Traffic Management Applications for Stateful SDN Data Plane

The successful OpenFlow approach to Software Defined Networking (SDN) allows network programmability through a central controller able to orchestrate a set of dumb switches. However, the simple match/action abstraction of OpenFlow switches constrains the evolution of the forwarding rules to be fully managed by the controller. This can be particularly limiting for a number of applications that are affected by the delay of the slow control path, like traffic management applications. Some recent proposals are pushing toward an evolution of the OpenFlow abstraction to enable the evolution of forwarding policies directly in the data plane based on state machines and local events. In this paper, we present two traffic management applications that exploit a stateful data plane and their prototype implementation based on OpenState, an OpenFlow evolution that we recently proposed.Comment: 6 pages, 9 figure

SPIDER: Fault Resilient SDN Pipeline with Recovery Delay Guarantees

When dealing with node or link failures in Software Defined Networking (SDN), the network capability to establish an alternative path depends on controller reachability and on the round trip times (RTTs) between controller and involved switches. Moreover, current SDN data plane abstractions for failure detection (e.g. OpenFlow "Fast-failover") do not allow programmers to tweak switches' detection mechanism, thus leaving SDN operators still relying on proprietary management interfaces (when available) to achieve guaranteed detection and recovery delays. We propose SPIDER, an OpenFlow-like pipeline design that provides i) a detection mechanism based on switches' periodic link probing and ii) fast reroute of traffic flows even in case of distant failures, regardless of controller availability. SPIDER can be implemented using stateful data plane abstractions such as OpenState or Open vSwitch, and it offers guaranteed short (i.e. ms) failure detection and recovery delays, with a configurable trade off between overhead and failover responsiveness. We present here the SPIDER pipeline design, behavioral model, and analysis on flow tables' memory impact. We also implemented and experimentally validated SPIDER using OpenState (an OpenFlow 1.3 extension for stateful packet processing), showing numerical results on its performance in terms of recovery latency and packet losses.Comment: 8 page

Adaptive Robust Traffic Engineering in Software Defined Networks

One of the key advantages of Software-Defined Networks (SDN) is the opportunity to integrate traffic engineering modules able to optimize network configuration according to traffic. Ideally, network should be dynamically reconfigured as traffic evolves, so as to achieve remarkable gains in the efficient use of resources with respect to traditional static approaches. Unfortunately, reconfigurations cannot be too frequent due to a number of reasons related to route stability, forwarding rules instantiation, individual flows dynamics, traffic monitoring overhead, etc. In this paper, we focus on the fundamental problem of deciding whether, when and how to reconfigure the network during traffic evolution. We propose a new approach to cluster relevant points in the multi-dimensional traffic space taking into account similarities in optimal routing and not only in traffic values. Moreover, to provide more flexibility to the online decisions on when applying a reconfiguration, we allow some overlap between clusters that can guarantee a good-quality routing regardless of the transition instant. We compare our algorithm with state-of-the-art approaches in realistic network scenarios. Results show that our method significantly reduces the number of reconfigurations with a negligible deviation of the network performance with respect to the continuous update of the network configuration.Comment: 10 pages, 8 figures, submitted to IFIP Networking 201

Traffic Management in Networks with Programmable Data Planes

AbstractThis brief includes a summary of the Ph.D. thesis entitled "Traffic management in networks with programmable data planes" and supervised by Prof. Antonio Capone. Software-Defined Networking (SDN) enables the configuration and operation of communications networks through open software programming interfaces providing an unprecedented flexibility in their dynamic reconfiguration and management. The thesis analyses the opportunities for traffic management provided by the SDN paradigm at different levels. Starting from the programmability at the control plane, we have designed a Traffic Engineering framework operating on the global view offered on top of the controller to proactively configure the network according to traffic measurements while limiting the number of reconfigurations. In order to deal with unexpected conditions such as network failures and congestion, the above centralized, global and proactive approach has been complemented by reactive and distributed approaches based on advanced stateful programmable data planes which enable a self-adaptation according to partial local information yielding to a more prompt and scalable reaction. All the solutions presented in the thesis have been evaluated with software prototypes based on research-oriented or production-ready open-source tools. Some of the extensions developed for these tools have been integrated as official open-source contributions

