λBGP:Rethinking BGP programmability

BGP has long been the de-facto control plane protocol for inter-network connectivity. Although initially designed to provide best-effort routing between ASes, the evolution of Internet services has created a demand for more complex control functionalities using the protocol. At the heart of this challenge lies the static nature of configuration mechanisms and the limited programmability of existing BGP speakers. Meanwhile, the SDN paradigm has demonstrated that open and generic network control APIs can greatly improve network functionality and seamlessly enable greater flexibility in network management. In this paper, we argue that BGP speaking systems can and should provide an open and rich control and configuration mechanism, in order to address modern era network control requirements. Towards this goal, we present λbgp, a modular and extensible BGP framework written in Haskell. The framework offers an extensible integration model for reactive BGP control that remains backward compatible with existing BGP standards and allows network managers to define route processing policies using a high-level language and to dynamically inject information sources into the path selection logic. Using a high-performance BGP traffic generator, we demonstrate that λbgp offers performance comparable to production BGP speakers, while dynamic AS route processing policies can be written in just a few lines of code

Adaptive Energy Theft Detection in Smart Grids Using Self-Learning With Dual Neural Network

Energy theft is an extremely prominent challenge causing significant energy and revenue losses for utility providers worldwide. The introduction of advanced metering infrastructures consisting of smart meter deployments has undeniably extended the attack surface, enabling individual consumers or prosumers to trigger composite energy theft attack vectors. In this work, we introduce an energy theft detection system capable of distinguishing properties of power consumption and generation theft with possible misconfigurations caused by nonmalicious intent. The proposed approach is adaptive through a self-learning operation that is updated continuously as new measurements become available. With the synergistic use of measurements collected by real PV installations and openly available weather information, the system achieves high accuracy and precision result in theft identification over streamed data measurements. Thus, it promotes low computational costs and its architecture can be easily integrated within smart grid infrastructures to realize next-generation cross-batch energy theft detection

4MIDable: Flexible Network Offloading For Security VNFs

The ever-growing volume of network traffic and widening adoption of Internet protocols to underpin common communication processes augments the importance of network security. In order to enforce network security policies, network managers adopt a widening set of middleboxes and network appliances to improve traffic monitoring and processing capabilities. The resource requirements to support network security appliances are constantly increasing, making efficiency of these systems an essential aspect. The move toward Software-Defined Networking and programmable data planes offers a mean to offload traffic processing functionalities to within the network itself. To this end, we present the 4MIDable framework: a platform that facilitates the integration of existing middleboxes and monitoring appliances with an SDN (P4) network infrastructure. We also present P4Protect, a 4MIDable agent that protects the network from control plane DoS attacks with negligible impact on control plane latency, and P4ID (P4-Enhanced Intrusion Detection), a 4MIDable agent that offers stateful processing and feedback to unmodified Intrusion Detection System middleboxes and reduces traffic processing by over 80% without affecting threat detection rates

ReasoNet:Inferring Network Policies Using Ontologies

Modern SDN control stacks consist of multiple abstraction and virtualization layers to enable flexibility in the development of new control features. Rich data modeling frameworks are essential when sharing information across control layers. Unfortunately, existing NOS data modeling capabilities are limited to simple type-checking and code templating. We present an exploration of a more extreme point on SDN data modeling: ReasoNet. Developers can use semantic web technologies to enrich their data models with reasoning rules and integrity/consistency constraints and automate state inference across layers. We demonstrate the ability of ReasoNet to automate state verification and cross-layer debugging, through the implementation of two popular control applications, a learning switch and a QoS policy engine

Resolving data center power bill disputes: the energy-performance trade-offs of consolidation

