5,590 research outputs found
ISA-Based Trusted Network Functions And Server Applications In The Untrusted Cloud
Nowadays, enterprises widely deploy Network Functions (NFs) and server
applications in the cloud. However, processing of sensitive data and trusted
execution cannot be securely deployed in the untrusted cloud. Cloud providers
themselves could accidentally leak private information (e.g., due to
misconfigurations) or rogue users could exploit vulnerabilities of the
providers' systems to compromise execution integrity, posing a threat to the
confidentiality of internal enterprise and customer data. In this paper, we
identify (i) a number of NF and server application use-cases that trusted
execution can be applied to, (ii) the assets and impact of compromising the
private data and execution integrity of each use-case, and (iii) we leverage
Intel's Software Guard Extensions (SGX) architecture to design Trusted
Execution Environments (TEEs) for cloud-based NFs and server applications. We
combine SGX with the Data Plane Development KIT (DPDK) to prototype and
evaluate our TEEs for a number of application scenarios (Layer 2 frame and
Layer 3 packet processing for plain and encrypted traffic, traffic
load-balancing and back-end server processing). Our results indicate that NFs
involving plain traffic can achieve almost native performance (e.g., ~22
Million Packets Per Second for Layer 3 forwarding for 64-byte frames), while
NFs involving encrypted traffic and server processing can still achieve
competitive performance (e.g., ~12 Million Packets Per Second for server
processing for 64-byte frames)
Technical Report: Efficient Buffering and Scheduling for a Single-Chip Crosspoint-Queued Switch
The single-chip crosspoint-queued (CQ) switch is a compact switching
architecture that has all its buffers placed at the crosspoints of input and
output lines. Scheduling is also performed inside the switching core, and does
not rely on latency-limited communications with input or output line-cards.
Compared with other legacy switching architectures, the CQ switch has the
advantages of high throughput, minimal delay, low scheduling complexity, and no
speedup requirement. However, the crosspoint buffers are small and segregated,
thus how to efficiently use the buffers and avoid packet drops remains a major
problem that needs to be addressed. In this paper, we consider load balancing,
deflection routing, and buffer pooling for efficient buffer sharing in the CQ
switch. We also design scheduling algorithms to maintain the correct packet
order even while employing multi-path switching and resolve contentions caused
by multiplexing. All these techniques require modest hardware modifications and
memory speedup in the switching core, but can greatly boost the buffer
utilizations by up to 10 times and reduce the packet drop rates by one to three
orders of magnitude. Extensive simulations and analyses have been done to
demonstrate the advantages of the proposed buffering and scheduling techniques
in various aspects. By pushing the on-chip memory to the limit of current ASIC
technology, we show that a cell drop rate of 10e-8, which is low enough for
practical uses, can be achieved under real Internet traffic traces
corresponding to a load of 0.9
SDNFV: Flexible and Dynamic Software Defined Control of an Application- and Flow-Aware Data Plane
Software Defined Networking (SDN) promises greater flexibility for directing
packet flows, and Network Function Virtualization promises to enable dynamic
management of software-based network functions. However, the current divide
between an intelligent control plane and an overly simple, stateless data plane
results in the inability to exploit the flexibility of a software based
network. In this paper we propose SDNFV, a framework that expands the
capabilities of network processing-and-forwarding elements to flexibly manage
packet flows, while retaining both a high performance data plane and an easily
managed control plane.
SDNFV proposes a hierarchical control framework where decisions are made
across the SDN controller, a host-level manager, and individual VMs to best
exploit state available at each level. This increases the network's flexibility
compared to existing SDNs where controllers often make decisions solely based
on the first packet header of a flow. SDNFV intelligently places network
services across hosts and connects them in sequential and parallel chains,
giving both the SDN controller and individual network functions the ability to
enhance and update flow rules to adapt to changing conditions. Our prototype
demonstrates how to efficiently and flexibly reroute flows based on data plane
state such as packet payloads and traffic characteristics
A Comprehensive Study on Load Balancers for VNF chains Horizontal Scaling
We present an architectural design and a reference implementation for
horizontal scaling of virtual network function chains. Our solution does not
require any changes to network functions and is able to handle stateful network
functions for which states may depend on both directions of the traffic. We use
connection-aware traffic load balancers based on hashing function to maintain
mappings between connections and the dynamically changing network function
chains. Our references implementation uses OpenFlow switches to route traffic
to the assigned network function instances according to the load balancer
decisions. We conducted extensive simulations to test the feasibility of the
architecture and evaluate the performance of our implementation.Comment: Short version of the paper has been accepted for CNSM 201
SDN Controllers: Benchmarking & Performance Evaluation
Software Defined Networks offer flexible and intelligent network operations
by splitting a traditional network into a centralized control plane and a
programmable data plane. The intelligent control plane is responsible for
providing flow paths to switches and optimizes network performance. The
controller in the control plane is the fundamental element used for all
operations of data plane management. Hence, the performance and capabilities of
the controller itself are extremely important. Furthermore, the tools used to
benchmark their performance must be accurate and effective in measuring
different evaluation parameters. There are dozens of controller proposals
available in existing literature. However, there is no quantitative comparative
analysis for them. In this article, we present a comprehensive qualitative
comparison of different SDN controllers, along with a quantitative analysis of
their performance in different network scenarios. More specifically, we
categorize and classify 34 controllers based on their capabilities, and present
a qualitative comparison of their properties. We also discuss in-depth
capabilities of benchmarking tools used for SDN controllers, along with best
practices for quantitative controller evaluation. This work uses three
benchmarking tools to compare nine controllers against multiple criteria.
Finally, we discuss detailed research findings on the performance, benchmarking
criteria, and evaluation testbeds for SDN controllers
AMP: A Better Multipath TCP for Data Center Networks
In recent years several multipath data transport mechanisms, such as MPTCP
and XMP, have been introduced to effectively exploit the path diversity of data
center networks (DCNs). However, these multipath schemes have not been widely
deployed in DCNs. We argue that two key factors among others impeded their
adoption: TCP incast and minimum window syndrome. First, these mechanisms are
ill-suited for workloads with a many-to-one communication pattern, commonly
found in DCNs, causing frequent TCP incast collapses. Second, the syndrome we
discover for the first time, results in 2-5 times lower throughput for
single-path flows than multipath flows, thus severely violating network
fairness.
To effectively tackle these problems, we propose AMP: an adaptive multipath
congestion control mechanism that quickly detects the onset of these problems
and transforms its multipath flow into a single-path flow. Once these problems
disappear, AMP safely reverses this transformation and continues its data
transmission via multiple paths. Our evaluation results under a diverse set of
scenarios in a fat-tree topology with realistic workloads demonstrate that AMP
is robust to the TCP incast problem and improves network fairness between
multipath and single-path flows significantly with little performance loss
A Survey of Controller Placement Problem in Software Defined Networks
Software Defined Network (SDN) is an emerging network paradigm which provides
a centralized view of the network by decoupling the network control plane from
the data plane. This strategy of maintaining a global view of the network
optimizes resource management. However, the implementation of SDN using a
single physical controller lead to issues of scalability and robustness. A
physically distributed but logically centralized SDN controller architecture
promises to resolve both these issues. Distributed SDN along with its benefits
brings along the problem of the number of controllers required and their
placement in the network. This problem is referred to as the controller
placement problem (CPP) and this paper is mainly concerned with the CPP
solution techniques. The paper formally defines CPP, gives a comprehensive
review of the various performance metrics and characteristics of the available
CPP solutions. Finally, we point out the existing literature gap and discuss
the future research direction in this domain
Fractal: Automated Application Scaling
To date, cloud applications have used datacenter resources through manual
configuration and deployment of virtual machines and containers. Current trends
see increasing use of microservices, where larger applications are split into
many small containers, to be developed and deployed independently. However,
even with the rise of the devops movement and orchestration facilities such as
Kubernetes, there is a tendency to separate development from deployment. We
present an exploration of a more extreme point on the devops spectrum: Fractal.
Developers embed orchestration logic inside their application, fully automating
the processes of scaling up and down. Providing a set of extensions to and an
API over the Jitsu platform, we outline the design of Fractal and describe the
key features of its implementation: how an application is self-replicated, how
replica lifecycles are managed, how failure recovery is handled, and how
network traffic is transparently distributed between replicas. We present
evaluation of a self-scaling website, and demonstrate that Fractal is both
useful and feasible
Dual-structure Data Center Multicast Using Software Defined Networking
Data center applications use multicast as an effective method to reduce
bandwidth cost. However, traditional multicast protocols designed for IP
networks are usually bottlenecked by the limited state capacity on switches. In
this paper, we propose a scalable multicast solution on fat tree networks based
on the observation that data center multicast traffic has strong heterogeneity.
We propose to remove the multicast management logic from switches and use the
SDN controller to manage multicast groups. The proposed Dual-structure
Multicast (DuSM) determines elephant and mice groups according to their traffic
amounts and treats them separately. For each elephant group, the controller
installs multicast state to maintain multiple shared trees and the group
traffic will be balanced evenly among the trees to avoid congestion. For mice
groups, the controller applies state-free mutlicast that trades bandwidth
capacity for state capacity, such as multicast-to-unicast translation. Our
experiments using real multicast traffic data show that the number of groups
DuSM supports can be 300% of that of IP multicast. DuSM also achieves traffic
balance among links
A Survey of Energy Efficiency in SDN Software Based Methods and Optimization Models
Software Defined Networking (SDN) paradigm has the benefits of programmable
network elements by separating the control and the forwarding planes,
efficiency through optimized routing and flexibility in network management. As
the energy costs contribute largely to the overall costs in networks, energy
efficiency has become a significant design requirement for modern networking
mechanisms. However, designing energy efficient solutions is non-trivial since
they need to tackle the trade-off between energy efficiency and network
performance. In this article, we address the energy efficiency capabilities
that can be utilized in the emerging SDN. We provide a comprehensive and novel
classification of software-based energy efficient solutions into subcategories
of traffic aware, end system aware and rule placement. We propose general
optimization models for each subcategory, and present the objective function,
the parameters and constraints to be considered in each model. Detailed
information on the characteristics of state-of-the-art methods, their
advantages, drawbacks are provided. Hardware-based solutions used to enhance
the efficiency of switches are also described. Furthermore, we discuss the open
issues and future research directions in the area of energy efficiency in SDN.Comment: 17 double column pages, 3 figures, 6 table
- …