1,546 research outputs found
BPFabric: Data Plane Programmability for Software Defined Networks
In its current form, OpenFlow, the de facto implementation
of SDN, separates the network’s control and data
planes allowing a central controller to alter the matchaction
pipeline using a limited set of fields and actions.
To support new protocols, forwarding logic, telemetry,
monitoring or even middlebox-like functions the currently
available programmability in SDN is insufficient.
In this paper, we introduce BPFabric, a platform, protocol,
and language-independent architecture to centrally
program and monitor the data plane. BPFabric leverages
eBPF, a platform and protocol independent instruction
set to define the packet processing and forwarding functionality
of the data plane. We introduce a control plane
API that allows data plane functions to be deployed onthe-fly,
reporting events of interest and exposing network
internal state.
We present a raw socket and DPDK implementation
of the design, the former for large-scale experimentation
using environment such as Mininet and the latter for
high-performance low-latency deployments. We show
through examples that functions unrealisable in OpenFlow
can leverage this flexibility while achieving similar
or better performance to today’s static design
Programming Protocol-Independent Packet Processors
P4 is a high-level language for programming protocol-independent packet
processors. P4 works in conjunction with SDN control protocols like OpenFlow.
In its current form, OpenFlow explicitly specifies protocol headers on which it
operates. This set has grown from 12 to 41 fields in a few years, increasing
the complexity of the specification while still not providing the flexibility
to add new headers. In this paper we propose P4 as a strawman proposal for how
OpenFlow should evolve in the future. We have three goals: (1)
Reconfigurability in the field: Programmers should be able to change the way
switches process packets once they are deployed. (2) Protocol independence:
Switches should not be tied to any specific network protocols. (3) Target
independence: Programmers should be able to describe packet-processing
functionality independently of the specifics of the underlying hardware. As an
example, we describe how to use P4 to configure a switch to add a new
hierarchical label
MiniCPS: A toolkit for security research on CPS Networks
In recent years, tremendous effort has been spent to modernizing
communication infrastructure in Cyber-Physical Systems (CPS) such as Industrial
Control Systems (ICS) and related Supervisory Control and Data Acquisition
(SCADA) systems. While a great amount of research has been conducted on network
security of office and home networks, recently the security of CPS and related
systems has gained a lot of attention. Unfortunately, real-world CPS are often
not open to security researchers, and as a result very few reference systems
and topologies are available. In this work, we present MiniCPS, a CPS
simulation toolbox intended to alleviate this problem. The goal of MiniCPS is
to create an extensible, reproducible research environment targeted to
communications and physical-layer interactions in CPS. MiniCPS builds on
Mininet to provide lightweight real-time network emulation, and extends Mininet
with tools to simulate typical CPS components such as programmable logic
controllers, which use industrial protocols (Ethernet/IP, Modbus/TCP). In
addition, MiniCPS defines a simple API to enable physical-layer interaction
simulation. In this work, we demonstrate applications of MiniCPS in two example
scenarios, and show how MiniCPS can be used to develop attacks and defenses
that are directly applicable to real systems.Comment: 8 pages, 6 figures, 1 code listin
- …