116 research outputs found
Container network functions: bringing NFV to the network edge
In order to cope with the increasing network utilization driven by new mobile clients, and to satisfy demand for new network services and performance guarantees, telecommunication service providers are exploiting virtualization over their network by implementing network services in virtual machines, decoupled from legacy hardware accelerated appliances. This effort, known as NFV, reduces OPEX and provides new business opportunities. At the same time, next generation mobile, enterprise, and IoT networks are introducing the concept of computing capabilities being pushed at the network edge, in close proximity of the users. However, the heavy footprint of today's NFV platforms prevents them from operating at the network edge. In this article, we identify the opportunities of virtualization at the network edge and present Glasgow Network Functions (GNF), a container-based NFV platform that runs and orchestrates lightweight container VNFs, saving core network utilization and providing lower latency. Finally, we demonstrate three useful examples of the platform: IoT DDoS remediation, on-demand troubleshooting for telco networks, and supporting roaming of network functions
BPFabric: Data Plane Programmability for Software Defined Networks
In its current form, OpenFlow, the de facto implementation
of SDN, separates the network’s control and data
planes allowing a central controller to alter the matchaction
pipeline using a limited set of fields and actions.
To support new protocols, forwarding logic, telemetry,
monitoring or even middlebox-like functions the currently
available programmability in SDN is insufficient.
In this paper, we introduce BPFabric, a platform, protocol,
and language-independent architecture to centrally
program and monitor the data plane. BPFabric leverages
eBPF, a platform and protocol independent instruction
set to define the packet processing and forwarding functionality
of the data plane. We introduce a control plane
API that allows data plane functions to be deployed onthe-fly,
reporting events of interest and exposing network
internal state.
We present a raw socket and DPDK implementation
of the design, the former for large-scale experimentation
using environment such as Mininet and the latter for
high-performance low-latency deployments. We show
through examples that functions unrealisable in OpenFlow
can leverage this flexibility while achieving similar
or better performance to today’s static design
Evaluation of RPL’s Single Metric Objective Functions
In this paper, we evaluate the performance of RPL
(IPv6 Routing Protocol for Low Power and Lossy Networks)
based on the Objective Function being used to construct the
Destination Oriented Directed Acyclic Graph (DODAG). Using
the Cooja simulator, we compared Objective Function Zero (OF0)
with the Minimum Rank with Hysteresis Objective Function
(MRHOF) in terms of average power consumption, packet loss
ratio, and average end-to-end latency. Our study shows that RPL
performs better in terms of packet loss ratio and average endto-end
latency when MRHOF is used as an objective function.
However, the average power consumption is noticeably higher
compared to OF0
Distributed Network Anomaly Detection on an Event Processing Framework
Network Intrusion Detection Systems (NIDS) are an integral part of modern data centres to ensure high availability and compliance with Service Level Agreements (SLAs). Currently, NIDS are deployed on high-performance, high-cost middleboxes that are responsible for monitoring a limited section of the network. The fast increasing size and aggregate throughput of modern data centre networks have come to challenge the current approach to anomaly detection to satisfy the fast growing compute demand. In this paper, we propose a novel approach to distributed intrusion detection systems based on the architecture of recently proposed event processing frameworks. We have designed and implemented a prototype system using Apache Storm to show the benefits of the proposed approach as well as the architectural differences with traditional systems. Our system distributes modules across the available devices within the network fabric and uses a centralised controller for orchestration, management and correlation. Following the Software Defined Networking (SDN) paradigm, the controller maintains a complete view of the network but distributes the processing logic for quick event processing while performing complex event correlation centrally. We have evaluated the proposed system using publicly available data centre traces and demonstrated that the system can scale with the network topology while providing high performance and minimal impact on packet latency
GNFC: Towards Network Function Cloudification
An increasing demand is seen from enterprises to host and dynamically manage middlebox services in public clouds in order to leverage the same benefits that network functions provide in traditional, in-house deployments. However, today's public clouds provide only a limited view and programmability for tenants that challenges flexible deployment of transparent, software-defined network functions. Moreover, current virtual network functions can't take full advantage of a virtualized cloud environment, limiting scalability and fault tolerance. In this paper we review and evaluate the current infrastructural limitations imposed by public cloud providers and present the design and implementation of GNFC, a cloud-based Network Function Virtualization (NFV) framework that gives tenants the ability to transparently attach stateless, container-based network functions to their services hosted in public clouds. We evaluate the proposed system over three public cloud providers (Amazon EC2, Microsoft Azure and Google Compute Engine) and show the effects on end-to-end latency and throughput using various instance types for NFV hosts
Correction to: Predictive intelligence to the edge: impact on edge analytics
No abstract available
Arbitrary Packet Matching in OpenFlow
OpenFlow has emerged as the de facto control
protocol to implement Software-Defined Networking (SDN). In
its current form, the protocol specifies a set of fields on which
it matches packets to perform actions, such as forwarding,
discarding or modifying specific protocol header fields at a switch.
The number of match fields has increased with every version of
the protocol to extend matching capabilities, however, it is still
not flexible enough to match on arbitrary packet fields which
limits innovation and new protocol development with OpenFlow.
In this paper, we argue that a fully flexible match structure
is superior to continuously extending the number of fields
to match upon. We use Berkeley Packet Filters (BPF) for
packet classification to provide a protocol-independent, flexible
alternative to today’s OpenFlow fixed match fields. We have
implemented a prototype system and evaluated the performance
of the proposed match scheme, with a focus on the time it takes
to execute and the memory required to store different match
filter specifications. Our prototype implementation demonstrates
that line-rate arbitrary packet classification can be achieved with
complex BPF programs
Roaming Edge vNFs using Glasgow Network Functions
While the network edge is becoming more important for the provision of customized services in next generation mobile networks, current NFV architectures are unsuitable to meet the increasing future demand. They rely on commodity servers with resource-hungry Virtual Machines that are unable to provide the high network function density and mobility requirements necessary for upcoming wide-area and 5G networks.
In this demo, we showcase Glasgow Network Functions (GNF), a virtualization framework suitable for next generation mobile networks that exploits lightweight network functions (NFs) deployed at the edge and transparently following users' devices as they roam between cells
Ruru: High-speed, Flow-level Latency Measurement and Visualization of Live Internet Traffic
End-to-end latency is becoming an important metric for many emerging applications (e.g., 5G low-latency services) over the Internet. To better understand end-to-end latency, we present Ruru1, a DPDK-based pipeline that exploits recent advances in high-speed packet processing and visualization. We present an operational deployment of Ruru over an international high-speed link running between Auckland and Los Angeles, and show how Ruru can be used for latency anomaly detection and network planning
- …