Abstract: Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.

Abstract: Network Function Virtualization (NFV) has been emerging as an appealing solution that transforms complex network functions from dedicated hardware implementations to software instances running in a virtualized environment. Due to the numerous advantages such as flexibility, efficiency, scalability, short deployment cycles, and service upgrade, NFV has been widely recognized as the next-generation network service provisioning paradigm. In NFV, the requested service is implemented by a sequence of Virtual Network Functions (VNF) that can run on generic servers by leveraging the virtualization technology. These VNFs are pitched with a predefined order through which data flows traverse, and it is also known as the Service Function Chaining (SFC). In this article, we provide an overview of recent advances of resource allocation in NFV. We generalize and analyze four representative resource allocation problems, namely, (1) the VNF Placement and Traffic Routing problem, (2) VNF Placement problem, (3) Traffic Routing problem in NFV, and (4) the VNF Redeployment and Consolidation problem. After that, we study the delay calculation models and VNF protection (availability) models in NFV resource allocation, which are two important Quality of Service (QoS) parameters. Subsequently, we classify and summarize the representative work for solving the generalized problems by considering various QoS parameters (e.g., cost, delay, reliability, and energy) and different scenarios (e.g., edge cloud, online provisioning, and distributed provisioning). Finally, we conclude our article with a short discussion on the state-of-the-art and emerging topics in the related fields, and highlight areas where we expect high potential for future research.

Abstract: The space-air-ground integrated network (SAGIN) can enhance the performance of the Internet of Vehicles (IoV). However, the basic hardware differences among communication systems are large, which leads to communication difficulties between different communication systems. To effectively manage multiple communications networks (satellite networks, air networks and terrestrial networks) and computing resources in IoV, this paper proposes a SAGIN-IoV edge-cloud architecture based on software defined networking (SDN) and network function virtualization (NFV). In addition, we construct an optimization model based on SAGIN-IoV’s service requirements, and propose an improved algorithm. Experimental results show that the improved algorithm can effectively optimize the resource scheduling problem of SAGIN-IoV.

Abstract: It is widely recognized that connected vehicles have the potential to further improve the road safety, transportation intelligence and enhance the in-vehicle entertainment. By leveraging the 5G enabled Vehicular Ad hoc NETworks (VANET) technology, which is referred to as 5G-VANET, a flexible software-defined communication can be achieved with ultra-high reliability, low latency, and high capacity. Many enabling applications in 5G-VANET rely on sharing mobile data among vehicles, which is still a challenging issue due to the extremely large data volume and the prohibitive cost of transmitting such data using 5G cellular networks. This article focuses on efficient cooperative data sharing in edge computing assisted 5G-VANET. First, to enable efficient cooperation between cellular communication and Dedicated Short-Range Communication (DSRC), we first propose a software-defined cooperative data sharing architecture in 5G-VANET. The cellular link allows the communications between OpenFlow enabled vehicles and the Controller to collect contextual information, while the DSRC serves as the data plane, enabling cooperative data sharing among adjacent vehicles. Second, we propose a graph theory based algorithm to efficiently solve the data sharing problem, which is formulated as a maximum weighted independent set problem on the constructed conflict graph. Specifically, considering the continuous data sharing, we propose a balanced greedy algorithm, which can make the content distribution more balanced. Furthermore, due to the fixed amount of computing resources allocated to this software-defined cooperative data sharing service, we propose an integer linear programming based decomposition algorithm to make full use of the computing resources. Extensive simulations in NS3 and SUMO demonstrate the superiority and scalability of the proposed software-defined architecture and cooperative data sharing algorithms.

Abstract: Software Defined Networking (SDN) is regarded as the next generation paradigm as it simplifies the structure of the data plane and improves the resource utilization. However, in current Software Defined Communication Systems (SDCSs), the maximum or minimum metric value based routing strategies come from traditional networks, which lack the ability of self-adaptation and do not efficiently utilize the computation resource in the controllers. To solve these problems, in this paper, we utilize the deep learning technique to conduct the routing computation for the SDCSs. Specifically, in our proposal, the considered Convolutional Neural Networks (CNNs) are adopted to intelligently compute the paths according to the input real-time traffic traces. To reduce the computation overhead of the central controller and improve the adaptation of CNNs to the changing traffic pattern, we consider an online training manner. Analysis shows that the computation complexity can be significantly reduced through the online training manner. Moreover, the simulation results demonstrate that our proposed CNNs are able to compute the appropriate paths combinations with high accuracy. Furthermore, the adopted periodical retraining enables the deep learning structures to adapt to the traffic changes.

