Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964658
F. Rezabek, Max Helm, Tizian Leonhardt, G. Carle
The Precision Time Protocol (PTP) synchronizes clocks in a network with high precision. The protocol finds use in many areas, such as smart manufacturing, intra-vehicular networks, and critical infrastructure. It becomes clear that striving for security is an important goal. If an attacker succeeds in disturbing the network synchronization, the impact can result in a cascading set of failures. Unfortunately, neither the previous two IEEE standards for PTP, nor the popular implementation linuxptp, feature or implement sufficient security options.This work focuses on implementing the security extensions for PTP based on the latest PTP standard IEEE 1588-2019 to minimize the threat of attacks and their possible impact. We provide a detailed analysis on PTP synchronicity and security. Based on that, we design and implement software-only tooling to quantify the PTP performance using commercial off-the-shelf hardware and open-source solutions on a linear topology with four to nine hops.The measurements compare the End-to-End (E2E) and Peer-to-Peer (P2P) delay calculation modes and the usage of Transparent Clocks (TC) in parts of the network. Both E2E and P2P show visible degradation of clock synchronization with each hop and standard deviations of 118.6 to 571 ns. The TCs perform better, demonstrating a standard deviation between 90 to 140 ns on four to nine hops. We evaluate different logSyncInterval values corresponding to different PTP profiles and do not observe a major impact on the clock behavior caused by the extensions. The measurement precision of the system is within ±40 ns.Our evaluation of the newly implemented security extensions to linuxptp shows that the security extensions do not have a significant impact on the clock synchronization and our approach is a feasible addition to PTP. Besides, our contributions can aid network managers in assessing their PTP synchronicity systematically.
PTP (Precision Time Protocol)是指在网络中对时钟进行高精度同步的协议。该协议可用于许多领域,如智能制造、车载网络和关键基础设施。显然,争取安全是一个重要目标。如果攻击者成功扰乱了网络同步,则会导致一连串的故障。不幸的是,无论是前两个IEEE PTP标准,还是流行的linuxptp实现,都没有提供或实现足够的安全选项。本工作的重点是基于最新的PTP标准IEEE 1588-2019实现PTP的安全扩展,以最大限度地减少攻击的威胁及其可能的影响。详细分析了PTP的同步性和安全性。在此基础上,我们设计并实现了仅使用软件的工具来量化PTP性能,使用商业现成的硬件和开源解决方案,在4到9跳的线性拓扑上。这些测量比较了端到端(E2E)和点对点(P2P)延迟计算模式以及透明时钟(TC)在部分网络中的使用情况。端到端和P2P都表现出明显的时钟同步退化,每跳误差为118.6 ~ 571 ns。TCs性能更好,在4到9跳上的标准偏差在90到140 ns之间。我们评估了对应于不同PTP配置文件的不同logSyncInterval值,并且没有观察到扩展对时钟行为造成的重大影响。系统测量精度在±40ns以内。我们对新实现的linuxptp安全扩展的评估表明,安全扩展对时钟同步没有显著影响,我们的方法是PTP的一个可行的补充。此外,我们的贡献可以帮助网络管理者系统地评估他们的PTP同步性。
{"title":"PTP Security Measures and their Impact on Synchronization Accuracy","authors":"F. Rezabek, Max Helm, Tizian Leonhardt, G. Carle","doi":"10.23919/CNSM55787.2022.9964658","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964658","url":null,"abstract":"The Precision Time Protocol (PTP) synchronizes clocks in a network with high precision. The protocol finds use in many areas, such as smart manufacturing, intra-vehicular networks, and critical infrastructure. It becomes clear that striving for security is an important goal. If an attacker succeeds in disturbing the network synchronization, the impact can result in a cascading set of failures. Unfortunately, neither the previous two IEEE standards for PTP, nor the popular implementation linuxptp, feature or implement sufficient security options.This work focuses on implementing the security extensions for PTP based on the latest PTP standard IEEE 1588-2019 to minimize the threat of attacks and their possible impact. We provide a detailed analysis on PTP synchronicity and security. Based on that, we design and implement software-only tooling to quantify the PTP performance using commercial off-the-shelf hardware and open-source solutions on a linear topology with four to nine hops.The measurements compare the End-to-End (E2E) and Peer-to-Peer (P2P) delay calculation modes and the usage of Transparent Clocks (TC) in parts of the network. Both E2E and P2P show visible degradation of clock synchronization with each hop and standard deviations of 118.6 to 571 ns. The TCs perform better, demonstrating a standard deviation between 90 to 140 ns on four to nine hops. We evaluate different logSyncInterval values corresponding to different PTP profiles and do not observe a major impact on the clock behavior caused by the extensions. The measurement precision of the system is within ±40 ns.Our evaluation of the newly implemented security extensions to linuxptp shows that the security extensions do not have a significant impact on the clock synchronization and our approach is a feasible addition to PTP. Besides, our contributions can aid network managers in assessing their PTP synchronicity systematically.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124607016","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964569
