Xiaochun Wu,Chunming Wu,Changting Lin,Qiang Wu,Bin Wang

DOI: https://doi.org/10.1007/s11432-016-5574-0

2016-01-01

Science China Information Sciences

Abstract:Finding effective ways to collect the usage of network resources in all kinds of applications to ensure a distributed control plane has become a key requirement to improve the controller’s decision making performance.This paper explores an efficient way in combining dynamic Net View sharing of distributed controllers with the behavior of intra-service resource announcements and processing requirements that occur in distributed controllers, and proposes a rapid multipathing distribution mechanism. Firstly, we establish a resource collecting model and prove that the prisoner’s dilemma problem exists in the distributed resource collecting process in the Software-defined Network(SDN). Secondly, we present a bypass path selection algorithm and a diffluence algorithm based on Q-learning to settle the above dilemma. At last, simulation results are given to prove that the proposed approach is competent to improve the resource collecting efficiency by the mechanism of self-adaptive path transmission ratio of our approach, which can ensure high utilization of the total network we set up.

Haoran Ni,Zehua Guo,Changlin Li,Songshi Dou,Chao Yao,Thar Baker

DOI: https://doi.org/10.1016/j.jnca.2022.103372

IF: 7.574

2022-04-01

Journal of Network and Computer Applications

Abstract:Software-Defined Networking (SDN) improves network performance by flexible traffic control. Data security and data availability are two main concerns for designing a resilient routing algorithm in SDN. Existing algorithms such as the MPT algorithm consider joint data security and availability, but they cannot make a good trade-off. In this paper, we propose a Network Coding-based Resilient Routing algorithm named NCRR to jointly achieve data security and availability. NCRR is a heuristic algorithm that computes routing decisions in three scenarios based on the number of disjoint paths. Specifically, the scenario of three disjoint paths is enough to ensure joint security and availability for a flow when three or more disjoint paths can be used for forwarding this flow. However, due to topological diversity, we cannot always find three disjoint paths for each flow. Thus, the scenarios of two disjoint paths and one path are used to ensure joint security and availability if only two disjoint paths and one path can be used. To evaluate the performance of NCRR, simulations have been conducted using two real-world network topologies. Simulation results show that NCRR improves the joint data security and availability performance by approximately 6.23% on AttMpls topology and 21.34% on Cernet topology, compared with existing MPT.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Yi Shen,Chunming Wu,Dezhang Kong,Mingliang Yang

DOI: https://doi.org/10.1109/icc40277.2020.9149276

2020-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threats to the current network security. As a new network architecture, Software-Defined Networking (SDN) draws notable attention from both industry and academia. The characteristics of SDN such as centralized management and flow-based traffic monitoring make it an ideal platform to defend against DDoS attacks. When designing a network intrusion detection system (NIDS) in SDN, how to obtain fine-grained flow information with minimal overhead to the SDN architecture is a problem to be solved. In this paper, we propose TPDD, a two-phase DDoS detection system to detect DDoS attacks in SDN. In the first phase, we utilize the characteristics of SDN to collect coarse-grained flow information from the core switches and locate the potential victim. Then we monitor the edge switches located close to the potential victim to obtain finer-grained traffic information in the second phase. The collection method of each phase fully considers the impact on the bandwidth between the controller and switches. Without modifying the existing flow rules, the collection module can obtain sufficient information about traffic. By using entropy-based and machine learning-based methods, the detection module can effectively detect anomalies and identify whether the potential victim marked in the first phase is the target of attacks. Experimental results show that TPDD can effectively detect DDoS attacks with little overhead.

Haifeng Zhou,Chunming Wu,Qiumei Cheng,Qianjun Liu

DOI: https://doi.org/10.1109/tnet.2017.2689240

2017-01-01

IEEE/ACM Transactions on Networking

Abstract:Maintaining service availability during an inter-domain route update is a challenge in both conventional networks and software-defined networks (SDNs). In the update process, asynchronous reconfigurations to border forwarding devices in different domains will incur transient anomalies with numerous packet losses and service disruptions. Based on current SDN inter-domain routing mechanisms, we in this paper propose a lossless and seamless method for SDN inter-domain route updates. This method is lightweight, and it has no requirement to add extra switch functionality or to extend SDN southbound protocols. The primary idea of this method is to achieve a lossless inter-domain route update by communications and collaborations among relevant domains. Motivated by this idea, we first identify three different domain categories for the update, i.e., domains only on the new inter-domain route, domains on both the old and new inter-domain routes, and domains only on the old inter-domain route. We further find that the transient anomalies are able to be avoided by reconfiguring the related border switches of the three categories of domains in order. Four update steps are then designed to keep the orderly update. Furthermore, we present the theoretical proof of the effectiveness of this method. Finally, based on our prototype implementation, the proposed method is also validated by simulation studies, and the simulation results indicate that this method succeeds in avoiding packet loss and maintaining service availability during the update.

