Restorable Logical Topology using Cross-Layer Optimization

פרויקטים בתקשורת מחשבים - 236340 - סמסטר אביב 2016 Restorable Logical Topology using Cross-Layer Optimization Abstract: Today s communication networks consist of routers and optical switches in a logical topology overlaid on an optical physical infrastructure. The routers are connected to each other via logical links called LightPaths, where each LightPath is established over one or more optical fibers and optical switches connecting these fibers. The design of LightPaths involves selection of both logical link and logical path, i.e decision which pairs of routers will be connected by the LightPaths and how to route each LightPath across the optical network. Such design requires cross-layer optimization that will maximize the end-to-end traffic throughput in case of a physical failure in order to guarantee the restorability of the logical topology. Router Router Router Router

Goals: For a given network topology of routers and optical switches: a. Build the topology using network simulator (ns-3 or Mininet). b. Determine the LightPaths (Primary & Secondary) using Shortest Path Algorithm (Dijkstra's Algorithm). c. Implement cross layer optimization algorithm that will: 1. Decide which pairs of routers should be connected by a LightPath, while ensuring that the total number of LightPaths does not exceed a given budget of maximum number of LightPaths. 2. Determine the physical path of each LightPath while ensuring that the number of logical links traversing a single physical link is minimum. d. Compare between Dijkstra's Algorithm and the cross layer Algorithm in cases of link failure. Requirements: C++ for ns-3 Python for Mininet Input: Physical switches topology - represented as: o Gp=(Vp,Ep): Gp is Undirected Graph, Vp is set of the optical switches and Ep is set of optical links o Cp: Capacity of each link e Ep. Cp>=2 and is even. Cp is same in all links. o Vl: Number of optical switches that can serve as routers -Subset of Vp Budget of the topology represented as: o B : Maximum LightPaths allowed. Must be >= Vl Input Example: Gp: 1 2 3 4 Vp 16 es Ep 24 Links Vl 4 Routers (1,2,3,4) Cp(e) =2 B=4

Output: a. LightPaths of given the given topology using Dijkstra's Algorithm b. LightPaths of given the given topology using the Cross-Layer Optimization Algorithm For example: 1 2 3 4

Robust Header Compression (ROHC) Abstract: Deploying Intrusion Detection Systems (IDS) requires copying the network traffic from several sensing points in the network using Tap device and sending the traffic to the IDS server. In Supervisory Control And Data Acquisition (SCADA) system, this mission can be challenging, due to the lower bandwidth of the communication channels on the remote site between the Tap device and the IDS Server. A solution for reducing the bandwidth is to compress the sniffed traffic before sending it to IDS server. The traffic will be then decompressed and forwarded to the analyzing application running on the IDS server. The compression is done both on the IP header and on the payload, using standard lossless compression method for the payload and RObust Header Compression (ROHC) for the packet header.. Goals: Implement ROHC on a Client-Server topology or on Network Simulator (ns-3 or Mininet) and test it with both UDP and TCP traffic showing that traffic bandwidth is reduced and not corrupted due to the Compress-Decompress. In addition need to demonstrate correct handling cases of traffic loss. Guided by:

Fault Management (FM) in Open Network Operating System (ONOS) Abstract: Open Network Operating System (ONOS) is an innovative and rapidly growing open source project that already enable service providers to build real Software Defined Networks (SDN). The deployment of SDN will require ONOS to manage legacy Network Element (NE) in an Hybrid environment. One of the required management capabilities from ONOS is to support Fault Management in the NE. When a fault or event occurs, the NE typically sends a notification to the network operator via Simple Network Management Protocol (SNMP). The network operator may also (or alternatively) poll the NE to retrieve this information. An alarm is a persistent indication of a fault that clears only when the triggering condition has been resolved. OpenFlow OpenFlow Legacy Network Element

Goals: ONOS will provide support for such Fault Alarms. It requires implementation in the ONOS project of basic SNMP V2 functionality (both polling and traps handling), as well as Fault Management application that handles the NE s alarm states. Perquisite Requirements: Java

Early DDoS Attack Detection by a Stateless Device Abstract: Detecting Distributed Denial of Service (DDoS) attacks by the router or the switch located in early stage before the attacked server can improve significantly the overall performance since the switch/router itself can trigger packet based filtering rules in order to reduce the load towards the servers. A good sign for DDoS attack is an increasing or high rate of active flows in each time slot compared to normal or pre-defined number of flows threshold. In order to detect such case it is required from a stateless device to be able to estimate on-line the total number of flows while using small memory footprint. The number of flows estimation can be done by working and analyzing the entire stream or only on a sampled stream.

