Arbitrary Packet Matching in OpenFlow

OpenFlow has emerged as the de facto control protocol to implement Software-Defined Networking (SDN). In its current form, the protocol specifies a set of fields on which it matches packets to perform actions, such as forwarding, discarding or modifying specific protocol header fields at a switch. The number of match fields has increased with every version of the protocol to extend matching capabilities, however, it is still not flexible enough to match on arbitrary packet fields which limits innovation and new protocol development with OpenFlow. In this paper, we argue that a fully flexible match structure is superior to continuously extending the number of fields to match upon. We use Berkeley Packet Filters (BPF) for packet classification to provide a protocol-independent, flexible alternative to today’s OpenFlow fixed match fields. We have implemented a prototype system and evaluated the performance of the proposed match scheme, with a focus on the time it takes to execute and the memory required to store different match filter specifications. Our prototype implementation demonstrates that line-rate arbitrary packet classification can be achieved with complex BPF programs

Packet Fan-Out Extension for the pcap Library

The large availability of multi-gigabit network cards for commodity PCs requires network applications to potentially cope with high volumes of traffic. However, computation intensive operations may not catch up with high traffic rates and need to be run in parallel over multiple processing cores. As of today, the vast majority of network applications - e.g., monitoring and IDS systems - are still based on the pcap library interface which, unfortunately, does not provide the native multi-core support, even though the current underlying capture technologies do. This paper introduces a novel version of the pcap library for the Linux operating system that enables transparent application level parallelism. The new library supports fan-out operations for both multi-threaded and multi-process applications, by means of extended API as well as by a declarative grammar for configuration files, suitable for legacy applications. In addition, the library can transparently run on top of the standard Linux socket as well as on other accelerated active engines. Performance evaluation has been carried out on a multi-core architecture in pure capture tests and in more realistic use cases involving monitoring applications such as Tstat and Bro, with standard Linux socket as well as PFRING and PFQ accelerated engines

Enif-lang: A specialized language for programming network functions on commodity hardware

The maturity level reached by today’s commodity platforms makes even low-cost PCs viable alternatives to dedicated hardware to implement real network functions without sacrificing performance. Indeed, the availability of multi-core processing packages and multi-queue network interfaces that can be managed by accelerated I/O frameworks, provides off-the-shelf servers with the necessary power capability for running a broad variety of network applications with near hardware-class performance. At the same time, the introduction of the Software Defined Networks (SDN) and the Network Functions Virtualization (NFV) paradigms call for new programming abstractions and tools to allow this new class of network devices to be flexibly configured and functionally repurposed from the network control plane. The paper presents the ongoing work towards Enif-Lang (Enhanced Network processIng Functional Language), a functional language for programming network functions over generic middleboxes running the Linux operating system. The language addresses concurrent programming by design and is targeted at developing simple stand-alone applications as well as pre-processing stages of packet elaborations. Enif-Lang is implemented as a Domain Specific Language embedded in the Haskell language and inherits the main principles of its ancestor, including the strong typedness and the concept of function compositions. Complex network functions are implemented by composing a set of elementary operations (primitives) by means of a compact yet expressive language grammar. Throughout the paper, the description of the design principles and features of Enif-Lang are accompanied by examples and use cases. In addition, a preliminary performance assessment is carried out to prove the effectiveness of the language for developing practical applications with the performance level required by 5G systems and the Tactile Internet

Real-Time IoV Task Offloading through Dynamic Assignment of SDN Controllers: Algorithmic Approaches and Performance Evaluation

Task offloading in Internet of Vehicles (IoV) is very crucial. The widespread use of IoT applications frequently interacts with the cloud, thereby increasing the load on centralized cloud controllers. Centralized network management in cloud infrastructure is not feasible for the latest IoT trends. Decentralized and decoupled network management in Software Defined Networks (SDN) can enhance IoV services. SDN and IoV coupling can better handle task offloading in ubiquitous and dynamic IoV environments. However, appropriate SDN controller assignment and allotment strategies play a prominent role in IoV communication. In this study, we developed algorithms for SDN controller assignment and allotment namely 1) Next Fit Allotment and Assignment of SDN Controller in IoV (NFAAC), 2) Dynamic Bin Packing Allotment and Assignment of SDN Controller in IoV (DBPAAC), and 3) Dynamic Focused and Bidding Allotment and Assignment algorithm of SDN Controller in IoV (DFBAAC). These algorithms were simulated using open-flow switch controllers. The controllers were modeled as Road Side Units (RSU) that can allocate bandwidth and resource requirements to vehicles on the road. Our results show that our proposed algorithm works efficiently for SDN controller assignment and allocation, outperforming the existing work by a significant improvement of 13.5%. The working of the proposed algorithms are verified, tested, and analytically presented in this study

Performance Benchmarking of State-of-the-Art Software Switches for NFV

With the ultimate goal of replacing proprietary hardware appliances with Virtual Network Functions (VNFs) implemented in software, Network Function Virtualization (NFV) has been gaining popularity in the past few years. Software switches route traffic between VNFs and physical Network Interface Cards (NICs). It is of paramount importance to compare the performance of different switch designs and architectures. In this paper, we propose a methodology to compare fairly and comprehensively the performance of software switches. We first explore the design spaces of seven state-of-the-art software switches and then compare their performance under four representative test scenarios. Each scenario corresponds to a specific case of routing NFV traffic between NICs and/or VNFs. In our experiments, we evaluate the throughput and latency between VNFs in two of the most popular virtualization environments, namely virtual machines (VMs) and containers. Our experimental results show that no single software switch prevails in all scenarios. It is, therefore, crucial to choose the most suitable solution for the given use case. At the same time, the presented results and analysis provide a deeper insight into the design tradeoffs and identifies potential performance bottlenecks that could inspire new designs.Comment: 17 page

Scalable Bandwidth Management in Software-Defined Networks

There has been a growing demand to manage bandwidth as the network traffic increases. Network applications such as real time video streaming, voice over IP and video conferencing in IP networks has risen rapidly over the recently and is projected to continue in the future. These applications consume a lot of bandwidth resulting in increasing pressure on the networks. In dealing with such challenges, modern networks must be designed to be application sensitive and be able to offer Quality of Service (QoS) based on application requirements. Network paradigms such as Software Defined Networking (SDN) allows for direct network programmability to change the network behavior to suit the application needs in order to provide solutions to the challenge. In this dissertation, the objective is to research if SDN can provide scalable QoS requirements to a set of dynamic traffic flows. Methods are implemented to attain scalable bandwidth management to provide high QoS with SDN. Differentiated Services Code Point (DSCP) values and DSCP remarking with Meters are used to implement high QoS requirements such that bandwidth guarantee is provided to a selected set of traffic flows. The theoretical methodology is implemented for achieving QoS, experiments are conducted to validate and illustrate that QoS can be implemented in SDN, but it is unable to implement High QoS due to the lack of implementation for Meters with DSCP remarking. The research work presented in this dissertation aims at the identification and addressing the critical aspects related to the SDN based QoS provisioning using flow aggregation techniques. Several tests and demonstrations will be conducted by utilizing virtualization methods. The tests are aimed at supporting the proposed ideas and aims at creating an improved understanding of the practical SDN use cases and the challenges that emerge in virtualized environments. DiffServ Assured Forwarding is chosen as a QoS architecture for implementation. The bandwidth management scalability in SDN is proved based on throughput analysis by considering two conditions i.e 1) Per-flow QoS operation and 2) QoS by using DiffServ operation in the SDN environment with Ryu controller. The result shows that better performance QoS and bandwidth management is achieved using the QoS by DiffServ operation in SDN rather than the per-flow QoS operation

The acceleration of OfSoftSwitch

The emerging trend of network devices with configurable data planes is pushing software switches as convenient playgrounds for experimenting novel programming paradigms and abstractions. OfSoftSwitch is a popular tool for carrying on such experimentation, as it provides a straightforward implementation of a pipeline of match-action tables. Unfortunately, OfSoftSwitch is not performance oriented and it is therefore limited only to functional experimentation of new abstractions. In this paper, we present our work to make OfSoftSwitch faster, while keeping it simple. The core of the work revolves around the use of the PFQ framework to expedite packet I/O operations as well as to enable multi-core parallel processing. In addition, other well-known techniques have also been applied to modify the original code of OfSoftSwitch. We demonstrate that our acceleration is effective by measuring a 96× performance speed-up, with more than 4 Mpps on a single core, when OfSoftSwitch performs OpenFlow forwarding. Likewise, we demonstrate that our approach is effective in keeping the simple programming model of OfSoftSwitch. In fact, we are able to effortlessly port OpenState, a stateful forwarding dataplane abstraction, to our accelerated OfSoftSwitch implementation