-
Secure and Efficient Group Handover Protocol in 5G Non-Terrestrial Networks
Authors:
Bohan Zhang,
Peng Hu,
Ahmad Akbari Azirani,
Mohammad A. Salahuddin,
Diogo Barradas,
Noura Limam,
Raouf Boutaba
Abstract:
The growing low-Earth orbit (LEO) satellite constellations have become an essential part of the fifth-generation (5G) non-terrestrial network (NTN) market. These satellites can enable direct-to-cell connectivity for mobile devices and support various applications with ubiquitous coverage for 5G and beyond networks. However, satellite-based NTNs bring several challenges to the 5G handover protocol…
▽ More
The growing low-Earth orbit (LEO) satellite constellations have become an essential part of the fifth-generation (5G) non-terrestrial network (NTN) market. These satellites can enable direct-to-cell connectivity for mobile devices and support various applications with ubiquitous coverage for 5G and beyond networks. However, satellite-based NTNs bring several challenges to the 5G handover protocol design. The high mobility of satellites can lead to signaling storms and security compromises during handovers. This paper addresses these challenges by proposing a secure and efficient group handover protocol. The protocol's effectiveness is evaluated on a custom discrete-event simulator and compared against the baseline 5G handover scheme. The simulator is made publicly available.
△ Less
Submitted 20 March, 2024;
originally announced March 2024.
-
Online Algorithms with Uncertainty-Quantified Predictions
Authors:
Bo Sun,
Jerry Huang,
Nicolas Christianson,
Mohammad Hajiesmaili,
Adam Wierman,
Raouf Boutaba
Abstract:
The burgeoning field of algorithms with predictions studies the problem of using possibly imperfect machine learning predictions to improve online algorithm performance. While nearly all existing algorithms in this framework make no assumptions on prediction quality, a number of methods providing uncertainty quantification (UQ) on machine learning models have been developed in recent years, which…
▽ More
The burgeoning field of algorithms with predictions studies the problem of using possibly imperfect machine learning predictions to improve online algorithm performance. While nearly all existing algorithms in this framework make no assumptions on prediction quality, a number of methods providing uncertainty quantification (UQ) on machine learning models have been developed in recent years, which could enable additional information about prediction quality at decision time. In this work, we investigate the problem of optimally utilizing uncertainty-quantified predictions in the design of online algorithms. In particular, we study two classic online problems, ski rental and online search, where the decision-maker is provided predictions augmented with UQ describing the likelihood of the ground truth falling within a particular range of values. We demonstrate that non-trivial modifications to algorithm design are needed to fully leverage the UQ predictions. Moreover, we consider how to utilize more general forms of UQ, proposing an online learning framework that learns to exploit UQ to make decisions in multi-instance settings.
△ Less
Submitted 3 June, 2024; v1 submitted 17 October, 2023;
originally announced October 2023.
-
Threshold Policies with Tight Guarantees for Online Selection with Convex Costs
Authors:
Xiaoqi Tan,
Siyuan Yu,
Raouf Boutaba,
Alberto Leon-Garcia
Abstract:
This paper provides threshold policies with tight guarantees for online selection with convex cost (OSCC). In OSCC, a seller wants to sell some asset to a sequence of buyers with the goal of maximizing her profit. The seller can produce additional units of the asset, but at non-decreasing marginal costs. At each time, a buyer arrives and offers a price. The seller must make an immediate and irrevo…
▽ More
This paper provides threshold policies with tight guarantees for online selection with convex cost (OSCC). In OSCC, a seller wants to sell some asset to a sequence of buyers with the goal of maximizing her profit. The seller can produce additional units of the asset, but at non-decreasing marginal costs. At each time, a buyer arrives and offers a price. The seller must make an immediate and irrevocable decision in terms of whether to accept the offer and produce/sell one unit of the asset to this buyer. The goal is to develop an online algorithm that selects a subset of buyers to maximize the seller's profit, namely, the total selling revenue minus the total production cost. Our main result is the development of a class of simple threshold policies that are logistically simple and easy to implement, but have provable optimality guarantees among all deterministic algorithms. We also derive a lower bound on competitive ratios of randomized algorithms and prove that the competitive ratio of our threshold policy asymptotically converges to this lower bound when the total production output is sufficiently large. Our results generalize and unify various online search, pricing, and auction problems, and provide a new perspective on the impact of non-decreasing marginal costs on real-world online resource allocation problems.
△ Less
Submitted 23 January, 2024; v1 submitted 9 October, 2023;
originally announced October 2023.
-
AutoML4ETC: Automated Neural Architecture Search for Real-World Encrypted Traffic Classification
Authors:
Navid Malekghaini,
Elham Akbari,
Mohammad A. Salahuddin,
Noura Limam,
Raouf Boutaba,
Bertrand Mathieu,
Stephanie Moteau,
Stephane Tuffin
Abstract:
Deep learning (DL) has been successfully applied to encrypted network traffic classification in experimental settings. However, in production use, it has been shown that a DL classifier's performance inevitably decays over time. Re-training the model on newer datasets has been shown to only partially improve its performance. Manually re-tuning the model architecture to meet the performance expecta…
▽ More
Deep learning (DL) has been successfully applied to encrypted network traffic classification in experimental settings. However, in production use, it has been shown that a DL classifier's performance inevitably decays over time. Re-training the model on newer datasets has been shown to only partially improve its performance. Manually re-tuning the model architecture to meet the performance expectations on newer datasets is time-consuming and requires domain expertise. We propose AutoML4ETC, a novel tool to automatically design efficient and high-performing neural architectures for encrypted traffic classification. We define a novel, powerful search space tailored specifically for the early classification of encrypted traffic using packet header bytes. We show that with different search strategies over our search space, AutoML4ETC generates neural architectures that outperform the state-of-the-art encrypted traffic classifiers on several datasets, including public benchmark datasets and real-world TLS and QUIC traffic collected from the Orange mobile network. In addition to being more accurate, AutoML4ETC's architectures are significantly more efficient and lighter in terms of the number of parameters. Finally, we make AutoML4ETC publicly available for future research.
△ Less
Submitted 13 October, 2023; v1 submitted 4 August, 2023;
originally announced August 2023.
-
Generalizable Resource Scaling of 5G Slices using Constrained Reinforcement Learning
Authors:
Muhammad Sulaiman,
Mahdieh Ahmadi,
Mohammad A. Salahuddin,
Raouf Boutaba,
Aladdin Saleh
Abstract:
Network slicing is a key enabler for 5G to support various applications. Slices requested by service providers (SPs) have heterogeneous quality of service (QoS) requirements, such as latency, throughput, and jitter. It is imperative that the 5G infrastructure provider (InP) allocates the right amount of resources depending on the slice's traffic, such that the specified QoS levels are maintained d…
▽ More
Network slicing is a key enabler for 5G to support various applications. Slices requested by service providers (SPs) have heterogeneous quality of service (QoS) requirements, such as latency, throughput, and jitter. It is imperative that the 5G infrastructure provider (InP) allocates the right amount of resources depending on the slice's traffic, such that the specified QoS levels are maintained during the slice's lifetime while maximizing resource efficiency. However, there is a non-trivial relationship between the QoS and resource allocation. In this paper, this relationship is learned using a regression-based model. We also leverage a risk-constrained reinforcement learning agent that is trained offline using this model and domain randomization for dynamically scaling slice resources while maintaining the desired QoS level. Our novel approach reduces the effects of network modeling errors since it is model-free and does not require QoS metrics to be mathematically formulated in terms of traffic. In addition, it provides robustness against uncertain network conditions, generalizes to different real-world traffic patterns, and caters to various QoS metrics. The results show that the state-of-the-art approaches can lead to QoS degradation as high as 44.5% when tested on previously unseen traffic. On the other hand, our approach maintains the QoS degradation below a preset 10% threshold on such traffic, while minimizing the allocated resources. Additionally, we demonstrate that the proposed approach is robust against varying network conditions and inaccurate traffic predictions.
△ Less
Submitted 15 June, 2023;
originally announced June 2023.
