Open Network Operating System Research Articles

Detecting DDoS based on attention mechanism for Software-Defined Networks

In this paper, we propose a deep learning model based on a novel Divide and Conquer Attention (DCA) mechanism, for efficient detection of Distributed Denial of Service (DDoS) attacks in a virtual Software Defined Networking(SDN) environment. DDoS is a cyber-attack that depletes the resources of the target victim through excessive traffic attacks, preventing users from using the server normally. As network infrastructure evolves, the threat of cyber-attacks such as DDoS is increasing, and DDoS attack methods are also becoming very diverse. DDoS attacks are more dangerous in SDN because a failure occurring in the SDN controller paralyzes the entire network managed by the controller and has recently received a lot of attention. Therefore, our proposed DCA based detection model learns complex attack patterns and network traffic, providing enhanced detection. The DCA based detection model that focuses on various functions of network traffic based on importance provides a better understanding of abnormal behavior patterns. Our results obtained from virtual network attack scenario experiments with Open Network Operating System (ONOS) SDN controller and Mininet network simulator show that DCA based model outperforms traditional machine learning methods and other deep learning models. Then, we conduct performance evaluations against various recent deep learning-based network analysis studies to provide various advantages for the utilization of DCA based detection model.

Performance Visualization of Southbound Interface in Software Defined Networking

Software Defined Networking (SDN) makes Internet network configuration easier by separating the control plane and data plane. The control plane on the controller has information on network devices in the data plane and centrally control these devices. One of the controllers in SDN being developed is the Open Network Operating System (ONOS). ONOS provides interfaces such as Representational State Transfer (REST) Application Programming Interface (API). The ONOS core REST API provides some information from the network connected to it, such as devices, statistics, and the information in JSON file. The primary objective of this study is to develop an interface that simplifies performance monitoring through graphical representation. This involves testing the visualization with various topologies and conducting a comparative analysis of the visualization results across these topologies. The creation of the interface entails presenting statistical data, available in the form of a JSON file from the ONOS controller via the REST API, on the web interface in graphical format. The resulting visualization generates a graph that aligns with the performance characteristics of each topology, reflecting device details, ports, and additional parameters such as the count of sent and received packets, as well as sent and received bytes. The performance visualization outcomes specific to each topology are consistent with the number of connections and are prominently displayed on the web interface. Additionally, this research evaluates network throughput and bandwidth by sending ICMP packet and iperf tests across each topology. Among all the openflow tests performed on various network topologies, it was observed that the tree topology exhibited the lowest network capacity utilization, followed by the leaf-spine topology, and finally the ring topology.

Flexible open network operating system architecture for implementing higher scalability using disaggregated software‐defined optical networking

AbstractThe enhanced capacity of optical networks is a significant advantage within the global telecommunications industry. Optical networks provides transmission of information over large distances with reduced latency. However, the growing intricacy of network topologies poses a significant challenge to network adaptability, network resilience, device compatibility, and service quality in the contemporary era of technology and 5G networks. In light of these challenges, recent studies leverages on disaggregation in the context of Software Defined Network (SDN) and network service orchestrators as a viable remedy. Disaggregated optical systems offer SDON (Software‐Defined Optical Networking) enhanced control options and third‐party dynamism streamlining upgrades and diminishing single vendor dependency. Although, the advancement of disaggregation improves network flexibility and vendor neutrality of Software Defined Optical Networking (SDON), this improvement comes at the cost of reduced scalability and network controllability performance. The current research paper posits two potential resolutions to the aforementioned challenge. The authors present recommendations and an enhanced architecture that leverages Open Network Operating System (ONOS) containers and Kubernetes orchestration to improve scalability inside the Software‐Defined Optical Networking (SDON) architecture. The suggested architectural design has underlining novel flow charts and algorithms that enhances scalability performance by 33% while also preserving flexibility and controllability in comparison to pre‐existing SDON architectures. This architecture also makes use of the Mininet‐Optical physical‐layer architecture to simulate a real‐time scenario, as well as yang models from the Open Disaggregated Transport Network (ODTN) working group, the pioneers of SDONs. A detailed analysis of the rules and procedural processes involved in the implementation of the proposed architecture. In order to demonstrate the practical application of this architectural framework to a real‐world Software‐Defined Optical Network (SDON) system, the pre‐existing SDON ONOS architecture within the Optical Transport Domain Networking (OTDN) working group was adjusted and refined. This adaptation aimed to illustrate the use of ONOS in conjunction with established optical network systems, highlighting the advantages it offers.

