Container-based network function virtualization for software-defined networks

Today's enterprise networks almost ubiquitously deploy middlebox services to improve in-network security and performance. Although virtualization of middleboxes attracts a significant attention, studies show that such implementations are still proprietary and deployed in a static manner at the boundaries of organisations, hindering open innovation. In this paper, we present an open framework to create, deploy and manage virtual network functions (NF)s in OpenFlow-enabled networks. We exploit container-based NFs to achieve low performance overhead, fast deployment and high reusability missing from today's NFV deployments. Through an SDN northbound API, NFs can be instantiated, traffic can be steered through the desired policy chain and applications can raise notifications. We demonstrate the systems operation through the development of exemplar NFs from common Operating System utility binaries, and we show that container-based NFV improves function instantiation time by up to 68% over existing hypervisor-based alternatives, and scales to one hundred co-located NFs while incurring sub-millisecond latency

Roaming Edge vNFs using Glasgow Network Functions

While the network edge is becoming more important for the provision of customized services in next generation mobile networks, current NFV architectures are unsuitable to meet the increasing future demand. They rely on commodity servers with resource-hungry Virtual Machines that are unable to provide the high network function density and mobility requirements necessary for upcoming wide-area and 5G networks. In this demo, we showcase Glasgow Network Functions (GNF), a virtualization framework suitable for next generation mobile networks that exploits lightweight network functions (NFs) deployed at the edge and transparently following users' devices as they roam between cells

Trustworthy Knowledge Planes For Federated Distributed Systems

In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks

Trustworthy Knowledge Planes For Federated Distributed Systems

In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks

Queues don't matter when you can JUMP them!

QJUMP is a simple and immediately deployable approach to controlling network interference in datacenter networks. Network interference occurs when congestion from throughput-intensive applications causes queueing that delays traffic from latency-sensitive applications. To mitigate network interference, QJUMP applies Internet QoS-inspired techniques to datacenter applications. Each application is assigned to a latency sensitivity level (or class). Packets from higher levels are rate-limited in the end host, but once allowed into the network can “jump-the-queue” over packets from lower levels. In settings with known node counts and link speeds, QJUMP can support service levels ranging from strictly bounded latency (but with low rate) through to line-rate throughput (but with high latency variance). We have implemented QJUMP as a Linux Traffic Control module. We show that QJUMP achieves bounded latency and reduces in-network interference by up to 300×, outperforming Ethernet Flow Control (802.3x), ECN (WRED) and DCTCP. We also show that QJUMP improves average flow completion times, performing close to or better than DCTCP and pFabric.This work was supported by a Google Fellowship, EPSRC INTERNET Project EP/H040536/1, Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory (AFRL), under contract FA8750-11-C-0249.This is the final published version. It first appeared at https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/grosvenor

Design and validation of a meter band rate in OpenFlow and OpenDaylight for optimizing QoS

Technological developments in the Internet and communications have created a vastly complex and dynamic context with diverse heterogeneous networks and fast growth of mobile devices and multimedia. As the Internet becomes the primary mode of communication for many organisations there is requirement to enhance quality of service (QoS) from heterogeneous systems and networks. Traditional networks such as TETRA have become increasingly incapable of addressing the demand for media rich, bandwidth intensive traffic flows and applications. Mission-critical multimedia over new generation mobile networks face QoS constraints. This research explores a novel solution for quality of service performance for streaming mission-critical video data in OpenFlow SDN networks. A Meter Band Rate Evaluation (MBE) mechanism is advanced that improves the native QoS capability of OpenFlow and OpenDaylight. The MBE is a physical component added to the OpenFlow meter table to evaluate and dynamically adjust traffic rates and allows the traffic volume to be specified relative to other traffic in the network. Its design and development are presented and the mechanism is verified through a simulated experiment in an SDN testbed. The results identified that QoS performance experienced a significant percentage increase when the MBE was active. These findings contribute a novel Meter Band Rate Evaluation mechanism that extends the native capability of OpenFlow and OpenDaylight to enhance the efficiency of QoS provision