Discuss about the Networks and Distributed System for SDN and PBM.
As the technology is advanced, challenges are also increased proportionally. As the network access and usage is increased the challenges of distribution of the appropriate content and resources to the end user are also proportionally increasing. As the computing devices are in a wider range, requirements of the end user are also in a wider range, it needs a detailed evaluation of the contemporary networking approaches made available today.
Software Defined Networking is anew networking approaches that to manage the services of the network, through higher-level functionality abstraction, by the network administrator. The functionality can be achieved through system decoupling and makes appropriate decisions of where to send the traffic from control plane, the system underlying and let the traffic to forward towards the data plane or to the targeted destination. The function of the SDN is more associated with the OpenFlow protocol for communicating with the elements of network plan, however, OpenFlow has not been a single solution for many companies, because of the emergence of many new different techniques.
The architecture of the SDN is based on the OpenFlow protocol, as a foundational element to build the proposed solution. So, the architecture has the following characteristics.
Administrators will be enabled to abstract the control from forwarding and allow the flow of the network wide traffic, dynamically, based on the dynamically changing traffic needs.
Administrator can program the network control directly, as forwarding functions can be very well decoupled.
Network intelligence is centralized, logically in the SDN controllers that are software based and allows maintaining network global view that appears to engines for policy and applications as a switch that is logical and single.
The network operations and network design are simplified, when these are implemented through the open standards, because SDN controllers are provided, instead of the vendor-specific, multiple devices and protocols.
The network manages would be able to configure secure, optimize and manage the network resources easily and quickly through automated and dynamic SDN programs that can even be written by themselves, as the programs are independent of the proprietary software.
The new SDN architecture is developed to manage the needs of the traffic resulted from the explosion of the server virtualization, cloud services advent and mobile devices and related content and the relative trends to drive the networking industry and help re-examining the architectures of the traditional network. The present or current networks are built with Ethernet switches tiers and hierarchical that is arranged in a structure of a tree. This design is suitable for the networks of the client-server models. However, this is a static architecture that is poorly suitable to the present the needs of the dynamic computing and computing storage resulted from the enterprise campuses, data centres and carrier environment. The software defined networking has the following benefits to the processes, organizations.
Managing the New Traffic Patterns
The new traffic patterns of today within the enterprise data centre are now compatible with the software defined network. Today’s changing traffic patterns of the network of the users are capable to be managed by the new networking approach. Users pushing the access to the new applications and corporate content from various mobile computing devices that connects at any point of time or anytime are the new demands and now easier and compatible with the SDN. The additional traffic that has been developing across the WAN (Wide Area Network) is resulting, as the new utility computing model that includes public cloud, private cloud or hybrid of both, by the enterprise data centre managers.
Easier Consumerization of IT
The job of the information technology is now easier to fulfil the demands of the increasing employing of the mobile computing devices, like notebooks, tablets, smartphones for accessing the corporate data and accommodate these computing devices. The fulfilment is done in a fine-grained manner and the intellectual data and corporate data can be well protected and meet the mandates of the compliance.
Rising Cloud Services
Enterprises can now result in growth of the devices, by embracing the cloud services, both private and public. The needs of the business units of the enterprises now can have agility for accessing the infrastructure, access applications and the resources of IT, on demand. The intention and planning of IT for cloud services can now be done in the increased security, auditing requirements, compliance. The elastic scaling of storage, resources of network, computing can now enable self-servicing provisioning, either in public or private cloud.
More Bandwidth for Big Data
The requirements and demands of today’s mega data sets or big data with parallel processing over the servers connecting each other can be fulfilled with the software defined networks. Demand for the additional capacity of the network in the data centre can be fulfilled by the SDN.
Figure: software defined networking architecture high level overview
The architecture of the SDN has the following components.
SDN Application
SDN applications communicate their requirements of the networks and the respective desired behaviour of network toe the controller of the SND, explicitly, programmatically, directly, through NBI (Northbound Interface). It consists of NBI drivers and SDN Application logic. They expose another layer of control of the abstracted control, so that higher level NBIs are offered through the NBI agents.
SDN Controller
SDN controller is vital part of the architecture and is centralized logically. It acts as an in charge of
SDN Data path
SDN Data path is a vital component that acts as a logical network device and helps exposing visibility and controls the advertised forwarding and capabilities of data processing.
SDN CDPI
Control to Data-Plane Interface stands as an interface between the SDN path and controller.
SDN NBI
Northbound Interface works as interface between the SDN controllers and applications.
Impact on IT Staff
Policy Based network Management stands to be a new technology that is capable of simplifying the tedious and complex tasks related to the distributed system and network management. It enables the network administrator to deploy the policies to manage various distributed or network system aspects in simplified and flexible manner. The policies in turn govern the behaviour of the network and processing. Policies are the rules that are independent from the technology. They aim at enhancement of the managed devices’ hard-coded functionality by introducing the interpreted logic that changes dynamically, without changing the implementations underlying. It allows programmability to some extent, without the need for operation interruption of managed system.
The architecture of the policy based management consists of the following four functional elements,
Figure: PBM Architecture and Elements
PMT enables the administrator to enforce the policies definition or update in the managed network. Then the policies resulted are stored in the policy repository in a new form for corresponding to the information model. So, it ensures interoperability possible across the products resulted from many vendors. When the existing policies are changed or new ones are added, in the repository, the relevant PDP along with the necessary notifications, by the PMT issues. The policies are interpreted by the PDP and communicate the policies towards the PEP. The latter one is considered as a component used to run on a node that runs on policy awareness and enforces to execute the policies. All these components communicate with each other through many protocols.
Policy refinement transforms a abstract or higher level policy specification into concrete and low level policies, which could be enforced for the systems that are managed.
Logical PBM Architecture
The following are the distinct characteristics of the network management and traffic that is policy based.
Wider areas of services as well as the controls can be deployed through the policy based network management as the following, for example.
The network administrator can set the networks with the following example policies.
Figure: An Example Deployment
PBM Conclusion
There are new security challenges created by the pervasive mobile computing as well as the communication. These problems as well as the network management issues can be solved through the PBM networking approach. However, though there are many solutions, the same concept and approach brings new challenges. And the research is going on and continuing to overcome the new challenges.
Policy Based Network Management has many benefits associated with the processes, organizations as the following.
A comprehensive network policy not only manages the traffic at the network backbone and pints of WAN access, but also should have manage the traffic at the origin.
The network access is regulated by the firewalls, based on the server, without end-nodes direct involvement. It gives a clear indication that the end user or end node acts dumb. The new networking approach make the proxy based firewall, as a gateway, acts as viable and potential applications for control and security. Until this proxy becomes available, new services over the network are denied. Firewall that is based on packet inspection needs modifications that are application sensitive to the code of inspections towards providing maximum security and also help the new services to be allowed to pass through the firewall. In this client centric approach, content application specific inspection and the privileges of access for the new services can be provisioned easily at the location of the client, without modifying the client software.
A spectrum of traffic that is quite typical and usual in the present network environments, adaptive and dynamic mechanisms would be offered by bandwidth specification, in association with the traffic policy.
Usually, the applications traffic nature might be characterized by variable or constant bit rage, burst or continuous bandwidth allocation, continuous or loose relationships of timing between the delay sensitivity and endpoints. Here a potential combination of allocation of bandwidth based on application and priority offers intuitive and flexible resource management method.
The new networking approach makes the policy control protocol to be extensible and simpler to support information specific to the diverse client and policy directives, without the need for protocol modification.
The architecture provided and distributed by policy.net, provides a module services and single framework towards simplification of traffic engineering.
Policy is enforced through packet, session and application level filters through the real time engine, from the agent.
Rules are enforced at each of the layer for determining the access to be partial, full or deny through traffic to the following layers towards evaluation further. After applying the rules, the traffic starts flowing through the rate control engines, where bandwidth privileges are enforced for service or application.
