23 research outputs found
Deux défis des Réseaux Logiciels : Relayage par le Nom et Vérification des Tables
The Internet changed the lives of network users: not only it affects users' habits, but it is also increasingly being shaped by network users' behavior.Several new services have been introduced during the past decades (i.e. file sharing, video streaming, cloud computing) to meet users' expectation.As a consequence, although the Internet infrastructure provides a good best-effort service to exchange information in a point-to-point fashion, this is not the principal need that todays users request. Current networks necessitate some major architectural changes in order to follow the upcoming requirements, but the experience of the past decades shows that bringing new features to the existing infrastructure may be slow.In this thesis work, we identify two main aspects of the Internet evolution: a âbehavioralâ aspect, which refers to a change occurred in the way users interact with the network, and a âstructuralâ aspect, related to the evolution problem from an architectural point of view.The behavioral perspective states that there is a mismatch between the usage of the network and the actual functions it provides. While network devices implement the simple primitives of sending and receiving generic packets, users are really interested in different primitives, such as retrieving or consuming content. The structural perspective suggests that the problem of the slow evolution of the Internet infrastructure lies in its architectural design, that has been shown to be hardly upgradeable.On the one hand, to encounter the new network usage, the research community proposed the Named-data networking paradigm (NDN), which brings the content-based functionalities to network devices.On the other hand Software-defined networking (SDN) can be adopted to simplify the architectural evolution and shorten the upgrade-time thanks to its centralized software control plane, at the cost of a higher network complexity that can easily introduce some bugs. SDN verification is a novel research direction aiming to check the consistency and safety of network configurations by providing formal or empirical validation.The talk consists of two parts. In the first part, we focus on the behavioral aspect by presenting the design and evaluation of âCaesarâ, a content router that advances the state-of-the-art by implementing content-based functionalities which may coexist with real network environments.In the second part, we target network misconfiguration diagnosis, and we present a framework for the analysis of the network topology and forwarding tables, which can be used to detect the presence of a loop at real-time and in real network environments.Cette thĂšse aborde des problĂšmes liĂ©s Ă deux aspects majeurs de lâĂ©volution dâInternet : lâaspect >, qui correspond aux nouvelles interactions entre les utilisateurs et le rĂ©seau, et lâaspect >, liĂ© aux changements dâInternet dâun point de vue architectural.Le manuscrit est composĂ© dâun chapitre introductif qui donne les grandes lignes de recherche de ce travail de thĂšse, suivi dâun chapitre consacrĂ© Ă la description de lâĂ©tat de lâart sur les deux aspects mentionnĂ©s ci-dessus. Parmi les solutions proposĂ©es par la communautĂ© scientifique pour s'adapter Ă lâĂ©volution dâInternet, deux nouveaux paradigmes rĂ©seaux sont particuliĂšrement dĂ©crits : Information- Centric Networking (ICN) et Software-Defined Networking (SDN).La thĂšse continue avec la proposition de >, un dispositif rĂ©seau, inspirĂ© par ICN, capable de gĂ©rer la distribution de contenus Ă partir de primitives de routage basĂ©es sur le nom des donnĂ©es et non les adresses des serveurs. Caesar est prĂ©sentĂ© dans deux chapitres, qui dĂ©crivent lâarchitecture et deux des principaux modules : le relayage et la gestion de la traçabilitĂ© des requĂȘtes.La suite du manuscrit dĂ©crit un outil mathĂ©matique pour la dĂ©tection efficace de boucles dans un rĂ©seau SDN dâun point de vue thĂ©orique. Les amĂ©liorations de lâalgorithme proposĂ© par rapport Ă lâĂ©tat de lâart sont discutĂ©es.La thĂšse se conclue par un rĂ©sumĂ© des principaux rĂ©sultats obtenus et une prĂ©sentation des travaux en cours et futurs
Forwarding Tables Verification through Representative Header Sets
Forwarding table verification consists in checking the distributed
data-structure resulting from the forwarding tables of a network. A classical
concern is the detection of loops. We study this problem in the context of
software-defined networking (SDN) where forwarding rules can be arbitrary
bitmasks (generalizing prefix matching) and where tables are updated by a
centralized controller. Basic verification problems such as loop detection are
NP-hard and most previous work solves them with heuristics or SAT solvers. We
follow a different approach based on computing a representation of the header
classes, i.e. the sets of headers that match the same rules. This
representation consists in a collection of representative header sets, at least
one for each class, and can be computed centrally in time which is polynomial
in the number of classes. Classical verification tasks can then be trivially
solved by checking each representative header set. In general, the number of
header classes can increase exponentially with header length, but it remains
polynomial in the number of rules in the practical case where rules are
constituted with predefined fields where exact, prefix matching or range
matching is applied in each field (e.g., IP/MAC addresses, TCP/UDP ports). We
propose general techniques that work in polynomial time as long as the number
of classes of headers is polynomial and that do not make specific assumptions
about the structure of the sets associated to rules. The efficiency of our
method rely on the fact that the data-structure representing rules allows
efficient computation of intersection, cardinal and inclusion. Finally, we
propose an algorithm to maintain such representation in presence of updates
(i.e., rule insert/update/removal). We also provide a local distributed
algorithm for checking the absence of black-holes and a proof labeling scheme
for locally checking the absence of loops
Performance Benchmarking of State-of-the-Art Software Switches for NFV
With the ultimate goal of replacing proprietary hardware appliances with
Virtual Network Functions (VNFs) implemented in software, Network Function
Virtualization (NFV) has been gaining popularity in the past few years.
Software switches route traffic between VNFs and physical Network Interface
Cards (NICs). It is of paramount importance to compare the performance of
different switch designs and architectures. In this paper, we propose a
methodology to compare fairly and comprehensively the performance of software
switches. We first explore the design spaces of seven state-of-the-art software
switches and then compare their performance under four representative test
scenarios. Each scenario corresponds to a specific case of routing NFV traffic
between NICs and/or VNFs. In our experiments, we evaluate the throughput and
latency between VNFs in two of the most popular virtualization environments,
namely virtual machines (VMs) and containers. Our experimental results show
that no single software switch prevails in all scenarios. It is, therefore,
crucial to choose the most suitable solution for the given use case. At the
same time, the presented results and analysis provide a deeper insight into the
design tradeoffs and identifies potential performance bottlenecks that could
inspire new designs.Comment: 17 page
Deux défis des réseaux logiciels : relayage par le nom et vérification des tables
Cette thĂšse aborde des problĂšmes liĂ©s Ă deux aspects majeurs de l'Ă©volution d'Internet : l'aspect«comportemental», qui correspond aux nouvelles interactions entre les utilisateurs et le rĂ©seau, et l'aspect «structurel», liĂ© aux changements d'Internet d'un point de vue architectural.Le manuscrit est composĂ© d'un chapitre introductif qui donne les grandes lignes de recherche de ce travail de thