Most wireless networks are specified as using the data link protocol, i.e. layer 2 (L2). Recently, IoT and big data processing have promoted the use of wireless sensor networks to connect and send data to data center applications over the Internet. To do so, the implementation of an IP stack on the wireless node, or the gateway of the IP and wireless L2 network, has been proposed. Both approaches were developed to allow applications on the IP network to access L2 wireless network nodes. However, since wireless sensor networks do not require any network protocol, an IP is not essential for collecting data. Therefore, we propose a novel bridging VPN for connecting wireless networks, in which the application and wireless end nodes are not required to acknowledge an IP address or network protocol. In this way, the IP network merely serves to transport the data link frames of wireless networks. We believe that this is another style of IoT and recommend that this VPN be used as a test bed for small IoT businesses and institutions before they start to implement an IP stack on their systems.

Software-defined networking (SDN) technology enables us to flexibly configure switches in a network. Previously, distributed SDN control methods have been discussed to improve their scalability and robustness. Distributed placement of controllers and backing up each other enhance robustness. However, these techniques do not include an emergency measure against large-scale failures such as network separation induced by disasters. In this study, we first propose a network partitioning method to create a robust control plane (C-Plane) against large-scale failures. In our approach, networks are partitioned into multiple sub-networks based on robust topology coefficient (RTC). RTC denotes the probability that nodes in a sub-network isolate from controllers when a large-scale failure occurs. By placing a local controller onto each sub-network, 6%-10% of larger controller-switch connections will be retained after failure as compared to other approaches. Furthermore, we discuss reactive emergency reconstruction of a distributed SDN C-plane. Each node detects a disconnection to its controller. Then, C-plane will be reconstructed by isolated switches and managed by the other substitute controller. Meanwhile, our approach reconstructs C-plane when network connectivity recovers. The main and substitute controllers detect network restoration and merge their C-planes without conflict. Simulation results reveal that our proposed method recovers C-plane logical connectivity with a probability of approximately 90% when failure occurs in 100 node networks. Furthermore, we demonstrate that the convergence time of our reconstruction mechanism is proportional to the network size.

Security facilities such as firewall system and IDS/IPS (Intrusion Detection System/Intrusion Prevention System) have become fundamental solutions against cyber threats. With the rapid change of cyber attack tactics, detail investigations like DPI (Deep Packet Inspection) and SPI (Stateful Packet Inspection) for incoming traffic become necessary while they also cause the decrease of network throughput. In this paper, we propose an SDN (Software Defined Network) - based proactive firewall system in collaboration with domain name resolution to solve the problem. The system consists of two firewall units (lightweight and normal) and a proper one will be assigned for checking the client of incoming traffic by the collaboration of SDN controller and internal authoritative DNS server. The internal authoritative DNS server obtains the client IP address using EDNS (Extension Mechanisms for DNS) Client Subnet Option from the external DNS full resolver during the name resolution stage and notifies the client IP address to the SDN controller. By checking the client IP address on the whitelist and blacklist, the SDN controller assigns a proper firewall unit for investigating the incoming traffic from the client. Consequently, the incoming traffic from a trusted client will be directed to the lightweight firewall unit while from others to the normal firewall unit. As a result, the incoming traffic can be distributed properly to the firewall units and the congestion can be mitigated. We implemented a prototype system and evaluated its performance in a local experimental network. Based on the results, we confirmed that the prototype system presented expected features and acceptable performance when there was no flooding attack. We also confirmed that the prototype system showed better performance than conventional firewall system under ICMP flooding attack.

Applying Software Defined Network (SDN) technology to wireless networks are attracting much attention. Our previous study proposed a channel utilization method based on SDN/OpenFlow technology to improve the channel utilization efficiency of the multi-channel wireless backhaul network (WBN). However, since control messages are inherently transmitted with data traffic on a same channel in WBN, it inevitably degrades the network capacity. Specifically, the amount of control messages for collecting statistical information of each flow (FlowStats) linearly increases with the number of ongoing flows, thereby being the dominant overhead for backhaul networks. In this paper, we propose a new method that prevents the increase of control traffic while retaining the network performance of the previous method. Our proposed method uses statistical information of each interface (PortStats) instead of per-flow information (FlowStats), and handles multiple flows on the interface together if possible. Otherwise, to handle individual flow, we propose a way to estimate per-flow information without introducing extra control messages. Finally, we show that the proposed method offers the same performance with the previous method, while greatly reducing the amount of control traffic.

In this paper, we posit that, in future mobile network, network softwarization will be prevalent, and it becomes important to utilize deep machine learning within network to classify mobile traffic into fine grained slices, by identifying application types and devices so that we can apply Quality-of-Service (QoS) control, mobile edge/multi-access computing, and various network function per application and per device. This paper reports our initial attempt to apply deep machine learning for identifying application types from actual mobile network traffic captured from an MVNO, mobile virtual network operator and to design the system for classifying it to application specific slices.

Software-Defined Networking (SDN) can be applied for managing application flows dynamically by a logically centralized SDN controller and SDN switches. Because one SDN switch can support just a few thousand forwarding rule installations per second, it is a barrier to dynamic and scalable application flow management. For this reason, it is essential to reduce the number of application flows if they are to be successfully managed. Nowadays, since much attention has been paid to developing a network service that reduces application delay, the allowable delay of application flows has become an important factor. However, there has been no work on minimizing the number of flows while satisfying end-to-end delay of flows. In this paper, we propose a method that can aggregate flows and minimize the number flows in a network while ensuring all flows satisfy their allowable delay in accordance with QoS or SLA. Since the problem is classified as NP-hard, we propose a heuristic algorithm. We compared the aggregation effect of the proposed method, simple aggregation method and optimal solution by simulation. In addition, we clarify the characteristics of the proposed method by performing simulations with various parameter settings. The results show that the proposed method decreases the number of rules than comparative aggregation method and has very shorter computational time than optimal solution.

The centralized controller of SDN enables a global topology view of the underlying network. It is possible for the SDN controller to achieve globally optimized resource composition and utilization, including optimized end-to-end paths. Currently, resource composition in SDN arena is usually conducted in an imperative manner where composition logics are explicitly specified in high level programming languages. It requires strong programming and OpenFlow backgrounds. This paper proposes declarative path composition, namely Compass, which offers a human-friendly user interface similar to natural language. Borrowing methodologies from Semantic Web, Compass models and stores SDN resources using OWL and RDF, respectively, to foster the virtualized and unified management of the network resources regardless of the concrete controller platform. Besides, path composition is conducted in a declarative manner where the user merely specifies the composition goal in the SPARQL query language instead of explicitly specifying concrete composition details in programming languages. Composed paths are also reused based on similarity matching, to reduce the chance of time-consuming path composition. The experiment results reflect the applicability of Compass in path composition and reuse.

Software-defined networking (SDN) has emerged as a promising approach to enable network innovation, which can provide network virtualization through a hypervisor plane to share the same cloud datacenter network among multiple virtual networks. While, this attractive approach may bring some new problem that leads to more susceptible to the failure of network component because of the separated control and forwarding planes. The centralized control and virtual network sharing the same physical network are becoming fragile and prone to failure if the topology of virtual network and the control path is not properly designed. Thus, how to map virtual network into physical datacenter network in virtualized SDN while guaranteeing the survivability against the failure of physical component is extremely important and should fully consider more influence factors on the survivability of virtual network. In this paper, combining VN with SDN, a topology-aware survivable virtual network embedding approach is proposed to improve the survivability of virtual network by an enhanced virtual controller embedding strategy to optimize the placement selection of virtual network without using any backup resources. The strategy explicitly takes account of the network delay and the number of disjoint path between virtual controller and virtual switch to minimize the expected percentage of control path loss with survivable factor. Extensive experimental evaluations have been conducted and the results verify that the proposed technology has improved the survivability and network delay while keeping the other within reasonable bounds.

One of the key objectives of 5G is to evolve the current mobile network architecture from “one-fit-all” design model to a more customized and dynamically scaling one that enables the deployment of parallel systems, tailored to the service requirements on top of a shared infrastructure. Indeed, the envisioned 5G services may require different needs in terms of capacity, latency, bandwidth, reliability and security, which cannot be efficiently sustained by the same network infrastructure. Coming to address these customization challenges, network softwarization expressed through Software Defined Networking (SDN) programmable network infrastructures, Network Function Virtualization (NFV) running network functions as software and cloud computing flexibility paradigms, is seen as a possible panacea to addressing the variations in the network requirements posed by the 5G use cases. This will enable network flexibility and programmability, allow the creation and lifecycle management of virtual network slices tailored to the needs of 5G verticals expressed in the form of Mobile Virtual Network Operators (MVNOs) for automotive, eHealth, massive IoT, massive multimedia broadband. In this vein, this paper introduces a potential 5G architecture that enables the orchestration, instantiation and management of end-to-end network slices over multiple administrative and technological domains. The architecture is described from both the management and the service perspective, underlining the common functionality as well as how the response to the diversified service requirements can be achieved through proper software network components development.

The heart of Network Functions Virtualization (NFV) is both the softwarization of existing network middleboxes as Virtual Network Functions (VNFs) and the Service Function Chaining (SFC), also known as Service Chaining of them. Most existing VNFs are realized as VM-based general purpose appliances and shared by multiple user VMs. However, the cover range of VNF can be extended to directly reinforce network functionality of user VMs by introducing VM-specific VNFs. In this study, we propose micro-VNFs (µVNFs) and a VM-specific service chaining framework (vNFChain). Micro-VNFs are VM-specific lightweight VNFs that directly attach to a user VM, and can support not only traditional L2-L4 protocols but also stateful custom L7 protocols. The vNFChain framework constructs local service chains of µVNFs and transparently attaches the chain to the VM. Importantly, our framework achieves zero touch configuration for user VMs as well as no modification for existing system environments, such as virtual switch, hypervisor, and OS. In this paper, we describe architectural design and implementation of the framework. In addition, we evaluate the proposed approach in terms of throughput and CPU usage by comparing it with a DPDK-enabled VM-based µVNF model.

This paper looks at the history of research in the Technical Committee on Information Networks from the time of its inception to the present and provides an overview of the latest research in this area based on the topics discussed in recent meetings of the committee. It also presents possible future developments in the field of information networks.

For IP-based mobile networks, efficient mobility management is vital to provision seamless online service. IP address starvation and scalability issue constrain the wide deployment of existing mobility schemes, such as Mobile IP, Proxy Mobile IP, and their derivations. Most of the studies focus on the scenario of mobility among public networks. However, most of current networks, such as home networks, sensor networks, and enterprise networks, are deployed with private networks hard to apply mobility solutions. With the rapid development, Software Defined Networking (SDN) offers the opportunity of innovation to support mobility in private network schemes. In this paper, a novel mobility management scheme is presented to support mobile node moving from public network to private network in a seamless handover procedure. The centralized control manner and flexible flow management in SDN are utilized to provide network-based mobility support with better QoS guarantee. Benefiting from SDN/OpenFlow technology, complex handover process is simplified with fewer message exchanges. Furthermore, handover efficiency can be improved in terms of delay and overhead reduction, scalability, and security. Analytical analysis and implementation results showed a better performance than mobile IP in terms of latency and throughput variation.

This paper proposes a recommendation-based bandwidth calendaring system for packet transport networks. The system provides a user-portal interface with which users can directly reserve packet transport resources. In this regard, the system recommends multi-grade (e.g., multi-price) reservation plans. By adjusting grades of plans in accordance with network resource utilization, this system provides not only reservation flexibility for users but also efficient utilization of network resources. For recommending multi-grade plans, pre-computation of resource allocation is required for every time slot. Because the number of time slots is huge, we also propose an algorithm for fast computation of resource allocation based on time-slot aggregation. Our evaluation suggests that our algorithm can produce a sub-optimal solution within quasi-real time for a large-scale network. We also show that our recommendation-based system can increase the service-provider-revenue in peaky traffic demand environments.

DDoS remains a major threat to Software Defined Networks. To keep SDN secure, effective detection techniques for DDoS are indispensable. Most of the newly proposed schemes for detecting such attacks on SDN make the SDN controller act as the IDS or the central server of a collaborative IDS. The controller consequently becomes a target of the attacks and a heavy loaded point of collecting traffic. A collaborative intrusion detection system is proposed in this paper without the need for the controller to play a central role. It is deployed as a modified artificial neural network distributed over the entire substrate of SDN. It disperses its computation power over the network that requires every participating switch to perform like a neuron. The system is robust without individual targets and has a global view on a large-scale distributed attack without aggregating traffic over the network. Emulation results demonstrate its effectiveness.

Recently in an SDN/NFV-enabled network, a consolidated middlebox is proposed in which middlebox functions required by a network flow are provided at a single machine in a virtualized manner. With the promising advantages such as simplifying network traffic routing and saving resources of switches and machines, consolidated middleboxes are going to replace traditional middleboxes in the near future. However, the location of consolidated middleboxes may affect the performance of an SDN/NFV network significantly. Accordingly, the consolidated middlebox positioning problem in an SDN/NFV-enabled network must be addressed adequately with service chain constraints (a flow must visit a specific type of consolidated middlebox), resource constraints (switch memory and processing power of the machine), and performance requirements (end-to-end delay and bandwidth consumption). In this paper, we propose a novel solution of the consolidated middlebox positioning problem in an SDN/NFV-enabled network based on flow clustering to improve the performance of service chain flows and utilization of a consolidated middlebox. Via extensive simulations, we show that our solution significantly reduces the number of routing rules per switch, the end-to-end delay and bandwidth consumption of service flows while meeting service chain and resource constraints.

