To see the other types of publications on this topic, follow the link: VSwitch.

Dissertations / Theses on the topic 'VSwitch'

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 21 dissertations / theses for your research on the topic 'VSwitch.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.

1

Šabart, Otto. "Testování Open vSwitch a DPDK." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2017. http://www.nusl.cz/ntk/nusl-363892.

Full text
Abstract:
The project is about the virtual switch called Open vSwitch and its architecture. It deals with an acceleration of the switch mainly by using Data Plane Development Kit (DPDK). Furthermore, it describes the architecture of the DPDK kit and analyses the individual functional units. Furthermore, it describes the architecture of the DPDK kit, analyses the individual functional units and describes the possibilities of its configuration. Another part of the project describes the methodology chosen for a performance testing of virtual switches. Subsequently, this methodology was used to make a design and environment implementation for fully automatic Open vSwitch s DPDK performance testing with the use of automatic systems such as Koji, Jenkins, Beaker a VSperf. Simultaneously, the tools for automatic comparison of produced results were implemented. The created environment was then used for the performance measurement of several basic Open vSwitch configurations with and without the use of DPDK. The implemented measurements are discussed and evaluated in the project. The final project's stage provides a great amount of the enlargement and improvement of the implemented tests.
APA, Harvard, Vancouver, ISO, and other styles
2

Yang, Ye. "Isolation Mechanisms within the vSwitch of Cloud Computing Platform." Electronic Thesis or Diss., Sorbonne université, 2022. http://www.theses.fr/2022SORUS191.

Full text
Abstract:
En tant que composant important de la plate-forme cloud, le commutateur virtuel (vSwitch) est responsable de la réalisation de la connectivité réseau entre les machines virtuelles (VM) et les périphériques externes. La plupart des vSwitches existants adoptent le principe de conception partagée, qui détruit l'isolation entre les VMs. Dans vSwitch, différentes VMs se disputent les ressources partagées et accèdent à la mémoire sans restriction, cela les rend incapables de garantir une qualité de service (QoS) réseau stable, tout en faisant face au risque d'attaques de plans de données et d'accès illégaux à la mémoire. Afin de résoudre ces problèmes de performance, de défaillance et de sécurité causés par le manque d'isolement, les principaux travaux et contributions de cette thèse sont les suivants : 1) Méthode QoS réseau basée sur l'isolation du cycle CPU (C2QoS). Cette approche garantit la bande passante du réseau VM en isolant la concurrence des ressources CPU, et en même temps réduisant de 80 % la latence supplémentaire du réseau de VM causée par la concurrence. 2) Mécanisme de défense contre les attaques du plan de données basé sur l'isolement de la table de flux (D-TSE). D-TSE utilise VM comme unité pour séparer la structure de la table de flux afin d'obtenir des performances de classification de paquets indépendantes et une isolation des pannes au prix d'une utilisation CPU supplémentaire de 5 %. 3) Mécanisme d'E/S réseau virtualisé (VNIO) basé sur l'isolation de l'accès mémoire (S2H). Basé sur un modèle de partage de mémoire sécurisé, S2H assure l'isolation et la sécurité de la mémoire des VM au prix d'une latence accrue de 2 à 9 %
As an important component of cloud platform, virtual switch (vSwitch) is responsible for achieving network connectivity between virtual machines (VMs) and external devices. Most existing vSwitches adopt the split design principle, which destroys the isolation between VMs. In vSwitch, different VMs compete for shared resources and unrestricted memory access, making them unable to guarantee stable network quality of service (QoS), while facing the risk of data plane attacks and illegal access to memory. In order to solve these performance, failure and security problems caused by the lack of isolation, the main works and contributions of this thesis are as follows: 1) Network QoS method based on CPU cycle isolation (C2QoS). This approach secures VM network bandwidth by isolating concurrency from CPU resources, and at the same time reduces additional VM network latency caused by concurrency by 80%. 2) Data plane attack defense mechanism based on stream table isolation (D-TSE). D-TSE uses VM as the unit to separate the flow table structure to achieve independent packet classification performance and fault isolation at the cost of 5% additional CPU usage. 3) Virtualized Network I/O (VNIO) mechanism based on Memory Access Isolation (S2H). Based on a secure memory sharing model, S2H provides VM memory isolation and security at the cost of 2-9% increased latency
APA, Harvard, Vancouver, ISO, and other styles
3

Harshini, Nekkanti. "Measuring And Modeling Of Open vSwitch Performance : Implementation in Docker." Thesis, Blekinge Tekniska Högskola, Institutionen för kommunikationssystem, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-13479.

Full text
Abstract:
Network virtualization has become an important aspect of the Telecom industry. The need forefficient, scalable and reliable virtualized network functions is paramount to modern networking.Open vSwitch is such virtual switch that attempts to extend the usage of virtual switches to industrygrade performance levels on heterogeneous platforms.The aim of the thesis is to give an insight into the working of Open vSwitch. To evaluate theperformance of Open vSwitch in various virtualization scenarios such as KVM (second companionthesis)[1] and Docker. To investigate different scheduling techniques offered by the Open vSwitchsoftware and supported by the Linux kernel such as FIFO, SFQ, CODEL, FQCODEL, HTB andHFSC. To differentiate the performance of Open vSwitch in these scenarios and scheduling capacitiesand determine the best scenario for optimum performance.The methodology of the thesis involved a physical model of the system used for real-timeexperimentation as well as quantitative analysis. Quantitative analysis of obtained results paved theway for unbiased conclusions. Experimental analysis was required to measure metrics such asthroughput, latency and jitter in order to grade the performance of Open vSwitch in the particularvirtualization scenario.The results of the thesis must be considered in context with a second companion thesis[1]. Both thethesis aim at measuring the performance of Open v-Switch but the virtualization scenarios (Dockerand KVM) which are chosen are different, However, this thesis outline the performance of Open vSwitch and linux bridge in docker scenario. Various scheduling techniques were measured fornetwork performance metrics across both Docker and KVM (second companion thesis) and it wasobserved that Docker performed better in terms of throughput, latency and jitter. In Docker scenarioamongst the scheduling algorithms measured, it has almost same throughput in all schedulingalgorithms and latency shows slight variation and FIFO has least latency, as it is a simplest algorithmand consists of default qdisk. Finally jitter also shows variation on all scheduling algorithms.The conclusion of the thesis is that the virtualization layer on which Open vSwitch operates is one ofthe main factors in determining the switching performance. The KVM scenario and Docker scenarioeach have different virtualization techniques that incur different overheads that in turn lead to differentmeasurements. This difference occurs in different packet scheduling techniques. Docker performsbetter than KVM for both bridges. In the Docker scenario Linux bridge performs better than that ofOpen vSwitch, throughput is almost constant and FIFO has a least latency amongst all schedulingalgorithms and jitter shows more variation in all scheduling algorithms.
APA, Harvard, Vancouver, ISO, and other styles
4