Software defined networking agent demonstration to enable configuration and management of XGS-PON architectures

This paper describes the design and implementation of an OpenFlow software defined network (SDN) agent that manages and configures 10-gigabit-capable symmetric passive optical network (XGS-PON) architectures. Acting as an OpenFlow switch, the SDN agent communicates with an SDN controller using OpenFlow, while holding direct communication with the optical line terminal (OLT) through the chipset manufacturer-specific application programming interface, eliminating the need for emulating SDN layers in hardware devices. The proposal was evaluated through experiments conducted on a White Box XGS-PON OLT using the Open Network Operating System. The results demonstrate that the proposal facilitates a real-time SDN configuration of various Internet services, successfully fulfilling different quality of service requirements. Due to its ease of deployment, low complexity, smooth learning curve, scalability, and flexibility in integrating services, the proposal has significant potential. As a result, it offers a rapid SDN solution for configuring and testing new functionalities with minimal programming changes required in specific layers of the developed SDN agent.

Delay-Sensitive Service Provisioning in Software-Defined Low-Earth-Orbit Satellite Networks

With the advancement of space technology and satellite communications, low-Earth-orbit (LEO) satellite networks have experienced rapid development in the past decade. In the vision of 6G, LEO satellite networks play an important role in future 6G networks. On the other hand, a variety of applications, including many delay-sensitive applications, are continuously emerging. Due to the highly dynamic nature of LEO satellite networks, supporting time-deterministic services in such networks is challenging. However, we can provide latency guarantees for most delay-sensitive applications through data plane traffic shaping and control plane routing optimization. This paper addresses the routing optimization problem for time-sensitive (TS) flows in software-defined low-Earth-orbit (LEO) satellite networks. We model the problem as an integer linear programming (ILP) model aiming to minimize path handovers and maximum link utilization while meeting TS flow latency constraints. Since this problem is NP-hard, we design an efficient longest continuous path (LCP) approximation algorithm. LCP selects the longest valid path in each topology snapshot that satisfies delay constraints. An auxiliary graph then determines the routing sequence with minimized handovers. We implement an LEO satellite network testbed with Open vSwitch (OVS) and an open-network operating system (ONOS) controller to evaluate LCP. The results show that LCP reduces the number of path handovers by up to 31.7% and keeps the maximum link utilization lowest for more than 75% of the time compared to benchmark algorithms. In summary, LCP achieves excellent path handover optimization and load balancing performance under TS flow latency constraints.

SDN/NFV-based framework for autonomous defense against slow-rate DDoS attacks by using reinforcement learning

The unforeseen and skyrocketed shift in the number of connections to the Internet during the last years has created vast and critical vulnerabilities in networks that cybercriminals have quickly seized to launch high-volume DDoS attacks. Existing tools, such as advanced firewalls or intrusion prevention systems (IPS), cannot handle such an elevated volume of attacks because these solutions are dependent on humans. Therefore, adaptation of the current network security solutions to automated ones is more significant than ever to foster the development of the zero-touch networks and service management (ZSM) paradigm. Building on our preliminary work in this field, in this study, we provide a software-defined networking (SDN)-based framework that automates the detection and mitigation of slow-rate DDoS attacks. The framework uses deep learning (DL) to detect attacks and reinforcement learning (RL) to mitigate them. Furthermore, a network function virtualization (NFV)-assisted moving target defense (MTD) mechanism is included to amplify the effectiveness and flexibility of the solution. The framework is tested on a simulated network using open-source tools, namely Open Network Operating System (ONOS), Containernet, Apache Web Server, and Docker. The source code of a prototype of the framework is shared, which can be used and improved by interested researchers. Finally, the experimental results demonstrate that RL agents learn optimal DDoS mitigation policies in different scenarios and that they quickly adapt to new conditions that vary in short periods of time.

Extensive performance analysis of OpenDayLight (ODL) and Open Network Operating System (ONOS) SDN controllers

The term Software Defined Network or SDN is one of the many emerging technologies that has been revolutionizing the concept of networking. By decoupling the Data and Control plane, it has lot to offer in the field of information technology. The Control Plane is regarded as the brain of the network, which is a centralized unit of SDN network along with the controller. Selection of SDN controller is one of the most important task in designing of SDN based Network. Through this paper, we intend to compare two eminent controllers: OpenDayLight and ONOS controllers, according to their efficacy. Mininet, which is meant for demonstrating the simulation of switching and end-devices, has been taken into account. Apart from this, we have used Wireshark Packet Analyser and iperf, which provides real-time traffic flow between Mininet and the Controller. Performance of the controller plays an important role in the network and answers question like how it is going to perform. There are the various factors that helps in evaluating the performance of SDN controller. After analysing, it has been found that ONOS has better performance, with respect to throughput, TCP Window Scaling, TCP/UDP Bandwidth, Burst Rate, Jitter, Goodput, TCP Stevens Graph, Round Trip Time (RTT), and its usability. This paper helps us to understand performance abilities between ONOS and ODL in medium-to-large scale SDN Networks.

Evaluation of the robustness of SDN controllers ONOS and ODL

Software-defined networking relies on a controller as its main element. Therefore, it is critical for the controller to present features that improve the overall network performance while ensuring continuity of service despite failures. OpenDayLight (ODL) and Open Network Operating System (ONOS) are two important open-source distributed controllers. The objective of this study is to evaluate how ODL and ONOS deal with different failure scenarios in both their data and control planes. In the data plane, the evaluation analyzes both link and switch failures and recovers, different flows in reactive and proactive modes. In the distributed control plane throughput and latency are considered when the number of switches and controllers increase, the time to synchronize the network operations among the controllers, the time for a master to recover from failure, and whether network operations are reinstalled after the failure of a master controller. Our evaluation shows that ONOS achieves better results than ODL in the data plane, and ODL surpasses ONOS in the experiments performed in the control plane.

A DDoS Vulnerability Analysis System against Distributed SDN Controllers in a Cloud Computing Environment

Software-Defined Networking (SDN) is now a well-established approach in 5G, Internet of Things (IoT) and Cloud Computing. The primary idea behind its immense popularity is the separation of its underlying intelligence from the data-carrying components like routers and switches. The intelligence of the SDN-based networks lies in the central point, popularly known as the SDN controller. It is the central control hub of the SDN-based network, which has full privileges and a global view over the entire network. Providing security to SDN controllers is one such important task. Whenever one wishes to implement SDN into their data center or network, they are required to provide the website to SDN controllers. Several attacks are becoming a hurdle in the exponential growth of SDN, and among all one such attack is a Distributed Denial of Service (DDoS) attack. In a couple of years, several new SDN controllers will be available. Among many, Open Networking Operating System (ONOS) and OpenDayLight (ODL) are two popular SDN controllers laying the foundation for many other controllers. These SDN controllers are now being used by numerous businesses, including Cisco, Juniper, IBM, Google, etc. In this paper, vulnerability analysis is carried out against DDoS attacks on the latest released versions of both ODL and ONOS SDN controllers in real-time cloud data centers. For this, we have considered distributed SDN controllers (located at different locations) on two different clouds (AWS and Azure). These controllers are connected through the Internet and work on different networks. DDoS attacks are bombarded on the distributed SDN controllers, and vulnerability is analyzed. It was observed with experimentation that, under five different scenarios (malicious traffic generated), ODL-3 node cluster controller had performed better than ONOS. In these five different scenarios, the amount of malicious traffic was incregradually increased. It also observed that, in terms of disk utilization, memory utilization, and CPU utilization, the ODL 3-node cluster was way ahead of the SDN controller.

