BPFabric: Data Plane Programmability for Software Defined Networks

In its current form, OpenFlow, the de facto implementation of SDN, separates the network’s control and data planes allowing a central controller to alter the matchaction pipeline using a limited set of fields and actions. To support new protocols, forwarding logic, telemetry, monitoring or even middlebox-like functions the currently available programmability in SDN is insufficient. In this paper, we introduce BPFabric, a platform, protocol, and language-independent architecture to centrally program and monitor the data plane. BPFabric leverages eBPF, a platform and protocol independent instruction set to define the packet processing and forwarding functionality of the data plane. We introduce a control plane API that allows data plane functions to be deployed onthe-fly, reporting events of interest and exposing network internal state. We present a raw socket and DPDK implementation of the design, the former for large-scale experimentation using environment such as Mininet and the latter for high-performance low-latency deployments. We show through examples that functions unrealisable in OpenFlow can leverage this flexibility while achieving similar or better performance to today’s static design

Contributions towards softwarization and energy saving in passive optical networks

Ths thesis is a result of contributions to optimize and improve the network management systme and power consumption in Passive Optical Network (PON). Passive Optical Network elements such as Optical Line Terminal (OLT) and Optical Network Units (ONUs) are currently managed by inflexible legacy network management systems. Software-Defined Networking (SDN) is a new networking paradigm that improves the operation and management of networks by decoupling control plane from data plane. Currently, network management in PON networks is not always automated nor normalized. One goal of the researchers in optical networking is to improve the programmability, efficiency, and global optimization of network operations, in order to minimize both Capital Expenditure (CAPEX) and Operational Expenditure (OPEX) by reducing the complexity of devices and its operation. Therefore, it makes sense to use an SDN approach in order to manage the passive optical network functionalities and migrating must of the upper layer functions to the SDN controller. Many approaches have already addressed the topic of applying the SDN architecture in PON networks. However; the focus was usually on facilitating the deployment of SDN-based service and so Service Interoperability remains unexplored in detail. The main challenge toward this goal is how to make compatible the synchronous nature of the EPON media access control protocols with the asynchronous architecture of SDN, and in particular, OpenFlow. In our proposed architecture, the OLT is partially virtualized and some of its functionalities are allocated to the core network management system, while the OLT itself is replaced by an OpenFlow switch. A new MultiPoint MAC Control (MPMC) sublayer extension based on the OpenFlow protocol is presented. The OpenFlow switch is extended with synchronous ports to retain the time-critical nature of the EPON network. Our simulation-based results demonstrate the effectiveness of the new architecture, while retaining a similar (or improved) performance in term of delay and throughput when compared to legacy PONs. Nowadays, many researchers are working simultaneously to develop power saving techniques and improves energy efficiency in the PON network, and since the contribution of access networks to the global energy consumption is large, energy efficiency has become an increasingly important requirement in designing access networks. Therefore, energy-saving approaches are being investigated to provide high performance and consume less energy. Several techniques have been proposed to increase energy efficiency in PON networks. Such techniques are related to the centeralized DBA but the advantage of power saving in a distributed DBA remains untouched. We present a distributed energy-efficient Dynamic Bandwidth Allocation (DBA) algorithm for both the upstream and downstream channels of EPON to improve energy efficiency in EPON networks. The proposed algorithm analyzes the queue status of the ONUs and OLT in order to power-off the transmitter and/or receiver of an ONU whenever there is no upstream or downstream traffic. We have been able to combine the advantage of a distributed DBA such as DDSPON (a smaller packet delay, due to the shorter time needed by DDSPON to allocate the transmission slots) and the energy-saving features (that come at a price of longer packet delays due to the fact that switching off the transmitters make the packet queues grow). Our proposed DBA algorithm minimizes the ONU energy consumption across a wide range of network loads, while maintaining at an acceptable level the penalty introduced in terms of channel utilization and packet delay.Las contribuciones de esta tesis se centran en mejorar el sistema de gestión de red y el consumo de energía en redes de acceso ópticas pasivas (PON). Los elementos de las redes PON, como el terminal de línea óptica (OLT) y las unidades de red ópticas (ONU), se gestionan actualmente mediante sistemas poco flexibles. El nuevo paradigma de redes definidas por software (SDN) mejora la gestión de redes al desacoplar el plano de control del plano de datos. Actualmente, la gestión de redes PON no está automatizada ni normalizada. Uno de los objetivos de los investigadores en redes ópticas es mejorar la programabilidad, la eficiencia y la optimización global de las operaciones de red, con el fin de minimizar tanto el gasto de capital (CAPEX) como el gasto operativo (OPEX) al reducir la complejidad de los dispositivos y su funcionamiento. Por lo tanto, tiene sentido utilizar un enfoque SDN para gestionar las funciones de red óptica pasiva y migrar algunas de las funciones PON de capas superiores al controlador SDN. Otros investigadores han estudiado esta aproximación. sin embargo; el enfoque generalmente estaba en facilitar la implementación del servicio basado en SDN y, por lo tanto, la interoperabilidad de los servicios permanecía sin ser explorado en detalle. El principal desafío hacia este objetivo es cómo compatibilizar la naturaleza síncrona de los protocolos de control de acceso a medios EPON con la arquitectura asíncrona de SDN y, en particular, OpenFlow. En nuestra propuesta de arquitectura, la OLT se virtualiza parcialmente y algunas de sus funcionalidades se asignan al sistema de gestión de red centralizado, mientras que la OLT se reemplaza por un conmutador OpenFlow. Proponemos una nueva extensión de la subcapa de control múltiple de MAC (MPMC) basada en el protocolo OpenFlow. El conmutador OpenFlow se amplía con puertos síncronos para asegurar la naturaleza de tiempo real de la red EPON. Nuestros resultados basados ¿¿en simulaciones demuestran la efectividad de la nueva arquitectura, al tiempo que se mantiene un rendimiento similar (o mejorado) en términos de retardos y rendimiento en comparación con las PON clásicas. Por otro lado, se están desarrollando técnicas de ahorro de energía y mejora de la eficiencia energética en redes PON, y dado que la contribución de las redes de acceso al consumo total de energía es importante, la eficiencia energética se ha convertido en un requisito cada vez más importante. Se han propuesto varias técnicas por parte de otros autores para aumentar la eficiencia energética en las redes PON, relacionadas con algoritmos DBA (Dynamic Bandwidth Allocation) centralizados, pero las ventaja del ahorro de energía en un DBA distribuido no se ha explorado todavía. Por ello nuestra segunda contiribución es un algoritmo distribuido de asignación dinámica de ancho de banda energéticamente eficiente tanto para los canales ascendentes como descendentes de EPON para mejorar la eficiencia energética en las redes EPON. El algoritmo propuesto analiza el estado de cola de las ONU y la OLT para apagar el transmisor y/o el receptor de una ONU cuando no hay tráfico en sentido ascendente o descendente. Hemos podido combinar la ventaja de un DBA distribuido como DDSPON (que asegura retardos más pequeños, debido al menor tiempo que DDSPON necesita para asignar las ranuras de transmisión) y las características de ahorro de energía (al precio de tener retardos de paquete más grandes debido al hecho de que apagar los transmisores hace que las colas de paquetes crezcan). Nuestro algoritmo de DBA propuesto minimiza el consumo de energía de la ONU en una amplia gama de cargas de red, mientras mantiene a un nivel aceptable la penalización introducida en términos de utilización del canal y retardos

4MIDable: Flexible Network Offloading For Security VNFs

The ever-growing volume of network traffic and widening adoption of Internet protocols to underpin common communication processes augments the importance of network security. In order to enforce network security policies, network managers adopt a widening set of middleboxes and network appliances to improve traffic monitoring and processing capabilities. The resource requirements to support network security appliances are constantly increasing, making efficiency of these systems an essential aspect. The move toward Software-Defined Networking and programmable data planes offers a mean to offload traffic processing functionalities to within the network itself. To this end, we present the 4MIDable framework: a platform that facilitates the integration of existing middleboxes and monitoring appliances with an SDN (P4) network infrastructure. We also present P4Protect, a 4MIDable agent that protects the network from control plane DoS attacks with negligible impact on control plane latency, and P4ID (P4-Enhanced Intrusion Detection), a 4MIDable agent that offers stateful processing and feedback to unmodified Intrusion Detection System middleboxes and reduces traffic processing by over 80% without affecting threat detection rates

Contributions towards softwarization and energy saving in passive optical networks

Ths thesis is a result of contributions to optimize and improve the network management systme and power consumption in Passive Optical Network (PON). Passive Optical Network elements such as Optical Line Terminal (OLT) and Optical Network Units (ONUs) are currently managed by inflexible legacy network management systems. Software-Defined Networking (SDN) is a new networking paradigm that improves the operation and management of networks by decoupling control plane from data plane. Currently, network management in PON networks is not always automated nor normalized. One goal of the researchers in optical networking is to improve the programmability, efficiency, and global optimization of network operations, in order to minimize both Capital Expenditure (CAPEX) and Operational Expenditure (OPEX) by reducing the complexity of devices and its operation. Therefore, it makes sense to use an SDN approach in order to manage the passive optical network functionalities and migrating must of the upper layer functions to the SDN controller. Many approaches have already addressed the topic of applying the SDN architecture in PON networks. However; the focus was usually on facilitating the deployment of SDN-based service and so Service Interoperability remains unexplored in detail. The main challenge toward this goal is how to make compatible the synchronous nature of the EPON media access control protocols with the asynchronous architecture of SDN, and in particular, OpenFlow. In our proposed architecture, the OLT is partially virtualized and some of its functionalities are allocated to the core network management system, while the OLT itself is replaced by an OpenFlow switch. A new MultiPoint MAC Control (MPMC) sublayer extension based on the OpenFlow protocol is presented. The OpenFlow switch is extended with synchronous ports to retain the time-critical nature of the EPON network. Our simulation-based results demonstrate the effectiveness of the new architecture, while retaining a similar (or improved) performance in term of delay and throughput when compared to legacy PONs. Nowadays, many researchers are working simultaneously to develop power saving techniques and improves energy efficiency in the PON network, and since the contribution of access networks to the global energy consumption is large, energy efficiency has become an increasingly important requirement in designing access networks. Therefore, energy-saving approaches are being investigated to provide high performance and consume less energy. Several techniques have been proposed to increase energy efficiency in PON networks. Such techniques are related to the centeralized DBA but the advantage of power saving in a distributed DBA remains untouched. We present a distributed energy-efficient Dynamic Bandwidth Allocation (DBA) algorithm for both the upstream and downstream channels of EPON to improve energy efficiency in EPON networks. The proposed algorithm analyzes the queue status of the ONUs and OLT in order to power-off the transmitter and/or receiver of an ONU whenever there is no upstream or downstream traffic. We have been able to combine the advantage of a distributed DBA such as DDSPON (a smaller packet delay, due to the shorter time needed by DDSPON to allocate the transmission slots) and the energy-saving features (that come at a price of longer packet delays due to the fact that switching off the transmitters make the packet queues grow). Our proposed DBA algorithm minimizes the ONU energy consumption across a wide range of network loads, while maintaining at an acceptable level the penalty introduced in terms of channel utilization and packet delay.Las contribuciones de esta tesis se centran en mejorar el sistema de gestión de red y el consumo de energía en redes de acceso ópticas pasivas (PON). Los elementos de las redes PON, como el terminal de línea óptica (OLT) y las unidades de red ópticas (ONU), se gestionan actualmente mediante sistemas poco flexibles. El nuevo paradigma de redes definidas por software (SDN) mejora la gestión de redes al desacoplar el plano de control del plano de datos. Actualmente, la gestión de redes PON no está automatizada ni normalizada. Uno de los objetivos de los investigadores en redes ópticas es mejorar la programabilidad, la eficiencia y la optimización global de las operaciones de red, con el fin de minimizar tanto el gasto de capital (CAPEX) como el gasto operativo (OPEX) al reducir la complejidad de los dispositivos y su funcionamiento. Por lo tanto, tiene sentido utilizar un enfoque SDN para gestionar las funciones de red óptica pasiva y migrar algunas de las funciones PON de capas superiores al controlador SDN. Otros investigadores han estudiado esta aproximación. sin embargo; el enfoque generalmente estaba en facilitar la implementación del servicio basado en SDN y, por lo tanto, la interoperabilidad de los servicios permanecía sin ser explorado en detalle. El principal desafío hacia este objetivo es cómo compatibilizar la naturaleza síncrona de los protocolos de control de acceso a medios EPON con la arquitectura asíncrona de SDN y, en particular, OpenFlow. En nuestra propuesta de arquitectura, la OLT se virtualiza parcialmente y algunas de sus funcionalidades se asignan al sistema de gestión de red centralizado, mientras que la OLT se reemplaza por un conmutador OpenFlow. Proponemos una nueva extensión de la subcapa de control múltiple de MAC (MPMC) basada en el protocolo OpenFlow. El conmutador OpenFlow se amplía con puertos síncronos para asegurar la naturaleza de tiempo real de la red EPON. Nuestros resultados basados ¿¿en simulaciones demuestran la efectividad de la nueva arquitectura, al tiempo que se mantiene un rendimiento similar (o mejorado) en términos de retardos y rendimiento en comparación con las PON clásicas. Por otro lado, se están desarrollando técnicas de ahorro de energía y mejora de la eficiencia energética en redes PON, y dado que la contribución de las redes de acceso al consumo total de energía es importante, la eficiencia energética se ha convertido en un requisito cada vez más importante. Se han propuesto varias técnicas por parte de otros autores para aumentar la eficiencia energética en las redes PON, relacionadas con algoritmos DBA (Dynamic Bandwidth Allocation) centralizados, pero las ventaja del ahorro de energía en un DBA distribuido no se ha explorado todavía. Por ello nuestra segunda contiribución es un algoritmo distribuido de asignación dinámica de ancho de banda energéticamente eficiente tanto para los canales ascendentes como descendentes de EPON para mejorar la eficiencia energética en las redes EPON. El algoritmo propuesto analiza el estado de cola de las ONU y la OLT para apagar el transmisor y/o el receptor de una ONU cuando no hay tráfico en sentido ascendente o descendente. Hemos podido combinar la ventaja de un DBA distribuido como DDSPON (que asegura retardos más pequeños, debido al menor tiempo que DDSPON necesita para asignar las ranuras de transmisión) y las características de ahorro de energía (al precio de tener retardos de paquete más grandes debido al hecho de que apagar los transmisores hace que las colas de paquetes crezcan). Nuestro algoritmo de DBA propuesto minimiza el consumo de energía de la ONU en una amplia gama de cargas de red, mientras mantiene a un nivel aceptable la penalización introducida en términos de utilización del canal y retardos.Postprint (published version

Enabling P4 Network Telemetry in Edge Micro Data Centers With Kubernetes Orchestration

Integrating computation resources with networking technologies is an hot research topic targeting the optimization of containers deployment on a set of host machines interconnected by a network infrastructure. Particularly, next generation edge nodes will offer significant advantages leveraging on integrated computation resources and networking awareness, enabling configurable, granular and monitorable quality of service to different micro-services, applications and tenants, especially in terms of bounded end-to-end latency. In this regard, SDN is a key technology enabling network telemetry and traffic switching with the granularity of the single traffic flow. However, currently available solutions are based on legacy SDN techniques, not enabling the matching of tunneled traffic, and thus require a tricky integration inside the hosts where containers are deployed. This work considers Kubernetes clusters deployed on next generation edge micro data center platforms and proposes an innovative SDN solution exploiting the P4 technology to gain visibility inside tunnelled traffic exchanged among pods. This way, the integration is achieved at the control plane level through the communication between Kubernetes and the SDN controller. The proposed solution is experimentally validated including a comprehensive framework enabling effective traffic switching and in-band telemetry at pod level. The major paper contributions consist in the design and the development of: (i) the networking applications at SDN control plane level; (ii) the P4 switch pipeline at the data plane level; (iii) the monitoring system used to collect, aggregate and elaborate the telemetry data

Traffic Optimization in Data Center and Software-Defined Programmable Networks

L'abstract è presente nell'allegato / the abstract is in the attachmen