Abstract: Software-defined networking (SDN) is an approach in the network that provides many advantages with the help of separating the intelligence of the network (controller) with the underlying network infrastructure (data plane). But this isolation also gives birth to many security concerns; therefore, the need to protect the network from various attacks is becoming mandatory. Distributed Denial of Service (DDoS) in SDN is one such attack that is becoming a hurdle to its growth. Before the mitigation of DDoS attacks, the primary step is to detect them. In this paper, an early DDoS detection tool is created by using SNORT IDS (Intrusion Detection System). This tool is integrated with popularly used SDN controllers (Opendaylight and Open Networking Operating System). For the experimental setup, five different network scenarios are considered. In each scenario number of hosts, switches and data packets vary. For the creation of different hosts, switches the Mininet emulation tool is used whereas for generating the data packets four different penetration tools such as Hping3, Nping, Xerxes, Tor Hammer, LOIC are used. The generated data packets are ranging from (50,000 per second–2,50,000 per second) and the number of hosts/switches are ranging from (50–250) in every scenario respectively. The data traffic is bombarded towards the controllers and the evaluation of these packets is achieved by making use of Wireshark. The analysis of our DDoS detection system is performed on the basis of various parameters such as time to detect the DDoS attack, Round Trip Time (RTT), percentage of packet loss and type of DDoS attack. It is found that ODL takes minimum time to detect the successful DDoS attack and more time to go down than ONOS. Our tool ensures the timely detection of fast DDoS attacks which delivers the better performance of the SDN controller and not compromising the overall functionality of the entire network.

Abstract: Traditional routing protocols employ limited information to make routing decisions, which can lead to a slow adaptation to traffic variability, as well as restricted support to the Quality of Service (QoS) requirements of applications. This article introduces a novel approach for routing in Software-defined networking (SDN), called Reinforcement Learning and Software-Defined Networking Intelligent Routing (RSIR). RSIR adds a Knowledge Plane to SDN and defines a routing algorithm based on Reinforcement Learning (RL) that takes into account link-state information to make routing decisions. This algorithm capitalizes on the interaction with the environment, the intelligence provided by RL and the global view and control of the network furnished by SDN, to compute and install, in advance, optimal routes in the forwarding devices. RSIR was extensively evaluated by emulation using real traffic matrices. Results show RSIR outperforms the Dijkstra’s algorithm in relation to the stretch, link throughput, packet loss, and delay when available bandwidth, delay, and loss are considered individually or jointly for the computation of optimal paths. The results demonstrate that RSIR is an attractive solution for intelligent routing in SDN.

Abstract: The application of Internet of Things (IoT) within industrial environments is fostering the adoption of the digital twin (DT) approach, applied at the edge of the network to handle heterogeneity stemming from siloed application management solutions and from protocols originated by different manufacturing tools and enterprise services. In this challenging context, network heterogeneity also represents a critical element that can significantly limit the design and deployment of DT-oriented applications. This article proposes the Application-driven digital twin networking middleware with the twofold objective of: 1) Simplifying the interaction among heterogeneous devices by allowing DTs to exploit IP-based protocols instead of specialized industrial ones and to enhance packet content expressiveness, by enriching data via well-defined standards. 2) Dynamically managing network resources in edge industrial environments, applying software defined networking to exploit the communication mechanisms most suitable to application requirements, ranging from native IP to more articulated based on packet content.

Abstract: With the incoming introduction of 5G networks and the advancement in technologies such as network function virtualization and software defined networking, new and emerging networking technologies and use cases are taking shape. One such technology is the Internet of Vehicles (IoV), which describes an interconnected system of vehicles and infrastructure. Coupled with recent developments in artificial intelligence and machine learning, IoV is transformed into an intelligent transportation system (ITS). There are, however, several operational considerations that hinder the adoption of ITSs, including scalability, high availability, and data privacy. To address these challenges, federated learning, a collaborative and distributed intelligence technique, is suggested. Through an ITS case study, the ability of a federated model deployed on roadside infrastructure throughout the network to recover from faults by leveraging group intelligence while reducing recovery time and restoring acceptable system performance is highlighted. With a multitude of use cases and benefits, federated learning is a key enabler for ITS and is poised to achieve widespread implementation in 5G and beyond networks and applications.

