P4-compatible High-level Synthesis of Low Latency 100 Gb/s Streaming Packet Parsers in FPGAs

Packet parsing is a key step in SDN-aware devices. Packet parsers in SDN networks need to be both reconfigurable and fast, to support the evolving network protocols and the increasing multi-gigabit data rates. The combination of packet processing languages with FPGAs seems to be the perfect match for these requirements. In this work, we develop an open-source FPGA-based configurable architecture for arbitrary packet parsing to be used in SDN networks. We generate low latency and high-speed streaming packet parsers directly from a packet processing program. Our architecture is pipelined and entirely modeled using templated C++ classes. The pipeline layout is derived from a parser graph that corresponds a P4 code after a series of graph transformation rounds. The RTL code is generated from the C++ description using Xilinx Vivado HLS and synthesized with Xilinx Vivado. Our architecture achieves 100 Gb/s data rate in a Xilinx Virtex-7 FPGA while reducing the latency by 45% and the LUT usage by 40% compared to the state-of-the-art.Comment: Accepted for publication at the 26th ACM/SIGDA International Symposium on Field-Programmable Gate Arrays February 25 - 27, 2018 Monterey Marriott Hotel, Monterey, California, 7 pages, 7 figures, 1 tabl

Consistent SDNs through Network State Fuzzing

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Nevertheless, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to continuously test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly

Consistent SDNs through Network State Fuzzing

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Unfortunately, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to periodically test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly while outperforming baseline approaches.Comment: Added three extra relevant references, the arXiv later was accepted in IEEE Transactions of Network and Service Management (TNSM), 2019 with the title "Towards Consistent SDNs: A Case for Network State Fuzzing

A Case for Data Centre Traffic Management on Software Programmable Ethernet Switches

Virtualisation first and cloud computing later has led to a consolidation of workload in data centres that also comprises latency-sensitive application domains such as High Performance Computing and telecommunication. These types of applications require strict latency guarantees to maintain their Quality of Service. In virtualised environments with their churn, this demands for adaptability and flexibility to satisfy. At the same time, the mere scale of the infrastructures favours commodity (Ethernet) over specialised (Infiniband) hardware. For that purpose, this paper introduces a novel traffic management algorithm that combines Rate-limited Strict Priority and Deficit round-robin for latency-aware and fair scheduling respectively. In addition, we present an implementation of this algorithm on the bmv2 P4 software switch by evaluating it against standard priority-based and best-effort scheduling.Comment: 8th IEEE International Conference on Cloud Networking (IEEE CloudNet 2019

Network Slicing Using FlowVisor for Enforcement of Bandwidth Isolation in SDN Virtual Networks

Software-defined networking (SDN) is becoming increasingly popular because of features such as programming control, embedded monitoring, fine-grained control, flexibility, support for many tenants, and scalability. Problems with the prior design, known as the conventional network, include the need to configure each network device individually, decentralized control, and a persistent issue with tenant enforcement for multitenant support. Tenants are unable to administer their networks without disturbing their neighbours. In this research, network slicing on SDN will ensure tenant isolation using FlowVisor and an SDN controller. Flowspace, which is part of FlowVisor capable of implementing network isolation, is for isolation in this research. Multitenancy is supported in SDN via the network slicing technique. Two types of renters were employed, and two testing procedures connectivity and functionality were run to meet the research objectives. This research produced several findings, including that all hosts were correctly linked, and the connection was achieved without turning on FlowVisor. The host function can only send and receive data from hosts with the same tenant. The research results show that FlowVisor can be applied for isolation enforcement. As a result of each tenant utilising their slice of the network without being interrupted by other slices, this research finds that utilising FlowVisor to construct Flowspace can segment the network to allow multitenancy. Expanding the number of slices for more study and testing in a real-world setting is possible

P-SCOR: Integration of Constraint Programming Orchestration and Programmable Data Plane

In this manuscript we present an original implementation of network management functions in the context of Software Defined Networking. We demonstrate a full integration of an artificial intelligence driven management, an SDN control plane, and a programmable data plane. Constraint Programming is used to implement a management operating system that accepts high level specifications, via a northbound interface, in terms of operational objective and directives. These are translated in technology-specific constraints and directives for the SDN control plane, leveraging the programmable data plane, which is enriched with functionalities suited to feed data that enable the most effective operation of the “intelligent” control plane, by exploiting the language

