BPFabric: Data Plane Programmability for Software Defined Networks

In its current form, OpenFlow, the de facto implementation of SDN, separates the network’s control and data planes allowing a central controller to alter the matchaction pipeline using a limited set of fields and actions. To support new protocols, forwarding logic, telemetry, monitoring or even middlebox-like functions the currently available programmability in SDN is insufficient. In this paper, we introduce BPFabric, a platform, protocol, and language-independent architecture to centrally program and monitor the data plane. BPFabric leverages eBPF, a platform and protocol independent instruction set to define the packet processing and forwarding functionality of the data plane. We introduce a control plane API that allows data plane functions to be deployed onthe-fly, reporting events of interest and exposing network internal state. We present a raw socket and DPDK implementation of the design, the former for large-scale experimentation using environment such as Mininet and the latter for high-performance low-latency deployments. We show through examples that functions unrealisable in OpenFlow can leverage this flexibility while achieving similar or better performance to today’s static design

Roaming Edge vNFs using Glasgow Network Functions

While the network edge is becoming more important for the provision of customized services in next generation mobile networks, current NFV architectures are unsuitable to meet the increasing future demand. They rely on commodity servers with resource-hungry Virtual Machines that are unable to provide the high network function density and mobility requirements necessary for upcoming wide-area and 5G networks. In this demo, we showcase Glasgow Network Functions (GNF), a virtualization framework suitable for next generation mobile networks that exploits lightweight network functions (NFs) deployed at the edge and transparently following users' devices as they roam between cells

Arbitrary Packet Matching in OpenFlow

OpenFlow has emerged as the de facto control protocol to implement Software-Defined Networking (SDN). In its current form, the protocol specifies a set of fields on which it matches packets to perform actions, such as forwarding, discarding or modifying specific protocol header fields at a switch. The number of match fields has increased with every version of the protocol to extend matching capabilities, however, it is still not flexible enough to match on arbitrary packet fields which limits innovation and new protocol development with OpenFlow. In this paper, we argue that a fully flexible match structure is superior to continuously extending the number of fields to match upon. We use Berkeley Packet Filters (BPF) for packet classification to provide a protocol-independent, flexible alternative to today’s OpenFlow fixed match fields. We have implemented a prototype system and evaluated the performance of the proposed match scheme, with a focus on the time it takes to execute and the memory required to store different match filter specifications. Our prototype implementation demonstrates that line-rate arbitrary packet classification can be achieved with complex BPF programs

Distributed Network Anomaly Detection on an Event Processing Framework

Network Intrusion Detection Systems (NIDS) are an integral part of modern data centres to ensure high availability and compliance with Service Level Agreements (SLAs). Currently, NIDS are deployed on high-performance, high-cost middleboxes that are responsible for monitoring a limited section of the network. The fast increasing size and aggregate throughput of modern data centre networks have come to challenge the current approach to anomaly detection to satisfy the fast growing compute demand. In this paper, we propose a novel approach to distributed intrusion detection systems based on the architecture of recently proposed event processing frameworks. We have designed and implemented a prototype system using Apache Storm to show the benefits of the proposed approach as well as the architectural differences with traditional systems. Our system distributes modules across the available devices within the network fabric and uses a centralised controller for orchestration, management and correlation. Following the Software Defined Networking (SDN) paradigm, the controller maintains a complete view of the network but distributes the processing logic for quick event processing while performing complex event correlation centrally. We have evaluated the proposed system using publicly available data centre traces and demonstrated that the system can scale with the network topology while providing high performance and minimal impact on packet latency

Container-based network function virtualization for software-defined networks

Today's enterprise networks almost ubiquitously deploy middlebox services to improve in-network security and performance. Although virtualization of middleboxes attracts a significant attention, studies show that such implementations are still proprietary and deployed in a static manner at the boundaries of organisations, hindering open innovation. In this paper, we present an open framework to create, deploy and manage virtual network functions (NF)s in OpenFlow-enabled networks. We exploit container-based NFs to achieve low performance overhead, fast deployment and high reusability missing from today's NFV deployments. Through an SDN northbound API, NFs can be instantiated, traffic can be steered through the desired policy chain and applications can raise notifications. We demonstrate the systems operation through the development of exemplar NFs from common Operating System utility binaries, and we show that container-based NFV improves function instantiation time by up to 68% over existing hypervisor-based alternatives, and scales to one hundred co-located NFs while incurring sub-millisecond latency