Hossen Mustafa,Xin Zhang,Zhenhua Liu,Wenyuan Xu,Adrian Perrig

DOI: https://doi.org/10.1109/tdsc.2012.69

2012-01-01

Abstract:Jamming attacks are especially harmful to the reliability of wireless communication, as they can effectively disrupt communication between any node pairs. Existing jamming defenses primarily focus on repairing connectivity between adjacent nodes. In this paper, we address jamming at the network level and focus on restoring the end-to-end data delivery through multipath routing. As long as all paths do not fail concurrently, the end-to-end path availability is maintained. Prior work in multipath selection improves routing availability by choosing node-disjoint paths or link-disjoint paths. However, through our experiments on jamming effects using MicaZ nodes, we show that disjointness is insufficient for selecting fault-independent paths. Thus, we address multipath selection based on the knowledge of a path's availability history. Using Availability History Vectors (AHVs) of paths, we present a centralized AHV-based algorithm to select fault-independent paths, and a distributed AHV-based routing protocol built on top of a classic routing algorithm in ad hoc networks. Our extensive simulation results validate that both AHV-based algorithms are effective in overcoming the jamming impact by maximizing the end-to-end availability of the selected paths.

Duan Jingpu,Wang Zhi,Wu Chuan

DOI: https://doi.org/10.1109/ICC.2015.7249165

2015-01-01

Abstract:A basic need in datacenter networks is to provide high throughput for large flows such as the massive shuffle traffic flows in a MapReduce application. Multipath TCP (MPTCP) has been investigated as an effective approach toward this goal, by spreading one TCP flow onto multiple paths. However, the current MPTCP implementation has two major limitations: (1) a fixed number of subflows are used without reacting to the actual traffic condition; (2) the routing of subflows of a multipath TCP connection relies heavily on the ECMP-based random hashing. The former may lead to a waste of both the server and network resources, while the latter can cause throughput degradation when multiple subflows collide on the same path. This paper proposes a responsive MPTCP system to resolve the two limitations simultaneously. Our system employs a centralized controller for intelligent subflow route calculation and a monitor running on each server for actively adjusting the number of subflows. Working in synergy, the two modules enable MPTCP flows to respond to the traffic conditions and pursue high throughput on the fly, at very low computation and messaging overhead. NS3-based experiments show that our system achieves satisfactory throughput with less resource overhead, or better throughput at similar amounts of overhead, as compared to common alternatives.

Quan Ren,Zehua Guo,Jiangxing Wu,Tao Hu,Lu Jie,Yuxiang Hu,Lei He

DOI: https://doi.org/10.1109/tnsm.2022.3163198

2022-01-01

Abstract:In this paper, we propose a resilient control plane based on endogenous security for Software-Defined Networking (SDN) named SDN-ESRC to prevent vulnerability backdoor attacks. SDN-ESRC uses a set of heterogeneous controllers (e.g., RYU, OpenDayLight, ONOS) to compose the control plane and dynamically and adaptively selects several heterogeneous controller instances from the controller set to detect and correct the malicious control messages. The design of SDN-ESRC faces two challenges: (1) increasing network update delay due to multi-controller comparison and (2) maintaining high controllable security. To address the first challenge, SDN-ESRC adopts the master modification mode to reduce the network update delay and identify malicious control messages. To address the second challenge, SDN-ESRC introduces the comparison modification mode to ensure high availability in real time. We propose an evaluation model for SDN-ESRC and theoretically analyze the SDN-ESRC’s endogenous security performance under three typical backdoor attack scenarios. We implement SDN-ESRC in a prototype system and conduct simulations and experiments. The results show that SDN-ESRC can improve the backdoor damage attack security up to 98.3%, the backdoor random attack security up to 99.99%, and the backdoor coordinated attack security up to 82% at the cost of increasing network update delay less than 8.3%.

