1,214 research outputs found
Prelude: Ensuring Inter-Domain Loop-Freedom in~SDN-Enabled Networks
Software-Defined-eXchanges (SDXes) promise to tackle the timely quest of
bringing improving the inter-domain routing ecosystem through SDN deployment.
Yet, the naive deployment of SDN on the Internet raises concerns about the
correctness of the inter-domain data-plane. By allowing operators to deflect
traffic from the default BGP route, SDN policies are susceptible of creating
permanent forwarding loops invisible to the control-plane.
In this paper, we propose a system, called Prelude, for detecting SDN-induced
forwarding loops between SDXes with high accuracy without leaking the private
routing information of network operators. To achieve this, we leverage Secure
Multi-Party Computation (SMPC) techniques to build a novel and general
privacy-preserving primitive that detects whether any subset of SDN rules might
affect the same portion of traffic without learning anything about those rules.
We then leverage that primitive as the main building block of a distributed
system tailored to detect forwarding loops among any set of SDXes. We leverage
the particular nature of SDXes to further improve the efficiency of our SMPC
solution.
The number of valid SDN rules, i.e., not creating loops, rejected by our
solution is 100x lower than previous privacy-preserving solutions, and also
provides better privacy guarantees. Furthermore, our solution naturally
provides network operators with some hindsight on the cost of the deflected
paths
The United Nations and the Human Rights Issue
This paper demonstrates a new class of bugs that is likely to occur in enterprise OpenFlow deployments. In particular, step-by-step, reactive establishment of paths can cause network-wide inconsistencies or performance- and space-related inefficiencies. The cause for this behavior is inconsistent packet processing: as the packets travel through the network they do not encounter consistent state at the OpenFlow controller. To mitigate this problem, we propose to use transactional semantics at the controller to achieve consistent packet processing. We detail the challenges in achieving this goal (including the inability to directly apply database techniques), as well as a potentially promising approach. In particular, we envision the use of multi-commit transactions that could provide the necessary serialization and isolation properties without excessively reducing network performance.QC 20140707</p
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates
under the premise that the logically centralized control plane has an accurate
representation of the actual data plane state. Unfortunately, bugs,
misconfigurations, faults or attacks can introduce inconsistencies that
undermine correct operation. Previous work in this area, however, lacks a
holistic methodology to tackle this problem and thus, addresses only certain
parts of the problem. Yet, the consistency of the overall system is only as
good as its least consistent part. Motivated by an analogy of network
consistency checking with program testing, we propose to add active probe-based
network state fuzzing to our consistency check repertoire. Hereby, our system,
PAZZ, combines production traffic with active probes to periodically test if
the actual forwarding path and decision elements (on the data plane) correspond
to the expected ones (on the control plane). Our insight is that active traffic
covers the inconsistency cases beyond the ones identified by passive traffic.
PAZZ prototype was built and evaluated on topologies of varying scale and
complexity. Our results show that PAZZ requires minimal network resources to
detect persistent data plane faults through fuzzing and localize them quickly
while outperforming baseline approaches.Comment: Added three extra relevant references, the arXiv later was accepted
in IEEE Transactions of Network and Service Management (TNSM), 2019 with the
title "Towards Consistent SDNs: A Case for Network State Fuzzing
Natural Compression for Distributed Deep Learning
Modern deep learning models are often trained in parallel over a collection
of distributed machines to reduce training time. In such settings,
communication of model updates among machines becomes a significant performance
bottleneck and various lossy update compression techniques have been proposed
to alleviate this problem. In this work, we introduce a new, simple yet
theoretically and practically effective compression technique: {\em natural
compression (NC)}. Our technique is applied individually to all entries of the
to-be-compressed update vector and works by randomized rounding to the nearest
(negative or positive) power of two, which can be computed in a "natural" way
by ignoring the mantissa. We show that compared to no compression, NC increases
the second moment of the compressed vector by not more than the tiny factor
\nicefrac{9}{8}, which means that the effect of NC on the convergence speed
of popular training algorithms, such as distributed SGD, is negligible.
However, the communications savings enabled by NC are substantial, leading to
{\em - improvement in overall theoretical running time}. For
applications requiring more aggressive compression, we generalize NC to {\em
natural dithering}, which we prove is {\em exponentially better} than the
common random dithering technique. Our compression operators can be used on
their own or in combination with existing operators for a more aggressive
combined effect, and offer new state-of-the-art both in theory and practice.Comment: 8 pages, 20 pages of Appendix, 6 Tables, 14 Figure
Panopticon: Reaping the Benefits of Partial SDN Deployment in Enterprise Networks
The operational challenges posed in enterprise networks, present an appealing opportunity for the software-defined orchestration of the network (SDN). However, the primary challenge to realizing solutions built on SDN in the enterprise is the deployment problem. Unlike in the data-center, network upgrades in the enterprise start with the existing deployment and are budget and resource-constrained. In this work, we investigate the prospect for partial Software Defined Network (SDN) deployment. We present Panopticon, an architecture and methodology for planning and operating networks that combine legacy and upgraded SDN switches. Panopticon exposes an abstraction of a logical SDN in a partially upgraded legacy network, where the SDN benefits extend potentially over the entire network. We evaluate the feasibility of our approach through simulation on real enterprise campus network topologies entailing over 1500 switches and routers. Our results suggest that with only a handful of upgraded switches, it becomes possible to operate most of an enterprise network as a single SDN while meeting key resource constraints
- …