The Segmented Zambezi Sedimentary System from Source to Sink: 1. Sand Petrology and Heavy Minerals

The Zambezi River rises at the center of southern Africa, flows across the low-relief Kalahari Plateau, meets Karoo basalt, plunges into Victoria Falls, follows along Karoo rifts, and pierces through Precambrian basement to eventually deliver its load onto the Mozambican passive margin. Reflecting its polyphase evolution, the river is subdivided into segments with different geological and geomorphological character, a subdivision finally fixed by man’s construction of large reservoirs and faithfully testified by sharp changes in sediment composition. Pure quartzose sand recycled from Kalahari desert dunes in the uppermost tract is next progressively enriched in basaltic rock fragments and clinopyroxene. Sediment load is renewed first downstream of Lake Kariba and next downstream of Lake Cahora Bassa, documenting a stepwise decrease in quartz and durable heavy minerals. Composition becomes quartzo-feldspathic in the lower tract, where most sediment is supplied by high-grade basements rejuvenated by the southward propagation of the East African rift. Feldspar abundance in Lower Zambezi sand has no equivalent among big rivers on Earth and far exceeds that in sediments of the northern delta, shelf, and slope, revealing that provenance signals from the upper reaches have ceased to be transmitted across the routing system after closure of the big dams. This high-resolution petrologic study of Zambezi sand allows us to critically reconsider several dogmas, such as the supposed increase of mineralogical “maturity” during long-distance fluvial transport, and forges a key to unlock the rich information stored in sedimentary archives, with the ultimate goal to accurately reconstruct the evolution of this mighty river flowing across changing African landscapes since the late Mesozoic

Neogene to Quaternary evolution of carbonate and mixed carbonate-siliciclastic systems along New Caledonia's eastern margin (SW Pacific)

Neogene and Quaternary shallow-water carbonate records surrounding New Caledonia main island, Grande Terre, provide a good example for understanding the stratigraphic architecture of tropical mixed carbonate-siliciclastic systems. Due to a southeastern tilt of the eastern margin, the eastern shelf of Grande Terre has been better preserved from erosion than the western part, favouring the development and preservation of shallow-water carbonates. Based on the integration of bathymetric and seismic data, along with paleoenvironmental and biostratigraphic constraints derived from dredged carbonate rocks, a comprehensive geomorphological and architectural characterization of the offshore eastern margin of Grande Terre has been made. During the Mio-Pliocene, a wide, up to 750 m-thick carbonate build-up developed and extended over at least 350 km from north to south. This Mio-Pliocene build-up, currently lying at 300 to 600 m water depths, is overlain by a Pleistocene-Holocene barrier reef-lagoon complex and associated slope deposits. The switch from aggrading Neogene carbonate banks to backstepping Quaternary platforms likely reflects an increase in accommodation due to a high subsidence rate or to relative sea-level rise, and/or results from a switch in carbonate producers associated with global environmental changes. The internal architecture of the Quaternary barrier reef-lagoon complex is highlighted, especially the development of lowstand siliciclastic prisms alternating with transgressive shallow-water carbonate sequences. This pattern agrees with the reciprocal sedimentation model typically invoked for mixed sedimentary systems. This stratigraphic pattern is well developed in front of the Cap Bayes inlet in the north of our study area, yet it is not observed southward along the eastern margin. This difference suggests that other factors than relative sea-level variations directed the architecture of the margin, such as low terrigenous inputs, lagoon paleo-drainage networks or sediment by-pass towards deep basins

Treatment with granulocyte colony-stimulating factor after allogeneic bone marrow transplantation for acute leukemia increases the risk of graft-versus-host disease and death

n/