2,460 research outputs found
SDNsec: Forwarding Accountability for the SDN Data Plane
SDN promises to make networks more flexible, programmable, and easier to
manage. Inherent security problems in SDN today, however, pose a threat to the
promised benefits. First, the network operator lacks tools to proactively
ensure that policies will be followed or to reactively inspect the behavior of
the network. Second, the distributed nature of state updates at the data plane
leads to inconsistent network behavior during reconfigurations. Third, the
large flow space makes the data plane susceptible to state exhaustion attacks.
This paper presents SDNsec, an SDN security extension that provides
forwarding accountability for the SDN data plane. Forwarding rules are encoded
in the packet, ensuring consistent network behavior during reconfigurations and
limiting state exhaustion attacks due to table lookups. Symmetric-key
cryptography is used to protect the integrity of the forwarding rules and
enforce them at each switch. A complementary path validation mechanism allows
the controller to reactively examine the actual path taken by the packets.
Furthermore, we present mechanisms for secure link-failure recovery and
multicast/broadcast forwarding.Comment: 14 page
Requirements of a middleware for managing a large, heterogeneous programmable network
Programmable networking is an increasingly popular area of research in both industry and academia. Although most programmable network research projects seem to focus on the router architecture rather than on issues relating to the management of programmable networks, there are numerous research groups that have incorporated management middleware into the programmable network router software. However, none seem to be concerned with the effective management of a large heterogeneous programmable network. The requirements of such a middleware are outlined in this paper. There are a number of fundamental middleware principles that are addressed in this paper; these include management paradigms, configuration delivery, scalability and transactions. Security, fault tolerance and usability are also examinedâalthough these are not essential parts of the middleware, they must be addressed if the programmable network management middleware is to be accepted by industry and adopted by other research projects
A Taxonomy of Self-configuring Service Discovery Systems
We analyze the fundamental concepts and issues in service
discovery. This analysis places service discovery in the context of distributed
systems by describing service discovery as a third generation
naming system. We also describe the essential architectures and the
functionalities in service discovery. We then proceed to show how service
discovery fits into a system, by characterizing operational aspects.
Subsequently, we describe how existing state of the art performs service
discovery, in relation to the operational aspects and functionalities, and
identify areas for improvement
Timed Consistent Network Updates
Network updates such as policy and routing changes occur frequently in
Software Defined Networks (SDN). Updates should be performed consistently,
preventing temporary disruptions, and should require as little overhead as
possible. Scalability is increasingly becoming an essential requirement in SDN.
In this paper we propose to use time-triggered network updates to achieve
consistent updates. Our proposed solution requires lower overhead than existing
update approaches, without compromising the consistency during the update. We
demonstrate that accurate time enables far more scalable consistent updates in
SDN than previously available. In addition, it provides the SDN programmer with
fine-grained control over the tradeoff between consistency and scalability.Comment: This technical report is an extended version of the paper "Timed
Consistent Network Updates", which was accepted to the ACM SIGCOMM Symposium
on SDN Research (SOSR) '15, Santa Clara, CA, US, June 201
Analysis domain model for shared virtual environments
The field of shared virtual environments, which also
encompasses online games and social 3D environments, has a
system landscape consisting of multiple solutions that share great functional overlap. However, there is little system interoperability between the different solutions. A shared virtual environment has an associated problem domain that is highly complex raising difficult challenges to the development process, starting with the architectural design of the underlying system. This paper has two main contributions. The first contribution is a broad domain analysis of shared virtual environments, which enables developers to have a better understanding of the whole rather than the part(s). The second contribution is a reference domain model for discussing and describing solutions - the Analysis Domain Model
The evaluation of an active networking approach for supporting the QOS requirements of distributed virtual environments
This paper describes work that is part of a more general investigation into how Active Network ideas
might benefit large scale Distributed-Virtual-Environments (DVEs). Active Network approaches have been
shown to offer improved solutions to the Scalable Reliable Multicast problem, and this is in a sense the lowest
level at which Active Networks might benefit DVEs in supporting the peer-to-peer architectures considered
most promising for large scale DVEs. To go further than this, the key benefit of Active Networking is the ability
to take away from the application the need to understand the network topology and delegate the execution of
certain actions, for example intelligent message pruning, to the network itself. The need to exchange geometrical
information results in a type of traffic that can place occasional, short-lived, but heavy loads on the network.
