12 research outputs found

    Towards Quantum-Safe VPNs and Internet

    Get PDF
    Estimating that in 10 years time quantum computers capable of breaking public-key cryptography currently considered safe could exist, this threat is already eminent for information that require secrecy for more than 10 years. Considering the time required to standardize, implement and update existing networks signifies the urgency of adopting quantum-safe cryptography. In this work, we investigate the trade-off between network and CPU overhead and the security levels defined by NIST. To do so, we integrate adapted OpenSSL libraries into OpenVPN, and perform experiments on a large variety of quantum-safe algorithms for respectively TLS versions 1.2 and 1.3 using OpenVPN and HTTPS independently. We describe the difficulties we encounter with the integration and we report the experimental performance results, comparing setting up the quantum-safe connection with setting up the connection without additional post-quantum cryptography

    Fast network congestion detection and avoidance using P4

    Full text link
    Along with exciting visions for 5G communications and the Tactile Internet, the networking requirement of attaining extremely low end-to-end latency has appeared. While network devices are typically equipped with buffers to counteract packet loss caused by short-lived traffic bursts, the more those buffers get filled, the more delay is added to every packet passing through.In this paper, we develop congestion avoidance methods that harness the power of fully programmable data-planes. The corresponding programmable switches, through languages such as P4, can be programmed to gather and react to important packet meta-data, such as queue load, while the data packets are being processed. In particular, we enable P4 switches to (1) track processing and queuing delays of latency-critical flows and (2) react immediately in the data-plane to congestion by rerouting the affected flows. Through a proof-of-concept implementation in emulation and on real hardware, we demonstrate that a data-plane approach reduces average and maximum delay, as well as jitter, when compared to non-programmable approaches

    Fast network congestion detection and avoidance using P4

    Full text link
    Along with exciting visions for 5G communications and the Tactile Internet, the networking requirement of attaining extremely low end-to-end latency has appeared. While network devices are typically equipped with buffers to counteract packet loss caused by short-lived traffic bursts, the more those buffers get filled, the more delay is added to every packet passing through.In this paper, we develop congestion avoidance methods that harness the power of fully programmable data-planes. The corresponding programmable switches, through languages such as P4, can be programmed to gather and react to important packet meta-data, such as queue load, while the data packets are being processed. In particular, we enable P4 switches to (1) track processing and queuing delays of latency-critical flows and (2) react immediately in the data-plane to congestion by rerouting the affected flows. Through a proof-of-concept implementation in emulation and on real hardware, we demonstrate that a data-plane approach reduces average and maximum delay, as well as jitter, when compared to non-programmable approaches.Embedded and Networked System

    Facilitating ICN deployment with an extended open flow protocol

    Full text link
    Named-Data Networking (NDN) is proposed as an approach to evolve the Internet infrastructure from a host- to an informationcentric (ICN) approach, which is better suited to the current usage of the Internet. However, the deployment of a global NDN-based Internet is still a long way out of reach. The most likely scenario for a global NDN network will be the one based on NDN \u27islands\u27 or domains, where interior forwarding and routing of packets is based on NDN principles. The interconnection of NDN domains involves human configuration to set up IP tunnels, implying an unscalable, tedious and error-prone process resulting in static con!guration incapable of reacting to ad-hoc requirements or network changes. Leveraging the exibility of Software-Defined Networking (SDN) can solve aforementioned problems. Due to its dynamic nature, SDN can automatically recognize an NDN service and instruct switches to set up the configuration for actual service deployment. Such a solution significantly eases the deployment of NDN networks. In this paper, we propose a hybrid solution where we combine Software-Defined Networking, more specifically Open Flow, and eBPF to perform control plane configuration and data plane programmability respectively, to realize connectivity within and across NDN domains. To do so, we have designed eBPF filters that match on NDN traffc, extended the Open Flowprotocol to configure switch data planes with these match filters and enhanced an Open Flow switch to act accordingly. Our OpenFlow controller written for Ryu performs routing on NDN names and configures switches correspondingly. Additionally, our controller detects NDN domains and sets up IP tunnels between them. Our evaluation shows that our proof-of-concept on, among others, the SciNet testbed autocon- figures an NDN network, successfully providing end-to-end NDN network functionality across multiple domains
    corecore