Goals: Implement real-time DDoS attack detection in a stateless device (Router/) in 2 ways: a. Analyzing the entire stream: Estimate the number of flows in each time slot (For example: in 30 seconds) by classifying each packet s 5-Tuple fields -using HyperLogLog algorithm with different number of memory buckets. b. Analyzing sample of the stream: Estimate the number of flows in each time slot (For example: in 30 seconds) by classifying only sample packet s 5-Tuple fields -using HyperLogLog algorithm according to Cardinality Estimation Meets Good-Turing article (Algorithm 1) Use ns-3 or mininet to simulate the topology with many hosts attackers, a stateless switch/router device and a server that will hold the connections. Generate DDoS attack by opening a high rate of flows (TCP, UDP) using DDoS tools or by injecting real captured traffic with DDoS attacks in it. Compare the estimation accuracy resulted in each of the 2 methods. Requirements: Internet Networking Course Guided by:

ISP Mapping using RocketFuel Technique Abstract: Real Internet Service Providers (ISP) topologies today are not publicly available, since ISPs generally regard their router-level topologies as confidential. Some ISPs publish simplified topologies on the Web, but these lack router-level connectivity, Point-Of-Presence (POP) structure and are in most cases out of date. The RocketFuel technique presents a measurement algorithm to infer high quality ISP maps while using as few measurements as possible. The RocketFuel is based on TraceRoute results and uses BGP routing information to choose only those traceroutes that are likely to transit the ISP being mapped. It also suppresses traceroutes that are likely to yield paths through the ISP network that have been already been traversed. These two techniques reduce the number of traces required to map an ISP by three orders of magnitude compared to a brute-force, all-to-all approach, without compromising on the accuracy.

Goals: Implement the RocketFuel technique in Dublin TraceRoute tool (Open Source). Map the top 5 ISPs in Israel (012 Smile, 014 Bezeq International..), 2 ISPs in Europe and 2 in US. Mapping should include for each ISP the following online updated items: a. Backbone Topology on a map. b. Number of routers, links, POPs and average latency. Requirements: Internet Networking Course C++, Python

Distributed Denial of Service (DDoS) attack detection in a virtualized network Abstract: Today s Carrier Ethernet architecture is undergoing the biggest transformation since the beginning of the internet. Video, mobile and cloud usage is driving huge growth in traffic while the constantly changing traffic patterns requires ability to introduce new services quickly. This led the creation of Networking Function Virtualization (NFV), which defines the specifications for Virtualized Network Function (VNF). VNF is a software implementation of a network function such as routing or firewall. Each such VNF runs in a virtual machine (VM). The VMs are created in a compute blade or in a high scale server unusually called the host device. The VMs are located on top of the host s Hypervisor that uses Open Virtual (OVS) to switch the data traffic to/from each VM/NFV and also to chain the traffic between them. Distributed Denial of Service (DDoS) attack embedded in the data traffic can cause performance degradation to the OVS, NFVs as well as to the servers behind. A good sign for DDoS attack is an increasing or high rate of active data flows in each time slot compared to normal or predefined number of flows threshold. In order to detect such case it is required to have ability to estimate on-line the total number of flows per VM/NFV. The number of flows estimation can be done by analyzing sampled stream per VM/NFV.

VM VM VM VM NFV NFV NFV NFV VMs Hypervisor Open v (OVS) Host OS

Goals: Implement real-time DDoS attack detection per VM by analyzing sample of the Ingress and Egress stream on each VM. The implementation requires per VM Ingress/Egress number of flows estimation in each time slot (For example: in 30 seconds) by classifying the sampled packet s 5-Tuple fields -using HyperLogLog algorithm according to Cardinality Estimation Meets Good-Turing article (Algorithm 1). Use a host device to simulate the attackers by opening a high rate of flows (TCP, UDP) using DDoS tools or by injecting real captured traffic with DDoS attacks in it. Example of expected output: Estimated # of Ingress Flows per VM 10000 9000 8000 7000 6000 5000 4000 3000 2000 1000 0 30 60 90 120 150 VM1 VM2 VM3 VM4 Requirements: Internet Networking Course Guided by: