IP Fast Reroute with Remote Loop-Free Alternates: the Unit Link Cost Case

Up to not so long ago, Loop-Free Alternates (LFA) was the only viable option for providing fast protection in pure IP and MPLS/LDP networks. Unfortunately, LFA cannot provide protection for all possible failure cases in general. Recently, the IETF has initiated the Remote Loop-Free Alternates (rLFA) technique, as a simple extension to LFA, to boost the fraction of failure cases covered by fast protection. Before further stan- dardization and deployment, however, it is crucial to determine to what extent rLFA can improve the level of protection in a general IP network, as well as to find optimization methods to tweak a network for 100% rLFA coverage. In this paper, we take the first steps towards this goal by solving these problems in the special, but practically relevant, case when each network link is of unit cost. We also provide preliminary numerical evaluations conducted on real IP network topologies, which suggest that rLFA significantly improves the level of protection, and most networks need only 2 − 3 new links to be added to attain 100% failure case coverage

End-host Driven Troubleshooting Architecture for Software-Defined Networking

The high variability in traffic demands, the advanced networking services at various layers (e.g., load- balancers), and the steady penetration of SDN technology and virtualization make the crucial network troubleshooting tasks ever more challenging over multi-tenant environments. Service degradation is first realized by the users and, as being the only one having visibility to many relevant information (e.g., connection details) required for accurate and timely problem resolution, the infrastructure layer is often forced upon continuous monitoring resulting in wasteful resource management, not to mention the long time frames. In this paper, we propose an End-host-Driven Troubleshooting architecture (EDT), where users are able to share the application-specific connection details with the infrastructure to accelerate the identification of root causes of performance degradation, and to avoid the need for always-on, resource-intensive, and network- wide monitoring. Utilizing EDT, we provide some essential tools for real end-to-end trace routing (PTR), identifying packet losses, and carry out hop-by-hop latency measurements (HEL). In contrast to existing proposals, PTR traces the practical production traffic without the need of crafted probe packets by means of careful tagging mechanisms and additional ephemeral capturing flow rules. Besides involving negligible data plane deterioration, in certain cases PTR can drastically reduce the time needed to find a traversed path compared to existing solutions. Finally, by means of individual network functions, HEL measures the latency of each link along the found path without involving the controller into the calculation, hence resulting in significant reduction of control plane overhead

Optimizing IGP Link Costs for Improving IP-level Resilience

Recently, major vendors have introduced new router platforms to the market that support fast IP-level failure pro- tection out of the box. The implementations are based on the IP Fast ReRoute–Loop Free Alternates (LFA) standard. LFA is simple, unobtrusive, and easily deployable. This simplicity, however, comes at a severe price, in that LFA usually cannot protect all possible failure scenarios. In this paper, we give new graph theoretical tools for analyzing LFA failure case coverage and we seek ways for improvement. In particular, we investigate how to optimize IGP link costs to maximize the number of protected failure scenarios, we show that this problem is NP- complete even in a very restricted formulation, and we give exact and approximate algorithms to solve it. Our simulation studies show that a deliberate selection of IGP costs can bring many networks close to complete LFA-based protection

HARMLESS: Cost-Effective Transitioning to SDN

Recently, Software-Defined Networking has grown out of being an "intriguing approach" and turned into a "must-have" for communication networks to overcome many long-standing problems of traditional networking. However, there are still some obstacles on the way to the widespread adoption. Current commodity-off-the-shelf (COTS) SDN offerings are still in their infancy and are notorious for lacking standards compliance, scalability, and unpredictable performance indicators compared to their legacy counterparts. On the other hand, recent software-based solutions might mitigate these shortcomings, but in terms of cost-efficiency and port density they are in a lower league. Here, we present HARMLESS, a novel SDN switch design that combines the rapid innovation and upgrade cycles of software switches with the port density of hardware-based appliances into a fully data plane-transparent, vendor-neutral and cost-effective solution for smaller enterprises to gain a foothold in this era. The demo showcases the SDN migration of a dumb legacy Ethernet switch to a powerful, fully reconfigurable, OpenFlow-enabled network device without incurring any major performance and latency penalty, nor any substantial price tag enabling to realize many use cases that would have otherwise needed standalone hardware appliances

SDN based testbeds for evaluating and promoting multipath TCP

Multipath TCP is an experimental transport proto- col with remarkable recent past and non-negligible future poten- tial. It has been standardized recently, however the evaluation studies focus only on a limited set of isolated use-cases and a comprehensive analysis or a feasible path of Internet-wide adoption is still missing. This is mostly because in the current networking practice it is unusual to configure multiple paths between the endpoints of a connection. Therefore, conducting and precisely controlling multipath experiments over the real “inter- net” is a challenging task for some experimenters and impossible for others. In this paper, we invoke SDN technology to make this control possible and exploit large-scale internet testbeds to conduct end-to-end MPTCP experiments. More specifically, we establish a special purpose control and measurement framework on top of two distinct internet testbeds. First, using the OpenFlow support of GÉANT, we build a testbed enabling measurements with real traffic. Second, we design and establish a publicly available large-scale multipath capable measurement framework on top of PlanetLab Europe and show the challenges of such a system. Furthermore, we present measurements results with MPTCP in both testbeds to get insight into its behavior in such not well explored environment

Policy Injection: a Cloud Dataplane DoS Attack

Enterprises continue to migrate their services to the cloud on a massive scale, but the increasing attack surface has become a natural target for malevolent actors. We show policy injection, a novel algorithmic complexity attack that enables a tenant to add specially tailored ACLs into the data center fabric to mount a denial-of-service attack through exploiting the built-in security mechanisms of the cloud management systems (CMS) . Our insight is that certain ACLs, when fed with special covert packets by an attacker, may be very difficult to evaluate, leading to an exhaustion of cloud resources. We show how a tenant can inject seemingly harmless ACLs into the cloud data plane to abuse an algorithmic deficiency in the most popular cloud hypervisor switch, Open vSwitch, and reduce its effective peak performance by 80-90%, and, in certain cases, denying network access altogether

HARMLESS: Cost-Effective Transitioning to SDN for Small Enterprises

No abstract available

HARMLESS: Cost-Effective Transitioning to SDN for Small Enterprises

No abstract available

Transition to SDN is HARMLESS: Hybrid ARchitecture for Migrating Legacy Ethernet Switches to SDN

Software-Defined Networking (SDN) offers a new way to operate, manage, and deploy communication networks and to overcome many long-standing problems of legacy networking. However, widespread SDN adoption has not occurred yet due to the lack of a viable incremental deployment path and the relatively immature present state of SDN-capable devices on the market. While continuously evolving software switches may alleviate the operational issues of commercial hardware-based SDN offerings, namely lagging standards-compliance, performance regressions, and poor scaling, they fail to match the cost-efficiency and port density. In this paper, we propose HARMLESS, a new SDN switch design that seamlessly adds SDN capability to legacy network gear, by emulating the OpenFlow switch OS in a separate software switch component. This way, HARMLESS enables a quick and easy leap into SDN, combining the rapid innovation and upgrade cycles of software switches with the port density and cost-efficiency of hardware-based appliances into a fully dataplane-transparent and vendor-neutral solution. HARMLESS incurs an order of magnitude smaller initial expenditure for an SDN deployment than existing turnkey vendor SDN solutions while, at the same time, yields matching, or even better, data plane performance for smaller enterprises