Abstract: Drone base stations (DBSs) create a radio access network (DRAN) that provides a quick on-demand coverage in areas either for lost coverage due to disasters (providing an emergency communications network (ECN)) or for specific military, governmental and IoT application needs. DRAN Control Functions may be modeled as Virtualized Network Functions (VNFs) to operate and control a flying DRAN that comprises a plurality of DBSs, providing near real-time configuration control functions. These unique functions apply to the combined drone and base station sub-components of each DBS. Unique configuration control actions are determining the number of drones, optimal 3D drone positioning, and the inter-drone graph topology by maximizing served cellular user clusters, while factoring in user slices, remaining drone flight times and RF interference.

Abstract: Drone base stations (DBSs) create a radio access network (DRAN) that provides a quick on-demand coverage in areas either for lost coverage due to disasters (providing an emergency communications network (ECN)) or for specific military, governmental and IoT application needs. DRAN Control Functions may be modeled as Virtualized Network Functions (VNFs) to operate and control a flying DRAN that comprises a plurality of DBSs, providing near real-time configuration control functions. These unique functions apply to the combined drone and base station sub-components of each DBS. Unique configuration control actions are determining the number of drones, optimal 3D drone positioning, and the inter-drone graph topology by maximizing served cellular user clusters, while factoring in user slices, remaining drone flight times and RF interference.

Abstract: A probe virtual network function (VNF) is deployed in a software defined network (SDN), where the probe VNF computes delays and determines operation status of other VNFs as ‘available’ or ‘unavailable’ based on whether the computed delays are bounded or unbounded (or if a packet fails to arrive at a given VNF). The computed delay and the determined operation-status are then reported to a control function. The availability of such delay measurements using the probe VNF makes the routing algorithm within the controller more intelligent by incorporating the delay sensitivity of various service function chains.

Abstract: When network function virtualization (NFV) is overlaid on top of a SDN, a convergence gateway mediates between the orchestrator and the SDN controller. The convergence gateway collects from the orchestrator the information on the location, capacity, status, and usage information of all virtualized functions that run on SDN's physical platforms, and passes that information to the controller. The controller decides to optimally route a data flow for service chaining by obeying traffic engineering and quality of service policies of that data flow, choosing from available virtualized functions along that route. An information model based approach is also presented for information sharing across the orchestrator, convergence gateway and controller.

Abstract: A programmable switch for use in a Software Defined Network (SDN) is disclosed that supports multiple open Application Programming Interfaces (APIs) between the switch and various types of controllers, where each such API supports a different function set and possibly uses different IP protocols such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Abstract: A novel system and a new data communication method are invented in a software-defined (SDN) network to provide delivery of certain types of critical data flows with certain QoS and/or extra security requirements in a congested network. The method of invention allows such critical data not to traverse the data plane, as it normally would, but instead to go from the ingress switch directly to the egress switch, thereby always in two hops using the control channels. By shortcutting all other switches along the traditional data path computed by normal routing, it potentially provides guaranteed throughput, lower latency/jitter or higher level of security.

Abstract: The VNF hopping in a Software Defined Network (SDN) allows a traffic flow to change routes frequently amongst a chosen group of paths to obfuscate data paths or to meet specific performance requirements while satisfying the service chaining requirements by activating in real-time the same virtual functions on each chosen path. Using the VNF hopping method and additional capabilities built into an SDN controller and an orchestrator according to this invention, the controller determines multiple feasible routes for specific flows with desired service chaining functions and enables activation of those chained services, so that the active flow can randomly be assigned to different routes after a switch-over time period expires, or by a special randomization logic within the switch managed by the controller, or manually programmed by a system administrator.

Abstract: The VNF hopping in a Software Defined Network (SDN) allows a traffic flow to change routes frequently amongst a chosen group of paths to obfuscate data paths or to meet specific performance requirements while satisfying the service chaining requirements by activating in real-time the same virtual functions on each chosen path. Using the VNF hopping method and additional capabilities built into an SDN controller and an orchestrator according to this invention, the controller determines multiple feasible routes for specific flows with desired service chaining functions and enables activation of those chained services, so that the active flow can randomly be assigned to different routes after a switch-over time period expires, or by a special randomization logic within the switch managed by the controller, or manually programmed by a system administrator.

Abstract: When network function virtualization (NFV) is overlaid on top of a SDN, a convergence gateway mediates between the orchestrator and the SDN controller. The convergence gateway collects from the orchestrator the information on the location, capacity, status, and usage information of all virtualized functions that run on SDN's physical platforms, and passes that information to the controller. The controller decides to optimally route a data flow for service chaining by obeying traffic engineering and quality of service policies of that data flow, choosing from available virtualized functions along that route. An information model based approach is also presented for information sharing across the orchestrator, convergence gateway and controller.

Abstract: Sensitive data is sent through insecure network regions across different software defined networks (SDNs) over an encrypted path without requiring encryption applications at the source or destination hosts. One or more special-purpose encryptors are strategically placed within each SDN, which can act as an encryptor or decryptor, of both the data packet content and the header. Using the controller and a special encryption service application, the encrypted IP packets are forwarded from an encryptor, closest to the source, towards a decryptor, closest to the destination, utilizing a tagging method. Each encryptor has a static and globally unique tag. Each controller advertises to other controllers its encryptor information: IP of the encryptor, the IP block of the users the encryptor is responsible for and the unique encryptor tag(s). Each forwarder along the flow path is instructed by its respective controller how to forward packets towards the destination according to the tag.

Abstract: When network function virtualization (NFV) is overlaid on top of a SDN, a convergence gateway mediates between the NFV orchestrator and the SDN controller. The convergence gateway collects from the orchestrator the information on the workload and up/down status of virtualized network functions that run on SDN's physical resources, and passes such information to the controller. The controller then makes an intelligent decision regarding optimally routing data flows for service chaining, choosing from many available virtualized functions along the data path. Reciprocally, the convergence gateway collects, from the controller, the network congestion and available capacity information on all physical and virtualized network resources of the SDN, and feeds that information to the orchestrator. Accordingly, the orchestrator decides on where and when to activate/deactivate/capacitate virtual functions to best serve a service request.

Abstract: A system and method that rely on a centralized and trusted control mechanism for a software-defined network (SDN) to dynamically assign routes between two end points, and to simultaneously change their real IP addresses to fake IP addresses to establish short-lived obfuscated communications paths with a goal of preserving anonymity. The SDN controller determines the short-lived routes from a feasible route-set and new fake IP addresses from a reserved address pool for the source and destination hosts. It provisions only the switches along the route with rules so that a switch can forward packets of the data flow to another switch without needing to know the actual IP addresses of the communicating endpoints, and hence, providing strict anonymity even when the switches are compromised.

Abstract: Random route hopping in a Software Defined Network (SDN) allows traffic flows to change routes frequently to obfuscate data paths or to meet specific performance requirements. Using the route hopping method and additional capabilities built into an SDN controller according to this invention, the controller determines multiple feasible routes for specific flows, called jumper flows, so that the active flow can randomly be assigned to different routes after a switch-over time period expires, or by a special randomization logic within the switch managed by the controller, or manually programmed by a system administrator.

Abstract: Controller(s) in a software defined network (SDN) are able to determine a control path towards each network switch by performing a switch-originated discovery and using an in-band control network that is an overlay on the data network. A topology tree is maintained, where each controller being the root of the tree, and where messages from the root to any switch may pass through neighboring switches to reach that switch (and vice-versa). Each switch in the SDN attempts to connect to the controller when it does not have a readily configured control connection towards the controller. Once the controller learns about the presence of a new switch and at least one or more paths to reach that switch through a novel discovery process, it can select, adjust and even optimize the control path's route towards that switch.

Abstract: Controller(s) can determine a control path towards each network switch using a novel controller-originated discovery process based on an in-band control network that is an overlay on the data network. The controller attempts to connect to each switch when it does not have a readily configured control connection towards the switch. Once the controller learns about the presence of a new switch and at least one or more paths to reach that switch through aforementioned discovery process, it can select, adjust and even optimize the control path's route towards that switch. During the controller-originated control network discovery process, the controller also learns about the to connectivity between all switches. Thereby, as a by-product of the discovery process, it uncovers the entire data network topology in parallel.

Abstract: Sensitive data is sent through insecure network regions across different software defined networks (SDNs) over an encrypted path without requiring encryption applications at the source or destination hosts. One or more special-purpose encryptors are strategically placed within each SDN, which can act as an encryptor or decryptor, of both the data packet content and the header. Using the controller and a special encryption service application, the encrypted IP packets are forwarded from an encryptor, closest to the source, towards a decryptor, closest to the destination, utilizing a tagging method. Each encryptor has a static and globally unique tag. Each controller advertises to other controllers its encryptor information: IP of the encryptor, the IP block of the users the encryptor is responsible for and the unique encryptor tag(s). Each forwarder along the flow path is instructed by its respective controller how to forward packets towards the destination according to the tag.

Abstract: A novel (software defined network) SDN control plane is introduced having new system capabilities to activate and deactivate controllers in real-time upon automatic measurement of network control traffic and service requirements, and proper controller interactions with network switches as control plane topology changes. Also introduced is a control flow table, which defines the assignment of certain control flows (by originator, location, service type, etc.) to different controllers within the SDN.

Abstract: A novel system and a new data communication method are invented in a software-defined (SDN) network to provide delivery of certain types of critical data flows with certain QoS and/or extra security requirements in a congested network. The method of invention allows such critical data not to traverse the data plane, as it normally would, but instead to go from the ingress switch directly to the egress switch, thereby always in two hops using the control channels. By shortcutting all other switches along the traditional data path computed by normal routing, it potentially provides guaranteed throughput, lower latency/jitter or higher level of security.

Abstract: A system and method that rely on a centralized and trusted control mechanism for a software-defined network (SDN) to dynamically assign routes between two end points, and to simultaneously change their real IP addresses to fake IP addresses to establish short-lived obfuscated communications paths with a goal of preserving anonymity. The SDN controller determines the short-lived routes from a feasible route-set and new fake IP addresses from a reserved address pool for the source and destination hosts. It provisions only the switches along the route with rules so that a switch can forward packets of the data flow to another switch without needing to know the actual IP addresses of the communicating endpoints, and hence, providing strict anonymity even when the switches are compromised.

Abstract: A novel (software defined network) SDN control plane is introduced having new system capabilities to activate and deactivate controllers in real-time upon automatic measurement of network control traffic and service requirements, and proper controller interactions with network switches as control plane topology changes. Also introduced is a control flow table, which defines the assignment of certain control flows (by originator, location, service type, etc.) to different controllers within the SDN.