Optical Network Management by ONOS-Based SDN Controller

The possibilities to manage the optical network with a logically centralized SDN control plane based on the Open Network Operating System (ONOS) are investigated. The structure of the controller and its main functional blocks are considered ensuring the collection of information about the state of network elements, the solution of the main control tasks, interaction of control systems built on different technological bases, are considered. The role and place of the open network operating system in the controller structure are shown, the description of the ONOS multilevel architecture in the form of a set of functional modules is given, the purpose and functions of the ONOS subsystems are analyzed, protocols and interfaces making it possible to present the SDN network as a model are described. The peculiarity of the model is that the managed network can be represented as a set of virtual network functions. Therefore, the control process becomes independent of which vendor's equipment was used to build the network, as well as whether the network is built on real physical elements or virtual ones. Using the ONOS allows you to build a logical centralized control plane in the SDN networks. The existing set of functional modules, services and interfaces in the ONOS allows you to perform optical network management tasks. For the further development of the ONOS, it is necessary to develop mathematical models and methods for the optimal solution of control problems in various operating conditions, which will become application-level software modules in the future.

P4-TINS: P4-Driven Traffic Isolation for Network Slicing With Bandwidth Guarantee and Management

Network slicing is an essential technology for 5G mobile networks. It partitions network resource logically into multiple isolated slices, each of which can satisfy a suite of network requirements for one specific service. However, it cannot be fulfilled by the current SDN (Software-Defined Networks), since the conventional SDN data-plane technology, OpenFlow, is not flexible enough to offer fine-grained network resource control or queue/packet scheduling. It leads to many research studies developing corresponding solutions on programmable switches. In this work, we focus on the support of the bandwidth guarantee and management for network slices. Although several studies with the similar goal have been proposed, they do not consider interference among different flow types or use the built-in meter for easy deployment on COTS (Commercial Off-The-Shelf) P4 switches. To this end, we first conduct a case study to examine the interference cases. We then propose a solution, designated as P4-TINS (P4-driven Traffic Isolation for Network Slicing), to resolve the interference by isolating different types of traffic flows in priority queues and set the P4 switch’s bucket size based on the time granularity of its bandwidth management operation. It cannot only ensure the guaranteed bandwidth for each slice but also enable coexistent slices to fairly share residual bandwidth. We have confirmed its effectiveness experimentally based on our prototype over an ONOS (Open Network Operating System) controller and a COTS P4 switch.

A Comparative Study of Software Defined Networking Controllers Using Mininet

Software Defined Networking (SDN) is a relatively new networking architecture that has become the most widely discussed networking technology in recent years and the latest development in the field of developing digital networks, which aims to break down the traditional connection in the middle of the control surface and the infrastructure surface. The goal of this separation is to make resources more manageable, secure, and controllable. As a result, many controllers such as Beacon, Floodlight, Ryu, OpenDayLight (ODL), Open Network Operating System (ONOS), NOX, as well as Pox, have been developed. The selection of the finest-fit controller has evolved into an application-specific tool operation due to the large range of SDN applications and controllers. This paper discusses SDN, a new paradigm of networking in which the architecture transitions from a completely distributed form to a more centralized form and evaluates and contrasts the effects of various SDN controllers on SDN. This report examines some SDN controllers or the network’s “brains,” shows how they differ from one another, and compares them to see which is best overall. The presentation of SDN controllers such as Ryu, ODL, and others is compared by utilizing the Mininet simulation environment. In this study, we offer a variety of controllers before introducing the tools used in the paper: Mininet. Then, we run an experiment to show how to use ODL to establish a custom network topology on a Mininet. The experimental results show that the O controller, with its larger bandwidth and reduced latency, outperforms other controllers in all topologies (both the default topology and a custom topology with ODL).

Implementation Aspects of Smart Grids Cyber-Security Cross-Layered Framework for Critical Infrastructure Operation

Communication networks in power systems are a major part of the smart grid paradigm. It enables and facilitates the automation of power grid operation as well as self-healing in contingencies. Such dependencies on communication networks, though, create a roam for cyber-threats. An adversary can launch an attack on the communication network, which in turn reflects on power grid operation. Attacks could be in the form of false data injection into system measurements, flooding the communication channels with unnecessary data, or intercepting messages. Using machine learning-based processing on data gathered from communication networks and the power grid is a promising solution for detecting cyber threats. In this paper, a co-simulation of cyber-security for cross-layer strategy is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection as well as identification of anomalies in the operation of the power grid. The framework is implemented on the IEEE 118-bus system. The system is constructed in Mininet to simulate a communication network and obtain data for analysis. A distributed three controller software-defined networking (SDN) framework is proposed that utilizes the Open Network Operating System (ONOS) cluster. According to the findings of our suggested architecture, it outperforms a single SDN controller framework by a factor of more than ten times the throughput. This provides for a higher flow of data throughout the network while decreasing congestion caused by a single controller’s processing restrictions. Furthermore, our CECD-AS approach outperforms state-of-the-art physics and machine learning-based techniques in terms of attack classification. The performance of the framework is investigated under various types of communication attacks.