-
MonArch: Network Slice Monitoring Architecture for Cloud Native 5G Deployments
Authors:
Niloy Saha,
Nashid Shahriar,
Raouf Boutaba,
Aladdin Saleh
Abstract:
Automated decision making algorithms are expected to play a key role in management and orchestration of network slices in 5G and beyond networks. State-of-the-art algorithms for automated orchestration and management tend to rely on data-driven methods which require a timely and accurate view of the network. Accurately monitoring an end-to-end (E2E) network slice requires a scalable monitoring arc…
▽ More
Automated decision making algorithms are expected to play a key role in management and orchestration of network slices in 5G and beyond networks. State-of-the-art algorithms for automated orchestration and management tend to rely on data-driven methods which require a timely and accurate view of the network. Accurately monitoring an end-to-end (E2E) network slice requires a scalable monitoring architecture that facilitates collection and correlation of data from various network segments comprising the slice. The state-of-the-art on 5G monitoring mostly focuses on scalability, falling short in providing explicit support for network slicing and computing network slice key performance indicators (KPIs). To fill this gap, in this paper, we present MonArch, a scalable monitoring architecture for 5G, which focuses on network slice monitoring, slice KPI computation, and an application programming interface (API) for specifying slice monitoring requests. We validate the proposed architecture by implementing MonArch on a 5G testbed, and demonstrate its capability to compute a network slice KPI (e.g., slice throughput). Our evaluations show that MonArch does not significantly increase data ingestion time when scaling the number of slices and that a 5-second monitoring interval offers a good balance between monitoring overhead and accuracy.
△ Less
Submitted 1 June, 2023;
originally announced June 2023.
-
Constellation: A High Performance Geo-Distributed Middlebox Framework
Authors:
Milad Ghaznavi,
Ali Jose Mashtizadeh,
Bernard Wong,
Raouf Boutaba
Abstract:
Middleboxes are increasingly deployed across geographically distributed data centers. In these scenarios, the WAN latency between different sites can significantly impact the performance of stateful middleboxes. The deployment of middleboxes across such infrastructures can even become impractical due to the high cost of remote state accesses.
We introduce Constellation, a framework for the geo d…
▽ More
Middleboxes are increasingly deployed across geographically distributed data centers. In these scenarios, the WAN latency between different sites can significantly impact the performance of stateful middleboxes. The deployment of middleboxes across such infrastructures can even become impractical due to the high cost of remote state accesses.
We introduce Constellation, a framework for the geo distributed deployment of middleboxes. Constellation uses asynchronous replication of specialized state objects to achieve high performance and scalability. The evaluation of our implementation shows that, compared with the state-of-the-art [80], Constellation improves the throughput by a factor of 96 in wide area networks.
△ Less
Submitted 11 March, 2020;
originally announced March 2020.
-
Vehicle Scheduling Problem
Authors:
Mirmojtaba Gharibi,
Steven L. Waslander,
Raouf Boutaba
Abstract:
We define a new problem called the Vehicle Scheduling Problem (VSP). The goal is to minimize an objective function, such as the number of tardy vehicles over a transportation network subject to maintaining safety distances, meeting hard deadlines, and maintaining speeds on each link between the allowed minimums and maximums. We prove VSP is an NP-hard problem for multiple objective functions that…
▽ More
We define a new problem called the Vehicle Scheduling Problem (VSP). The goal is to minimize an objective function, such as the number of tardy vehicles over a transportation network subject to maintaining safety distances, meeting hard deadlines, and maintaining speeds on each link between the allowed minimums and maximums. We prove VSP is an NP-hard problem for multiple objective functions that are commonly used in the context of job shop scheduling. With the number of tardy vehicles as the objective function, we formulate VSP in terms of a Mixed Integer Linear Programming (MIP) and design a heuristic algorithm. We analyze the complexity of our algorithm and compare the quality of the solutions to the optimal solution for the MIP formulation in the small cases. Our main motivation for defining VSP is the upcoming integration of Unmanned Aerial Vehicles (UAVs) into the airspace for which this novel scheduling framework is of paramount importance.
△ Less
Submitted 25 January, 2020;
originally announced January 2020.
-
Fault Tolerance for Service Function Chains
Authors:
Milad Ghaznavi,
Elaheh Jalalpour,
Bernard Wong,
Raouf Boutaba,
Ali Jose Mashtizadeh
Abstract:
Enterprise network traffic typically traverses a sequence of middleboxes forming a service function chain, or simply a chain. Tolerating failures when they occur along chains is imperative to the availability and reliability of enterprise applications. Making a chain fault-tolerant is challenging since, in the event of failures, the state of faulty middleboxes must be correctly and quickly recover…
▽ More
Enterprise network traffic typically traverses a sequence of middleboxes forming a service function chain, or simply a chain. Tolerating failures when they occur along chains is imperative to the availability and reliability of enterprise applications. Making a chain fault-tolerant is challenging since, in the event of failures, the state of faulty middleboxes must be correctly and quickly recovered while providing high throughput and low latency.