However, the Level of Detail (LoD) concept provides the potential to reduce this loading in certain circumstances.
This paper introduces the performance modelling approach being used to evaluate the effectiveness of
active network approaches for supporting DVEs and presents an evaluation of messages filtering mechanisms,
which are based on the (LoD) concept. It describes the simulation experiment used to carry out the evaluation,
presents its results and discusses plans for future work
A practical approach to network-based processing
The usage of general-purpose processors externally attached to routers to play virtually the role of active coprocessors seems a safe and cost-effective approach to add active network capabilities to existing routers. This paper reviews this router-assistant way of making active nodes, addresses the benefits and limitations of this technique, and describes a new platform based on it using an enhanced commercial router. The features new to this type of architecture are transparency, IPv4 and IPv6 support, and full control over layer 3 and above. A practical experience with two applications for path characterization and a transport gateway managing multi-QoS is described.Most of this work has been funded by the IST project GCAP (Global Communication Architecture and Protocols for new QoS services over IPv6 networks) IST-1999-10 504. Further development and application to practical scenarios is being supported by IST project Opium (Open Platform for Integration of UMTS Middleware) IST-2001-36063 and the Spanish MCYT under projects TEL99-0988-C02-01 and AURAS TIC2001-1650-C02-01.Publicad
Middleware services for distributed virtual environments
PhD ThesisDistributed Virtual Environments (DVEs) are virtual environments which allow
dispersed users to interact with each other and the virtual world through the
underlying network.
Scalability is a major challenge in building a successful DVE, which is directly
affected by the volume of message exchange. Different techniques have been
deployed to reduce the volume of message exchange in order to support large
numbers of simultaneous participants in a DVE. Interest management is a
popular technique for filtering unnecessary message exchange between users.
The rationale behind interest management is to resolve the "interests" of users
and decide whether messages should be exchanged between them. There are
three basic interest management approaches: region-based, aura-based and
hybrid approaches. However, if the time taken for an interest management
approach to determine interests is greater than the duration of the interaction, it
is not possible to guarantee interactions will occur correctly or at all. This is
termed the Missed Interaction Problem, which all existing interest management
approaches are susceptible to.
This thesis provides a new aura-based interest management approach, termed
Predictive Interest management (PIM), to alleviate the missed interaction
problem. PIM uses an enlarged aura to detect potential aura-intersections and
iii
initiate message exchange. It utilises variable message exchange frequencies,
proportional to the intersection degree of the objects' expanded auras, to restrict
bandwidth usage. This thesis provides an experimental system, the PIM system,
which couples predictive interest management with the de-centralised server
communication model. It utilises the Common Object Request Broker
Architecture (CORBA) middleware standard to provide an interoperable
middleware for DVEs. Experimental results are provided to demonstrate that
PIM provides a scalable interest management approach which alleviates the
missed interaction problem
Supporting service discovery, querying and interaction in ubiquitous computing environments.
In this paper, we contend that ubiquitous computing environments will be highly heterogeneous, service rich domains. Moreover, future applications will consequently be required to interact with multiple, specialised service location and interaction protocols simultaneously. We argue that existing service discovery techniques do not provide sufficient support to address the challenges of building applications targeted to these emerging environments. This paper makes a number of contributions. Firstly, using a set of short ubiquitous computing scenarios we identify several key limitations of existing service discovery approaches that reduce their ability to support ubiquitous computing applications. Secondly, we present a detailed analysis of requirements for providing effective support in this domain. Thirdly, we provide the design of a simple extensible meta-service discovery architecture that uses database techniques to unify service discovery protocols and addresses several of our key requirements. Lastly, we examine the lessons learnt through the development of a prototype implementation of our architecture
- âŠ