A flexible SDN-based framework for slow-rate DDoS attack mitigation by using deep reinforcement learning

Distributed Denial-of-Service (DDoS) attacks are difficult to mitigate with existing defense tools. Fortunately, it has been demonstrated that Software-Defined Networking (SDN) with machine learning (ML) and deep learning (DL) techniques has a high potential to handle these threats effectively. However, although there are many SDN-based solutions for detecting DDoS attacks, only a few contain mitigation strategies. Additionally, most previous studies have focused on solving high-rate DDoS attacks. For the time being, recent slow-rate DDoS threats are hard to detect and mitigate. In this work, we propose a modular, flexible, and scalable SDN-based framework that integrates a DL-based intrusion detection system (IDS) and a deep reinforcement learning (DRL)-based intrusion prevention system (IPS) to address slow-rate DDoS threats. We incorporated scalability features into this framework, such as data-plane-based traffic monitoring and traffic flow sampling. Moreover, we have designed a lightweight DRL-based IPS to provide rapid mitigation responses. Furthermore, to evaluate the framework, we deployed a data center network using Mininet, Open Network Operating System (ONOS) controller, and Apache Web server. Next, we performed extensive experiments varying the number of attackers and the rate of attack connections. The proposed IDS achieved an average detection rate of 98%, with a flow sampling rate of 30%. In addition, IPS timely mitigated slow-rate DDoS with 100% of success for a few attackers. Taken together, these results show that the proposed framework provides effective responses to malicious and legitimate connections.

TSSM: Time-Sharing Switch Migration to Balance Loads of Distributed SDN Controllers

Software-defined networking (SDN) makes network management easier by using a controller to govern all switches, but the controller may become a performance bottleneck. Distributed SDN control is a promising solution, which lets multiple controllers divide the work, where each controller manages a part of the network. Switch migration is one common means to the load balance of controllers, which transfers some switches to different subnets based on the workloads of their controllers. The paper proposes a time-sharing switch migration (TSSM) scheme to provide more refined load sharing for controllers, which allows two controllers to share a switch’s load sequentially in the same period. When a controller is overloaded, TSSM finds assistant controllers to share its workload by selecting proper switches for migration and also deciding the time to perform migration. In this way, the workload of each controller can be kept below a given threshold. We implement the TSSM scheme on the open network operating system (ONOS) to attest to its feasibility. Experimental results show that TSSM can reduce 98% of the occurrences of overload for controllers as compared with the original OpenFlow method. Moreover, TSSM can save about 78% of the migration cost than the churn-triggered migration method.

Design and Implementation of SDN IP Based on Open Network Operating System and Border Gateway Protocol

The development of computer network technology in the form of Software Defined Networking (SDN), provides many facilities for users to be able to develop network control applications, which can separate the data plane function from the control plane. The existence of this separation on routers and switches makes it easy for developers to centrally develop software and devices according to what is needed by users. However, there were obstacles to implementing SDN on IP networks in a short time. For this reason, it is necessary to implement SDN in stages by adding SDN to the existing IP network in the form of SDN IP, so that SDN can be connected and exchange routing information autonomously. This study focuses on the design and implementation of SDN IP using the Open Network Operating System (ONOS) on the Border Gateway Protocol (BGP). The results show that the design and implementation of SDN IP based on ONOS and BGP can be done well, where SDN can connect and exchange routing information with the Autonomous System (AS) native BGP-based network.
 
 Key word(s):
 Autonomous System (AS)
 Border Gateway Protocol (BGP)
 Open Network Operating System (ONOS)
 Software-Defined Networking (SDN)
 SDN IP

SDN Based Management Platform for Intranet Services

Telecom operators experience difficulties in applications such as virtual local area network (VLAN) management, bandwidth management and access management while providing intranet services in traditional networks. In this study, open network operating system (ONOS) based software defined network (SDN) platform is developed for intranet services in order to address these problems. The developed platform has been integrated onto an existing network and a new topology has been created. In this proposed topology, intranet network elements are connected to the new generation SDN switches instead of the legacy switches. The proposed solution has been tested on a live network. According to test results where the proposed SDN platform is compared with the traditional intranet network in a live network scenario under varying traffic load, the SDN based platform achieved very successful results in terms of latency, jitter, packet loss and flow setup times. Overall, the proposed SDN platform provides a good alternative to traditional solutions in large scale intranet networks, minimizing the workload spent by the operators in controlling the network, while achieving cost savings and eliminating vendor dependency.

Opening up ROADMs: streaming telemetry [Invited

We present an implementation of streaming telemetry of optical metrics within open hardware reconfigurable add/drop multiplexers (ROADMs). Our key achievements are sub-second updates of high-resolution spectrum scans, and we demonstrate a sustained telemetry stream of the full C-band with a sub-GHz resolution. The telemetry streaming is implemented over a standard, Internet Engineering Task Force (IETF)-defined protocol (YANG Push) in collaboration with an open-source YANG software stack and device-specific code. As the telemetry collector, we used a common time series database (TSDB) along with a visualization dashboard. We also extended the Open Network Operating System (ONOS) software-defined network (SDN) controller to act as a telemetry receiver.

ARES: A Framework for Management of Aging and Rejuvenation in Softwarized Networks

The recent trend of network softwarization suggests a radical shift in the implementation of traditional network intelligence. In Software Defined Networking (SDN), for instance, the control plane functions of forwarding devices are outsourced to the controller. Softwarized network components are expected to provide uninterrupted service during long periods of time, which makes them prone to the effects of <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">software aging</i> , a phenomena that has been observed in operational software systems where the failure rate increases or the performance of the software degrades with the elapsed time since the last restart. The effects of software aging in operational networks are typically mitigated by <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">software rejuvenation</i> , i.e., planned restarts cleaning the internal system state in order to prevent or postpone aging-related failures. This article presents <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ARES</i> , a three-step methodological framework for the management of the effects of software aging in softwarized networks, applied to the case study of open source SDN orchestration platforms. Using ARES, we demonstrate that software aging is a systematic problem that cannot be neglected in network orchestration systems. It stems not only from aging-related bugs and natural aging due to fragmentation, but also from design choices, e.g., when implementing distributed systems. Measurements for Open Network Operating System (ONOS) and OpenDaylight (ODL) demonstrate how “simple” and common networking tasks let network performance degrade rapidly and even lead to crashes: for instance, adding and removing 300 intents per second in ONOS significantly increases the response time by 50% per day and depletes the memory at the rate of 18GB per day. Moreover, we demonstrate a first rejuvenation approach that can mitigate the effects of aging in ONOS.

A Research on Integrated Space-Ground Information Network Simulation Platform Based on SDN

With the development of society, ground communication technologies are hard to meet the demands of communicating at anytime and from anywhere. As a result, the integrated space-ground information network, which connects the satellites with ground stations to provide seamless and efficient global communications, is becoming one of the most important and potential networks for future communications. In the integrated space-ground information network, satellite network is a crucial part, in which problems caused by the dynamics are eager to be solved. To investigate those problems, this paper proposed an integrated space-ground information network simulation platform with STK(Satellite Tool Kit), Mininet and ONOS(Open Network Operating System) to simulate SDN(Software Defined Network) enabled networking devices. We designed a 3-layer(GEO/MEO/LEO) Walker constellation, a topology construction algorithm depending on available times of ISLs(inter-satellite links) and a routing algorithm considering both the processing delay and transmission delay. The simulation results show that the proposed topology construction algorithm could provide a relatively stable topology and reduce the computational resource consumption and the routing algorithm could control the delay of path to improve the quality of service. Indeed, the platform can support the simulation of integrated space-ground network with a good performance in solving problems caused by the dynamics of the satellite network.