Redes definidas por software flexíveis

The fifth generation of mobile networks (5G) are able to offer better services than its predecessors mainly through the usage of software defined networks (SDN) and network functions virtualization (NFV) However, after multiple solutions developed using OpenFlow, the conclusion was that the even after several years of the first version released, OpenFlow fails to offer full flexibility and cannot handle unknown protocols. With that in mind, the community got together and created what is known today as P4. P4 is a language designed to program the data plane behavior, that, with the help of P4Runtime, the alternative of OpenFlow to P4 enabled devices, it allows the management of the data plane behavior regarding the target or the protocol. All of that because, unlike OpenFlow, P4Runtime does not assume that network devices have a fixed and well defined behavior, usually described by the ASIC chip. In this work, P4 ecosystem is used to implement offloading of functions to the network devices and evaluate whether that is impactful for the network performance. Given the low amount of work developed with P4 regarding publish-subscribe systems, that traditionally rely on brokers, it was decided to offload several functions of such systems to the dataplane with P4, leading that the overall solution can be comparable to distributed broker ones. However, P4 is limited regarding the management of state related data, just like of TCP sessions, which many publish-subscribe system rely on. Zenoh, a new publish-subscribe protocol that is still in early phases and directed to IoT, is also able to run over UDP and therefore is a great candidate to be implemented in P4 to overcome such issues. It is then used to show the advantages of doing offloading of processing to the dataplane. The conceptualized system was then compared to two more traditional ones, that do not make use of offloading. The overall results achieved are promising. Results show that there are benefits in the offloading of certain tasks to the dataplane and therefore be closer to the end user and with that improve latency. However, regarding the pure Zenoh, the results achieved are poorer. That can be explained by the usage of software switches that are not production grade ready and whose performance is highly impacted by several data plane factors. That makes it necessary to do more tests on expensive hardware equipment for a more concrete conclusion.As redes móveis de quinta geração (5G) conseguem oferecer melhores serviços que as suas anteriores gerações maioritariamente através do uso de tecnologias como redes definidas por software (SDN) e virtualização das funções da rede (NFV). No entanto, após vários anos de implementações de soluções usando OpenFlow, chegou-se à conclusão que este tem limitações relativamente a protocolos desconhecidos, mesmo após vários anos da primeira versão. Então, a comunidade juntou-se e criou o que hoje é o ecossistema P4/P4Runtime. Sendo o P4 uma linguagem destinada à programação do comportamento do plano de dados e o P4Runtime o equivalente ao OpenFlow para equipamentos que suportam P4, no entanto permite uma gestão do comportamento do plano de dados independente do dispositivo e do protocolo, uma vez que não assume que os equipamentos de rede têm um comportamento fixo bem definido, normalmente descrito pelo chip ASIC. Neste trabalho, faz-se uso do ecossistema do P4 para implementação de offloading de funções para os próprios equipamentos de rede e avalia-se se esta solução traz benefícios para a performance da rede. Devido à pouca exploração em P4 de sistemas publish-subscribe, que dependem tradicionalmente de brokers, foi decidido fazer offloading de funções de um desses sistemas através do uso de P4, permitindo ainda que a solução como um todo possa ser comparável com as oferecidas por um broker distribuído. No entanto, o P4 tem limitações ao nível de gestão de sessões TCP. O Zenoh, um protocol publish-subscribe ainda em evolução e direcionado para IoT, permite também transporte sobre UDP, e é por isso um grande candidato a ser implementado em P4 para demonstrar as vantagens de fazer offloading de processamento para o plano de dados. O sistema conceptualizado e desenvolvido foi então comparado com outros dois sistemas mais tradicionais que não fazem uso de offloading. Os resultados são animadores mostrando que existe benefício em fazer ffloading de certas funções para o plano de dados, visto que certas operações podem ser feitas mais perto do utilizador final. No entanto, comparando os resultados com os oferecidos pelo Zenoh puro, os resultados são piores, sendo isto explicado pelo facto de os equipamentos de rede utilizados serem switches em software que não estão preparados para ambientes de produção e são muito penalizados por diversos fatores do comportamento do plano de dados. É por isso necessário fazer testes em equipamentos de hardware para uma avaliação mais profunda e consequente conclusão.Mestrado em Engenharia de Computadores e Telemátic

P4言語を用いたパケット分類アルゴリズムに関する研究

パケット・クラシファイアとは、コンピュータネットワークにおいてネットワーク機器に到着したパケットをグループに分類するメカリズムである。特定の処理のためにパケットを区別して分離する必要があるサービス、例えば、ファイアウォールやサービス品質などのカスタマイズネットワークサービスなどを提供するためにルータでのパケットを分類するのは極めて重要である。パケット分類に関するアルゴリズムがいくつかの研究で提案されている。分類の性能を向上するため、決定木、ヒューリスティックなどを利用した提案がある。しかし、その性能評価は主にハードウェア実装に基づいていたので、アルゴリズムの設計方法、データ構造などソフトウェルーターに適用できない恐れがある。近年、ネットワークプロトコル、ターゲット非依存という特徴をあるP4言語が開発された。P4言語は幅広いのデータプレーンをプログラミングできるように、ネットワークの基本機能に関する表現力豊かな文法設計されています。仮想ネットワーク機能（VNF）に対する研究が流行っている背景のなか、P4言語用いてソフトウェアにおけるパケット分類の実装を研究する必要がある。本研究では、今までネットワークのパケット分類に関するアルゴリズムがP4言語文法による実装を検討する。P4抽象転送モデル中で利用可能なプログラミングフローを議論し、パケット分類の改善に適しているデータ構造を示した。また、異なるアルゴリズムとデータ構造を用いて、P4ソースコードからコンパイルされたソフトウェアルーターの性能評価を行った。電気通信大学201

Offloading in P4 Switch Integrated with Multiple Virtual Network Function Servers

Software Defined Networking (SDN) and Network Function Virtualization (NFV) are two transformative technologies that offer distinct benefits. SDN virtualizes the control plane by separating it from the data plane, while NFV virtualizes the data plane by moving network functions from hardware and implementing them in software. Therefore, combining SDN and NFV can fully exploit the benefits of both technologies. As Programming Protocol-independent Packet Processors (P4) become popular due to its flexibility, traditional SDN switches are being replaced by P4 switches. In the P4+NFV architecture, network functions can be provided in both P4 switches (PNF) and NFV servers (VNF). However, to minimize packet delay, the offloading problem between P4 switches and NFV needs to be addressed. The novelty of our paper lies in investigating the offloading problem and evaluating the impact of employing multiple VNFs with varying computing capacities within the P4+NFV architecture. We also use M/M/1 queuing theory to derive the average packet delay and propose an optimization solution based on gradient descent to find out the optimal offloading probabilities of various VNF servers. Results show that optimal offloading from P4 switch to multiple VNFs can reduce the average packet delay from 4.76% to 40.02%

Contributions towards softwarization and energy saving in passive optical networks

Ths thesis is a result of contributions to optimize and improve the network management systme and power consumption in Passive Optical Network (PON). Passive Optical Network elements such as Optical Line Terminal (OLT) and Optical Network Units (ONUs) are currently managed by inflexible legacy network management systems. Software-Defined Networking (SDN) is a new networking paradigm that improves the operation and management of networks by decoupling control plane from data plane. Currently, network management in PON networks is not always automated nor normalized. One goal of the researchers in optical networking is to improve the programmability, efficiency, and global optimization of network operations, in order to minimize both Capital Expenditure (CAPEX) and Operational Expenditure (OPEX) by reducing the complexity of devices and its operation. Therefore, it makes sense to use an SDN approach in order to manage the passive optical network functionalities and migrating must of the upper layer functions to the SDN controller. Many approaches have already addressed the topic of applying the SDN architecture in PON networks. However; the focus was usually on facilitating the deployment of SDN-based service and so Service Interoperability remains unexplored in detail. The main challenge toward this goal is how to make compatible the synchronous nature of the EPON media access control protocols with the asynchronous architecture of SDN, and in particular, OpenFlow. In our proposed architecture, the OLT is partially virtualized and some of its functionalities are allocated to the core network management system, while the OLT itself is replaced by an OpenFlow switch. A new MultiPoint MAC Control (MPMC) sublayer extension based on the OpenFlow protocol is presented. The OpenFlow switch is extended with synchronous ports to retain the time-critical nature of the EPON network. Our simulation-based results demonstrate the effectiveness of the new architecture, while retaining a similar (or improved) performance in term of delay and throughput when compared to legacy PONs. Nowadays, many researchers are working simultaneously to develop power saving techniques and improves energy efficiency in the PON network, and since the contribution of access networks to the global energy consumption is large, energy efficiency has become an increasingly important requirement in designing access networks. Therefore, energy-saving approaches are being investigated to provide high performance and consume less energy. Several techniques have been proposed to increase energy efficiency in PON networks. Such techniques are related to the centeralized DBA but the advantage of power saving in a distributed DBA remains untouched. We present a distributed energy-efficient Dynamic Bandwidth Allocation (DBA) algorithm for both the upstream and downstream channels of EPON to improve energy efficiency in EPON networks. The proposed algorithm analyzes the queue status of the ONUs and OLT in order to power-off the transmitter and/or receiver of an ONU whenever there is no upstream or downstream traffic. We have been able to combine the advantage of a distributed DBA such as DDSPON (a smaller packet delay, due to the shorter time needed by DDSPON to allocate the transmission slots) and the energy-saving features (that come at a price of longer packet delays due to the fact that switching off the transmitters make the packet queues grow). Our proposed DBA algorithm minimizes the ONU energy consumption across a wide range of network loads, while maintaining at an acceptable level the penalty introduced in terms of channel utilization and packet delay.Las contribuciones de esta tesis se centran en mejorar el sistema de gestión de red y el consumo de energía en redes de acceso ópticas pasivas (PON). Los elementos de las redes PON, como el terminal de línea óptica (OLT) y las unidades de red ópticas (ONU), se gestionan actualmente mediante sistemas poco flexibles. El nuevo paradigma de redes definidas por software (SDN) mejora la gestión de redes al desacoplar el plano de control del plano de datos. Actualmente, la gestión de redes PON no está automatizada ni normalizada. Uno de los objetivos de los investigadores en redes ópticas es mejorar la programabilidad, la eficiencia y la optimización global de las operaciones de red, con el fin de minimizar tanto el gasto de capital (CAPEX) como el gasto operativo (OPEX) al reducir la complejidad de los dispositivos y su funcionamiento. Por lo tanto, tiene sentido utilizar un enfoque SDN para gestionar las funciones de red óptica pasiva y migrar algunas de las funciones PON de capas superiores al controlador SDN. Otros investigadores han estudiado esta aproximación. sin embargo; el enfoque generalmente estaba en facilitar la implementación del servicio basado en SDN y, por lo tanto, la interoperabilidad de los servicios permanecía sin ser explorado en detalle. El principal desafío hacia este objetivo es cómo compatibilizar la naturaleza síncrona de los protocolos de control de acceso a medios EPON con la arquitectura asíncrona de SDN y, en particular, OpenFlow. En nuestra propuesta de arquitectura, la OLT se virtualiza parcialmente y algunas de sus funcionalidades se asignan al sistema de gestión de red centralizado, mientras que la OLT se reemplaza por un conmutador OpenFlow. Proponemos una nueva extensión de la subcapa de control múltiple de MAC (MPMC) basada en el protocolo OpenFlow. El conmutador OpenFlow se amplía con puertos síncronos para asegurar la naturaleza de tiempo real de la red EPON. Nuestros resultados basados ¿¿en simulaciones demuestran la efectividad de la nueva arquitectura, al tiempo que se mantiene un rendimiento similar (o mejorado) en términos de retardos y rendimiento en comparación con las PON clásicas. Por otro lado, se están desarrollando técnicas de ahorro de energía y mejora de la eficiencia energética en redes PON, y dado que la contribución de las redes de acceso al consumo total de energía es importante, la eficiencia energética se ha convertido en un requisito cada vez más importante. Se han propuesto varias técnicas por parte de otros autores para aumentar la eficiencia energética en las redes PON, relacionadas con algoritmos DBA (Dynamic Bandwidth Allocation) centralizados, pero las ventaja del ahorro de energía en un DBA distribuido no se ha explorado todavía. Por ello nuestra segunda contiribución es un algoritmo distribuido de asignación dinámica de ancho de banda energéticamente eficiente tanto para los canales ascendentes como descendentes de EPON para mejorar la eficiencia energética en las redes EPON. El algoritmo propuesto analiza el estado de cola de las ONU y la OLT para apagar el transmisor y/o el receptor de una ONU cuando no hay tráfico en sentido ascendente o descendente. Hemos podido combinar la ventaja de un DBA distribuido como DDSPON (que asegura retardos más pequeños, debido al menor tiempo que DDSPON necesita para asignar las ranuras de transmisión) y las características de ahorro de energía (al precio de tener retardos de paquete más grandes debido al hecho de que apagar los transmisores hace que las colas de paquetes crezcan). Nuestro algoritmo de DBA propuesto minimiza el consumo de energía de la ONU en una amplia gama de cargas de red, mientras mantiene a un nivel aceptable la penalización introducida en términos de utilización del canal y retardos