41 research outputs found
Traffic Management Applications for Stateful SDN Data Plane
The successful OpenFlow approach to Software Defined Networking (SDN) allows
network programmability through a central controller able to orchestrate a set
of dumb switches. However, the simple match/action abstraction of OpenFlow
switches constrains the evolution of the forwarding rules to be fully managed
by the controller. This can be particularly limiting for a number of
applications that are affected by the delay of the slow control path, like
traffic management applications. Some recent proposals are pushing toward an
evolution of the OpenFlow abstraction to enable the evolution of forwarding
policies directly in the data plane based on state machines and local events.
In this paper, we present two traffic management applications that exploit a
stateful data plane and their prototype implementation based on OpenState, an
OpenFlow evolution that we recently proposed.Comment: 6 pages, 9 figure
SPIDER: Fault Resilient SDN Pipeline with Recovery Delay Guarantees
When dealing with node or link failures in Software Defined Networking (SDN),
the network capability to establish an alternative path depends on controller
reachability and on the round trip times (RTTs) between controller and involved
switches. Moreover, current SDN data plane abstractions for failure detection
(e.g. OpenFlow "Fast-failover") do not allow programmers to tweak switches'
detection mechanism, thus leaving SDN operators still relying on proprietary
management interfaces (when available) to achieve guaranteed detection and
recovery delays. We propose SPIDER, an OpenFlow-like pipeline design that
provides i) a detection mechanism based on switches' periodic link probing and
ii) fast reroute of traffic flows even in case of distant failures, regardless
of controller availability. SPIDER can be implemented using stateful data plane
abstractions such as OpenState or Open vSwitch, and it offers guaranteed short
(i.e. ms) failure detection and recovery delays, with a configurable trade off
between overhead and failover responsiveness. We present here the SPIDER
pipeline design, behavioral model, and analysis on flow tables' memory impact.
We also implemented and experimentally validated SPIDER using OpenState (an
OpenFlow 1.3 extension for stateful packet processing), showing numerical
results on its performance in terms of recovery latency and packet losses.Comment: 8 page
Adaptive Robust Traffic Engineering in Software Defined Networks
One of the key advantages of Software-Defined Networks (SDN) is the
opportunity to integrate traffic engineering modules able to optimize network
configuration according to traffic. Ideally, network should be dynamically
reconfigured as traffic evolves, so as to achieve remarkable gains in the
efficient use of resources with respect to traditional static approaches.
Unfortunately, reconfigurations cannot be too frequent due to a number of
reasons related to route stability, forwarding rules instantiation, individual
flows dynamics, traffic monitoring overhead, etc.
In this paper, we focus on the fundamental problem of deciding whether, when
and how to reconfigure the network during traffic evolution. We propose a new
approach to cluster relevant points in the multi-dimensional traffic space
taking into account similarities in optimal routing and not only in traffic
values. Moreover, to provide more flexibility to the online decisions on when
applying a reconfiguration, we allow some overlap between clusters that can
guarantee a good-quality routing regardless of the transition instant.