Abstract: Programmable data planes allow users to define their own data plane algorithms for network devices including appropriate data plane application programming interfaces (APIs) which may be leveraged by user-defined software-defined networking (SDN) control. This offers great flexibility for network customization, be it for specialized, commercial appliances, e.g., in 5G or data center networks, or for rapid prototyping in industrial and academic research. Programming protocol-independent packet processors (P4) has emerged as the currently most widespread abstraction, programming language, and concept for data plane programming. It is developed and standardized by an open community, and it is supported by various software and hardware platforms. In the first part of this paper we give a tutorial of data plane programming models, the P4 programming language, architectures, compilers, targets, and data plane APIs. We also consider research efforts to advance P4 technology. In the second part, we categorize a large body of literature of P4-based applied research into different research domains, summarize the contributions of these papers, and extract prototypes, target platforms, and source code availability. For each research domain, we analyze how the reviewed works benefit from P4's core features. Finally, we discuss potential next steps based on our findings.

Abstract: In recent years, rapid development has been made to the Internet of Things communication technologies, infrastructure, and physical resources management. These developments and research trends address challenges such as heterogeneous communication, quality of service requirements, unpredictable network conditions, and a massive influx of data. One major contribution to the research world is in the form of software-defined networking applications, which aim to deploy rule-based management to control and add intelligence to the network using high-level policies to have integral control of the network without knowing issues related to low-level configurations. Machine learning techniques coupled with software-defined networking can make the networking decision more intelligent and robust. The Internet of Things application has recently adopted virtualization of resources and network control with software-defined networking policies to make the traffic more controlled and maintainable. However, the requirements of software-defined networking and the Internet of Things must be aligned to make the adaptations possible. This paper aims to discuss the possible ways to make software-defined networking enabled Internet of Things application and discusses the challenges solved using the Internet of Things leveraging the software-defined network. We provide a topical survey of the application and impact of software-defined networking on the Internet of things networks. We also study the impact of machine learning techniques applied to software-defined networking and its application perspective. The study is carried out from the different perspectives of software-based Internet of Things networks, including wide-area networks, edge networks, and access networks. Machine learning techniques are presented from the perspective of network resources management, security, classification of traffic, quality of experience, and quality of service prediction. Finally, we discuss challenges and issues in adopting machine learning and software-defined networking for the Internet of Things applications.

Abstract: Insecure and portable devices in the smart city’s Internet of Things (IoT) network are increasing at an incredible rate. Various distributed and centralized platforms against cyber-attacks have been implemented in recent years, but these platforms are inefficient due to their constrained levels of storage, high energy consumption, the central point of failure, underutilized resources, high latency, etc. In addition, the current architecture confronts the problems of scalability, flexibility, complexity, monitoring, managing & collecting of IoT data and defend against cyber-threats. To address these issues, the authors present a distributed and decentralized Blockchain-Software Defined Networking (SDN) based energy-aware architecture for IoT in smart cities. Thus, SDN continuous observing, controlling, managing IoT devices activities and detect possible attacks in the network; Blockchain provides adequate security & privacy against cyber-attacks, reduces the central point of failure issues; Network Function Virtualization (NFV) are used to saving energy, load balancing, as well as increasing the lifetime of the entire network. Also, we introduce a Cluster Head Selection (CHS) algorithm to reduce the energy consumption in the presented model. Finally, we analyze the performance using various parameters (e.g., throughput, response time, gas consumption, communication overhead) and demonstrating the result that provides higher throughput, lower response time, lower gas consumption than existing works for smart cities.

Abstract: In this paper, we propose a traffic-aware quality-of-service (QoS) routing scheme in software-defined internet of things (SDIoT) network. The proposed scheme exploits the unique features of software-defined networking (SDN), such as flow-based nature, and network flexibility, in order to fulfill QoS requirements of each flow in the network. We consider two types of QoS routing strategies—delay-sensitive and loss-sensitive—for incoming packets from end-devices in the network. The former is devised to deal with delay-sensitive flows, and the latter deals with loss-sensitive flows, in order to maximize the overall network performance. We propose a greedy approach based on Yen's K-shortest paths algorithm to compute the optimal forwarding path, while considering the QoS requirements of each packet. Consequently, the SDN controller deploys adequate flow-rules at the forwarding devices in the network. Extensive simulation results show that the proposed scheme significantly reduces the end-to-end delay and the percentage of flows which violate QoS constraints compared to the benchmarks considered in the study. It is also observed that the proposed scheme adequately satisfies the QoS requirements for both type of flows in contrast to the existing schemes. In particular, with 2000 flows in the network, the proposed scheme achieves 13%, 14% and 15% (with AttMpls topology) and 38%, 37% and 39% (with Goodnet topology) reduction in QoS violated flows as compared to the existing LARAC, SPD, and MRC schemes, respectively.

Abstract: Fifth-Generation (5G) mobile cellular networks provide a promising platform for new, innovative and diverse IoT applications, such as ultra-reliable and low latency communication, real-time and dynamic data processing, intensive computation, and massive device connectivity. End-to-End (E2E) network slicing candidates present a promising approach to resource allocation and distribution that permit operators to flexibly provide scalable virtualized and dedicated logical networks over common physical infrastructure. Though network slicing promises the provision of services on demand, many of its use cases, such as self-driving cars and Google’s Stadia, would require the integration of a Multi-Access Edge Computing (MEC) platform in 5G networks. Edge Computing is envisioned as one of the key drivers for 5G and Sixth-Generation (6G) mobile cellular networks, but its role in network slicing remains to be fully explored. We investigate MEC and network slicing for the provision of 5G service focused use cases. Recently, changes to the cloud-native 5G core are a focus with MEC use cases providing network scalability, elasticity, flexibility, and automation. A cloud-native microservices architecture, along with its potential use cases for 5G network slicing, is envisioned. This paper also elaborates on the recent advances made in enabling E2E network slicing, its enabling technologies, solutions, and current standardization efforts. Finally, this paper identifies open research issues and challenges and provides possible solutions and recommendations.

Abstract: The evolution of cyber–physical system (CPS) benefits from substantial supports of many cutting-edge technologies. However, as a significant medium to bridge virtual and reality parts, the dependability of various network components is facing unprecedented challenges and threats. In this article, we propose a smart collaborative balancing (SCB) scheme to dynamically adjust the orchestration of network functions and efficiently optimize the workflow patterns. First, mathematical models of bandwidth allocation for multiuser with appropriate probability distribution are established. Matrix operations are utilized to solve the relevant issues based on individual congestion windows. Invasion defense mechanisms are also provided and discussed. Second, specific procedures of collaboration among different network components are presented. The capabilities of CPS, in terms of bandwidth allocation and invasion defense, are guaranteed via novel queueing policies and access control mechanisms. Third, we build a comprehensive prototype including multiple domains and users for validations. Experimental results in two scenarios illustrate that SCB not only supports service reliability of end hosts with different priorities, but also resists malicious attacks which are targeting the corresponding terminals inside domains. Compared to the benchmarks in software defined networks and traditional Internet, our scheme performs better in both available resource management and abnormal flow recognition aspects.

Abstract: The Software-Defined Network (SDN) is a new network paradigm that promises more dynamic and efficiently manageable network architecture for new-generation networks. With its programmable central controller approach, network operators can easily manage and control the whole network. However, at the same time, due to its centralized structure, it is the target of many attack vectors. Distributed Denial of Service (DDoS) attacks are the most effective attack vector to the SDN. The purpose of this study is to classify the SDN traffic as normal or attack traffic using machine learning algorithms equipped with Neighbourhood Component Analysis (NCA). We handle a public “DDoS attack SDN Dataset” including a total of 23 features. The dataset consists of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP) normal and attack traffics. The dataset, including more than 100 thousand recordings, has statistical features such as byte_count, duration_sec, packet rate, and packet per flow, except for features that define source and target machines. We use the NCA algorithm to reveal the most relevant features by feature selection and perform an effective classification. After preprocessing and feature selection stages, the obtained dataset was classified by k-Nearest Neighbor (kNN), Decision Tree (DT), Artificial Neural Network (ANN), and Support Vector Machine (SVM) algorithms. The experimental results show that DT has a better accuracy rate than the other algorithms with 100% classification achievement.

Abstract: Today’s emerging needs (Internet of Things applications, Network Function Virtualization services, Mobile Edge computing, etc) are challenging the classic approach of deploying a few large data centers to provide cloud services A massively distributed Cloud-Edge architecture could better fit these new trends’ requirements and constraints by deploying on-demand infrastructure services in Point-of-Presences within backbone networks In this context, a key feature is establishing connectivity among several resource managers in charge of operating, each one a subset of the infrastructure After explaining the networking management challenges related to distributed Cloud-Edge infrastructures, this article surveys and analyzes the characteristics and limitations of existing technologies in the Software Defined Network field that could be used to provide the inter-site connectivity feature We also introduce Kubernetes, the new de facto container orchestrator platform, and analyze its use in the proposed context This survey is concluded by providing a discussion about some research directions in the field of SDN applied to distributed Cloud-Edge infrastructures’ management

