Impact of Processing-Resource Sharing on the Placement of Chained Virtual Network Functions

Network Function Virtualization (NFV) provides higher flexibility for network operators and reduces the complexity in network service deployment. Using NFV, Virtual Network Functions (VNF) can be located in various network nodes and chained together in a Service Function Chain (SFC) to provide a specific service. Consolidating multiple VNFs in a smaller number of locations would allow decreasing capital expenditures. However, excessive consolidation of VNFs might cause additional latency penalties due to processing-resource sharing, and this is undesirable, as SFCs are bounded by service-specific latency requirements. In this paper, we identify two different types of penalties (referred as "costs") related to the processingresource sharing among multiple VNFs: the context switching costs and the upscaling costs. Context switching costs arise when multiple CPU processes (e.g., supporting different VNFs) share the same CPU and thus repeated loading/saving of their context is required. Upscaling costs are incurred by VNFs requiring multi-core implementations, since they suffer a penalty due to the load-balancing needs among CPU cores. These costs affect how the chained VNFs are placed in the network to meet the performance requirement of the SFCs. We evaluate their impact while considering SFCs with different bandwidth and latency requirements in a scenario of VNF consolidation.Comment: Accepted for publication in IEEE Transactions on Cloud Computin

Tracking Normalized Network Traffic Entropy to Detect DDoS Attacks in P4

Distributed Denial-of-Service (DDoS) attacks represent a persistent threat to modern telecommunications networks: detecting and counteracting them is still a crucial unresolved challenge for network operators. DDoS attack detection is usually carried out in one or more central nodes that collect significant amounts of monitoring data from networking devices, potentially creating issues related to network overload or delay in detection. The dawn of programmable data planes in Software-Defined Networks can help mitigate this issue, opening the door to the detection of DDoS attacks directly in the data plane of the switches. However, the most widely-adopted data plane programming language, namely P4, lacks supporting many arithmetic operations, therefore, some of the advanced network monitoring functionalities needed for DDoS detection cannot be straightforwardly implemented in P4. This work overcomes such a limitation and presents two novel strategies for flow cardinality and for normalized network traffic entropy estimation that only use P4-supported operations and guarantee a low relative error. Additionally, based on these contributions, we propose a DDoS detection strategy relying on variations of the normalized network traffic entropy. Results show that it has comparable or higher detection accuracy than state-of-the-art solutions, yet being simpler and entirely executed in the data plane.Comment: Accepted by TDSC on 24/09/202

A Clustering Strategy for Enhanced FL-Based Intrusion Detection in IoT Networks

The Internet of Things (IoT) is growing rapidly and so the need of ensuring protection against cybersecurity attacks to IoT devices. In this scenario, Intrusion Detection Systems (IDSs) play a crucial role and data-driven IDSs based on machine learning (ML) have recently attracted more and more interest by the research community. While conventional ML-based IDSs are based on a centralized architecture where IoT devices share their data with a central server for model training, we propose a novel approach that is based on federated learning (FL). However, conventional FL is ineffective in the considered scenario, due to the high statistical heterogeneity of data collected by IoT devices. To overcome this limitation, we propose a three-tier FL-based architecture where IoT devices are clustered together based on their statistical properties. Clustering decisions are taken by means of a novel entropy-based strategy, which helps improve model training performance. We tested our solution on the CIC-ToN-IoT dataset: our clustering strategy increases intrusion detection performance with respect to a conventional FL approach up to +17% in terms of F1-score, along with a significant reduction of the number of training rounds

Performance Evaluation of Video Server Replication in Metro/Access Networks

Internet traffic is increasingly becoming a media-streaming traffic. Especially, Video-on-Demand (VoD) services are pushing the demand for broadband connectivity to the Internet, and optical fiber technology is being deployed in the access network to keep up with such increasing demand. To provide a more scalable network architecture for video delivery, network operators are currently considering novel metro/access network architectures which can accommodate replicated video servers directly in their infrastructure. When servers for VoD delivery are placed nearer to the end users, part of the traffic can be offloaded from the core segment of the network, and the end users can experience better Quality of Service (QoS). While the deployment of caching systems for traffic offloading has been studied in the core network, no work has already investigated the potential performance gains by replicating the content in the metro/access segment of the network, even closer to the users. In our work, we will compare the performance of video server replication in different metro/access network architectures, i.e. a metro ring architecture and a tree-based architecture, by considering both active and passive technologies. We will evaluate using both simulative and analytical methodologies how content providers could benefit from the deployment of replicas of video servers in terms of blocking probability of the VoD requests