In this paper, we introduce FTC, novel system design and protocol for fault-tolerant service function chaining. FTC provides strong consistency with up to f middlebox failures for chains of length f+1 or longer without requiring dedicated replica nodes. In FTC, state updates caused by packet processing at a middlebox are collected, piggybacked into the packet, and sent along the chain to be replicated. The evaluation of our FTC implementation shows that compared with the state of art [46], FTC improves throughput by 2-3.5x for a chain of two to five middleboxes.
△ Less
Submitted 25 February, 2020; v1 submitted 10 January, 2020;
originally announced January 2020.
-
3D traffic flow model for UAVs
Authors:
Mirmojtaba Gharibi,
Raouf Boutaba,
Steven L. Waslander
Abstract:
In this work, we introduce a microscopic traffic flow model called Scalar Capacity Model (SCM) which can be used to study the formation of traffic on an airway link for autonomous Unmanned Aerial Vehicles (UAV) as well as for the ground vehicles on the road. Given the 3D nature of UAV flights, the main novelty in our model is to eliminate the commonly used notion of lanes and replace it with a not…
▽ More
In this work, we introduce a microscopic traffic flow model called Scalar Capacity Model (SCM) which can be used to study the formation of traffic on an airway link for autonomous Unmanned Aerial Vehicles (UAV) as well as for the ground vehicles on the road. Given the 3D nature of UAV flights, the main novelty in our model is to eliminate the commonly used notion of lanes and replace it with a notion of density and capacity of flow, but in such a way that individual vehicle motions can still be modeled. We name this a Density/Capacity View (DCV) of the link capacity and how vehicles utilize it versus the traditional One/Multi-Lane View (OMV). An interesting feature of this model is exhibiting both passing and blocking regimes (analogous to multi-lane or single-lane) depending on the set scalar parameter for capacity. We show the model has linear local (platoon) and string stability. Also, we perform numerical simulations and show evidence for non-linear stability. Our traffic flow model is represented by a nonlinear differential equation which we transform into a linear form. This makes our model analytically solvable in the blocking regime and piece-wise analytically solvable in the passing regime.
△ Less
Submitted 10 September, 2019;
originally announced September 2019.
-
Reliable Slicing of 5G Transport Networks with Dedicated Protection
Authors:
Nashid Shahriar,
Sepehr Taeb,
Shihabur Rahman Chowdhury,
Mubeen Zulfiqar,
Massimo Tornatore,
Raouf Boutaba,
Jeebak Mitra,
Mahdi Hemmati
Abstract:
In 5G networks, slicing allows partitioning of network resources to meet stringent end-to-end service requirements across multiple network segments, from access to transport. These requirements are sha** technical evolution in each of these segments. In particular, the transport segment is currently evolving in the direction of the so-called elastic optical networks (EONs), a new generation of o…
▽ More
In 5G networks, slicing allows partitioning of network resources to meet stringent end-to-end service requirements across multiple network segments, from access to transport. These requirements are sha** technical evolution in each of these segments. In particular, the transport segment is currently evolving in the direction of the so-called elastic optical networks (EONs), a new generation of optical networks supporting a flexible optical-spectrum grid and novel elastic transponder capabilities. In this paper, we focus on the reliability of 5G transport-network slices in EON. Specifically, we consider the problem of slicing 5G transport networks, i.e., establishing virtual networks on 5G transport, while providing dedicated protection. As dedicated protection requires large amount of backup resources, our proposed solution incorporates two techniques to reduce backup resources: (i) bandwidth squeezing, i.e., providing a reduced protection bandwidth with respect to the original request; and (ii) survivable multi-path provisioning. We leverage the capability of EONs to fine tune spectrum allocation and adapt modulation format and Forward Error Correction (FEC) for allocating rightsize spectrum resources to network slices. Our numerical evaluation over realistic case-study network topologies quantifies the spectrum savings achieved by employing EON over traditional fixed-grid optical networks, and provides new insights on the impact of bandwidth squeezing and multi-path provisioning on spectrum utilization.
△ Less
Submitted 24 June, 2019;
originally announced June 2019.
-
A Graph-Based Machine Learning Approach for Bot Detection
Authors:
Abbas Abou Daya,
Mohammad A. Salahuddin,
Noura Limam,
Raouf Boutaba
Abstract:
Bot detection using machine learning (ML), with network flow-level features, has been extensively studied in the literature. However, existing flow-based approaches typically incur a high computational overhead and do not completely capture the network communication patterns, which can expose additional aspects of malicious hosts. Recently, bot detection systems which leverage communication graph…
▽ More
Bot detection using machine learning (ML), with network flow-level features, has been extensively studied in the literature. However, existing flow-based approaches typically incur a high computational overhead and do not completely capture the network communication patterns, which can expose additional aspects of malicious hosts. Recently, bot detection systems which leverage communication graph analysis using ML have gained attention to overcome these limitations. A graph-based approach is rather intuitive, as graphs are true representations of network communications. In this paper, we propose a two-phased, graph-based bot detection system which leverages both unsupervised and supervised ML. The first phase prunes presumable benign hosts, while the second phase achieves bot detection with high precision. Our system detects multiple types of bots and is robust to zero-day attacks. It also accommodates different network topologies and is suitable for large-scale data.
△ Less
Submitted 22 February, 2019;
originally announced February 2019.
-
NeuRoute: Predictive Dynamic Routing for Software-Defined Networks
Authors:
Abdelhadi Azzouni,
Raouf Boutaba,
Guy Pujolle
Abstract:
This paper introduces NeuRoute, a dynamic routing framework for Software Defined Networks (SDN) entirely based on machine learning, specifically, Neural Networks. Current SDN/OpenFlow controllers use a default routing based on Dijkstra algorithm for shortest paths, and provide APIs to develop custom routing applications. NeuRoute is a controller-agnostic dynamic routing framework that (i) predicts…
▽ More
This paper introduces NeuRoute, a dynamic routing framework for Software Defined Networks (SDN) entirely based on machine learning, specifically, Neural Networks. Current SDN/OpenFlow controllers use a default routing based on Dijkstra algorithm for shortest paths, and provide APIs to develop custom routing applications. NeuRoute is a controller-agnostic dynamic routing framework that (i) predicts traffic matrix in real time, (ii) uses a neural network to learn traffic characteristics and (iii) generates forwarding rules accordingly to optimize the network throughput. NeuRoute achieves the same results as the most efficient dynamic routing heuristic but in much less execution time.
△ Less
Submitted 18 September, 2017;
originally announced September 2017.
-
sOFTDP: Secure and Efficient Topology Discovery Protocol for SDN
Authors:
Abdelhadi Azzouni,
Raouf Boutaba,
Nguyen Thi Mai Trang,
Guy Pujolle
Abstract:
Topology discovery is one of the most critical tasks of Software-Defined Network (SDN) controllers. Current SDN controllers use the OpenFlow Discovery Protocol (OFDP) as the de-facto protocol for discovering the underlying network topology. In a previous work, we have shown the functional, performance and security limitations of OFDP. In this paper, we introduce and detail a novel protocol called…
▽ More
Topology discovery is one of the most critical tasks of Software-Defined Network (SDN) controllers. Current SDN controllers use the OpenFlow Discovery Protocol (OFDP) as the de-facto protocol for discovering the underlying network topology. In a previous work, we have shown the functional, performance and security limitations of OFDP. In this paper, we introduce and detail a novel protocol called secure and efficient OpenFlow Discovery Protocol sOTDP. sOFTDP requires minimal changes to OpenFlow switch design, eliminates major vulnerabilities in the topology discovery process and improves its performance. We have implemented sOFTDP as a topology discovery module in Floodlight for evaluation. The results show that our implementation is more secure than OFDP and previous security workarounds. Also, sOFTDP reduces the topology discovery time several orders of magnitude compared to the original OFDP and existing OFDP improvements.
△ Less
Submitted 15 May, 2017; v1 submitted 12 May, 2017;
originally announced May 2017.