This is the author accepted manuscript. The final version is available from ACM via http://dx.doi.org/10.1145/2768510.2770933In this paper we challenge the common evaluation practices used for Virtual Machine (VM) consolidation, such as simulation and small testbeds, which fail to capture the fundamental trade-off between energy consumption and performance. We identify a number of over-simplifying assumptions which are typically made about the energy consumption and performance characteristics of modern networked systems. In response, we describe how more accurate models for data-center systems can be designed and used in order to create an evaluation framework that allows the more reliable exploration of the energy-performance trade-off for VM consolidation strategies.This work was jointly supported by by MINECO (grant TEC2014- 55713-R), the EPSRC INTERNET Project EP / H040536/1, and the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contract FA8750-11-C-0249. The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Defense

To All Intents and Purposes:Towards Flexible Intent Expression

Intent-based networking provides an efficient mechanism to manage complexity in network management. The paradigm allows users to express their network requirements, and an autonomic framework translates them into a network configuration. Existing efforts focus primarily on modeling connectivity intents for end-users. Nonetheless, in order to deliver autonomic behavior in network management, an intent system must support a wider range of network management processes and model human-to-human interactions, essential for network operation. Furthermore, such interactions may involve nontechnical users and require the design of novel interfaces, supporting free-text and conversational intent expression. Towards this goal, we present an intent architecture that supports novel network management intents, such as network path rerouting and applying periods of ’service protection’. The paper includes details of our prototype implementation that is capable of deploying such intents in under five seconds in a large mininet topology

Improving Intent Correctness with Automated Testing

Intent-based networking (IBN) systems have become the de-facto control abstraction to drive self-service, self-healing, and self-optimized capabilities in service delivery processes. Nonetheless, the operation complexity of modern network infrastructures make network practitioners apprehensive towards adoption in production, requiring further evidence for correctness. In this paper, we argue that testing, verification and monitoring should become first-class citizens in reference IBN architecture, in order to improve the detection errors during operations. Towards this goal, we present an extension for an intent architecture that allows IBN system to validate the correctness of network configuration using realistic network emulation. Furthermore, we present an intent use-case that ensure correct operation in hybrid networks

OFLOPS: An Open Framework for Openflow Switch Evaluation,” in PAM,

Abstract. Recent efforts in software-defined networks, such as OpenFlow, give unprecedented access into the forwarding plane of networking equipment. When building a network based on OpenFlow however, one must take into account the performance characteristics of particular OpenFlow switch implementations. In this paper, we present OFLOPS, an open and generic software framework that permits the development of tests for OpenFlow-enabled switches, that measure the capabilities and bottlenecks between the forwarding engine of the switch and the remote control application. OFLOPS combines hardware instrumentation with an extensible software framework. We use OFLOPS to evaluate current OpenFlow switch implementations and make the following observations: (i) The switching performance of flows depends on applied actions and firmware. (ii) Current OpenFlow implementations differ substantially in flow updating rates as well as traffic monitoring capabilities. (iii) Accurate OpenFlow command completion can be observed only through the data plane. These observations are crucial for understanding the applicability of OpenFlow in the context of specific use-cases, which have requirements in terms of forwarding table consistency, flow setup latency, flow space granularity, packet modification types, and/or traffic monitoring abilities

OFLOPS: An Open Framework for Openflow Switch Evaluation,” in PAM,

Abstract. Recent efforts in software-defined networks, such as OpenFlow, give unprecedented access into the forwarding plane of networking equipment. When building a network based on OpenFlow however, one must take into account the performance characteristics of particular OpenFlow switch implementations. In this paper, we present OFLOPS, an open and generic software framework that permits the development of tests for OpenFlow-enabled switches, that measure the capabilities and bottlenecks between the forwarding engine of the switch and the remote control application. OFLOPS combines hardware instrumentation with an extensible software framework. We use OFLOPS to evaluate current OpenFlow switch implementations and make the following observations: (i) The switching performance of flows depends on applied actions and firmware. (ii) Current OpenFlow implementations differ substantially in flow updating rates as well as traffic monitoring capabilities. (iii) Accurate OpenFlow command completion can be observed only through the data plane. These observations are crucial for understanding the applicability of OpenFlow in the context of specific use-cases, which have requirements in terms of forwarding table consistency, flow setup latency, flow space granularity, packet modification types, and/or traffic monitoring abilities