Flow monitoring in software-defined networks: finding the accuracy/performance tradeoffs

In OpenFlow-based Software-Defined Networks, obtaining flow-level measurements, similar to those provided by NetFlow/IPFIX, is challenging as it requires to install an entry per flow in the flow tables. This approach does not scale well as the number of entries in the flow tables is limited and small. Moreover, labeling the flows with the application that generates the traffic would greatly enrich these reports, as it would provide very valuable information for network performance and security among others. In this paper, we present a scalable flow monitoring solution fully compatible with current off-the-shelf OpenFlow switches. Measurements are maintained in the switches and are asynchronously sent to a SDN controller. Additionally, flows are classified using a combination of DPI and Machine Learning (ML) techniques with special focus on the identification of web and encrypted traffic. For the sake of scalability, we designed two different traffic sampling methods depending on the OpenFlow features available in the switches. We implemented our monitoring solution within OpenDaylight and evaluated it in a testbed with Open vSwitch, using also a number of DPI and ML tools to find the best tradeoff between accuracy and performance. Our experimental results using real-world traffic show that the measurement and classification systems are accurate and the cost to deploy them is significantly reduced.Peer ReviewedPostprint (author's final draft

Enabling knowledge-defined networks : deep reinforcement learning, graph neural networks and network analytics