A. Mayer, L. Bracciale, Paolo Lungaroni, P. Loreti, S. Salsano, Giuseppe Bianchi
With the rise of the Network Softwarization era, eBPF has become a hot technology for efficient packet processing on commodity hardware. However the development of custom eBPF solutions is a challenging process that requires highly qualified human resources. In this paper we propose the eCLAT framework with the goal to lower the learning curve of engineers by re-using eBPF code in a programmable way. eCLAT offers a high level programming abstraction to eBPF based network programmability, allowing a developer to create custom application logic in eBPF with no need of understanding the complex details of regular eBPF programming. To support such modularity at the eBPF level, we created an eBPF library that implements a virtual machine, called HIKe VM. The HIKe VM library extends the conventional eBPF programs so that they can be integrated in eCLAT. The eCLAT/HIKe solution does not require any kernel modification.
{"title":"eBPF Programming Made Easy with eCLAT","authors":"A. Mayer, L. Bracciale, Paolo Lungaroni, P. Loreti, S. Salsano, Giuseppe Bianchi","doi":"10.23919/CNSM55787.2022.9964569","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964569","url":null,"abstract":"With the rise of the Network Softwarization era, eBPF has become a hot technology for efficient packet processing on commodity hardware. However the development of custom eBPF solutions is a challenging process that requires highly qualified human resources. In this paper we propose the eCLAT framework with the goal to lower the learning curve of engineers by re-using eBPF code in a programmable way. eCLAT offers a high level programming abstraction to eBPF based network programmability, allowing a developer to create custom application logic in eBPF with no need of understanding the complex details of regular eBPF programming. To support such modularity at the eBPF level, we created an eBPF library that implements a virtual machine, called HIKe VM. The HIKe VM library extends the conventional eBPF programs so that they can be integrated in eCLAT. The eCLAT/HIKe solution does not require any kernel modification.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123145435","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964713
Nischal Aryal, Fariba Ghaffari, Saeid Rezaei, E. Bertin, N. Crespi
We present the deployment procedure of a private 4G-LTE network with standard User Equipment in two different scenarios using OpenAirInterface and Magma core networks. Our lessons learned from deploying the segregated end-to-end cellular network testbed, comparison of connection performance in two scenarios, challenges of connecting smartphones to the network, and comparison among the possible use-cases with each scenario are the highlighted subjects provided in this paper.
{"title":"Private Cellular Network Deployment: Comparison of OpenAirInterface with Magma Core","authors":"Nischal Aryal, Fariba Ghaffari, Saeid Rezaei, E. Bertin, N. Crespi","doi":"10.23919/CNSM55787.2022.9964713","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964713","url":null,"abstract":"We present the deployment procedure of a private 4G-LTE network with standard User Equipment in two different scenarios using OpenAirInterface and Magma core networks. Our lessons learned from deploying the segregated end-to-end cellular network testbed, comparison of connection performance in two scenarios, challenges of connecting smartphones to the network, and comparison among the possible use-cases with each scenario are the highlighted subjects provided in this paper.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126624412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964556
Josef Koumar, T. Čejka
Even though encryption hides the content of communication from network monitoring and security systems, this paper shows a feasible way to retrieve useful information about the observed traffic. The paper deals with detection of periodic behavioral patterns of the communication that can be detected using time series created from network traffic by autocorrelation function and Lomb-Scargle periodogram. The revealed characteristics of the periodic behavior can be further exploited to recognize particular applications. We have experimented with the created dataset of 61 classes, and trained a machine learning classifier based on XGBoost that performed the best in our experiments, reaching 90% F1-score.
{"title":"Network traffic classification based on periodic behavior detection","authors":"Josef Koumar, T. Čejka","doi":"10.23919/CNSM55787.2022.9964556","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964556","url":null,"abstract":"Even though encryption hides the content of communication from network monitoring and security systems, this paper shows a feasible way to retrieve useful information about the observed traffic. The paper deals with detection of periodic behavioral patterns of the communication that can be detected using time series created from network traffic by autocorrelation function and Lomb-Scargle periodogram. The revealed characteristics of the periodic behavior can be further exploited to recognize particular applications. We have experimented with the created dataset of 61 classes, and trained a machine learning classifier based on XGBoost that performed the best in our experiments, reaching 90% F1-score.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"1108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116056114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9965123
H. Goyal, Manish Kausik H, S. Saha
IoT/WSN assisted smart-systems are making our living easier and more comfortable in various aspects. However, there is always a chance of malfunctioning in such massive decentralized systems in crucial moments because of one or more components of the system getting compromised. For instance, monitoring systems installed to watch the status of a bridge may unknowingly suppress the recent deterioration in the status because of some compromised sensing devices. Byzantine fault tolerance support is highly essential in combating the presence of such smart devices with malicious intentions. However, existing solutions for consensus or data aggregation in IoT/WSN systems either assume non-Byzantine node failures or use only simulation/theoretical models to address the existence of Byzantine nodes. Theoretically, a decentralized system can effectively tolerate Byzantine characteristics of up to a certain fraction of the nodes. However, to achieve even that, the nodes need to interact extensively and share data with each other which makes it challenging for such solutions to get practically realized and produce outcomes in real-time, especially in resource-constrained IoT systems. In this work, we adopt Synchronous-Transmission based mechanisms and propose a framework ReLI to efficiently achieve Byzantine consensus in low-power IoT systems. We show that ReLI can operate up to 80% faster and consume up to 78% lesser radio-on time compared to the traditional implementation of the strategy in a publicly available IoT/WSN testbed containing 45 nodes.
{"title":"ReLI: Real-Time Lightweight Byzantine Consensus in Low-Power IoT-Systems","authors":"H. Goyal, Manish Kausik H, S. Saha","doi":"10.23919/CNSM55787.2022.9965123","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9965123","url":null,"abstract":"IoT/WSN assisted smart-systems are making our living easier and more comfortable in various aspects. However, there is always a chance of malfunctioning in such massive decentralized systems in crucial moments because of one or more components of the system getting compromised. For instance, monitoring systems installed to watch the status of a bridge may unknowingly suppress the recent deterioration in the status because of some compromised sensing devices. Byzantine fault tolerance support is highly essential in combating the presence of such smart devices with malicious intentions. However, existing solutions for consensus or data aggregation in IoT/WSN systems either assume non-Byzantine node failures or use only simulation/theoretical models to address the existence of Byzantine nodes. Theoretically, a decentralized system can effectively tolerate Byzantine characteristics of up to a certain fraction of the nodes. However, to achieve even that, the nodes need to interact extensively and share data with each other which makes it challenging for such solutions to get practically realized and produce outcomes in real-time, especially in resource-constrained IoT systems. In this work, we adopt Synchronous-Transmission based mechanisms and propose a framework ReLI to efficiently achieve Byzantine consensus in low-power IoT systems. We show that ReLI can operate up to 80% faster and consume up to 78% lesser radio-on time compared to the traditional implementation of the strategy in a publicly available IoT/WSN testbed containing 45 nodes.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124690924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964562
Gabriele Gemmi, Llorenç Cerdà-Alabern, L. Maccari
Broadband Internet provision is an increasing demand in many rural areas and wireless internet service providers have emerged as an opportunity to fill this need. However, this type of operator typically consists of a small business with little resources, and difficulty to plan and assess a reliable and economically sustainable infrastructure. In this paper, we try to bring some aid to this challenging problem by describing a reliable mesh-based backhaul design, together with a detailed CapEx/OpEx economic assessment. We apply our model using real data from ten Italian rural municipalities. Our numerical results show that having clusters of 200 subscribers, a reliable backhaul could be deployed with a monthly subscription and price per Mb/s extremely competitive compared to existing market offers.
{"title":"A Realistic Open-Data-based Cost Model for Wireless Backhaul Networks in Rural Areas","authors":"Gabriele Gemmi, Llorenç Cerdà-Alabern, L. Maccari","doi":"10.23919/CNSM55787.2022.9964562","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964562","url":null,"abstract":"Broadband Internet provision is an increasing demand in many rural areas and wireless internet service providers have emerged as an opportunity to fill this need. However, this type of operator typically consists of a small business with little resources, and difficulty to plan and assess a reliable and economically sustainable infrastructure. In this paper, we try to bring some aid to this challenging problem by describing a reliable mesh-based backhaul design, together with a detailed CapEx/OpEx economic assessment. We apply our model using real data from ten Italian rural municipalities. Our numerical results show that having clusters of 200 subscribers, a reliable backhaul could be deployed with a monthly subscription and price per Mb/s extremely competitive compared to existing market offers.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133142768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9965141
Christoph Hardegen
Running state monitoring for network switches and links enables the derivation of a path-based data view. Thereby, various monitoring intents like utilization and latency awareness can be targeted during data collection. Whereas each of these objectives relies on a particular set of state metrics, different monitoring methods may be run to gather the data basis serving as decision input for subsequent analysis purposes. In addition, path conditions have an impact on the state observed for individual packet streams being forwarded along a specific path. While path level state data is of relevance, e.g., to evaluate past load ratios in order to run state-aware and efficient path determination, flow level state helps to monitor flow experience conditions like achieved throughput or perceived latency, e.g., to track the compliance with flow-based requirements. This paper presents a modular architecture for path state monitoring that considers port counter query, network probing and in-band network telemetry as methods for demand-driven data collection and focuses on utilization and latency awareness as monitoring intents. State data is collected by a centralized controller in collaboration with distributed modules deployed in a switch’s data plane to run data tracking, wherefore programmable switches are used as operational basis to ensure a flexible monitoring protocol. Evaluations show that continuously collected data snapshots allow to track accurate path state trends that – w.r.t. path state-aware traffic steering – can be leveraged to improve flow-based load distribution across available path capacities and to resolve inefficiencies like imbalanced path load or congestion.
{"title":"Intent-Driven Path State Monitoring to Enable Centralized State-Aware Flow Steering","authors":"Christoph Hardegen","doi":"10.23919/CNSM55787.2022.9965141","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9965141","url":null,"abstract":"Running state monitoring for network switches and links enables the derivation of a path-based data view. Thereby, various monitoring intents like utilization and latency awareness can be targeted during data collection. Whereas each of these objectives relies on a particular set of state metrics, different monitoring methods may be run to gather the data basis serving as decision input for subsequent analysis purposes. In addition, path conditions have an impact on the state observed for individual packet streams being forwarded along a specific path. While path level state data is of relevance, e.g., to evaluate past load ratios in order to run state-aware and efficient path determination, flow level state helps to monitor flow experience conditions like achieved throughput or perceived latency, e.g., to track the compliance with flow-based requirements. This paper presents a modular architecture for path state monitoring that considers port counter query, network probing and in-band network telemetry as methods for demand-driven data collection and focuses on utilization and latency awareness as monitoring intents. State data is collected by a centralized controller in collaboration with distributed modules deployed in a switch’s data plane to run data tracking, wherefore programmable switches are used as operational basis to ensure a flexible monitoring protocol. Evaluations show that continuously collected data snapshots allow to track accurate path state trends that – w.r.t. path state-aware traffic steering – can be leveraged to improve flow-based load distribution across available path capacities and to resolve inefficiencies like imbalanced path load or congestion.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123675864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9965139
Alberto Huertas Celdrán, Jan Bauer, Melike Demirci, Joel Leupp, M. Franco, Pedro Miguel Sánchez Sánchez, Gérôme Bovet, G. Pérez, B. Stiller
This demo presents RITUAL, a platform composed of a novel algorithm and a Web application quantifying the trustworthiness level of supervised Machine and Deep Learning (ML/DL) models according to their fairness, explainability, robustness, and accountability. The algorithm is deployed on a Web application to allow users to quantify and compare the trustworthiness of their ML/DL models. Finally, a scenario with ML/DL models classifying network cyberattacks demonstrates the platform applicability.