-
Limitations of OpenFlow Topology Discovery Protocol
Authors:
Abdelhadi Azzouni,
Nguyen Thi Mai Trang,
Raouf Boutaba,
Guy Pujolle
Abstract:
OpenFlow Discovery Protocol (OFDP) is the de-facto protocol used by OpenFlow controllers to discover the underlying topology. In this paper, we show that OFDP has some serious security, efficiency and functionality limitations that make it non suitable for production deployments. Instead, we briefly introduce sOFTD, a new discovery protocol with a built-in security characteristics and which is mor…
▽ More
OpenFlow Discovery Protocol (OFDP) is the de-facto protocol used by OpenFlow controllers to discover the underlying topology. In this paper, we show that OFDP has some serious security, efficiency and functionality limitations that make it non suitable for production deployments. Instead, we briefly introduce sOFTD, a new discovery protocol with a built-in security characteristics and which is more efficient than traditional OFDP.
△ Less
Submitted 12 May, 2017; v1 submitted 1 May, 2017;
originally announced May 2017.
-
Fingerprinting OpenFlow controllers: The first step to attack an SDN control plane
Authors:
Abdelhadi Azzouni,
Othmen Braham,
Nguyen Thi Mai Trang,
Guy Pujolle,
Raouf Boutaba
Abstract:
Software-Defined Networking (SDN) controllers are considered as Network Operating Systems (NOSs) and often viewed as a single point of failure. Detecting which SDN controller is managing a target network is a big step for an attacker to launch specific/effective attacks against it. In this paper, we demonstrate the feasibility of fingerpirinting SDN controllers. We propose techniques allowing an a…
▽ More
Software-Defined Networking (SDN) controllers are considered as Network Operating Systems (NOSs) and often viewed as a single point of failure. Detecting which SDN controller is managing a target network is a big step for an attacker to launch specific/effective attacks against it. In this paper, we demonstrate the feasibility of fingerpirinting SDN controllers. We propose techniques allowing an attacker placed in the data plane, which is supposed to be physically separate from the control plane, to detect which controller is managing the network. To the best of our knowledge, this is the first work on fingerprinting SDN controllers, with as primary goal to emphasize the necessity to highly secure the controller. We focus on OpenFlow-based SDN networks since OpenFlow is currently the most deployed SDN technology by hardware and software vendors.
△ Less
Submitted 1 May, 2017; v1 submitted 7 November, 2016;
originally announced November 2016.
-
Perspectives on Software-Defined Networks: interviews with five leading scientists from the networking community
Authors:
Daniel M Batista,
Gordon Blair,
Fabio Kon,
Raouf Boutaba,
David Hutchison,
Raj Jain,
Ramachandran Ramjee,
Christian E Rothenberg
Abstract:
Software defined Networks (SDNs) have drawn much attention both from academia and industry over the last few years. Despite the fact that underlying ideas already exist through areas such as P2P applications and active networks (e.g. virtual topologies and dynamic changes of the network via software), only now has the technology evolved to a point where it is possible to scale the implementations,…
▽ More
Software defined Networks (SDNs) have drawn much attention both from academia and industry over the last few years. Despite the fact that underlying ideas already exist through areas such as P2P applications and active networks (e.g. virtual topologies and dynamic changes of the network via software), only now has the technology evolved to a point where it is possible to scale the implementations, which justifies the high interest in SDNs nowadays. In this article, the JISA Editors invite five leading scientists from three continents (Raouf Boutaba, David Hutchison, Raj Jain, Ramachandran Ramjee, and Christian Esteve Rothenberg) to give their opinions about what is really new in SDNs. The interviews cover whether big telecom and data center companies need to consider using SDNs, if the new paradigm is changing the way computer networks are understood and taught, and what are the open issues on the topic.
△ Less
Submitted 28 March, 2016;
originally announced March 2016.
-
Internet of Drones
Authors:
Mirmojtaba Gharibi,
Raouf Boutaba,
Steven L. Waslander
Abstract:
The Internet of Drones (IoD) is a layered network control architecture designed mainly for coordinating the access of unmanned aerial vehicles to controlled airspace, and providing navigation services between locations referred to as nodes. The IoD provides generic services for various drone applications such as package delivery, traffic surveillance, search and rescue and more. In this paper, we…
▽ More
The Internet of Drones (IoD) is a layered network control architecture designed mainly for coordinating the access of unmanned aerial vehicles to controlled airspace, and providing navigation services between locations referred to as nodes. The IoD provides generic services for various drone applications such as package delivery, traffic surveillance, search and rescue and more. In this paper, we present a conceptual model of how such an architecture can be organized and we specify the features that an IoD system based on our architecture should implement. For doing so, we extract key concepts from three existing large scale networks, namely the air traffic control network, the cellular network, and the Internet and explore their connections to our novel architecture for drone traffic management.
△ Less
Submitted 1 February, 2016; v1 submitted 6 January, 2016;
originally announced January 2016.
-
Service Function Chaining Simplified
Authors:
Milad Ghaznavi,
Nashid Shahriar,
Reaz Ahmed,
Raouf Boutaba
Abstract:
Middleboxes have become a vital part of modern networks by providing service functions such as content filtering, load balancing and optimization of network traffic. An ordered sequence of middleboxes composing a logical service is called service chain. Service Function Chaining (SFC) enables us to define these service chains. Recent optimization models of SFCs assume that the functionality of a m…
▽ More
Middleboxes have become a vital part of modern networks by providing service functions such as content filtering, load balancing and optimization of network traffic. An ordered sequence of middleboxes composing a logical service is called service chain. Service Function Chaining (SFC) enables us to define these service chains. Recent optimization models of SFCs assume that the functionality of a middlebox is provided by a single software appliance, commonly known as Virtual Network Function (VNF). This assumption limits SFCs to the throughput of an individual VNF and resources of a physical machine hosting the VNF instance. Moreover, typical service providers offer VNFs with heterogeneous throughput and resource configurations. Thus, deploying a service chain with custom throughput can become a tedious process of stitching heterogeneous VNF instances. In this paper, we describe how we can overcome these limitations without worrying about underlying VNF configurations and resource constraints. This prospect is achieved by distributed deploying multiple VNF instances providing the functionality of a middlebox and modeling the optimal deployment of a service chain as a mixed integer programming problem. The proposed model optimizes host and bandwidth resources allocation, and determines the optimal placement of VNF instances, while balancing workload and routing traffic among these VNF instances. We show that this problem is NP-Hard and propose a heuristic solution called Kariz. Kariz utilizes a tuning parameter to control the trade-off between speed and accuracy of the solution. Finally, our solution is evaluated using simulations in data-center networks.
△ Less
Submitted 5 January, 2016;
originally announced January 2016.
-
A Path Generation Approach to Embedding of Virtual Networks
Authors:
Rashid Mijumbi,
Joan Serrat,
Juan-Luis Gorricho,
Raouf Boutaba
Abstract:
As the virtualization of networks continues to attract attention from both industry and academia, the Virtual Network Embedding (VNE) problem remains a focus of researchers. This paper proposes a one-shot, unsplittable flow VNE solution based on column generation. We start by formulating the problem as a path-based mathematical program called the primal, for which we derive the corresponding dual…
▽ More
As the virtualization of networks continues to attract attention from both industry and academia, the Virtual Network Embedding (VNE) problem remains a focus of researchers. This paper proposes a one-shot, unsplittable flow VNE solution based on column generation. We start by formulating the problem as a path-based mathematical program called the primal, for which we derive the corresponding dual problem. We then propose an initial solution which is used, first, by the dual problem and then by the primal problem to obtain a final solution. Unlike most approaches, our focus is not only on embedding accuracy but also on the scalability of the solution. In particular, the one-shot nature of our formulation ensures embedding accuracy, while the use of column generation is aimed at enhancing the computation time to make the approach more scalable. In order to assess the performance of the proposed solution, we compare it against four state of the art approaches as well as the optimal link-based formulation of the one-shot embedding problem. Experiments on a large mix of Virtual Network (VN) requests show that our solution is near optimal (achieving about 95% of the acceptance ratio of the optimal solution), with a clear improvement over existing approaches in terms of VN acceptance ratio and average Substrate Network (SN) resource utilization, and a considerable improvement (92% for a SN of 50 nodes) in time complexity compared to the optimal solution.
△ Less
Submitted 25 September, 2015;
originally announced September 2015.