Pothuraju, Rohit. "Measuring and Modeling of Open vSwitch Performance : Implementation in KVM environment." Thesis, Blekinge Tekniska Högskola, Institutionen för kommunikationssystem, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-13519.

Full text
Abstract:
Network virtualization has become an important aspect of the Telecom industry. The need for efficient, scalable and reliable virtualized network functions is paramount to modern networking. Open vSwitch is a virtual switch that attempts to extend the usage of virtual switches to industry grade performance levels on heterogeneous platforms.The aim of the thesis is to give an insight into the working of Open vSwitch. To evaluate the performance of Open vSwitch in various virtualization scenarios such as KVM and Docker (from second companion thesis)[1]. To investigate different scheduling techniques offered by the Open vSwitch software and supported by the Linux kernel such as FIFO, SFQ, CODEL, FQCODEL, HTB and HFSC. To differentiate the performance of Open vSwitch in these scenarios and scheduling capacities and determine the best scenario for optimum performance.The methodology of the thesis involved a physical model of the system used for real-time experimentation as well as quantitative analysis. Quantitative analysis of obtained results paved the way for unbiased conclusions. Experimental analysis was required to measure metrics such as throughput, latency and jitter in order to grade the performance of Open vSwitch in the particular virtualization scenario.The result of this thesis must be considered in context with a second companion thesis[1]. Both the theses aim at measuring and modeling performance of Open vSwitch in NFV. However, the results of this thesis outline the performance of Open vSwitch and Linux bridge in KVM virtualization scenario. Various scheduling techniques were measured for network performance metrics and it was observed that Docker performed better in terms of throughput, latency and jitter. In the KVM scenario, from the throughput test it was observed that all algorithms perform similarly in terms of throughput, for both Open vSwitch and Linux bridges. In the round trip latency tests, it was seen that FIFO has the least round trip latency, CODEL and FQCODEL had the highest latencies. HTB and HFSC perform similarly in the latency test. In the jitter tests, it was seen that HTB and HFSC had highest average jitter measurements in UDP Stream test. CODEL and FQCODEL had the least jitter results for both Open vSwitch and Linux bridges.The conclusion of the thesis is that the virtualization layer on which Open vSwitch operates is one of the main factors in determining the switching performance. Docker performs better than KVM for both bridges. In the KVM scenario, irrespective of the scheduling algorithm considered, Open vSwitch performed better than Linux bridge. HTB had highest throughput and FIFO had least round trip latency. CODEL and FQCODEL are efficient scheduling algorithms with low jitter measurements.
APA, Harvard, Vancouver, ISO, and other styles
5

Medina, Chirinos Jorge Alberto. "Deconstructing Open vSwitch for Isolated Enclaves : A security enabler for SDN data plane." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-17261.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Elbashir, Khalid. "Trusted Execution Environments for Open vSwitch : A security enabler for the 5G mobile network." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-218070.

Full text
Abstract:
The advent of virtualization introduced the need for virtual switches to interconnect virtual machines deployed in a cloud infrastructure. With Software Defined Networking (SDN), a central controller can configure these virtual switches. Virtual switches execute on commodity operating systems. Open vSwitch is an open source project that is widely used in production cloud environments. If an adversary gains access with full privileges to the operating system hosting the virtual switch, then Open vSwitch becomes vulnerable to a variety of different attacks that could compromise the whole network. The purpose of this thesis project is to improve the security of Open vSwitch implementations in order to ensure that only authenticated switches and controllers can communicate with each other, while maintaining code integrity and confidentiality of keys and certificates. The thesis project proposes a design and shows an implementation that leverages Intel® Safe Guard Extensions (SGX) technology. A new library, TLSonSGX, is implemented. This library replaces the use of the OpenSSL library in Open vSwitch. In addition to implementing standard Transport Level Security (TLS) connectivity, TLSonSGX confines TLS communication in the protected memory enclave and hence protects TLS sensitive components necessary to provide confidentiality and integrity, such as private keys and negotiated symmetric keys. Moreover, TLSonSGX introduces new, secure, and automatic means to generate keys and obtain signed certificates from a central Certificate Authority that validates using Linux Integrity Measurements Architecture (IMA) that the Open vSwitch binaries have not been tampered with before issuing a signed certificate. The generated keys and obtained certificates are stored in the memory enclave and hence never exposed as plaintext outside the enclave. This new mechanism is a replacement for the existing manual and unsecure procedures (as described in Open vSwitch project). A security analysis of the system is provided as well as an examination of performance impact of the use of a trusted execution environment. Results show that generating keys and certificates using TLSonSGX takes less than 0.5 seconds while adding 30% latency overhead for the first packet in a flow compared to using OpenSSL when both are executed on Intel® CoreTM i7-6600U processor clocked at 2.6 GHz. These results show that TLSonSGX can enhance Open vSwitch security and reduce its TLS configuration overhead.
Framkomsten av virtualisering införde behovet av virtuella växlar för att koppla tillsammans virtuella maskiner placerade i molninfrastruktur. Med mjukvarubaserad nätverksteknik (SDN), kan ett centralt styrenhet konfigurera dessa virtuella växlar. Virtuella växlar kör på standardoperativsystem. Open vSwitch är ett open-source projekt som ofta används i molntjänster. Om en motståndare får tillgång med fullständiga privilegier till operativsystemet där Open vSwitch körs, blir Open vSwitch utsatt för olika attacker som kan kompromettera hela nätverket.  Syftet med detta examensarbete är att förbättra säkerheten hos Open vSwitch för att garantera att endast autentiserade växlar och styrenheter kan kommunicera med varandra, samtidigt som att upprätthålla kod integritet och konfidentialitet av nycklar och certifikat. Detta examensarbete föreslår en design och visar en implementation som andvändar Intel®s Safe Guard Extensions (SGX) teknologi. Ett nytt bibliotek, TLSonSGX, är implementerat. Detta bibliotek ersätter biblioteket OpenSSL i Open vSwitch. Utöver att det implementerar ett standard “Transport Layer Security” (TLS) anslutning, TLSonSGX begränsar TLS kommunikation i den skyddade minnes enklaven och skyddar därför TLS känsliga komponenter som är nödvändiga för att ge sekretess och integritet, såsom privata nycklar och förhandlade symmetriska nycklar. Dessutom introducerar TLSonSGX nya, säkra och automatiska medel för att generera nycklar och få signerade certifikat från en central certifikatmyndighet som validerar, med hjälp av Linux Integrity Measurements Architecture (IMA), att Open vSwitch-binärerna inte har manipulerats innan de utfärdade ett signerat certifikat. De genererade nycklarna och erhållna certifikat lagras i minnes enklaven och är därför aldrig utsatta utanför enklaven. Denna nya mekanism ersätter de manuella och osäkra procedurerna som beskrivs i Open vSwitch projektet. En säkerhetsanalys av systemet ges såväl som en granskning av prestandaffekten av användningen av en pålitlig exekveringsmiljö. Resultaten visar att använda TLSonSGX för att generera nycklar och certifikat tar mindre än 0,5 sekunder medan det lägger 30% latens overhead för det första paketet i ett flöde jämfört med att använda OpenSSL när båda exekveras på Intel® Core TM processor i7-6600U klockad vid 2,6 GHz. Dessa resultat visar att TLSonSGX kan förbättra Open vSwitch säkerhet och minska TLS konfigurationskostnaden.
APA, Harvard, Vancouver, ISO, and other styles
7

Singh, Jaswinder. "Performance evaluation of Linux Bridge and OVS in Xen." Thesis, Blekinge Tekniska Högskola, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-10825.

Full text
Abstract:
Virtualization is the key technology which has provided smarter and easier ways for effectively utilizing resources provided by the hypervisor. Virtualization allows multiple operative systems (OS) to run on a single hardware. The resources from a hardware are allocated to virtual machines (VM) by hypervisor. It is important to know how the performance of virtual switches used in hypervisor for network communication affect the network traffic.   Performance of Linux Bridge (LB) and Open vSwitch (OVS) is investigated in this study. The method that has been used in this research is experimentation. Two different scenarios are used to benchmark the performance of LB and OVS in virtual and non-virtual environment. Performance metrics bitrate is used to benchmark the performance LB and OVS. The results received from the experimental runs contains the ingress bitrate and egress bitrate of LB and OVS in virtual and non-virtual environment. The results also contain the ingress and egress bitrate values from scenarios with different memory and CPU cores in virtual environment. Results achieved in this thesis report are from multiple experiment configurations. From results it can concluded that LB and OVS have almost same performance in non-virtual environment. There are small differences in ingress and egress of both virtual switches.
APA, Harvard, Vancouver, ISO, and other styles
8

Liu, Binghan. "Software Defined Networking and Tunneling for Mobile Networks." Thesis, KTH, Kommunikationssystem, CoS, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-118376.

Full text
Abstract:
With the deployment of Long Term Evolution (LTE) networks, mobile networks will become an important infrastructure component in the cloud ecosystem.  However, in the cloud computing era, traditional routing and switching platforms do not meet the requirements of this new trend, especially in a mobile network environment. With the recent advances in software switches and efficient virtualization using commodity servers, Software Defined Networking (SDN) has emerged as a powerful technology to meet the new requirements for supporting a new generation of cloud service. This thesis describers an experimental investigation of cloud computing, SDN, and a mobile network’s packet core. The design of a mobile network exploiting the evolution of SDN is also presented. The actual implementation consists of a GTP enabled Open vSwitch together with the transparent mode of mobile network SDN evolution. Open vSwitch is a SDN product designed for computer networks. The implementation extends Open vSwitch with an implementation of the GTP protocol. This extension enables Open vSwitch to be an excellent SDN component for mobile networks. In transparent mode, a cloud data center is deployed without making any modification to the existing mobile networks.  In the practical evaluation of the GTP-U tunnel protocol implementation, the measured metrics are UDP and TCP throughput, end-to-end latency and jitter.  Two experiments have been conducted and described in the evaluation chapter. Cloud computing has become one of the hottest Internet topics. It is attractive for the mobile network to adopt cloud computing technology in order to enjoy the benefits of cloud computing. For example, to reduce network construction cost, make the network deployment more flexible, etc. This thesis presents an potential direction for mobile network cloud computing. Since this thesis relies on open source projects, readers may use the results to explore a feasible direction for mobile network cloud computing evolution.
Med utbyggnaden av långa (LTE) Term Evolution nätverk, mobila nätverk kommer blivit en viktig infrastruktur komponent i molnet ekosystemet. Men i cloud computing eran, uppfyller traditionella routing och switching plattformar inte kraven i denna nya trend, särskilt i ett mobilnät miljö. Med de senaste framstegen i programvara växlar och effektiv virtualisering påråvaror servrar, programvarustyrd Nätverk (SDN) har utvecklats till en kraftfull teknik för att möta de nya kraven för att stödja en ny generation av molntjänst. Denna avhandling beskrivarna en försöksverksamhet inriktad undersökning av cloud computing, SDN och ett mobilnät är Packet Core. Utformningen av ett mobilnät utnyttja SDN utveckling presenteras också. Det faktiska genomförandet består av en GTP aktiverad Open Vswitch tillsammans med transparent läge av mobilnätet SDN evolution. Öppna Vswitch är en SDN-produkt avsedd för datornätverk. Genomförandet utökar Open Vswitch med en implementering av GTP-protokollet. Denna uppgradering gör Open Vswitch vara som en utmärkt SDN komponent för mobila nätverk. I transparent läge är ett moln datacenter utplacerade utan göra eventuella ändringar till befintliga mobilnät. I den praktiska utvärderingen av GTP-U tunnel protokollimplementering, de uppmätta mått är UDP och TCP genomströmning, end-to-end-latens, jitter och paketförluster.  Tvåexperiment har utförts i utvärderingen kapitlet. Cloud computing har blivit en av de hetaste av Internet. Således kan framtiden för det mobila nätet ocksåanta teknik cloud computing och dra nytta av cloud computing. Till exempel minska kostnaderna nätbyggnad, gör nätverket distribuera mer flexibla, etc. .. Denna avhandling presenterar en möjlig inriktning för mobilnät cloud computing. Eftersom denna avhandling bygger påopen source-projekt, läsarna använda resultatet av den att utforska möjliga riktning mobilnät cloud computing utveckling.
APA, Harvard, Vancouver, ISO, and other styles
9

Raheem, Muhammad. "Mitigation of inter-domain Policy Violations at Internet eXchange Points." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-247908.

Full text
Abstract:
Economic incentives and the need to efficiently deliver Internet have led to the growth of Internet eXchange Points (IXPs), i.e., the interconnection networks through which a multitude of possibly competing network entities connect to each other with the goal of exchanging traffic. At IXPs, the exchange of traffic between two or more member networks is dictated by the Border gateway Protocol (BGP), i.e., the inter-domain routing protocol used by network operators to exchange reachability information about IP prefix destinations. There is a common “honest-closed-world” assumption at IXPs that two IXP members exchange data traffic only if they have exchanged the corresponding reachability information via BGP. This state of affairs severely hinders security as any IXP member can send traffic to another member without having received a route from that member. Filtering traffic according to BGP routes would solve the problem. However, IXP members can install filters but the number of filtering rules required at a large IXP can easily exceed the capacity of the network devices. In addition, an IXP cannot filter this type of traffic as the exchanged BGP routes between two members are not visible to the IXP itself. In this thesis, we evaluated the design space between reactive and proactive approaches for guaranteeing consistency between the BGP control-plane and the data-plane. In a reactive approach, an IXP member operator monitors, collects, and analyzes the incoming traffic to detect if any illegitimate traffic exists whereas, in a proactive approach, an operator configures its network devices to filter any illegitimate traffic without the need to perform any monitoring. We focused on proactive approaches because of the increased security of the IXP network and its inherent simplified network management. We designed and implemented a solution to this problem by leveraging the emerging Software Defined Networking (SDN) paradigm, which enables the programmability of the forwarding tables by separating the controland dataplanes. Our approach only installs rules in the data-plane that allow legitimate traffic to be forwarded, dropping anything else. As hardware switches have high performance but low memory space, we decided to make also use of software switches. A “heavy-hitter” module detects the forwarding rules carrying most of the traffic and installs them into the hardware switch. The remaining forwarding rules are installed into the software switches.We evaluated the prototype in an emulated testbed using the Mininet virtualnetwork environment. We analyzed the security of our system with the help of static verification tests, which confirmed compliance with security policies. The results reveal that with even just 10% of the rules installed in the hardware switch, the hardware switch directly filter 95% of the traffic volume with nonuniform Internet-like traffic distribution workloads. We also evaluated the latency and throughput overheads of the system, though the results are limited by the accuracy of the emulated environment. The scalability experiments show that, with 10K forwarding rules, the system takes around 40 seconds to install and update the data plane. This is due to inherent slowness of emulated environment and limitations of the POX controller, which is coded in Python.
Ekonomiska incitament och behovet av att effektivt leverera Internet har lett till tillväxten av Internet eXchange Points (IXP), dvs de sammankopplingsnät genom vilka en mängd möjligen konkurrerande nätverksenheter förbinder varandra med målet att utbyta trafik. Vid IXPs dikteras utbytet av trafik mellan två eller flera medlemsnät av gränsgatewayprotokollet (BGP), dvs det inter-domänroutingprotokollet som används av nätoperatörer för att utbyta tillgänglighetsinformation om IP-prefixdestinationer. Det finns ett gemensamt antagande om "honest-closed-world" vid IXP, att två IXP-medlemmar endast utbyter datatrafik om de har bytt ut motsvarande tillgänglighetsinformation via BGP. Detta tillstånd försvårar allvarligt säkerheten eftersom varje IXP-medlem kan skicka trafik till en annan medlem utan att ha mottagit en rutt från den medlemmen. Filtrering av trafik enligt BGP-vägar skulle lösa problemet. IXPmedlemmar kan dock installera filter men antalet filtreringsregler som krävs vid en stor IXP kan enkelt överskrida nätverksenheternas kapacitet. Dessutom kan en IXP inte filtrera denna typ av trafik eftersom de utbytta BGP-vägarna mellan två medlemmar inte är synliga för IXP-enheten själv.I denna avhandling utvärderade vi utrymmet mellan reaktiva och proaktiva metoder för att garantera överensstämmelse mellan BGP-kontrollplanet och dataplanet. I ett reaktivt tillvägagångssätt övervakar, samlar och analyserar en inkommande trafik en IXP-medlem för att upptäcka om någon obehörig trafik finns, medan en operatör konfigurerar sina nätverksenheter för att filtrera någon obehörig trafik utan att behöva övervaka . Vi fokuserade på proaktiva tillvägagångssätt på grund av den ökade säkerheten för IXP-nätverket och dess inneboende förenklad nätverkshantering. Vi konstruerade och genomförde en lösning på detta problem genom att utnyttja det nya SDN-paradigmet (Software Defined Networking), vilket möjliggör programmerbarheten hos vidarebefordringsborden genom att separera kontrolloch dataplanerna. Vårt tillvägagångssätt installerar bara regler i dataplanet som tillåter legitim trafik att vidarebefordras, släppa allt annat. Eftersom hårdvaruomkopplare har hög prestanda men lågt minne, bestämde vi oss för att även använda programvaruomkopplare. En "heavy-hitter" -modul detekterar vidarebefordringsreglerna som transporterar större delen av trafiken och installerar dem i hårdvaruomkopplaren. De återstående spolningsreglerna installeras i programvaruomkopplarna.Vi utvärderade prototypen i en emulerad testbädd med hjälp av virtuella nätverksmiljö Mininet. Vi analyserade säkerheten för vårt system med hjälp av statiska verifieringsprov, vilket bekräftade överensstämmelse med säkerhetspolicyerna. Resultaten visar att med bara 10% av de regler som installerats i hårdvaruomkopplaren filtrerar hårdvaruomkopplaren direkt 95% av trafikvolymen med ojämn Internetliknande trafikfördelningsarbete. Vi utvärderade också latensoch genomströmningsomkostnaderna för systemet, även om resultaten begränsas av noggrannheten hos den emulerade miljön. Skalbarhetsexperimenten visar att med 10K-vidarebefordringsregler tar systemet cirka 40 sekunder för att installera och uppdatera dataplanet. Detta beror på inneboende långsamma emulerade miljöer och begränsningar av POX-kontrollern, som kodas i Python.
APA, Harvard, Vancouver, ISO, and other styles
10

Vido, Matej. "Akcelerace OVS s využitím akcelerační karty s FPGA." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2018. http://www.nusl.cz/ntk/nusl-385968.

Full text
Abstract:
The performance of the virtual switch Open vSwitch (OVS) is insufficient to satisfy the current requirements for link bandwidth of the server connections. There is an effort to accelerate the OVS both in the software and in the hardware by offloading the datapath to the smart network interface cards. In this work the COMBO card for 100G Ethernet developed by CESNET is used to accelerate the OVS. The suggested solution utilizes the firmware for FPGA generated from the definition in the P4 language to classify the packets in the card and DPDK for the data transfers and offloading the classification rules into the card. Forwarding of one flow with the shortest frames from physical to physical interface using one CPU core reaches forwarding rate of 11.2 Mp/s (10 times more than the standard OVS) with classification in the card and 5.9 Mp/s without classification in the card.
APA, Harvard, Vancouver, ISO, and other styles
11

Olivi, Matteo. "Design of a Kubernetes-based Software-Defined Network Control Plane." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2020.

Find full text
Abstract:
Negli ultimi anni, Kubernetes è emerso come l’orchestratore di applicazioni a containers dominante. Il suo design è basato su un’API che permette di descrivere in modo dichiarativo lo stato desiderato delle applicazioni e su un piano di controllo che lavora per far convergere lo stato effettivo delle applicazioni verso lo stato desiderato, ottenendo fault-­tolerance, self-­healing ed elevata scalabilità. Questo design pattern si è dimostrato estremamente efficace per la gestione dei container, ma è abbastanza generale da poter essere usato per orchestrare con successo qualsiasi tipo di risorsa virtuale che viene tradizionalmente offerta mediante il paradigma del cloud IaaS. Abbiamo testato questa idea estendendo Kubernetes per fargli gestire, oltre alle usuali applicazioni a containers, delle reti virtuali. Così facendo abbiamo di fatto realizzato il prototipo di un piano di controllo di una Software­Defined Network. Nel fare ciò sono emersi sia punti di forza che debolezze del design pattern di Kubernetes e delle librerie open source che lo supportano. Per verificare che il sistema ottenuto abbia una scalabilità adeguata a quella necessaria nei moderni cloud data centers, abbiamo condotto uno studio di performance.
APA, Harvard, Vancouver, ISO, and other styles
12

Rang, Tobias. "NFV performance benchmarking with OVS and Linux containers." Thesis, Karlstads universitet, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-55145.

Full text
Abstract:
One recent innovation in the networking industry, is the concept of Network FunctionVirtualization (NFV). NFV is based on a networking paradigm in which network functions,which have typically been implemented in the form of dedicated hardware appliances in thepast, are implemented in software and deployed on commodity hardware using modernvirtualization techniques. While the most common approach is to place each virtual networkfunction in a virtual machine - using hardware-level virtualization – the growing influenceand popularity of Docker and other container-based solutions has naturally led to the idea ofcontainerized deployments. This is a promising concept, as containers (or operating systemlevel virtualization) can offer a flexible and lightweight alternative to hardware-levelvirtualization, with the ability to use the resources of the host directly. The main problem withthis concept, is the fact that the default behavior of Docker and similar technologies is to relyon the networking stack of the host, which typically isn’t performant enough to handle theperformance requirements associated with NFV. In this dissertation, an attempt is made toevaluate the feasibility of using userspace networking to accelerate the network performanceof Docker containers, bypassing the standard Linux networking stack by moving the packetprocessing into userspace.
APA, Harvard, Vancouver, ISO, and other styles
13

Gogunska, Karyna. "Étude du coût de mesure des réseaux virtualisés." Thesis, Université Côte d'Azur (ComUE), 2019. http://www.theses.fr/2019AZUR4077.

Full text
Abstract:
La tendance actuelle dans le développement et le déploiement d’applications consiste à les embarquer dans des machines virtuelles ou des conteneurs. Il en résulte une combinaison de configurations de réseaux physiques et virtuels combinant des commutateurs virtuels et physiques avec des protocoles spécifiques pour créer des réseaux virtuels s'étendant sur plusieurs serveurs. Ce nouvel environnement constitue un défi lorsqu'il s'agit de mesurer et de debuguer les problèmes liés aux performances. Dans cette thèse, nous examinons le problème de la mesure du trafic dans un environnement virtuel et nous nous concentrons sur un scénario typique : des machines virtuelles interconnectées par un commutateur virtuel. Nous avons étudié le coût de la mesure en continu du trafic réseau des machines. Plus précisément, nous avons évalué le cout du partage du substrat physique entre la tâche de mesure et l’application. Nous avons dans un premier confirmé l'existence d'une corrélation négative entre la mesure et le trafic applicatif. Dans une seconde partie de la thèse, nous avons orienté notre travail vers une minimisation de l'impact des mesures en utilisant des techniques d'apprentissage automatiques en temps réel. Nous avons proposé une solution basée sur les données, capable de fournir des paramètres de surveillance optimaux pour les mesures de réseau virtuel avec un minimum d'interférence pour le trafic applicatif
The current trend in application development and deployment is to package applications within containers or virtual machines. This results in a blend of virtual and physical resources with complex network setups mixing virtual and physical switches along with specific protocols to build virtual networks spanning over several servers. While this complexity is hidden by cloud management solutions, this new environment constitutes a challenge when it comes to monitor and debug performance related issues. In this thesis, we consider the problem of measuring traffic in a virtualized environment and focus on one typical scenario, virtual machines interconnected with a virtual switch. We assess the cost of continuously measuring the network traffic of the machines. Specifically, we seek to estimate the competition that exists to access the resources (e.g., CPU) of the physical substrate between the measurement task and the application. We confirm the negative correlation of measurement within such setup and propose actions towards its minimization. Concluding on the measurement interference with virtual network, we then turn our work towards minimizing its presence in the network. We assess the capability of machine learning techniques to predict the measurement impact on the ongoing traffic between virtual machines. We propose a data-driven solution that is able to provide optimal monitoring parameters for virtual network measurements with minimum traffic interference
APA, Harvard, Vancouver, ISO, and other styles
14

Falco, Luca. "Il protocollo OVSDB per la gestione di switch Ethernet virtuali." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2019. http://amslaurea.unibo.it/17887/.

Full text
Abstract:
Questa tesi si concentra nell’analizzare la Software-Defined Networking e in particolare il protocollo OVSDB (Open vSwitch Database) che permette di avere un’interfaccia di gestione moderna e programmatica per la gestione e l’automazione delle reti. Grazie ad esso è possibile gestire le implementazioni Open vSwitch attraverso degli appositi comandi da remoto i quali, sfruttando i metodi JSON-RPC, ci consentono di modificare il database di un server.
APA, Harvard, Vancouver, ISO, and other styles
15

Luizelli, Marcelo Caggiani. "Scalable cost-efficient placement and chaining of virtual network functions." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2017. http://hdl.handle.net/10183/169337.

Full text
Abstract:
A Virtualização de Funções de Rede (NFV – Network Function Virtualization) é um novo conceito arquitetural que está remodelando a operação de funções de rede (e.g., firewall, gateways e proxies). O conceito principal de NFV consiste em desacoplar a lógica de funções de rede dos dispositivos de hardware especializados e, desta forma, permite a execução de imagens de software sobre hardware de prateleira (COTS – Commercial Off-The-Shelf). NFV tem o potencial para tornar a operação das funções de rede mais flexíveis e econômicas, primordiais em ambientes onde o número de funções implantadas pode chegar facilmente à ordem de centenas. Apesar da intensa atividade de pesquisa na área, o problema de posicionar e encadear funções de rede virtuais (VNF – Virtual Network Functions) de maneira escalável e com baixo custo ainda apresenta uma série de limitações. Mais especificamente, as estratégias existentes na literatura negligenciam o aspecto de encadeamento de VNFs (i.e., objetivam sobretudo o posicionamento), não escalam para o tamanho das infraestruturas NFV (i.e., milhares de nós com capacidade de computação) e, por último, baseiam a qualidade das soluções obtidas em custos operacionais não representativos. Nesta tese, aborda-se o posicionamento e o encadeamento de funções de rede virtualizadas (VNFPC – Virtual Network Function Placement and Chaining) como um problema de otimização no contexto intra- e inter-datacenter. Primeiro, formaliza-se o problema VNFPC e propõe-se um modelo de Programação Linear Inteira (ILP) para resolvêlo. O objetivo consiste em minimizar a alocação de recursos, ao mesmo tempo que atende aos requisitos e restrições de fluxo de rede. Segundo, aborda-se a escalabilidade do problema VNFPC para resolver grandes instâncias do problema (i.e., milhares de nós NFV). Propõe-se um um algoritmo heurístico baseado em fix-and-optimize que incorpora a meta-heurística Variable Neighborhood Search (VNS) para explorar eficientemente o espaço de solução do problema VNFPC. Terceiro, avalia-se as limitações de desempenho e os custos operacionais de estratégias típicas de aprovisionamento ambientes reais de NFV. Com base nos resultados empíricos coletados, propõe-se um modelo analítico que estima com alta precisão os custos operacionais para requisitos de VNFs arbitrários. Quarto, desenvolve-se um mecanismo para a implantação de encadeamentos de VNFs no contexto intra-datacenter. O algoritmo proposto (OCM – Operational Cost Minimization) baseia-se em uma extensão da redução bem conhecida do problema de emparelhamento ponderado (i.e., weighted perfect matching problem) para o problema de fluxo de custo mínimo (i.e., min-cost flow problem) e considera o desempenho das VNFs (e.g., requisitos de CPU), bem como os custos operacionais estimados. Os resultados alcaçados mostram que o modelo ILP proposto para o problema VNFPC reduz em até 25% nos atrasos fim-a-fim (em comparação com os encadeamentos observados nas infra-estruturas tradicionais) com um excesso de provisionamento de recursos aceitável – limitado a 4%. Além disso, os resultados evidenciam que a heurística proposta (baseada em fix-and-optimize) é capaz de encontrar soluções factíveis de alta qualidade de forma eficiente, mesmo em cenários com milhares de VNFs. Além disso, provê-se um melhor entendimento sobre as métricas de desempenho de rede (e.g., vazão, consumo de CPU e capacidade de processamento de pacotes) para as estratégias típicas de implantação de VNFs adotadas infraestruturas NFV. Por último, o algoritmo proposto no contexto intra-datacenter (i.e. OCM) reduz significativamente os custos operacionais quando comparado aos mecanismos de posicionamento típicos uti
Network Function Virtualization (NFV) is a novel concept that is reshaping the middlebox arena, shifting network functions (e.g. firewall, gateways, proxies) from specialized hardware appliances to software images running on commodity hardware. This concept has potential to make network function provision and operation more flexible and cost-effective, paramount in a world where deployed middleboxes may easily reach the order of hundreds. Despite recent research activity in the field, little has been done towards scalable and cost-efficient placement & chaining of virtual network functions (VNFs) – a key feature for the effective success of NFV. More specifically, existing strategies have neglected the chaining aspect of NFV (focusing on efficient placement only), failed to scale to hundreds of network functions and relied on unrealistic operational costs. In this thesis, we approach VNF placement and chaining as an optimization problem in the context of Inter- and Intra-datacenter. First, we formalize the Virtual Network Function Placement and Chaining (VNFPC) problem and propose an Integer Linear Programming (ILP) model to solve it. The goal is to minimize required resource allocation, while meeting network flow requirements and constraints. Then, we address scalability of VNFPC problem to solve large instances (i.e., thousands of NFV nodes) by proposing a fixand- optimize-based heuristic algorithm for tackling it. Our algorithm incorporates a Variable Neighborhood Search (VNS) meta-heuristic, for efficiently exploring the placement and chaining solution space. Further, we assess the performance limitations of typical NFV-based deployments and the incurred operational costs of commodity servers and propose an analytical model that accurately predict the operational costs for arbitrary service chain requirements. Then, we develop a general service chain intra-datacenter deployment mechanism (named OCM – Operational Cost Minimization) that considers both the actual performance of the service chains (e.g., CPU requirements) as well as the operational incurred cost. Our novel algorithm is based on an extension of the well-known reduction from weighted matching to min-cost flow problem. Finally, we tackle the problem of monitoring service chains in NFV-based environments. For that, we introduce the DNM (Distributed Network Monitoring) problem and propose an optimization model to solve it. DNM allows service chain segments to be independently monitored, which allows specialized network monitoring requirements to be met in a efficient and coordinated way. Results show that the proposed ILP model for the VNFPC problem leads to a reduction of up to 25% in end-to-end delays (in comparison to chainings observed in traditional infrastructures) and an acceptable resource over-provisioning limited to 4%. Also, we provide strong evidences that our fix-and-optimize based heuristic is able to find feasible, high-quality solutions efficiently, even in scenarios scaling to thousands of VNFs. Further, we provide indepth insights on network performance metrics (such as throughput, CPU utilization and packet processing) and its current limitations while considering typical deployment strategies. Our OCM algorithm reduces significantly operational costs when compared to the de-facto standard placement mechanisms used in Cloud systems. Last, our DNM model allows finer grained network monitoring with limited overheads. By coordinating the placement of monitoring sinks and the forwarding of network monitoring traffic, DNM can reduce the number of monitoring sinks and the network resource consumption (54% lower than a traditional method).
APA, Harvard, Vancouver, ISO, and other styles
16

Cheng, Yi-Jun, and 鄭伊君. "Turning Mininet/Open vSwitch into A Detailed OpenFlow Emulator." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/70116027810684757631.

Full text
Abstract:
碩士
國立清華大學
資訊工程學系
104
Software-Defined Networking (SDN) is an emerging network architecture that enables network programmability and efficient network management. Recent research activities on SDN make it important to develop an emulator that accurately emulates OpenFlow-enabled SDN networks in order to verify and evaluate the innovative research ideas. However, existing emulators and simulators focus on either data plane performance or software- implemented switches. This motivates us to develop an OpenFlow emulator that provides accurate emulation on both control plane and data plane performances of an OpenFlow network and supports diverse OpenFlow switch implementations. In this thesis, we conduct extensive measurement studies on control plane and data plane performances on several switches and propose performance models for accurate emulation. Automatic switch performance measurements are also derived. In our proposed models, we have configurable switch-dependent parameters that characterize different switch implementations. Those parameters are generated from our automatic switch performance measurements. We conduct experiments to validate our performance models, and the error rates are mostly under 30%. Moreover, we integrate our performance models with a popular open source OpenFlow emulator, Mininet/Open vSwitch (OvS) and evaluate the performance accuracy by comparing to the results of original Mininet/OvS and the emulated switch. Our results are far more close to the emulated switch than the original Mininet/OvS.
APA, Harvard, Vancouver, ISO, and other styles
17

Kao, Chih-Yuan, and 高誌遠. "Implementation of Virtual Cluster Load Balancing by Using Open vSwitch." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/27694439485804135173.

Full text
Abstract:
碩士
國立中興大學
資訊科學與工程學系所
100
In cloud computing, virtualization is accomplished by equipping with a virtual switch to connect between physical machine and virtual machine. The virtual switch which is usually written coded in software provides a flexible configuration and management. In this paper, we use kernel based virtual machine (KVM) to deploy the virtual server cluster and apply Open vSwitch for the virtualized network environment. Our platform provides service with single entry point so that the virtual server cluster is fully transparent to end users. The implementation of load balancing is carried out by using Open vSwitch with an Openflow controller. Openflow controller dynamically manages the flow table in Open vSwitch through secure channel by Openflow protocol. With the platform, we can also deploy a virtual cluster across two Local Area Networks (LANs) through Generic Routing Encapsulation tunnel protocol. Upon a request, the Open vSwitch forwards the traffic to the virtual server cluster upon the loading policy to achieve load balancing.
APA, Harvard, Vancouver, ISO, and other styles
18

Chen, Wei-You, and 陳韋佑. "利用KVM和Open vSwitch建構虛擬網路." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/16520657064331613714.

Full text
Abstract:
碩士
國立清華大學
資訊工程學系
99
Open vSwitch是一個新的虛擬交換器技術,其目的是專為了虛擬機器環境所開發的軟體。在此篇論文中,我們將一步步的講解如何安裝KVM與Open vSwitch在Ubuntu的環境下,並結合KVM與Open vSwitch形成虛擬網路。另外使用實體的Router來幫助虛擬網路的建構與管理。最後實際測量此虛擬網路中的吞吐量與延遲時間,並利用虛擬機器和智慧型手機簡單地實現雲端運算的概念。
APA, Harvard, Vancouver, ISO, and other styles
19

Cheng, Chung-Hsiang, and 鄭仲翔. "The analysis and implementation of Sketch-based network traffic monitoring systems on Open vSwitch." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/p3x53f.

Full text
Abstract:
碩士
中原大學
電機工程研究所
107
Traditionally, flow-based monitoring in an OpenFlow switch is conducted based on the flow statistic counters in the flow table. Applications run on the top of an SDN controller can retrieve the counters by sending a flow request message to the switch and use these statistics counters for traffic monitoring purpose. However, this mechanism produces extra traffic overhead between the switch and the controller. Furthermore, the usage of flow table for monitoring tasks affects the performance of packet forwarding. To overcome this problem, we propose a sketch-based network traffic monitoring scheme in the Open vSwitch. A Sketch module is added in the Open vSwitch. The purpose is to separate the monitoring policy from forwarding policy and therefore reduces the communication overheads between the controller and the switch. In this scheme, the sketch module is responsible for collecting traffic information for monitoring purpose while the switch’s flow table is solely used for forwarding task. At the end of a measurement interval, the controller can use the sketch request message implemented based on the OpenFlow protocol to gather the sketch information from the switches for traffic analysis in a distributive fashion.
APA, Harvard, Vancouver, ISO, and other styles
20

António, Filipe Gonçalves. "Multiflow WiFi utilizando Software Defined Networking." Master's thesis, 2014. http://hdl.handle.net/10316/35649.

Full text
Abstract:
Dissertação de Mestrado em Engenharia Informática apresentada à Faculdade de Ciências e Tecnologia da Universidade de Coimbra
As comunicações móveis estão em crescimento acelerado. O aumento de capacidade do hardware dos smartphones e tablets permite o desenvolvimento de aplicações cada vez mais complexas que requerem uma quantidade cada vez mais elevada de dados. Estes dipositivos não se limitam apenas às chamadas de voz, envio e receção de SMS ou MMS, têm de processar vídeo e áudio em virtude dos conteúdos on-demand ou streaming que os utilizadores têm ao seu dispor via internet. Estar conectado em qualquer lugar é um dos requisitos dos utilizadores, pelo que as operadoras de telecomunicações criaram locais, hotspots WiFi, em que os dispositivos móveis dos seus clientes podem ser conectados à internet por meio de tecnologia WiFi e assim aceder a estes conteúdos. O aumento do volume de trafego de dados nestes locais, resultante da quantidade de clientes e das exigências de dados das aplicações que estão a executar nos seus dispositivos móveis, representa um desafio que infraestrutura de rede têm de resolver de forma a otimizar o uso dos equipamentos de rede e assim minimizar o montante de investimentos realizados em equipamentos e instalações (capital expenditure, CAPEX) e o custo associado à manutenção dos equipamentos e outras despesas operacionais (operational expenditure, OPEX). A solução apresentada nesta Dissertação visa, com recurso a uma arquitetura baseada no paradigma Software-defined Networking (SDN), fazer a gestão do tráfego de dados nos hotspots WiFi da Portugal Telecom (PT), distribuindo-o por diversos fluxos, que serão distribuídos por vários canais suportados por diferentes Access Points (AP) WiFi e/ou diferentes tecnologias de comunicações sem fios (por exemplo WiFi e 4G). A distribuição dos dados em diversos fluxos, e a distribuição destes fluxos pelos diversos APs disponíveis, será efetuada de acordo com as políticas e requisitos definidos pela operadora (por exemplo para oferecer maior largura de banda a clientes premium ou para proteger aplicações mais sensíveis do ponto de vista de qualidade de serviço). No âmbito deste trabalho de dissertação foi proposta uma arquitetura baseada em SDN para suportar o modelo de funcionamento descrito. Esta arquitetura foi posteriormente implementada e instalada num testbed criado para o efeito (e que corresponde a uma versão simplificada da arquitetura proposta) e que serviu para demonstrar a viabilidade do modelo proposto.
APA, Harvard, Vancouver, ISO, and other styles
21

Wei-ChiunPi and 畢位群. "LH2 : Design of Dependable Home Network Management System with Customized User Interface Based on OM2M Framework and Open vSwitch to Link Home Together." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/zsa997.

Full text
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography