the continuity of real time services has been evaluated by direct measurements in a real testbed.
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
基金supported in part by the National Key R&D Program of China under Grant 2018YFA0701601in part by the National Natural Science Foundation of China(Grant No.62201605,62341110,U22A2002)in part by Tsinghua University-China Mobile Communications Group Co.,Ltd.Joint Institute。
文摘Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.
文摘软件定义网络(software defined networking,SDN)已经迅速成为一种新的网络通信管理模式,极大地改变了传统网络架构.SDN可以通过将控制层与数据层分离来实现更细粒度的网络控制与管理.但是,转控分离的SDN架构也使得控制器极易成为DoS攻击的目标.为解决这一问题,现对SDN中的DoS攻击进行全面的研究,并提出一种轻量有效的MinDoS防御机制,该机制主要由简化的DoS攻击探测模块和优先级管理模块这2个核心模块实现.该机制可以根据用户信任值将流请求分类并将其划分到具有不同优先级的多个缓冲队列,然后使用SDN控制器以双轮询机制来调度处理这些流请求,从而在DoS攻击下更好地保护控制器.另外,MinDoS还结合了多控制器动态调度策略来降低全局响应时间,提高用户服务质量.最后,分别在SDN单控制器和多控制器实验环境中对MinDoS防御性能进行综合评估,实验结果表明:MinDoS防御效果良好,系统设计满足预期目标.
