2,066 research outputs found
In-packet Bloom filters: Design and networking applications
The Bloom filter (BF) is a well-known space-efficient data structure that
answers set membership queries with some probability of false positives. In an
attempt to solve many of the limitations of current inter-networking
architectures, some recent proposals rely on including small BFs in packet
headers for routing, security, accountability or other purposes that move
application states into the packets themselves. In this paper, we consider the
design of such in-packet Bloom filters (iBF). Our main contributions are
exploring the design space and the evaluation of a series of extensions (1) to
increase the practicality and performance of iBFs, (2) to enable
false-negative-free element deletion, and (3) to provide security enhancements.
In addition to the theoretical estimates, extensive simulations of the multiple
design parameters and implementation alternatives validate the usefulness of
the extensions, providing for enhanced and novel iBF networking applications.Comment: 15 pages, 11 figures, preprint submitted to Elsevier COMNET Journa
Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking
Information-centric networking proposals attract much attention in the
ongoing search for a future communication paradigm of the Internet. Replacing
the host-to-host connectivity by a data-oriented publish/subscribe service
eases content distribution and authentication by concept, while eliminating
threats from unwanted traffic at an end host as are common in today's Internet.
However, current approaches to content routing heavily rely on data-driven
protocol events and thereby introduce a strong coupling of the control to the
data plane in the underlying routing infrastructure. In this paper, threats to
the stability and security of the content distribution system are analyzed in
theory and practical experiments. We derive relations between state resources
and the performance of routers and demonstrate how this coupling can be misused
in practice. We discuss new attack vectors present in its current state of
development, as well as possibilities and limitations to mitigate them.Comment: 15 page
Traffic Management Applications for Stateful SDN Data Plane
The successful OpenFlow approach to Software Defined Networking (SDN) allows
network programmability through a central controller able to orchestrate a set
of dumb switches. However, the simple match/action abstraction of OpenFlow
switches constrains the evolution of the forwarding rules to be fully managed
by the controller. This can be particularly limiting for a number of
applications that are affected by the delay of the slow control path, like
traffic management applications. Some recent proposals are pushing toward an
evolution of the OpenFlow abstraction to enable the evolution of forwarding
policies directly in the data plane based on state machines and local events.
In this paper, we present two traffic management applications that exploit a
stateful data plane and their prototype implementation based on OpenState, an
OpenFlow evolution that we recently proposed.Comment: 6 pages, 9 figure
- …