In-Network Volumetric DDoS Victim Identification Using Programmable Commodity Switches

Volumetric distributed Denial-of-Service (DDoS) attacks have become one of the most significant threats to modern telecommunication networks. However, most existing defense systems require that detection software operates from a centralized monitoring collector, leading to increased traffic load and delayed response. The recent advent of Data Plane Programmability (DPP) enables an alternative solution: threshold-based volumetric DDoS detection can be performed directly in programmable switches to skim only potentially hazardous traffic, to be analyzed in depth at the controller. In this paper, we first introduce the BACON data structure based on sketches, to estimate per-destination flow cardinality, and theoretically analyze it. Then we employ it in a simple in-network DDoS victim identification strategy, INDDoS, to detect the destination IPs for which the number of incoming connections exceeds a pre-defined threshold. We describe its hardware implementation on a Tofino-based programmable switch using the domain-specific P4 language, proving that some limitations imposed by real hardware to safeguard processing speed can be overcome to implement relatively complex packet manipulations. Finally, we present some experimental performance measurements, showing that our programmable switch is able to keep processing packets at line-rate while performing volumetric DDoS detection, and also achieves a high F1 score on DDoS victim identification.Comment: Accepted by IEEE Transactions on Network and Service Management Special issue on Latest Developments for Security Management of Networks and Service

Energy-efficient caching for Video-on-Demand in Fixed-Mobile Convergent networks

The success of novel bandwidth-consuming multimedia services such as Video-on-Demand (VoD) is leading to a tremendous growth of the Internet traffic. Content caching can help to mitigate such uncontrolled growth by storing video content closer to the users in core, metro and access network nodes. So far, metro and especially access networks supporting mobile and fixed users have evolved independently, leveraging logically (and often also physically) separate infrastructures; this means that mobile users cannot access caches placed in the fixed access network (and vice-versa), even if they are geographically close to them, and energy consumption implications of such undesired effect must be investigated. We define an optimization problem modeling an energy-efficient placement of caches in core, metro and fixed/mobile access nodes of the network. Then, we show how the evolution towards a Fixed-Mobile Converged metro/access network, where fixed and mobile users can share caches, can reduce the energy consumed for VoD content delivery

HDDP: Hybrid Domain Discovery Protocol for heterogeneous devices in SDN

Computer networks are adopting the new Software-Defined Networking (SDN) architecture, however not all devices can support it, mainly due to power and computational constraints. This paper proposes the Hybrid Domain Discovery Protocol (HDDP), a new discovery protocol that enhances theexisting OpenFlow Discovery Protocol (OFDP). HDDP allows thediscovery of hybrid network topologies composed of both SDNand non-SDN devices, which no other state-of-the-art protocolcan achieve. HDDP has been implemented in a software switchand emulated in diverse networks, where it discovers hybrid topologies by using a number of messages similar to competitors,as they only discover SDN devices.Comunidad de MadridUniversidad de Alcal

Performance Characterization and Profiling of Chained CPU-bound Virtual Network Functions

The increased demand for high-quality Internet connectivity resulting from the growing number of connected devices and advanced services has put significant strain on telecommunication networks. In response, cutting-edge technologies such as Network Function Virtualization (NFV) and Software Defined Networking (SDN) have been introduced to transform network infrastructure. These innovative solutions offer dynamic, efficient, and easily manageable networks that surpass traditional approaches. To fully realize the benefits of NFV and maintain the performance level of specialized equipment, it is critical to assess the behavior of Virtual Network Functions (VNFs) and the impact of virtualization overhead. This paper delves into understanding how various factors such as resource allocation, consumption, and traffic load impact the performance of VNFs. We aim to provide a detailed analysis of these factors and develop analytical functions to accurately describe their impact. By testing VNFs on different testbeds, we identify the key parameters and trends, and develop models to generalize VNF behavior. Our results highlight the negative impact of resource saturation on performance and identify the CPU as the main bottleneck. We also propose a VNF profiling procedure as a solution to model the observed trends and test more complex VNFs deployment scenarios to evaluate the impact of interconnection, co-location, and NFV infrastructure on performance