The policy server is set of database servers and manager, distributed ways to manage the agents of polcy at the network endpoints.
Management services enabled through graphical user interfaces, with the help of policy administrator, remote console and policy monitor.
Continuous issues that are associated with the blocking filters of content in the cyberspace are addressed by policy.net
The activity report is provided including accurate and granular connection level information.
Inspection of the content and protocols in compliance with the internet standards that are established by the stateful traffic provided by the real-time agents
Meaningful congestion management can be facilitated from the prioritization and classification of the traffic deriving the rate controls.
The non-promiscuous operation mode is non-intrusive on the network traffic broadcast of traffic recorder and providers better performance and granularity, when compared with the traditional network monitors with promiscuous mode
The remote network access is controlled and regulated by policy.net through VPN connections and dialup adapters over the internet.
Security is enforced by the cryptographic technology and state-of-the-art encryption to ensure the user administration integrity, supervision and authentication.
The effective use of algorithms and memory of non-paged system for content analysis of the incremental pocket are key to the performance at real time.
Policy Based Management impacts the IT staff in such a way that the resource provision is done only through the policies defined and distributed among them. The key success for this network approach is in the defining the policies, monitoring the network traffic and access consistently, throughout the life of the network.
Both the SDN and PBM are potential in managing the traffic of the network with their own strengths and the following are the capabilities of them.
|
SOFTWARE DEFINED NETWORKING |
POLICY BASED MANAGEMENT |
|
· Provision of centralized networking · Holistic enterprise management · More granular security · Lower cost for operating · Savings of hardware and reduced expenditures of capital · Cloud abstraction · Guaranteed content delivery · Networking management, physical Vs. Virtual · Reduced downtime · Isolation and traffic control · Central networking management · Extensibility |
· Client based paradigm · Improved network traffic management · Managed network architecture · Distributed architecture · Deployment configuration · Better policy agent · End point policy enforcement · Effective policy server · Remote administration · Content restriction · Activity reports · Stateful traffic inspection · Network congestion management · Agent traffic recorder · Remote access management · System security · Effective usage of the resource requirements |
Apart from the regular requirements of the network, the following infrastructure is needed for the new networking approaches.
|
SOFTWARE DEFINED NETWORKING |
POLICY BASED MANAGEMENT |
|
Model of automated control, centralized and provisioning Multi-tenancy support Supporting monitoring, establishment and maintenance of SLAs Optimizing network resources Increase service velocity Integration of Ethernet,applying the SDN principles and telecommunication technologies |
Infrastructure majorly in definition of the policies and implementation |
SDN has the potential benefits to the proposed organization majorly in the effective management of the traffic, in a much easier ways, so that today’s speed requirements of the network and internet can be achieved by the organization. However, there are many security issues associated with the SDN, as the infrastructure and protocols are yet to be tighter towards tighter and effective security of the content and privileges for the resources.
PBM architecture has potential benefits to the organization that focuses on regulation of the provision of the resources of the network to the end user. In this context of adapting the new network architecture to the organization, end-users belong at various levels of hierarchy and the end user at each hierarchical level need unique set of control that can be defined with policies. PBM can justify the needs of unique set of controls to the end user and when the restrictions are regulations are made, the traffic would be automatically distributed to various content and resources, to at least half the extent and the remaining to be managed with other network speed enhancing methods.
Out of the two choices, SDN and PBM, policy based management can be recommended for the safety and security of the intellectual property and fair distribution of the content and resources to the authorized users, without the possibilities of hacking, peeping, etc.
References
“Interop 2014: Avaya to showcase Automated Campus part of SDN initiative”. Info Tech Lead.
Agrawal, D. Giles, J,. Lee, K. Lobo, J, 2005, “Policy Ratification,” proceedings of IEEE Workshop on Policies for Networks and Distributed Systems, Stockholm, Sweden.
Al-Shaer, E. Hamed, H, 2004, “Discovery of Policy Anomalies in Distributed Firewalls,” proceedings of IEEE Communications Society Conference, Hong Kong.
Al-Shaer, E. Hamed, H, 2004, “Modeling and Management of Firewall Policies,” IEEE Transactions on Network and Service Management, Vol. 1.
Al-Shaer, Ehab, Al-Haj, Saeed, 2010, “FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures”.Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Bandara, A Lupu, EA. Russo, A, 2003, “Using Event Calculus to Formalise Policy Specification and Analysis,” proceedings of IEEE Workshop on Policies for Distributed Systems and Networks, Lake Como, Italy.
Benton, Kevin, Camp, L, Jean, Small, Chris, 2013, “Openflow vulnerability assessment”. Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Bernardo, Chua, 2015, Introduction and Analysis of SDN and NFV Security Architecture (SA-SECA). 29th IEEE AINA 2015
Blair, L. Turner, K, 2005, “Handling Policy Conflicts in Call Control,” proceedings of International Conference on Feature Interaction, Leicester, UK.
Braga, Rodrigo, Mota, Edjard, Passito, Alexandre, 2010, “Lightweight DDoS flooding attack detection using NOX/OpenFlow”.Local Computer Networks (LCN), 2010 IEEE 35th Conference
Canini, Marco, Venzano, Daniele, Peresini, Peter, Kostic, Dejan, Rexford, Jennifer; et al., 2012, A NICE Way to Test OpenFlow Applications. NSDI
Charalambides, M. Flegkas, P. Pavlou, G, Loyola, R. Bandara, A. Lupu, E, Sloman, M, Russo, A. Dulay, N, 2009, “Policy Conflict Analysis for DiffServ Quality of Service Management,” IEEE Transactions on Network and Service Management, Vol. 6, No. 1.
Davy, S. Jennings, B. Strassner, J, 2008, “Application Domain Independent Policy Conflict Analysis Using Information Models,” proceedings of IEEE/IFIP Network Operations and Management Symposium, Bahia, Brazil.
Feamster, Nick, 2010, “Outsourcing home network security”.Proceedings of the 2010 ACM SIGCOMM workshop on Home networks.
Giotis, K, Argyropoulos, Christos, Androulidakis, Georgios, Kalogeras, Dimitrios, Maglaris, Vasilis, 2014, “Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments”. Computer Networks
Hayward, S, Sandra, O’Callaghan, Gemma, Sezer, Sakir, 2013, “SDN security: A survey”. Future Networks and Services (SDN4FNS), 2013 IEEE SDN
Jin, Ruofan, Wang, Bing, 2013, “Malware detection for mobile devices using software-defined networking”. Research and Educational Experiment Workshop (GREE), 2013 Second GENI
Kreutz, D, Ramos, Fernando, Verissimo, Paulo, 2013, “Towards secure and dependable software-defined networks”.Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking.
Lupu, E. Sloman, M, “Conflicts in Policy-based Distributed Systems Management,” IEEE Transactions on Software Engineering – Special Issue on Inconsistency Management, Vol. 25
Moore, B, Ellesson, E, Strassner, J, Westerinen, A, 2001, “Policy Core Information Model,” RFC 3060, IETF.
Samak, T. Al-Shaer, E. Li, H, 2008, “QoS Policy Modeling and Conflict Analysis,” proceedings of IEEE Workshop on Policies for Networks and Distributed Systems, New York, USA.
Sherwood, Rob, Gibb, Glen, Yap, Kok-Kiong, Appenzeller, Guido, Casado, Martin, McKeown, Nick, Parulkar, Guru, 2009, “Flowvisor: A network virtualization layer”.OpenFlow Switch Consortium, Tech. Rep
Sloman, M, 1994, “Policy Driven Management for Distributed Systems,” Journal of Network and Systems Management, Vol. 2, Plenoum Press
Strassner, J, 2004, “Policy-Based Network Management,” Morgan Kaufmann Publishers
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download