Balancing the QOS and Security in Dijkstra Algorithm by SDN Technology

. Dijkstra algorithm is widely used in a lot of common network routing protocols. We consider the problem of quality of service (QoS) and the Security features of the network routing area using software defined networks (SDN). The SDN framework enables an efficient decoupled implementation of dynamic routing protocols which could aware the communication network status. In this work we consider the varying delay status of the communication network along with other network security parameters. The routing problem is formulated as a multi-constrained shortest path problem. A new improved Dijkstra algorithm is presented named as QS-Dijkstra. The implement and experiment show that QS-Dijkstra algorithm is able to minimize traffic routing through vulnerable links while satisfying the QoS constraints of the network.


Introduction
Dijkstra algorithm is widely used in a lot of common network routing protocols, like OSPFand IS-IS. The main idea of Dijkstra algorithm is how to find a shortest path from a source node to a destination node in a network. So each network link has a cost value to present its status, and this cost is used to calculate the shortest path. In the practice, the link cost is defined as a static cost value in OSPF protocol, as the reference bandwidth divided by interface bandwidth or simply as 1 to reduce the shortest path weight to a hop count. The reason is that it's a very easy way in practice. But as the value of the link cost, it could not cover the feathers and status of the link.
In this work we present a practical way to calculate a more reasonable link cost in Dijkstra algorithm and consider the problem of QoS and the security features of the network routing procedure using SDN technology [1-3]. The SDN framework provides an approach to calculate the shortest path between source and destination based on dynamic link statuses through SDN's high network monitoring capability. A lot of useful link information, like link type, link ownership, interface bandwidth, transition delay and historical record, can be collected and computed by the SDN controller to enable more safe, reliable and efficient paths. In this way, we can consider the varying delay status of the communication network along with other network security parameters and get a presence of a passive/active adversary in the network routing area.
The remainder of this paper is organized as follows: double constrained shortest path problem is discussed and the derivation of QoS constraints and related cost metrics are presented in Section 2, the implementation details are provided in Section 3, Section 4 investigates the performance of the proposed framework. Conclusions and final remarks are discussed in Section 5.

System model
Consider a graph representation of the communication network. G(V,E, ω ) is a weighted undirected graph model and describes an N nodes and E links network. The node set is V = {v1, … , vN}, and the edge set is E ={eij |i, j = 1,2, …,N}. The weight on the edge eij is defined as the cost of the link. In this article, the interplaying between QOS and security features is concerned in the network routing process. The security metrics of the link between nodes i and j could include these features as: 1) History LijH: a link that was previously targeted by an attacker in a particular time could be more likely to be attacked again. 2) Security installed measures LijS: a link with high encryption is typically hard to be listened or hijacked. So LijS values are dependent on the pre-installed and preconfigured security measures of nodes of the link. 3) Bandwidth LijB: A link with high bandwidth is more difficult to be congested by data flow. 4) Ownership LijO: a self-owned or in the same domain channel is more secure than a shared or leased channel by other domains. The vulnerability metric LijM should reflect the attributes that make a link more security.
Assume every link eij E has two weights cij>0 and dij>0 (cij is cost and dij means delay).For source and destination nodes (s,t), let Pst denote the set of paths from s to t. Further, for any path p define c(p) = ∑ ( , )∈ (3) d(p) = ∑ ( , )∈ (4) The routing problem seeks to find the paths between s and t nodes with minimum link cost c( ), which satisfies ( ) ≤ . This is a typical NP problem named constrained shortest path (CSP) [4][5], which can be solved by the Lagrangian Relaxation Based Aggregated Cost (LARAC) algorithm [6].

Implementation
The architecture of SDN network comprised of Floodlight controller and Mininet switches. In the floodlight controller, applications can be written in Java and can interact with the built-in controller modules via a JAVA API. Other applications can be written in different languages and interact with the controller modules via the REST API. And the controller allows the implementation of built-in modules that can communicate with their implementation of the OpenFlow controller (i.e OpenFlow Services). The controller, on the other hand, can communicate with the switches via the OpenFlow protocol through the abstraction layer present at the forwarding hardware.
a) The Controller Side b) The Switches Side Fig. 1. QS-Dijkstra Algorithm Implementation. The algorithm is separated into two parts; a controller function which is implemented in Floodlight using Java, and a switch function implemented in Mininet using Python.
We propose a Vulnerable-Link Avoidance Dijkstra (QS-Dijkstra) algorithm to capture the problem of best-effort avoiding vulnerable links while maintaining the delay constraint. QS-Dijkstra algorithm uses the previously-defined vulnerability metric in equation (2) to arrive at a set of feasible paths between source node s and destination node t.
The flowchart of the QS-Dijkstra algorithm that is implemented is shown in Fig. 1. The algorithm is separated into two parts, the switch side and the controller side. The algorithm of the controller side performs the following tasks: 1) Listening to messages from switches and calculating link-delay value of each link, and then constructing the link-delay cost matrix. 2) Calculating the link-vulnerability cost matrix according to the metric developed in formula (2); this matrix can be modified and calibrated by network operators or managers. 3) Running a topology-update thread, and checking the link-vulnerability cost matrix updates every Ts; if a change is detected, the controller recalculates the routing paths. 4) Calculating the routing paths based on the link cost metrics of interest, and updating the flow table of each switch by advertise a PACKET OUT message to switches. The main function of the algorithm in the switches side is to collect the values of link-delays for the directly connected switches. This is done through an independent thread responsible for periodically testing the link between that switch and all connected switches with higher ID. The sampling time is parametric and is tuneable by the network managers; in our simulation environment, Tsd is set to 60 seconds. Link delay testing is done 3 times every Tsd and the average value is then compared with the last known value. If the new delay is significantly different from the previous value, the switch updates the controller accordingly.

Simulation and Results
We build two large scale network environment with the same topology and route information. One is running the Dijkstra routing protocol, the other is for QS-Dijkstra. In order to reach a high performance, in each environment, we use the highperformance workstation with 10 Intel Xeon Westmere EP six-core processors. Whose maximum process speed could reach 11.251Tflops. Thus, the whole network includes 260 routers and a controller. For every node, we pick a random number from [1,10] for its connection number. And the commercial network flow generator Spirent TestCentre is chosen to generate some popular network application data, like http, IP, TCP, UDP. And it sends the same packets to the two networks synchronously. In this test case, the link cost and link delay is randomized in the [0 − 100]. The maximum path delay constraint T still set as 1000 seconds. After calculating the link vulnerability metric, there are 20 links which have very high vulnerable level. We sampled the packets number transmitted through these links every 200 seconds and calculate the average value on each links. The result is shown in Fig. 8, which shows that the packets transmitted on these un-safe links in QS-Dijkstra are much less than in Dijkstra. From the results shown in Figure 9, the conclusion could be proved that the network performance in QS-Dijstra does not lost much except for a few short intervals, and the maximum responds time in these intervals is still could be acceptable.

Conclusion
In this paper, we consider the varying delay status of the communication network along with other network security parameters. Our approach capitalizes on the SDN framework and technology. The implement and experiment show that QS-Dijkstra algorithm is able to minimize traffic routing through vulnerable links while satisfying the QoS constraints of the network.
In the future work, the algorithm could consider more security and performance features of links and routing nodes, to make a more effective routing protocol.