Abstract: The Internet has caused the advent of a digital society; wherein almost everything is connected and available from any place. Thus, regardless of their extensive adoption, traditional IP networks are yet complicated and arduous to operate. Therefore, there is difficulty in configuring the network in line with the predefined procedures and responding to the load modifications and faults through network reconfiguring. The current networks are likewise vertically incorporated to make matters far more complicated: the control and data planes are bundled collectively. Software-Defined Networking (SDN) is an emerging concept which aims to change this situation by breaking vertical incorporation, promoting the logical centralization of the network control, separating the network control logic from the basic switches and routers, and enabling the network programming. The segregation of concerns identified between the policies concept of network, their implementation in hardware switching and data forwarding is essential to the flexibility required: SDN makes it less Review Article complicated and facilitates to make and introduce new concepts in networking through breaking the issue of the network control into tractable parts, simplifies the network management and facilitate the development of the network. In this paper, the SDN is reviewed; it introduces SDN, explaining its core concepts, how it varies from traditional Furthermore, we presented the crucial advantages and challenges of SDN security, flexibility, and performance. Finally, a brief conclusion of SDN is revised.

Abstract: The 5G network revolution will be enabled by deep integration of Software Defined Networking (SDN) and Network Function Virtualization (NFV) to support multi-tenancy, per-user and per-application quality of service and experience. However, full softwarization and current SDN platforms may not be able to sustain the complexity and the heterogeneity of different requirements, for example, strict latency, jitter, high precision traffic and advanced monitoring. For such services, SDN/NFV needs to be boosted not only considering orchestration and control plane, but also data plane programmability. In this article, the potential of the P4 language is illustrated with the aim to show its disruptive novel functionalities at the data plane level currently not available in a SDN/NFV network, opening the way to new orchestration frameworks and enabling a novel autonomic and flexible network at the edge. Use cases, assessments and softwarized performance results are proposed and discussed in the edge and IoT scenario, targeting advanced traffic engineering, cyber security, multi-tenancy, 5G offloading, and telemetry, to demonstrate the feasibility of such an approach.

Abstract: The digital transformation of industry requires industrial control networks provide high flexibility and determinacy. Time-sensitive software-defined networking that combines time-sensitive networking and software-defined networking is a new network paradigm which provides both real-time transmission feature and network flexibility. During network updates, the transmission consistency needs to be maintained. However, previous mechanisms mostly target on the proper schedule transition, which cannot guarantee no frame loss and also introduces extra update overhead. The article proposes a novel flow schedule generation model which guarantees no frame loss during network updates even with the basic two-phase update mechanism and introduces no extra update overhead. Two algorithms are designed for the model to adapt to different application scenarios: the offline algorithm poses better schedulability, whereas the online one consumes less time with slightly decreased schedulability. The experiments on two real-world industrial networks demonstrate our mechanism achieves zero frame loss without extra update overhead compared to existing methods, and the online algorithm saves 40% execution time with at most 10% schedulability decrease when the bandwidth utilization is less than 50%.

Abstract: Based on network function virtualization (NFV) and software defined network (SDN), network slicing is proposed as a new paradigm for building service-customized 5G network. In each network slice, service-required virtual network functions (VNFs) can be flexibly deployed in an on-demand manner, which will support a variety of 5G use cases. However, due to the real-time network variations and diverse performance requirements among different 5G scenarios, online adaptive VNF deployment and migration are needed to dynamically accommodate to service-specific requirements. In this paper, we first propose a time-slot based 5G network slice model, which jointly includes both edge cloud servers and core cloud servers. Since VNF consolidation may cause severe performance degradation, we adopt a demand-supply model to quantify the VNF interference. To achieve our objective—maximizing the total reward of accepted requests (i.e., the total throughput minus the weighted total VNF migration cost), we propose an Online Lazy-migration Adaptive Interference-aware Algorithm (OLAIA) for real-time VNF deployment and cost-efficient VNF migration in a 5G network slice, where an Adaptive Interference-aware Algorithm (AIA) is proposed as OLAIA’s core function for placing a given set of requests’ VNFs with maximized total throughput. Through trace-driven evaluations on two typical 5G network slices, we demonstrate that OLAIA can efficiently handle the real-time network variations and the VNF interference when deploying VNFs for real-time arriving requests. In particular, OLAIA improves the total reward by 22.18% in the autonomous driving scenario and by 51.10% in the 4K/8K HD video scenario, as compared with other state-of-the-art solutions.