Passive classification of Wi-Fi enabled devices

We propose a method for classifying Wi-Fi enabled mobile handheld devices (smartphones) and non-handheld devices (laptops) in a completely passive way, that is resorting neither to traffic probes on network edge devices nor to deep packet inspection techniques to read application layer information. Instead, classification is performed starting from probe requests Wi-Fi frames, which can be sniffed with inexpensive commercial hardware. We extract distinctive features from probe request frames (how many probe requests are transmitted by each device, how frequently, etc.) and take a machine learning approach, training four different classifiers to recognize the two types of devices. We compare the performance of the different classifiers and identify a solution based on a Random Decision Forest that correctly classify devices 95% of the times. The classification method is then used as a pre-processing stage to analyze network traffic traces from the wireless network of a university building, with interesting considerations on the way different types of devices uses the network (amount of data exchanged, duration of connections, etc.). The proposed methodology finds application in many scenarios related to Wi-Fi network management/optimization and Wi-Fi based services

Designing a fully compensated half-metallic ferrimagnet

Recent experimental work on Mn2RuxGa demonstrates its potential as a compensated ferrimagnetic half-metal (CFHM). Here we present a set of high-throughput ab initio density functional theory calculations and detailed experimental characterisation, that enable us to correctly describe the nominal Mn2RuxGa thin films, in particular with regard to site-disorder and defects. We then construct models that accurately capture all the key features of the Mn-Ru-Ga system, including magnetic compensation and the spin gap at the Fermi level. We find that electronic doping is neccessary, which is achieved with a Mn/Ga ratio smaller than two. Our study shows how composition and substrate-induced biaxial strain can be combined to design a ferrimagnetic half-metal with a compensation point close to room temperature

Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild

Cyber Threat Intelligence (CTI) plays a crucial role in assessing risks and enhancing security for organizations. However, the process of extracting relevant information from unstructured text sources can be expensive and time-consuming. Our empirical experience shows that existing tools for automated structured CTI extraction have performance limitations. Furthermore, the community lacks a common benchmark to quantitatively assess their performance. We fill these gaps providing a new large open benchmark dataset and aCTIon, a structured CTI information extraction tool. The dataset includes 204 real-world publicly available reports and their corresponding structured CTI information in STIX format. Our team curated the dataset involving three independent groups of CTI analysts working over the course of several months. To the best of our knowledge, this dataset is two orders of magnitude larger than previously released open source datasets. We then design aCTIon, leveraging recently introduced large language models (GPT3.5) in the context of two custom information extraction pipelines. We compare our method with 10 solutions presented in previous work, for which we develop our own implementations when open-source implementations were lacking. Our results show that aCTIon outperforms previous work for structured CTI extraction with an improvement of the F1-score from 10%points to 50%points across all tasks

The Road to BOFUSS: The Basic OpenFlow User-space Software Switch

Software switches are pivotal in the Software-Defined Networking (SDN) paradigm, particularly in the early phases of development, deployment and testing. Currently, the most popular one is Open vSwitch (OVS), leveraged in many production-based environments. However, due to its kernel-based nature, OVS is typically complex to modify when additional features or adaptation is required. To this regard, a simpler user-space is key to perform these modifications. In this article, we present a rich overview of BOFUSS, the basic OpenFlow user-space software switch. BOFUSS has been widely used in the research community for diverse reasons, but it lacked a proper reference document. For this purpose, we describe the switch, its history, architecture, uses cases and evaluation, together with a survey of works that leverage this switch. The main goal is to provide a comprehensive overview of the switch and its characteristics. Although the original BOFUSS is not expected to surpass the high performance of OVS, it is a useful complementary artifact that provides some OpenFlow features missing in OVS and it can be easily modified for extended functionality. Moreover, enhancements provided by the BEBA project brought the performance from BOFUSS close to OVS. In any case, this paper sheds light to researchers looking for the trade-offs between performance and customization of BOFUSS.Comment: 24 pages, 7 figures; submitted to Telecommunications Systems journa