-
Network Function Virtualization: State-of-the-art and Research Challenges
Authors:
Rashid Mijumbi,
Joan Serrat,
Juan Luis Gorricho,
Niels Bouten,
Filip De Turck,
Raouf Boutaba
Abstract:
Network Function Virtualization (NFV) has drawn significant attention from both industry and academia as an important shift in telecommunication service provisioning. By decoupling Network Functions (NFs) from the physical devices on which they run, NFV has the potential to lead to significant reductions in Operating Expenses (OPEX) and Capital Expenses (CAPEX) and facilitate the deployment of new…
▽ More
Network Function Virtualization (NFV) has drawn significant attention from both industry and academia as an important shift in telecommunication service provisioning. By decoupling Network Functions (NFs) from the physical devices on which they run, NFV has the potential to lead to significant reductions in Operating Expenses (OPEX) and Capital Expenses (CAPEX) and facilitate the deployment of new services with increased agility and faster time-to-value. The NFV paradigm is still in its infancy and there is a large spectrum of opportunities for the research community to develop new architectures, systems and applications, and to evaluate alternatives and trade-offs in develo** technologies for its successful deployment. In this paper, after discussing NFV and its relationship with complementary fields of Software Defined Networking (SDN) and cloud computing, we survey the state-of-the-art in NFV, and identify promising research directions in this area. We also overview key NFV projects, standardization efforts, early implementations, use cases and commercial products.
△ Less
Submitted 25 September, 2015;
originally announced September 2015.
-
On Orchestrating Virtual Network Functions in NFV
Authors:
Md. Faizul Bari,
Shihabur Rahman Chowdhury,
Reaz Ahmed,
Raouf Boutaba
Abstract:
Middleboxes or network appliances like firewalls, proxies and WAN optimizers have become an integral part of today's ISP and enterprise networks. Middlebox functionalities are usually deployed on expensive and proprietary hardware that require trained personnel for deployment and maintenance. Middleboxes contribute significantly to a network's capital and operational costs. In addition, organizati…
▽ More
Middleboxes or network appliances like firewalls, proxies and WAN optimizers have become an integral part of today's ISP and enterprise networks. Middlebox functionalities are usually deployed on expensive and proprietary hardware that require trained personnel for deployment and maintenance. Middleboxes contribute significantly to a network's capital and operational costs. In addition, organizations often require their traffic to pass through a specific sequence of middleboxes for compliance with security and performance policies. This makes the middlebox deployment and maintenance tasks even more complicated. Network Function Virtualization (NFV) is an emerging and promising technology that is envisioned to overcome these challenges. It proposes to move packet processing from dedicated hardware middleboxes to software running on commodity servers. In NFV terminology, software middleboxes are referred to as Virtualized Network Functions (VNFs). It is a challenging problem to determine the required number and placement of VNFs that optimizes network operational costs and utilization, without violating service level agreements. We call this the VNF Orchestration Problem (VNF-OP) and provide an Integer Linear Programming (ILP) formulation with implementation in CPLEX. We also provide a dynamic programming based heuristic to solve larger instances of VNF-OP. Trace driven simulations on real-world network topologies demonstrate that the heuristic can provide solutions that are within 1.3 times of the optimal solution. Our experiments suggest that a VNF based approach can provide more than 4x reduction in the operational cost of a network.
△ Less
Submitted 25 March, 2015; v1 submitted 21 March, 2015;
originally announced March 2015.
-
Networking
Authors:
Nashid Shahriar,
Mahfuza Sharmin,
Reaz Ahmed,
Raouf Boutaba
Abstract:
This paper discusses an efficient approach to design and implement a highly available peer- to-peer system irrespective of peer timing and churn.
This paper discusses an efficient approach to design and implement a highly available peer- to-peer system irrespective of peer timing and churn.
△ Less
Submitted 20 May, 2011; v1 submitted 21 January, 2011;
originally announced January 2011.
-
A Distributed Sequential Algorithm for Collaborative Intrusion Detection Networks
Authors:
Quanyan Zhu,
Carol J. Fung,
Raouf Boutaba,
Tamer Basar
Abstract:
Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation…
▽ More
Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the net- work. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.
△ Less
Submitted 16 February, 2010;
originally announced February 2010.