We compare our algorithm with state-of-the-art approaches in realistic
network scenarios. Results show that our method significantly reduces the
number of reconfigurations with a negligible deviation of the network
performance with respect to the continuous update of the network configuration.Comment: 10 pages, 8 figures, submitted to IFIP Networking 201
Traffic Management in Networks with Programmable Data Planes
AbstractThis brief includes a summary of the Ph.D. thesis entitled "Traffic management in networks with programmable data planes" and supervised by Prof. Antonio Capone. Software-Defined Networking (SDN) enables the configuration and operation of communications networks through open software programming interfaces providing an unprecedented flexibility in their dynamic reconfiguration and management. The thesis analyses the opportunities for traffic management provided by the SDN paradigm at different levels. Starting from the programmability at the control plane, we have designed a Traffic Engineering framework operating on the global view offered on top of the controller to proactively configure the network according to traffic measurements while limiting the number of reconfigurations. In order to deal with unexpected conditions such as network failures and congestion, the above centralized, global and proactive approach has been complemented by reactive and distributed approaches based on advanced stateful programmable data planes which enable a self-adaptation according to partial local information yielding to a more prompt and scalable reaction. All the solutions presented in the thesis have been evaluated with software prototypes based on research-oriented or production-ready open-source tools. Some of the extensions developed for these tools have been integrated as official open-source contributions
Passive classification of Wi-Fi enabled devices
We propose a method for classifying Wi-Fi enabled mobile handheld devices (smartphones) and non-handheld devices (laptops) in a completely passive way, that is resorting neither to traffic probes on network edge devices nor to deep packet inspection techniques to read application layer information. Instead, classification is performed starting from probe requests Wi-Fi frames, which can be sniffed with inexpensive commercial hardware. We extract distinctive features from probe request frames (how many probe requests are transmitted by each device, how frequently, etc.) and take a machine learning approach, training four different classifiers to recognize the two types of devices. We compare the performance of the different classifiers and identify a solution based on a Random Decision Forest that correctly classify devices 95% of the times. The classification method is then used as a pre-processing stage to analyze network traffic traces from the wireless network of a university building, with interesting considerations on the way different types of devices uses the network (amount of data exchanged, duration of connections, etc.). The proposed methodology finds application in many scenarios related to Wi-Fi network management/optimization and Wi-Fi based services
Designing a fully compensated half-metallic ferrimagnet
Recent experimental work on Mn2RuxGa demonstrates its potential as a compensated ferrimagnetic
half-metal (CFHM). Here we present a set of high-throughput ab initio density functional
theory calculations and detailed experimental characterisation, that enable us to correctly describe
the nominal Mn2RuxGa thin films, in particular with regard to site-disorder and defects. We then
construct models that accurately capture all the key features of the Mn-Ru-Ga system, including
magnetic compensation and the spin gap at the Fermi level. We find that electronic doping is neccessary,
which is achieved with a Mn/Ga ratio smaller than two. Our study shows how composition
and substrate-induced biaxial strain can be combined to design a ferrimagnetic half-metal with a
compensation point close to room temperature
Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild
Cyber Threat Intelligence (CTI) plays a crucial role in assessing risks and
enhancing security for organizations. However, the process of extracting
relevant information from unstructured text sources can be expensive and
time-consuming. Our empirical experience shows that existing tools for
automated structured CTI extraction have performance limitations. Furthermore,
the community lacks a common benchmark to quantitatively assess their
performance. We fill these gaps providing a new large open benchmark dataset
and aCTIon, a structured CTI information extraction tool. The dataset includes
204 real-world publicly available reports and their corresponding structured
CTI information in STIX format. Our team curated the dataset involving three
independent groups of CTI analysts working over the course of several months.
To the best of our knowledge, this dataset is two orders of magnitude larger
than previously released open source datasets. We then design aCTIon,
leveraging recently introduced large language models (GPT3.5) in the context of
two custom information extraction pipelines. We compare our method with 10
solutions presented in previous work, for which we develop our own
implementations when open-source implementations were lacking. Our results show
that aCTIon outperforms previous work for structured CTI extraction with an
improvement of the F1-score from 10%points to 50%points across all tasks
The Road to BOFUSS: The Basic OpenFlow User-space Software Switch
Software switches are pivotal in the Software-Defined Networking (SDN)
paradigm, particularly in the early phases of development, deployment and
testing. Currently, the most popular one is Open vSwitch (OVS), leveraged in
many production-based environments. However, due to its kernel-based nature,
OVS is typically complex to modify when additional features or adaptation is
required. To this regard, a simpler user-space is key to perform these
modifications.
In this article, we present a rich overview of BOFUSS, the basic OpenFlow
user-space software switch. BOFUSS has been widely used in the research
community for diverse reasons, but it lacked a proper reference document. For
this purpose, we describe the switch, its history, architecture, uses cases and
evaluation, together with a survey of works that leverage this switch. The main
goal is to provide a comprehensive overview of the switch and its
characteristics. Although the original BOFUSS is not expected to surpass the
high performance of OVS, it is a useful complementary artifact that provides
some OpenFlow features missing in OVS and it can be easily modified for
extended functionality. Moreover, enhancements provided by the BEBA project
brought the performance from BOFUSS close to OVS. In any case, this paper sheds
light to researchers looking for the trade-offs between performance and
customization of BOFUSS.Comment: 24 pages, 7 figures; submitted to Telecommunications Systems journa