Ziming Zhao,Zhuotao Liu,Huan Chen,Fan Zhang,Zhuoxue Song,Zhaoxuan Li

DOI: https://doi.org/10.1109/tdsc.2023.3349180

2024-01-01

Abstract:Defending against Distributed Denial of Service (DDoS) attacks is a fundamental problem in the Internet. Over the past few decades, the research and industry communities have proposed a variety of solutions, from adding incremental capabilities to the existing Internet routing stack, to clean-slate future Internet architectures, and to widely deployed commercial DDoS prevention services. Yet a recent interview with over 100 security practitioners in multiple sectors reveals that existing solutions are still insufficient against , due to either unenforceable protocol deployment or non-comprehensive traffic filters. This seemingly endless arms race with attackers probably means that we need a fundamental paradigm shift. In this paper, we propose a new DDoS prevention paradigm named preference-driven and in-network enforced traffic shaping , aiming to explore the novel DDoS prevention norms that focus on delivering victim-preferred traffic rather than consistently chasing after the DDoS attacks. Towards this end, we propose DFNet, a novel DDoS prevention system that provides reliable delivery of victim-preferred traffic without full knowledge of DDoS attacks. At a very high level, the core innovative design of DFNet embraces the advances in Machine Learning (ML) and new network dataplane primitives, by encoding the victim's traffic preference (in the form of complex ML models) into dataplane packet scheduling algorithms such that the victim-preferred traffic is forwarded with priority at line-speed, regardless of the attacker strategy. We implement a prototype of DFNet in 11,560 lines of code, and extensively evaluate it on our testbed. The results show that a single instance of DFNet can forward 99.93% of victim-desired traffic when facing previously unseen attacks, while imposing less than 0.1% forwarding overhead on a dataplane with 80 Gbps upstream links and a 40 Gbps bottleneck.

Hao Yin,Yang Wang,Geyong Min,Sebastien Berton,Rui Guo,Chuang Lin

DOI: https://doi.org/10.1002/cpe.1506

2010-01-01

Abstract:Multipath routing can adapt to traffic changes, increase reliability and enhance the Quality of Service support in communication networks. This routing algorithm has been recognized as one of the salient features in Mobile Ad hoc Networks (MANETs). However, existing multipath routing protocols are often practically infeasible due to its security venerability if they suffer from attacks in MANETs, such as repudiation attacks, Denial of Service attacks. In this paper we propose a novel secure multipath routing protocol, referred to as SMRP, and investigate its feasibility and performance. SMRP applies a new heuristic algorithm increasing the number of disjoint paths and a smart authentication mechanism to enhance the security against the attacks in MANETs. The performance results from extensive analysis and experiments show that SMRP can efficiently enhance the security in MANETs while preserving the low overhead of computing and communication. Copyright (C) 2009 John Wiley & Sons, Ltd.

GENG Hai-jun,WANG Wei,YIN Xia

DOI: https://doi.org/10.11896/jsjkx.210100051

2022-01-01

Computer Science

Abstract:Software defined network (SDN) is a new network architecture proposed by the clean slate research group of Stanford University.The significant feature of this architecture is to decouple the functions of control plane and forwarding plane,and to flexibly forward the network traffic.Based on this,Internet service providers have deployed SDN technology in their backbone network to maximize the utilization of network resources.However,due to the limitation of economic cost and technical conditions,the backbone network of internet service providers must be in the hybrid SDN network for a long time.The studies have shown that single network node failure is inevitable and occurs frequently.Therefore,it is a key scientific problem to study the routing protection me-thod for single network component failure in hybrid SDN networks.In this paper,the route protection method for single network component failure in hybrid SDN network is described,and then two heuristic methods are used to solve the problem.Finally,the proposed heuristic algorithms are tested in real and simulated topologies.The experimental results show that in the traditional backbone network,only a part of the traditional devices need to be upgraded to SDN devices,and the algorithms proposed in this paper can deal with all possible single network node failure cases in the network.

Sebastien Berton,Hao Yin,Chuang Lin,Geyong Min

DOI: https://doi.org/10.1109/gcc.2006.86

2006-01-01

Abstract:Mobile ad-hoc network (MANET) is an appealing technology that has attracted lots of research efforts over past years. Although the principle of wireless, structure-less, dynamic networks is attractive, there are still some major flaws that prevent commercial expansion. Security is one of these main barriers; MANETs are known to be particularly vulnerable to security attack. One solution proposed to increase security resilience is to use multipath routing algorithms [Papadimitratos et al., 2002]. However multipath routing also introduces new challenges in terms of security and security overhead. In this paper we consider the problem of secure routing in fully distributed MANETs using multipath routing. After studying the effect of multipath in terms of security, we propose an efficient multipath heuristic and a new approach to protect the route discovery called SDMSR to secure the routing protocol while mitigating security overhead

Meng-Wei Lee,Yu-Sian Li,Xin Huang,Yi-Ren Chen,Ting-Fang Hou,Cheng-Hsin Hsu

DOI: https://doi.org/10.1109/iwqos.2014.6914322

2014-01-01

Abstract:IP multicast dictates high-end routers and incurs high administrative overhead, which prevent them from being deployed in many video streaming scenarios. In this paper, we study the problem of computing the multipath multicast routes for streaming videos in Software-Defined Networks (SDNs), which adopt less expensive switches and reduce administrative overhead for lower CAPEX/OPEX. The objectives of the considered problem are robustness, load balance, SDN compatibility, and adaptiveness. We formulate this routing problem into a mathematical optimization problem, and propose two algorithms to address this problem. We implement the proposed algorithms on a popular OpenFlow controller to demonstrate its practicality, and we conduct extensive experiments to evaluate the proposed algorithms. The experiment results clearly show the merits of our algorithms over the IP multicast, e.g., we observe: (i) frame loss rate reduction between 19% and 95%, (ii) video quality improvement between 4 dB and 15 dB, (iii) sink throughput increase between 25% and 66%, and (iv) maximal link utilization reduction between 15% and 50%. We also show the tradeoff between optimality and run time of the two proposed algorithms: one of them is more suitable for smaller and more static networks, and the other one is more suitable for larger and more dynamic networks.

Huawei Huang,Song Guo,Weifa Liang,Keqiu Li,Baoliu Ye

DOI: https://doi.org/10.1109/jsac.2016.2615184

2016-01-01

Abstract:Software Defined Networking (SDN) brings numbers of advantages along with many challenges. One particular concern is on the control-plane resilience, while the existing protection approaches proposed for SDN networks mainly focus on data-plane. In order to achieve the carrier-grade recovery from link failures, we adopt the dedicated protection scheme towards finding optimal protection routing for control-plane traffic. To this end, we study a weighted cost minimization problem, in which the traffic load balancing and flow table rule placement are jointly considered when selecting protection paths for controller-switch sessions. Because this problem is known as NP-hard, we propose a Markov approximation based combinatorial optimization approach for routing protection in SDN control-plane, which produces near-optimal solution in a distributed fashion. We then extend our solution to an on-line case that can handle the single-link failure one at a time. The induced performance fluctuation is also analyzed with theoretical derivation. Extensive experimental results show that our proposed algorithm has fast convergence and high efficiency in resource utilization.

An Xie,Xiaoliang Wang,Guido Maier,Sanglu Lu

DOI: https://doi.org/10.48550/arXiv.1602.06686

2016-02-23

Abstract:With the wide deployment of network facilities and the increasing requirement of network reliability, the disruptive event like natural disaster, power outage or malicious attack has become a non-negligible threat to the current communication network. Such disruptive event can simultaneously destroy all devices in a specific geographical area and affect many network based applications for a long time. Hence, it is essential to build disaster-resilient network for future highly survivable communication services. In this paper, we consider the problem of designing a highly resilient network through the technique of SDN (Software Defined Networking). In contrast to the conventional idea of handling all the failures on the control plane (the controller), we focus on an integrated design to mitigate disaster risks by adding some redundant functions on the data plane. Our design consists of a sub-graph based proactive protection approach on the data plane and a splicing approach at the controller for effective restoration on the control plane. Such a systematic design is implemented in the OpenFlow framework through the Mininet emulator and Nox controller. Numerical results show that our approach can achieve high robustness with low control overhead.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Dongchao Ma,Pengyu Wang,Lihua Song,Wenlong Chen,Li Ma,Mingwei Xu,Laizhong Cui