Software defined networking (SDN) and OpenFlow, which enables the abstraction of vendor/technology-specific attributes, improve the control and management flexibility of optical transport networks. In this paper, we present an interoperability demonstration of SDN/OpenFlow-based optical path control for multi-domain/multi-technology optical transport networks. We also summarize the abstraction approaches proposed for multi-technology network integration at SDN controllers.

Named Data Networking (NDN) has emerged as an alternative to traditional IP-based networking for the achievement of Information-Centric Networking (ICN). Currently, most NDN is deployed over IP networks, but such an overlay deployment increases the transport network overhead due to the use of dual network control planes (NDN routing and IP routing). Software-Defined Networking (SDN) can be used to mitigate the network overhead by forwarding NDN packets without the use of IP routing. However, to deploy NDN over SDN, a variable NDN content name needs to be mapped to a fixed-size match field in an OpenFlow switch flow table. For efficient support of such a mapping task, we propose a new architecture that uses dual name for content: content name and Name Tag. The Name Tag is derived from the corresponding content name and is a legitimate IPv6 address. By using the proposed Name Tag, the SDN with an NDN control application can transport an IPv6 packet that encapsulates an NDN packet for an NDN name-based routing. We emulate the proposed architecture using Mininet and verify that it is feasible.

3GPP Long Term Evolution (LTE) is one of the most advanced technologies in the wireless and mobility field because it provides high speed data and sophisticated applications. LTE was originally deployed by service providers on various platforms using separate dedicated hardware in Access radio layer and the Evolved Packet Core network layer (EPC), thereby limiting the system's flexibility and capacity provisioning. Thus, the concept of virtualization was introduced in the EPC hardware to solve the dedicated hardware platform limitations. It was also introduced in the IP Multimedia Subsystem (IMS) and Machine to Machine applications (M2M) for the same reason. This paper provides a simulation model of a virtualized EPC and virtualized M2M transport application server connected via an external IP network, which has significant importance in the future of mobile networks. This model studies the virtualized server connectivity problem, where two separate virtual machines communicate via the existing external legacy IP network. The simulation results show moderate performance, indicating that the selection of IP technology is much more critical than before. The paper also models MPLS technology as a replacement for the external IP routing mechanism to provide traffic engineering and achieve more efficient network performance. Furthermore, to provide a real network environment, Poisson Pareto Burst Process (PPBP) traffic source is carried over the UDP transport layer which matches the statistical properties of real-life M2M traffic. Furthermore, the paper proves End-to-End interoperability of LTE and MPLS running GTP and MPLS Label Forwarding information Base (LFIB) and MPLS traffic engineering respectively. Finally, it looks at the simulation of several scenarios using Network Simulator 3 (NS-3) to evaluate the performance improvement over the traditional LTE IP architecture under M2M traffic load.

In this paper, we apply the concept of software-defined data plane to defining new services for Mobile Virtual Network Operators (MVNOs). Although there are a large number of MVNOs proliferating all over the world and most of them provide low bandwidth at low price, we propose a new business model for MVNOs and empower them with capability of tailoring fine-grained subscription plans that can meet users' demands. For example, abundant bandwidth can be allocated for some specific applications, while the rest of the applications are limited to low bandwidth. For this purpose, we have recently proposed the concept of application and/or device specific slicing that classifies application and/or device specific traffic into slices and applies fine-grained quality of services (QoS), introducing various applications of our proposed system [9]. This paper reports the prototype implementation of such proposal in the real MVNO connecting customized smartphones so that we can identify applications from the given traffic with 100% accuracy. In addition, we propose a new method of identifying applications from the traffic of unmodified smartphones by machine learning using the training data collected from the customized smartphones. We show that a simple machine learning technique such as random forest achives about 80% of accuracy in applicaton identification.

This paper proposes fast repairing methods that uses hierarchical software defined network controllers for recovering from massive failure in a large-scale IP over a wavelength-division multiplexing network. The network consists of multiple domains, and slave controllers are deployed in each domain. While each slave controller configures transport paths in its domain, the master controller manages end-to-end paths, which are established across multiple domains. For fast repair of intra-domain paths by the slave controllers, we define the optimization problem of path configuration order and propose a heuristic method, which minimizes the repair time to move from a disrupted state to a suboptimal state. For fast repair of end-to-end path through multiple domains, we also propose a network abstraction method, which efficiently manages the entire network. Evaluation results suggest that fast repair within a few minutes can be achieved by applying the proposed methods to the repairing scenario, where multiple links and nodes fail, in a 10,000-node network.