Context

Networking is deeply evolving with the advent of new paradigms making the network more configurable and more dynamic. In particular, SDN (Software-Defined Network) consists in splitting the control plane and the data plane. A SDN-enabled switch is so only viewed as a specialized device in forwarding data traffic while a logically centralized controller exposes interfaces to services and applications strengthening their coupling. Hence, network is not only a medium of communication but a software component. In the same context, NFV (Network Function Virtualization) promotes the virtualization of all kinds of network functions (router, load-balancer, firewall…) on commodity server, a server in a cloud. These technologies are deeply changing networking principle by allowing a high flexibility in network management.

The new features provided by these concepts will thus allow to reinvent the network management in all its areas, especially for network monitoring and provisioning.

In addition, even more recent propositions argues for a finer granularity applying the programmability idea of SDN (working at flow level) to packet processing level by promoting the definition of a common language like P4 to reconfigure any switch at low level (vendor independent).

Objectives

The associate team is composed of two teams highly active in the domain of network management and security. The main goal of the associate team is to explore co-jointly this area by considering the new capabilities of networking technologies offered by recent advances as highlighted before. In particular, the following objectives have been identified:

• Monitoring of NFV- and SDN-enabled networks. This consists first in identifying new key attributes brought by such technologies for monitoring networks in particular from a security perspective. Secondly, these new technologies also provide a very flexible monitoring by deploying probes on demand, reconfiguring them, etc.
• Investigating the integration of data analytics as virtualized functions in virtual networks. Since traffic flows are passing through network and centralized within analysis engine for security, the intermediary equipment which can also be virtualized now can also apply some processing being inspired by distributed streaming data analytics frameworks.
• Security of SDN networks. Introducing a new protocol and interfaces as OpenFlow does increases the exposition of devices, routers and switches, to attacks. Indeed, OpenFlow is the de facto standard of SDN and leverages a central collector exposing a Southbound API, to communicate with the switches, and a Northbound API to communicate with applications and users making therefore a high coupling between these components. Assessing the security of OpenFlow devices and designing counter-measures are paramount of importance.
• Service chain composition is a skyrocketing topic with respect toSDN and NFV usage. Our goal is to optimize the decomposition of the network  services into smaller elements to find best compromise between performances and costs by hosting these elements in cloud platforms.
• Programming packet processing with P4 to instantiate non standard protocols like ICN (Information Centric Network).