DOI: https://doi.org/10.1016/j.comnet.2022.109486

IF: 5.493

2022-11-28

Computer Networks

Abstract:Multipath routing conforms to the evolution principle of network development and is a trend of routing architectures. It can not only meet the needs but also enhance the performance and security of a network. However, deploying multipath routing further increases the scale of the forwarding information base (FIB) and the cost of forwarding devices. Therefore, to realize the lightweight deployment of multipath routing with a distributed architecture, this paper takes two-dimensional routing (TD routing) as an example to provide a solution. We propose a distributed storage mechanism of TD routing in combination with SRv6 (TDSR) and the corresponding SRv6 header (SRH) compression (CARD) method. The main methods are as follows: Inspired by a software-defined wide area network (SD-WAN), this paper introduces segment routing (SR) in the data plane, which can disperse TD-FIBs in different ingress nodes. The ingress routers push path information into the stack, and the intermediate routers forward the packets according to the SRH. Second, for the bandwidth waste of the SRH, compression is attempted by comparing the difference between the the shortest path first (SPF) path and the SRv6 path. Only a few hops in the TD path that are different from those in the one-dimensional (OD) path are kept. Finally, we sort out several typical application scenes of multipath routing and discuss several simplification algorithms. The experimental results show that the TDSR can reduce TD entries by 69%, and the average compression rate of CARD can reach 70%. In addition, CARD can be combined with existing methods to improve their effect.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Nteziriza Nkerabahizi Josbert,Wang Ping,Min Wei,Mohammed Saleh Ali Muthanna,Ahsan Rafiq

DOI: https://doi.org/10.1109/access.2021.3079896

IF: 3.9

2021-01-01

IEEE Access

Abstract:In order to meet strict Quality-of-Service (QoS) constraints imposed by some industrial applications, the configuration of industrial networks must address the requirements of traffic flows with different priorities such as minimum delay and packet loss. The performance is affected significantly if the end-to-end delay and packet loss surpasses a specific limit, and may become unbefitting for the destination. In this paper, we select Software-Defined Networking (SDN) technology to manage centralized devices and design an optimal path to guarantee the QoS requirements by taking into consideration two types of traffic flows: the first is low-delay while the second is both low-delay and low-loss. By using this optimal path, the Reactive Flow Installation (RFI) method increases the time delay in the forwarding of packets. So as to solve this issue, we propose a Mixed Flow Installation (MFI) method based on caching the flow rules which correspond to the optimal paths in the hash table deployed in the SDN controller memory in order to reduce the computation time of the forwarding path and the load at the SDN controller. Alternatively, the pre-configured flow rules in switches by the Proactive Flow Installation (PFI) method achieves the delay-sensitive. However, the PFI is not modified when the network status or the traffic type changes till the timeout value expires. This can affect the QoS requirements for industrial applications. To handle this challenge, we propose a PFI Re-routing (PFIR) method that redefined faster a new optimal path according to change without waiting the SDN controller for new flow rules. With the care of wireless and wired networks, we have built a simulation network via the OpenDayLight SDN controller and conducted an experimental testbed. The framework results are demonstrated by the performances through reduction of end-to-end delay, packet loss rate, and packet violation ratio.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhuo Jiang,Qian Wu,Hewu Li,Jianping Wu

DOI: https://doi.org/10.1109/access.2018.2820719

IF: 3.9

2018-01-01

IEEE Access

Abstract:Satellite networks are multilayered, and the number of satellites in a single constellation is also increasing. These characteristics make satellite network more suitable for multipath transmission like multipath transmission control protocol (MPTCP). With the use of MPTCP, the bandwidth of different satellite channels can be aggregated, and the mobility performance of users can be improved. Furthermore, software defined networking (SDN) is introduced to the MPTCP to solve the shared bottleneck problem. However, the performance of existing scheme is still far from optimal. The main problems include: (1) static number setting of MPTCP subflows on a per host basis and (2) unaware of the traffic load during the subflow route selection. The shared bottleneck problem is more serious in the satellite network with lattice-like topology. To solve the above problems, we propose an sdn cooperated MPTCP (scMPTCP) architecture and its related algorithms. We extend TCP options to piggyback the relevant control information to flexibly support the communication between the subflows of transport layer and SDN controller. Then, we propose a load and shared bottleneck aware subflow route selection algorithm and adjust algorithm. These two algorithms select routes for new subflows based on the available bandwidth of each route and avoid the bottleneck of other subflows, and also can adapt to the changes of network load. We implement the scMPTCP and its algorithms. The evaluation results show that compared with searching over the non-overlapping paths or shortest paths schemes, our scheme can achieve much higher total system throughput. Moreover, by adjusting the subflows which share bottlenecks, the total aggregated throughput of that connection is also improved greatly.