{"title":"RITUAL: a Platform Quantifying the Trustworthiness of Supervised Machine Learning","authors":"Alberto Huertas Celdrán, Jan Bauer, Melike Demirci, Joel Leupp, M. Franco, Pedro Miguel Sánchez Sánchez, Gérôme Bovet, G. Pérez, B. Stiller","doi":"10.23919/CNSM55787.2022.9965139","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9965139","url":null,"abstract":"This demo presents RITUAL, a platform composed of a novel algorithm and a Web application quantifying the trustworthiness level of supervised Machine and Deep Learning (ML/DL) models according to their fairness, explainability, robustness, and accountability. The algorithm is deployed on a Web application to allow users to quantify and compare the trustworthiness of their ML/DL models. Finally, a scenario with ML/DL models classifying network cyberattacks demonstrates the platform applicability.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"17 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121014783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964606
Filippos Christou
Intent-based networking is increasingly used to improve network control and management. Network operators have already begun to adopt this paradigm, which leads to a simplified and automatized network operation. The operators can interact with their intent-driven networks through the Northbound Interface (NBI). Given a standardized NBI, the same approach can scale to coordinate intent provisioning across multi-domain networks in a decentralized fashion. This can outdate traditional decentralized protocols and open new opportunities for flexible and scalable communication mechanisms. This paper proposes a minimal and general high-level architecture, relying on a standard IBN (Intent-Based Networking) architecture, for multi-domain intent deployment in IP-optical networks. Our architecture is consistent between diverse network operators that use the same NBI, respects confidential information, promotes accountability, and can scale for various network services. To achieve this, we introduce a hierarchical system-generated intent schema with automatic intent delegation between the different domains.
{"title":"Decentralized Intent-driven Coordination of Multi-Domain IP-Optical Networks","authors":"Filippos Christou","doi":"10.23919/CNSM55787.2022.9964606","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964606","url":null,"abstract":"Intent-based networking is increasingly used to improve network control and management. Network operators have already begun to adopt this paradigm, which leads to a simplified and automatized network operation. The operators can interact with their intent-driven networks through the Northbound Interface (NBI). Given a standardized NBI, the same approach can scale to coordinate intent provisioning across multi-domain networks in a decentralized fashion. This can outdate traditional decentralized protocols and open new opportunities for flexible and scalable communication mechanisms. This paper proposes a minimal and general high-level architecture, relying on a standard IBN (Intent-Based Networking) architecture, for multi-domain intent deployment in IP-optical networks. Our architecture is consistent between diverse network operators that use the same NBI, respects confidential information, promotes accountability, and can scale for various network services. To achieve this, we introduce a hierarchical system-generated intent schema with automatic intent delegation between the different domains.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129296215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964999
Alexandros Valantasis, Nikos Psaromanolakis, V. Theodorou
The shift towards distributed computing architectures that push data storage and processing to the edge of the network, is resulting into a convergence of cloud-computing services and next generation mobile network technologies. In order to uniformly manage resources and services in the formed cloud/core to edge/devices continuum and to handle the diversity of multi-party underlying infrastructure technologies in a latency-aware, reliable and trustworthy fashion, management automation has become more crucial than ever. In this work, we present the security analytics mechanisms of the π-Edge platform–our edge management platform that embodies zero-touch automation features for interoperability, Quality of Service (QoS) assurance, resilience and trust. To this end, we introduce a declarative NFV MANO Information Model (IM) and methods for automatically enhancing Network Slices at the edge, with security services that i) continuously monitor user-plane traffic on the links between Virtual Network Functions (VNFs), ii) detect possible network vulnerabilities or malicious behaviour and iii) apply relevant actions to effectively observe and mitigate identified threats. The implementation of such mechanisms is evaluated through experimentation on a use case of DDoS attacking scenarios, showcasing the usability and the benefits of our proposed solution.
{"title":"Zero-touch security automation mechanisms for edge NFV: the π-Edge approach","authors":"Alexandros Valantasis, Nikos Psaromanolakis, V. Theodorou","doi":"10.23919/CNSM55787.2022.9964999","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964999","url":null,"abstract":"The shift towards distributed computing architectures that push data storage and processing to the edge of the network, is resulting into a convergence of cloud-computing services and next generation mobile network technologies. In order to uniformly manage resources and services in the formed cloud/core to edge/devices continuum and to handle the diversity of multi-party underlying infrastructure technologies in a latency-aware, reliable and trustworthy fashion, management automation has become more crucial than ever. In this work, we present the security analytics mechanisms of the π-Edge platform–our edge management platform that embodies zero-touch automation features for interoperability, Quality of Service (QoS) assurance, resilience and trust. To this end, we introduce a declarative NFV MANO Information Model (IM) and methods for automatically enhancing Network Slices at the edge, with security services that i) continuously monitor user-plane traffic on the links between Virtual Network Functions (VNFs), ii) detect possible network vulnerabilities or malicious behaviour and iii) apply relevant actions to effectively observe and mitigate identified threats. The implementation of such mechanisms is evaluated through experimentation on a use case of DDoS attacking scenarios, showcasing the usability and the benefits of our proposed solution.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116449374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: