Software Defined Networking (SDN) has rapidly emerged as a promising solution to build the future Internet. Current legacy network devices are typically proprietary, closed, and complex platforms, severely throttling innovation in networking for years. To break the long-lasting barrier, SDN is designed to separate intelligent control plane (controller) from switching fabrics, and make data plane simple and fast at forwarding packets, ushering in enormous opportunities for rapid open innovations and quick creation of customer services.
While SDN suggests a new network architecture for open service introduction, its openness also has caused serious security and performance issues, which drive us to dedicate the research efforts on various SDN topics, including SDN security, SDN policy updates, SDN data-plane verification, etc.
Network Operator's networks are populated with a large and increasing variety of proprietary hardware appliances. Network Functions Virtualization (NFV) aims to address increasing problems resulted from proprietary hardware appliances by leveraging standard IT virtualization technology to consolidate many network equipment types onto industry standard high volume servers, switches and storage, which could be located in Datacenters, Network Nodes and in the end user premises. Network Functions Virtualization is highly complementary to Software Defined Networking. Virtualizing Network Functions could potentially offer many benefits, including , but not limited to, reducing equipment cost and power cost, increasing speed of Time to Market, providing network appliance multi-tenancy.
However, there are unique challenges and opportunities to ensuring service availability, maintaining resiliency in an NFV-based system. It is also critical to assure the security of NFV along with cloud computing, since a large fraction of the global economy depends on it.
Even though SDN-based cloud has the merit of allowing more flexibility in network management, the correctness of network configuration and the security of network accessing in SDN-based cloud however have not been addressed in multi-tenant scenarios. To address this issue, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can avoid network resource misconfiguration and defend against unauthorized attacks.
The key differentiator of virtualized data centers between the IT and telecom domains is the level of service continuity. Whereas in the IT domain outrages lasting seconds are tolerable and the service user typically initiates retries, in the telecom domain there is an underlying service expectation that outrages will be below the recognizable level, and service recovery is performed automatically. Thus, it is vital to control outrages in negligible time, limit the amount of affected users.
The SDN paradigm embraces third-party development efforts, and therefore suffers from potential attacks that usurp the excessive privileges of control plane applications. Such privilege abuse could lead to various attacks impacting the entire administrative domain. In this project, we design an access control system tailered for SDN application environment.
Modular composition in software-defined networks ensures the correctness of independently deployed applications. Current modular composition techniques are not optimal in terms of both the number of rule updates to the data plane switches and the latency cost of individual updates. In this project, we design end-to-end optimization framework for software-defined networks that significantly accelerate network policy updates.
Due to hardware and software problems, the dataplane state may not be congruent to the configuration specifications of the control plane in software defined networks. There is a pressing need for data plane mechanisms that can detect and identify offending forwarding rules. In this project, we study the fault models of forwarding elements and design probing systems that discover and troubleshoot these faults.