Jiahao Cao,Renjie Xie,Kun Sun,Qi Li,Guofei Gu,Mingwei Xu

DOI: https://doi.org/10.14722/ndss.2020.23040

2020-01-01

Abstract:Software-Defined Networking (SDN) greatly meets the need in industry for programmable, agile, and dynamic networks by deploying diversified SDN applications on a centralized controller. However, SDN application ecosystem inevitably introduces new security threats since compromised or malicious applications can significantly disrupt network operations. Thus, a number of effective security enhancement systems have been developed to defend against potential attacks from SDN applications. In this paper, we identify a new vulnerability on flow rule installation in SDN, namely, buffered packet hijacking, which can be exploited by malicious applications to launch effective attacks bypassing all existing defense systems. The root cause of this vulnerability lies in that SDN systems do not check the inconsistency between buffer IDs and match fields when an application attempts to install flow rules. Thus, a malicious application can manipulate buffer IDs to hijack buffered packets even though they do not match any installed flow rules. We design effective attacks exploiting this vulnerability to disrupt all three SDN layers, i.e., application layer, data plane layer, and control layer. First, by modifying buffered packets and resending them to controllers, a malicious application can poison other applications. Second, by manipulating forwarding behaviors of buffered packets, a malicious application can not only disrupt TCP connections of flows but also make flows bypass network security policies. Third, by copying massive buffered packets to controllers, a malicious application can saturate the bandwidth of SDN control channels and their computing resources. We demonstrate the feasibility and effectiveness of these attacks with both theoretical analysis and experiments in a real SDN testbed. Finally, we develop a lightweight defense system that can be readily deployed in existing SDN controllers as a patch.

Yi Zhang,Lanxin Qiu,Yangzhou Xu,Xinjia Wang,Shengjie Wang,Agyemang Paul,Zhefu Wu

DOI: https://doi.org/10.3390/app132212520

2023-11-20

Applied Sciences

Abstract:Software-Defined Networking (SDN) enhances network control but faces Distributed Denial of Service (DDoS) attacks due to centralized control and flow-table constraints in network devices. To overcome this limitation, we introduce a multi-path routing algorithm for SDN called Trust-Based Proximal Policy Optimization (TBPPO). TBPPO incorporates a Kullback–Leibler divergence (KL divergence) trust value and a node diversity mechanism as the security assessment criterion, aiming to mitigate issues such as network fluctuations, low robustness, and congestion, with a particular emphasis on countering DDoS attacks. To avoid routing loops, differently from conventional ‘Next Hop’ routing decision methodology, we implemented an enhanced Depth-First Search (DFS) approach involving the pre-computation of path sets, from which we select the best path. To optimize the routing efficiency, we introduced an improved Proximal Policy Optimization (PPO) algorithm based on deep reinforcement learning. This enhanced PPO algorithm focuses on optimizing multi-path routing, considering security, network delay, and variations in multi-path delays. The TBPPO outperforms traditional methods in the Germany-50 evaluation, reducing average delay by 20%, cutting delay variation by 50%, and leading in trust value by 0.5, improving security and routing efficiency in SDN. TBPPO provides a practical and effective solution to enhance SDN security and routing efficiency.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Jiahui Li,Xiaogang Qi,Yi He,Lifang Liu

DOI: https://doi.org/10.1016/j.ress.2023.109893

IF: 7.247

2024-01-04

Reliability Engineering & System Safety

Abstract:Software-Defined Networks (SDNs) have emerged as significant frameworks for enhancing the network flexibility. Currently, the migration from legacy IP networks to pure SDNs promotes the development of hybrid SDNs. However, the inevitable link failures will damage the network reliability. Therefore, this paper focuses on upgrading the legacy routers to SDN switches with minimal deployment overhead for protecting against all link failures, and selecting appropriate protection paths with the routing flexibility of these switches, thus improving the network performance and resilience. Firstly, we propose the heuristic SCS_LN algorithm for SDN Candidate Selection (SCS) that narrows the selection range of SDN candidate nodes through the link protection difficulty and selects the upgraded nodes based on the node protection capability. Secondly, we develop PPS_PM algorithm with the weight-based selection rule for adaptive Protection Path Selection (PPS), which takes interactive path parameters into account, such as Protection Path Length (PPL) and Maximum Link Utilization (MLU). Finally, extensive simulation experiments on diverse network topologies with various parameters are conducted to demonstrate that our proposed algorithms save up to 12.58% of the SDN switch deployment, and gain up to 12.15% and 7.34% improvement of the average PPL and MLU over existing algorithms, respectively.

engineering, industrial,operations research & management science