26 research outputs found
IP Fast Reroute with Remote Loop-Free Alternates: the Unit Link Cost Case
Up to not so long ago, Loop-Free Alternates (LFA)
was the only viable option for providing fast protection in pure
IP and MPLS/LDP networks. Unfortunately, LFA cannot provide
protection for all possible failure cases in general. Recently, the
IETF has initiated the Remote Loop-Free Alternates (rLFA)
technique, as a simple extension to LFA, to boost the fraction
of failure cases covered by fast protection. Before further stan-
dardization and deployment, however, it is crucial to determine
to what extent rLFA can improve the level of protection in a
general IP network, as well as to find optimization methods to
tweak a network for 100% rLFA coverage. In this paper, we take
the first steps towards this goal by solving these problems in the
special, but practically relevant, case when each network link is
of unit cost. We also provide preliminary numerical evaluations
conducted on real IP network topologies, which suggest that rLFA
significantly improves the level of protection, and most networks
need only 2 − 3 new links to be added to attain 100% failure
case coverage
End-host Driven Troubleshooting Architecture for Software-Defined Networking
The high variability in traffic demands, the
advanced networking services at various layers (e.g., load-
balancers), and the steady penetration of SDN technology
and virtualization make the crucial network troubleshooting
tasks ever more challenging over multi-tenant environments.
Service degradation is first realized by the users and, as being
the only one having visibility to many relevant information
(e.g., connection details) required for accurate and timely
problem resolution, the infrastructure layer is often forced
upon continuous monitoring resulting in wasteful resource
management, not to mention the long time frames. In this paper,
we propose an End-host-Driven Troubleshooting architecture
(EDT), where users are able to share the application-specific
connection details with the infrastructure to accelerate the
identification of root causes of performance degradation, and to
avoid the need for always-on, resource-intensive, and network-
wide monitoring. Utilizing EDT, we provide some essential tools
for real end-to-end trace routing (PTR), identifying packet
losses, and carry out hop-by-hop latency measurements (HEL).
In contrast to existing proposals, PTR traces the practical
production traffic without the need of crafted probe packets by
means of careful tagging mechanisms and additional ephemeral
capturing flow rules. Besides involving negligible data plane
deterioration, in certain cases PTR can drastically reduce the
time needed to find a traversed path compared to existing
solutions. Finally, by means of individual network functions,
HEL measures the latency of each link along the found path
without involving the controller into the calculation, hence
resulting in significant reduction of control plane overhead
Optimizing IGP Link Costs for Improving IP-level Resilience
Recently, major vendors have introduced new router
platforms to the market that support fast IP-level failure pro-
tection out of the box. The implementations are based on the
IP Fast ReRoute–Loop Free Alternates (LFA) standard. LFA
is simple, unobtrusive, and easily deployable. This simplicity,
however, comes at a severe price, in that LFA usually cannot
protect all possible failure scenarios. In this paper, we give new
graph theoretical tools for analyzing LFA failure case coverage
and we seek ways for improvement. In particular, we investigate
how to optimize IGP link costs to maximize the number of
protected failure scenarios, we show that this problem is NP-
complete even in a very restricted formulation, and we give exact
and approximate algorithms to solve it. Our simulation studies
show that a deliberate selection of IGP costs can bring many
networks close to complete LFA-based protection
HARMLESS: Cost-Effective Transitioning to SDN
Recently, Software-Defined Networking has grown out of being an "intriguing approach" and turned into a "must-have" for communication networks to overcome many long-standing problems of traditional networking. However, there are still some obstacles on the way to the widespread adoption. Current commodity-off-the-shelf (COTS) SDN offerings are still in their infancy and are notorious for lacking standards compliance, scalability, and unpredictable performance indicators compared to their legacy counterparts. On the other hand, recent software-based solutions might mitigate these shortcomings, but in terms of cost-efficiency and port density they are in a lower league.
Here, we present HARMLESS, a novel SDN switch design that combines the rapid innovation and upgrade cycles of software switches with the port density of hardware-based appliances into a fully data plane-transparent, vendor-neutral and cost-effective solution for smaller enterprises to gain a foothold in this era. The demo showcases the SDN migration of a dumb legacy Ethernet switch to a powerful, fully reconfigurable, OpenFlow-enabled network device without incurring any major performance and latency penalty, nor any substantial price tag enabling to realize many use cases that would have otherwise needed standalone hardware appliances
SDN based testbeds for evaluating and promoting multipath TCP
Multipath TCP is an experimental transport proto-
col with remarkable recent past and non-negligible future poten-
tial. It has been standardized recently, however the evaluation
studies focus only on a limited set of isolated use-cases and
a comprehensive analysis or a feasible path of Internet-wide
adoption is still missing. This is mostly because in the current
networking practice it is unusual to configure multiple paths
between the endpoints of a connection. Therefore, conducting and
precisely controlling multipath experiments over the real “inter-
net” is a challenging task for some experimenters and impossible
for others. In this paper, we invoke SDN technology to make
this control possible and exploit large-scale internet testbeds to
conduct end-to-end MPTCP experiments. More specifically, we
establish a special purpose control and measurement framework
on top of two distinct internet testbeds. First, using the OpenFlow
support of GÉANT, we build a testbed enabling measurements
with real traffic. Second, we design and establish a publicly
available large-scale multipath capable measurement framework
on top of PlanetLab Europe and show the challenges of such
a system. Furthermore, we present measurements results with
MPTCP in both testbeds to get insight into its behavior in such
not well explored environment
Policy Injection: a Cloud Dataplane DoS Attack
Enterprises continue to migrate their services to the cloud on a massive scale, but the increasing attack surface has become a natural target for malevolent actors. We show policy injection, a novel algorithmic complexity attack that enables a tenant to add specially tailored ACLs into the data center fabric to mount a denial-of-service attack through exploiting the built-in security mechanisms of the cloud management systems (CMS) . Our insight is that certain ACLs, when fed with special covert packets by an attacker, may be very difficult to evaluate, leading to an exhaustion of cloud resources. We show how a tenant can inject seemingly harmless ACLs into the cloud data plane to abuse an algorithmic deficiency in the most popular cloud hypervisor switch, Open vSwitch, and reduce its effective peak performance by 80-90%, and, in certain cases, denying network access altogether
HARMLESS: Cost-Effective Transitioning to SDN for Small Enterprises
No abstract available
Transition to SDN is HARMLESS: Hybrid ARchitecture for Migrating Legacy Ethernet Switches to SDN
Software-Defined Networking (SDN) offers a new way to operate, manage, and deploy communication networks and to overcome many long-standing problems of legacy networking. However, widespread SDN adoption has not occurred yet due to the lack of a viable incremental deployment path and the relatively immature present state of SDN-capable devices on the market. While continuously evolving software switches may alleviate the operational issues of commercial hardware-based SDN offerings, namely lagging standards-compliance, performance regressions, and poor scaling, they fail to match the cost-efficiency and port density. In this paper, we propose HARMLESS, a new SDN switch design that seamlessly adds SDN capability to legacy network gear, by emulating the OpenFlow switch OS in a separate software switch component. This way, HARMLESS enables a quick and easy leap into SDN, combining the rapid innovation and upgrade cycles of software switches with the port density and cost-efficiency of hardware-based appliances into a fully dataplane-transparent and vendor-neutral solution. HARMLESS incurs an order of magnitude smaller initial expenditure for an SDN deployment than existing turnkey vendor SDN solutions while, at the same time, yields matching, or even better, data plane performance for smaller enterprises