Significant breakthroughs in the last decade in the Machine Learning (ML) field have ushered in a new era of Artificial Intelligence (AI). Particularly, recent advances in Deep Learning (DL) have enabled to develop a new breed of modeling and optimization tools with a plethora of applications in different fields like natural language processing, or computer vision. In this context, the Knowledge-Defined Networking (KDN) paradigm highlights the lack of adoption of AI techniques in computer networks and – as a result – proposes a novel architecture that relies on Software-Defined Networking (SDN) and modern network analytics techniques to facilitate the deployment of ML-based solutions for efficient network operation. This dissertation aims to be a step forward in the realization of Knowledge-Defined Networks. In particular, we focus on the application of AI techniques to control and optimize networks more efficiently and automatically. To this end, we identify two components within the KDN context whose development may be crucial to achieve self-operating networks in the future: (i) the automatic control module, and (ii) the network analytics platform. The first part of this thesis is devoted to the construction of efficient automatic control modules. First, we explore the application of Deep Reinforcement Learning (DRL) algorithms to optimize the routing configuration in networks. DRL has recently demonstrated an outstanding capability to solve efficiently decision-making problems in other fields. However, first DRL-based attempts to optimize routing in networks have failed to achieve good results, often under-performing traditional heuristics. In contrast to previous DRL-based solutions, we propose a more elaborate network representation that facilitates DRL agents to learn efficient routing strategies. Our evaluation results show that DRL agents using the proposed representation achieve better performance and learn faster how to route traffic in an Optical Transport Network (OTN) use case. Second, we lay the foundations on the use of Graph Neural Networks (GNN) to build ML-based network optimization tools. GNNs are a newly proposed family of DL models specifically tailored to operate and generalize over graphs of variable size and structure. In this thesis, we posit that GNNs are well suited to model the relationships between different network elements inherently represented as graphs (e.g., topology, routing). Particularly, we use a custom GNN architecture to build a routing optimization solution that – unlike previous ML-based proposals – is able to generalize well to topologies, routing configurations, and traffic never seen during the training phase. The second part of this thesis investigates the design of practical and efficient network analytics solutions in the KDN context. Network analytics tools are crucial to provide the control plane with a rich and timely view of the network state. However this is not a trivial task considering that all this information turns typically into big data in real-world networks. In this context, we analyze the main aspects that should be considered when measuring and classifying traffic in SDN (e.g., scalability, accuracy, cost). As a result, we propose a practical solution that produces flow-level measurement reports similar to those of NetFlow/IPFIX in traditional networks. The proposed system relies only on native features of OpenFlow – currently among the most established standards in SDN – and incorporates mechanisms to maintain efficiently flow-level statistics in commodity switches and report them asynchronously to the control plane. Additionally, a system that combines ML and Deep Packet Inspection (DPI) identifies the applications that generate each traffic flow.La evolución del campo del Aprendizaje Maquina (ML) en la última década ha dado lugar a una nueva era de la Inteligencia Artificial (AI). En concreto, algunos avances en el campo del Aprendizaje Profundo (DL) han permitido desarrollar nuevas herramientas de modelado y optimización con múltiples aplicaciones en campos como el procesado de lenguaje natural, o la visión artificial. En este contexto, el paradigma de Redes Definidas por Conocimiento (KDN) destaca la falta de adopción de técnicas de AI en redes y, como resultado, propone una nueva arquitectura basada en Redes Definidas por Software (SDN) y en técnicas modernas de análisis de red para facilitar el despliegue de soluciones basadas en ML. Esta tesis pretende representar un avance en la realización de redes basadas en KDN. En particular, investiga la aplicación de técnicas de AI para operar las redes de forma más eficiente y automática. Para ello, identificamos dos componentes en el contexto de KDN cuyo desarrollo puede resultar esencial para conseguir redes operadas autónomamente en el futuro: (i) el módulo de control automático y (ii) la plataforma de análisis de red. La primera parte de esta tesis aborda la construcción del módulo de control automático. En primer lugar, se explora el uso de algoritmos de Aprendizaje Profundo por Refuerzo (DRL) para optimizar el encaminamiento de tráfico en redes. DRL ha demostrado una capacidad sobresaliente para resolver problemas de toma de decisiones en otros campos. Sin embargo, los primeros trabajos que han aplicado DRL a la optimización del encaminamiento en redes no han conseguido rendimientos satisfactorios. Frente a dichas soluciones previas, proponemos una representación más elaborada de la red que facilita a los agentes DRL aprender estrategias de encaminamiento eficientes. Nuestra evaluación muestra que cuando los agentes DRL utilizan la representación propuesta logran mayor rendimiento y aprenden más rápido cómo encaminar el tráfico en un caso práctico en Redes de Transporte Ópticas (OTN). En segundo lugar, se presentan las bases sobre la utilización de Redes Neuronales de Grafos (GNN) para construir herramientas de optimización de red. Las GNN constituyen una nueva familia de modelos de DL específicamente diseñados para operar y generalizar sobre grafos de tamaño y estructura variables. Esta tesis destaca la idoneidad de las GNN para modelar las relaciones entre diferentes elementos de red que se representan intrínsecamente como grafos (p. ej., topología, encaminamiento). En particular, utilizamos una arquitectura GNN específicamente diseñada para optimizar el encaminamiento de tráfico que, a diferencia de las propuestas anteriores basadas en ML, es capaz de generalizar correctamente sobre topologías, configuraciones de encaminamiento y tráfico nunca vistos durante el entrenamiento La segunda parte de esta tesis investiga el diseño de herramientas de análisis de red eficientes en el contexto de KDN. El análisis de red resulta esencial para proporcionar al plano de control una visión completa y actualizada del estado de la red. No obstante, esto no es una tarea trivial considerando que esta información representa una cantidad masiva de datos en despliegues de red reales. Esta parte de la tesis analiza los principales aspectos a considerar a la hora de medir y clasificar el tráfico en SDN (p. ej., escalabilidad, exactitud, coste). Como resultado, se propone una solución práctica que genera informes de medidas de tráfico a nivel de flujo similares a los de NetFlow/IPFIX en redes tradicionales. El sistema propuesto utiliza sólo funciones soportadas por OpenFlow, actualmente uno de los estándares más consolidados en SDN, y permite mantener de forma eficiente estadísticas de tráfico en conmutadores con características básicas y enviarlas de forma asíncrona hacia el plano de control. Asimismo, un sistema que combina ML e Inspección Profunda de Paquetes (DPI) identifica las aplicaciones que generan cada flujo de tráfico.Postprint (published version

Big Data for Traffic Engineering in Software-Defined Networks

Software-defined networking overcomes the limitations of traditional networks by splitting the control plane from the data plane. The logic of the network is moved to a component called the controller that manages devices in the data plane. To implement this architecture, it has become the norm to use the OpenFlow (OF) protocol, which defines several counters maintained by network devices. These counters are the starting point for Traffic Engineering (TE) activities. TE monitors several network parameters, including network bandwidth utilization. A great challenge for TE is to collect and generate statistics about bandwidth utilization for monitoring and traffic analysis activities. This becomes even more challenging if fine-grained monitoring is required. Network management tasks such as network provisioning, capacity planning, load balancing, and anomaly detection can benefit from this fine-grained monitoring. Because the counters are updated for every packet that crosses the switch, they must be retrieved in a streaming fashion. This scenario suggests the use of Big Data streaming techniques to collect and process counter values. Therefore, this paper proposes an approach based on a fine-grained Big Data monitoring method to collect and generate traffic statistics using counter values. This research work can significantly leverage TE. The approach can provide a more detailed view of network resource utilization because it can deliver individual and aggregated statistical analyses of bandwidth consumption. Experimental results show the effectiveness of the proposed method

Diseño e implementación de un framework para la monitorización de aplicaciones usando OpenFlow

Máster Universitario en Ingeniería de TelecomunicaciónVivimos en una época en la que la tecnología avanza rápidamente, por lo que, saber adaptarse y evolucionar conforme se van produciendo los cambios es vital, tanto para grandes empresas, como en entornos educativos con el fin de tener la capacidad de formar a las personas en consonancia hacía dónde están derivando las redes. Uno de los cambios más relevantes en los últimos años ha sido la implantación de redes SDN, redes definidas por software. Este trabajo de fin de Máster consiste en el desarrollo e implementación de un framework de monitorización de tráfico a nivel de aplicación para las redes SDN. En la actualidad existen gran cantidad de fabricantes que apuestan por dicha tecnología y, en este caso, el estudio se va a basar en el uso del protocolo OpenFlow. En este protocolo, por defecto, la monitorización a nivel de la capa de aplicación no está disponible lo cual limita el tipo de monitorización y estadísticas que podemos obtener. Sin embargo, el protocolo Openflow sí que permite la obtención de estadísticas (bytes y paquetes) para flujos definidos por campos de los niveles Ethernet, IP y TCP entre otros. La idea que se propone en este trabajo es aprovechar ese sistema de monitorización ya existente y construir sobre el mismo una capa de abstracción que nos permita la obtención de estadísticas (bytes y paquetes por flujo) relacionadas con la navegación Web focalizándonos en el análisis de HTTP, SSL y DNS. Estas estadísticas que obtenemos de Openflow se enriquecen, además, con información del dominio o host extraídos de la inspección del tráfico que realiza el framework lo cual aporta un grano más fino a la hora de dimensionar y analizar la información. Para abordar la tarea de este trabajo, en primer lugar, se realizará un breve repaso sobre las redes SDN y sus aplicaciones, después, se implementará el framework de monitorización utilizando los lenguajes C y Python. Una vez implementado el framework se realizarán pruebas funcionales y de rendimiento en una topología controlada formada por tres hosts, un switch y un controlador SDN para analizar los límites de funcionamiento del sistema desarrollado. También se realizarán pruebas de validación comparando las estadísticas y datos extraídos del framework con datos obtenidos con tshark que usaremos como ground truth. Por último, se mostrará la integración del framework con un sistema de representación de datos como es Grafan

Enhancing and Protecting Intrusion Detection Systems Using P4-Enabled Data Planes

As computer networks have evolved to form the Internet, there has been an ever-growing attack surface, ready to be exploited by malicious actors. Computer networks are fundamental to daily life, with dependence on them further increasing every single day. The Internet is used to facilitate manufacturing, finance, critical infrastructure and global communication. Networks also serve as a fundamental attack surface, exposing users and devices to malicious actors, internally and externally. The cost of weak security can now prove to be enormous, in terms of material costs, as well as outages to service and production. With the evolution of the uses of computer networks, with networks becoming more pervasive, there has been a need for more flexible and dynamic network management. To this end, the concept of Software-Defined Networking has evolved, taking the historically rigid realm of network management into open specifications and protocols. This paradigm shift from fixed-function to programmable platforms —referred to as softwarisation— has enabled innovation in both the management of networks, and how network devices process traffic. Network hardware can be involved not only in forwarding traffic, but also in actively determining how traffic is forwarded. In this thesis, we explore the intersection of programmable control with pro- grammable hardware. We examine how we can not only leverage existing technologies, but combine them to harness the benefits of distinct approaches. Building on this concept, we present a framework and prototype implementation to facilitate this combination with existing platforms. With the 4MIDable framework, we demonstrate how we can integrate existing network security appliances into emerging network architectures, disseminating their capability deeper into the network. We also show how programmable network infrastructure can be used to protect the network itself