The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become ...The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become a promising solution to guarantee the Quality of Service(QoS).However, the current routing algorithms mainly focus on the QoS of the service, rarely considering the security requirement of flow. To realize the secure transmission of flows in SAGIN, we propose an intelligent flow forwarding scheme with endogenous security based on Mimic Defense(ESMD-Flow). In this scheme, SDN controller will evaluate the reliability of nodes and links, isolate malicious nodes based on the reliability evaluation value, and adapt multipath routing strategy to ensure that flows are always forwarded along the most reliable multiple paths. In addition, in order to meet the security requirement of flows, we introduce the programming data plane to design a multiprotocol forwarding strategy for realizing the multiprotocol dynamic forwarding of flows. ESMD-Flow can reduce the network attack surface and improve the secure transmission capability of flows by implementing multipath routing and multi-protocol hybrid forwarding mechanism. The extensive simulations demonstrate that ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping while improving the network throughput and reducing the average packet delay.展开更多
New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and hete...New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.展开更多
A new method for multi-protocol label switching is presented in this study, whose core idea is to construct model for simulating process of accommodating network online loads and then adopt genetic algorithm to optimi...A new method for multi-protocol label switching is presented in this study, whose core idea is to construct model for simulating process of accommodating network online loads and then adopt genetic algorithm to optimize the model. Due to the heuristic property of evolutional method, the new method is efficient and effective, which is verified by the experiments.展开更多
MPLS(Multi-Protocol Label Switching) VPN(Virtual Private Network) traffic has been deployed widely, but currently only supports unicast. This paper briefly introduces several available MPLS VPN multicast approaches, a...MPLS(Multi-Protocol Label Switching) VPN(Virtual Private Network) traffic has been deployed widely, but currently only supports unicast. This paper briefly introduces several available MPLS VPN multicast approaches, and then analyzes their disadvantages. A novel mechanism that uses two-layer label stack to support MPLS VPN explicit multicast is proposed and the process is discussed in detail. The scalability and performance of the proposed mechanism are studied analytically. The result shows that our solution has great advantage over the currently available scheme in terms of saving core network bandwidth and improving the scalability.展开更多
The problem of differentiated Multi-Layer Integrated Survivability (MLIS) in IP over WDM networks is studied, which is decomposed into three sub-problems: survivable strategies design (SSD), spare capacity dimensionin...The problem of differentiated Multi-Layer Integrated Survivability (MLIS) in IP over WDM networks is studied, which is decomposed into three sub-problems: survivable strategies design (SSD), spare capacity dimensioning (SCID), and dynamic survivable routing (DSR). A related work of network survivability in IP over WDM networks is firstly provided, and adaptive survivable strategies are also designed. A new Integrated Shared Pool (ISP) approach for SCD is then proposed, which is formulated by using integer-programming theory. Moreover, a novel survivable routing scheme called Differentiated Integrated Survivability Algorithm (DISA) for DSR is developed. Simulation results show that the proposed integrated survivability scheme performs much better than other solutions (e,g., 'highest layer recovery' and 'lowest layer recovery' schemes) in terms of traffic blocking ratio, spare resource requirement, and average traffic recovery ratio in IP over WDM networks.展开更多
基金supported by the National Key Research and Development Program of China under Grant 2020YFB1804803the National Natural Science Foundation of China under Grant 61872382the Research and Development Program in Key Areas of Guangdong Province under Grant No.2018B010113001。
文摘The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become a promising solution to guarantee the Quality of Service(QoS).However, the current routing algorithms mainly focus on the QoS of the service, rarely considering the security requirement of flow. To realize the secure transmission of flows in SAGIN, we propose an intelligent flow forwarding scheme with endogenous security based on Mimic Defense(ESMD-Flow). In this scheme, SDN controller will evaluate the reliability of nodes and links, isolate malicious nodes based on the reliability evaluation value, and adapt multipath routing strategy to ensure that flows are always forwarded along the most reliable multiple paths. In addition, in order to meet the security requirement of flows, we introduce the programming data plane to design a multiprotocol forwarding strategy for realizing the multiprotocol dynamic forwarding of flows. ESMD-Flow can reduce the network attack surface and improve the secure transmission capability of flows by implementing multipath routing and multi-protocol hybrid forwarding mechanism. The extensive simulations demonstrate that ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping while improving the network throughput and reducing the average packet delay.
文摘New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.
基金This work was supported by the National Natural Science Foundation of China (No10371097)Open Project of Com-putational Key Laboratory in Yunnan Provice
文摘A new method for multi-protocol label switching is presented in this study, whose core idea is to construct model for simulating process of accommodating network online loads and then adopt genetic algorithm to optimize the model. Due to the heuristic property of evolutional method, the new method is efficient and effective, which is verified by the experiments.
基金Supported by the National Natural Science Foundation of China(No.90204003)and National"863"Project(2001AAl21052)
文摘MPLS(Multi-Protocol Label Switching) VPN(Virtual Private Network) traffic has been deployed widely, but currently only supports unicast. This paper briefly introduces several available MPLS VPN multicast approaches, and then analyzes their disadvantages. A novel mechanism that uses two-layer label stack to support MPLS VPN explicit multicast is proposed and the process is discussed in detail. The scalability and performance of the proposed mechanism are studied analytically. The result shows that our solution has great advantage over the currently available scheme in terms of saving core network bandwidth and improving the scalability.
文摘The problem of differentiated Multi-Layer Integrated Survivability (MLIS) in IP over WDM networks is studied, which is decomposed into three sub-problems: survivable strategies design (SSD), spare capacity dimensioning (SCID), and dynamic survivable routing (DSR). A related work of network survivability in IP over WDM networks is firstly provided, and adaptive survivable strategies are also designed. A new Integrated Shared Pool (ISP) approach for SCD is then proposed, which is formulated by using integer-programming theory. Moreover, a novel survivable routing scheme called Differentiated Integrated Survivability Algorithm (DISA) for DSR is developed. Simulation results show that the proposed integrated survivability scheme performs much better than other solutions (e,g., 'highest layer recovery' and 'lowest layer recovery' schemes) in terms of traffic blocking ratio, spare resource requirement, and average traffic recovery ratio in IP over WDM networks.
