87 research outputs found
Recommended from our members
Don't mind the gap: Bridging network-wide objectives and device-level configurations
We reflect on the historical context that lead to Propane, a high-level language and compiler to help network operators bridge the gap between network-wide routing objectives and low-level configurations of devices that run complex, distributed protocols. We also highlight the primary contributions that Propane made to the networking literature and describe ongoing challenges. We conclude with an important lesson learned from the experience
SDN management layer: design requirements and future direction
Computer networks are becoming more and more complex and difficult to manage. The research community has been expending a lot of efforts to come up with a general management paradigm that is able to hide the details of the physical infrastructure and enable flexible network management. Software Defined Networking (SDN) is such a paradigm that simplifies network management and enables network innovations. In this survey paper, by reviewing existing SDN management layers (platforms), we identify the general common management architecture for SDN networks, and further identify the design requirements of the management layer that is at the core of the architecture. We also point out open issues and weaknesses of existing SDN management layers. We conclude with a promising future direction for improving the SDN management layer.This work is supported in part by the National Science Foundation (NSF grant CNS-0963974)
Forwarding Tables Verification through Representative Header Sets
Forwarding table verification consists in checking the distributed
data-structure resulting from the forwarding tables of a network. A classical
concern is the detection of loops. We study this problem in the context of
software-defined networking (SDN) where forwarding rules can be arbitrary
bitmasks (generalizing prefix matching) and where tables are updated by a
centralized controller. Basic verification problems such as loop detection are
NP-hard and most previous work solves them with heuristics or SAT solvers. We
follow a different approach based on computing a representation of the header
classes, i.e. the sets of headers that match the same rules. This
representation consists in a collection of representative header sets, at least
one for each class, and can be computed centrally in time which is polynomial
in the number of classes. Classical verification tasks can then be trivially
solved by checking each representative header set. In general, the number of
header classes can increase exponentially with header length, but it remains
polynomial in the number of rules in the practical case where rules are
constituted with predefined fields where exact, prefix matching or range
matching is applied in each field (e.g., IP/MAC addresses, TCP/UDP ports). We
propose general techniques that work in polynomial time as long as the number
of classes of headers is polynomial and that do not make specific assumptions
about the structure of the sets associated to rules. The efficiency of our
method rely on the fact that the data-structure representing rules allows
efficient computation of intersection, cardinal and inclusion. Finally, we
propose an algorithm to maintain such representation in presence of updates
(i.e., rule insert/update/removal). We also provide a local distributed
algorithm for checking the absence of black-holes and a proof labeling scheme
for locally checking the absence of loops
Merlin: A Language for Provisioning Network Resources
This paper presents Merlin, a new framework for managing resources in
software-defined networks. With Merlin, administrators express high-level
policies using programs in a declarative language. The language includes
logical predicates to identify sets of packets, regular expressions to encode
forwarding paths, and arithmetic formulas to specify bandwidth constraints. The
Merlin compiler uses a combination of advanced techniques to translate these
policies into code that can be executed on network elements including a
constraint solver that allocates bandwidth using parameterizable heuristics. To
facilitate dynamic adaptation, Merlin provides mechanisms for delegating
control of sub-policies and for verifying that modifications made to
sub-policies do not violate global constraints. Experiments demonstrate the
expressiveness and scalability of Merlin on real-world topologies and
applications. Overall, Merlin simplifies network administration by providing
high-level abstractions for specifying network policies and scalable
infrastructure for enforcing them
Denial-of-service attacks in wireless networks using off-the-shelf hardware
Wireless network technologies offer ubiquitous broadband access to millions of users at an affordable cost. However, the broadband nature of the wireless medium make these networks vulnerable to a number of attacks. Malicious interference at the physical layer, and extended packet collisions at the medium access layer can cause significant DoS attacks. In this work, we show how off-the-shelf hardware can be used to create devastating DoS attacks in a IEEE 802.11 network. Moreover, we present two algorithms for attack detection that are based on the cumulative sum algorithm. © 2014 Springer International Publishing Switzerland
Intelligent Management and Efficient Operation of Big Data
This chapter details how Big Data can be used and implemented in networking
and computing infrastructures. Specifically, it addresses three main aspects:
the timely extraction of relevant knowledge from heterogeneous, and very often
unstructured large data sources, the enhancement on the performance of
processing and networking (cloud) infrastructures that are the most important
foundational pillars of Big Data applications or services, and novel ways to
efficiently manage network infrastructures with high-level composed policies
for supporting the transmission of large amounts of data with distinct
requisites (video vs. non-video). A case study involving an intelligent
management solution to route data traffic with diverse requirements in a wide
area Internet Exchange Point is presented, discussed in the context of Big
Data, and evaluated.Comment: In book Handbook of Research on Trends and Future Directions in Big
Data and Web Intelligence, IGI Global, 201
Packet Transactions: High-level Programming for Line-Rate Switches
Many algorithms for congestion control, scheduling, network measurement,
active queue management, security, and load balancing require custom processing
of packets as they traverse the data plane of a network switch. To run at line
rate, these data-plane algorithms must be in hardware. With today's switch
hardware, algorithms cannot be changed, nor new algorithms installed, after a
switch has been built.
This paper shows how to program data-plane algorithms in a high-level
language and compile those programs into low-level microcode that can run on
emerging programmable line-rate switching chipsets. The key challenge is that
these algorithms create and modify algorithmic state. The key idea to achieve
line-rate programmability for stateful algorithms is the notion of a packet
transaction : a sequential code block that is atomic and isolated from other
such code blocks. We have developed this idea in Domino, a C-like imperative
language to express data-plane algorithms. We show with many examples that
Domino provides a convenient and natural way to express sophisticated
data-plane algorithms, and show that these algorithms can be run at line rate
with modest estimated die-area overhead.Comment: 16 page
- …