Towards Transiently Secure Updates in Asynchronous SDNs

© ACM 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the 2016 Conference on ACM SIGCOMM 2016 Conference - SIGCOMM ’16, http://dx.doi.org/10.1145/2934872.2959083.Software-Defined Networks (SDNs) promise to overcome the often complex and error-prone operation of tradi- tional computer networks, by enabling programmabil- ity, automation and verifiability. Yet, SDNs also in- troduce new challenges, for example due to the asyn- chronous communication channel between the logically centralized control platform and the switches in the data plane. In particular, the asynchronous commu- nication of network update commands (e.g., OpenFlow FlowMod messages) may lead to transient inconsisten- cies, such as loops or bypassed waypoints (e.g., fire- walls). One approach to ensure transient consistency even in asynchronous environments is to employ smart scheduling algorithms: algorithms which update subsets of switches in each communication round only, where each subset in itself guarantees consistency. In this demo, we show how to change routing policies in a transiently consistent manner. We demonstrate two al- gorithms, namely, Wayup [5] and Peacock [4], which partition the network updates sent from SDN controller towards OpenFlow software switches into multiple rounds as per respective algorithms. Later, the barrier mes- sages are utilized to ensure reliable network updates.EC/FP7/619609/EU/Unifying Cloud and Carrier Networks/UNIF

Transiently Consistent SDN Updates: Being Greedy is Hard

The software-defined networking paradigm introduces interesting opportunities to operate networks in a more flexible, optimized, yet formally verifiable manner. Despite the logically centralized control, however, a Software-Defined Network (SDN) is still a distributed system, with inherent delays between the switches and the controller. Especially the problem of changing network configurations in a consistent manner, also known as the consistent network update problem, has received much attention over the last years. In particular, it has been shown that there exists an inherent tradeoff between update consistency and speed. This paper revisits the problem of updating an SDN in a transiently consistent, loop-free manner. First, we rigorously prove that computing a maximum (greedy) loop-free network update is generally NP-hard; this result has implications for the classic maximum acyclic subgraph problem (the dual feedback arc set problem) as well. Second, we show that for special problem instances, fast and good approximation algorithms exist

Feasibility Analysis of the Algorithms: Secured and Efficient Routing Path Update in Software Defined Networking (SDN)

Software-defined networking is the talk of the town in today’s networking industry. Because of the limitations of traditional networking, SDN is getting more popular every year. Lots of researches are taking place to improve the efficiency and overcome the challenges of SDN though it has many advantages. Hence one key problem of SDN is the network update. If the route update does not perform well, it causes congestion and inconsistencies in the network system whereas bandwidth utilization and security is our main concern. We have compared two pre-built algorithms especially for routing path update and proposed a new algorithm with maximum security and loop-free network

Hybrid SDN Evolution: A Comprehensive Survey of the State-of-the-Art

Software-Defined Networking (SDN) is an evolutionary networking paradigm which has been adopted by large network and cloud providers, among which are Tech Giants. However, embracing a new and futuristic paradigm as an alternative to well-established and mature legacy networking paradigm requires a lot of time along with considerable financial resources and technical expertise. Consequently, many enterprises can not afford it. A compromise solution then is a hybrid networking environment (a.k.a. Hybrid SDN (hSDN)) in which SDN functionalities are leveraged while existing traditional network infrastructures are acknowledged. Recently, hSDN has been seen as a viable networking solution for a diverse range of businesses and organizations. Accordingly, the body of literature on hSDN research has improved remarkably. On this account, we present this paper as a comprehensive state-of-the-art survey which expands upon hSDN from many different perspectives

Abstractions and optimisations for model-checking software-defined networks

Software-Defined Networking introduces a new programmatic abstraction layer by shifting the distributed network functions (NFs) from silicon chips (ASICs) to a logically centralized (controller) program. And yet, controller programs are a common source of bugs that can cause performance degradation, security exploits and poor reliability in networks. Assuring that a controller program satisfies the specifications is thus most preferable, yet the size of the network and the complexity of the controller makes this a challenging effort. This thesis presents a highly expressive, optimised SDN model, (code-named MoCS), that can be reasoned about and verified formally in an acceptable timeframe. In it, we introduce reusable abstractions that (i) come with a rich semantics, for capturing subtle real-world bugs that are hard to track down, and (ii) which are formally proved correct. In addition, MoCS deals with timeouts of flow table entries, thus supporting automatic state refresh (soft state) in the network. The optimisations are achieved by (1) contextually analysing the model for possible partial order reductions in view of the concrete control program, network topology and specification property in question, (2) pre-computing packet equivalence classes and (3) indexing packets and rules that exist in the model and bit-packing (compressing) them. Each of these developments is demonstrated by a set of real-world controller programs that have been implemented in network topologies of varying size, and publicly released under an open-source license

Efficient and Safe Migration of Network Functions Using Software-Defined Networking

Network function (NF) migration alongside (and possibly because of) routing policy updates is a delicate task, making it difficult to ensure that all traffic is processed by its required network functions, in order. Achieving traffic redistribution while ensuring correct processing of all packets requires an efficient network forwarding-state update and careful coordination between routing-policy change and NF migration. To achieve consistent network updates, in this dissertation, we propose a new method that is inspired by causal consistency, a consistency model for shared-memory systems. We propose and analyze a property called suffix causal consistency (SCC) as an interpretation of causal consistency for rule updates in an SDN network. We design an algorithm implementing this property and formally verify the correctness of this algorithm using model checking. Our evaluation results show that SCC provides greater efficiency than competing consistent-update alternatives while offering consistency that is strong enough to ensure high-level routing properties (e.g., black-hole freedom).To coordinate routing-policy updates with NF migration, we propose a design called Nimble for interleaving these tasks to achieve more efficient completion of both while ensuring complete processing of traffic by the required sequences of NFs. Our technique works with any route-update protocol that implements a property we call relaxed waypoint correctness, which includes our SCC algorithm and many consistent-update protocols. We also provide a route-update protocol that is customized to achieve relaxed waypoint correctness without conforming to conventional "consistent update'' semantics, as typically defined for such protocols. We confirm the sufficiency of relaxed waypoint correctness using model checking, and the implementation demonstrates the efficiency and efficacy of Nimble.Doctor of Philosoph

Area-wide Integrated Pest Management

Over 98% of sprayed insecticides and 95% of herbicides reach a destination other than their target species, including non-target species, air, water and soil. The extensive reliance on insecticide use reduces biodiversity, contributes to pollinator decline, destroys habitat, and threatens endangered species. This book offers a more effective application of the Integrated Pest Management (IPM) approach, on an area-wide (AW) or population-wide (AW-IPM) basis, which aims at the management of the total population of a pest, involving a coordinated effort over often larger areas. For major livestock pests, vectors of human diseases and pests of high-value crops with low pest tolerance, there are compelling economic reasons for participating in AW-IPM. This new textbook attempts to address various fundamental components of AW-IPM, e.g. the importance of relevant problem-solving research, the need for planning and essential baseline data collection, the significance of integrating adequate tools for appropriate control strategies, and the value of pilot trials, etc. With chapters authored by 184 experts from more than 31 countries, the book includes many technical advances in the areas of genetics, molecular biology, microbiology, resistance management, and social sciences that facilitate the planning and implementing of area-wide strategies. The book is essential reading for the academic and applied research community as well as national and regional government plant and human/animal health authorities with responsibility for protecting plant and human/animal health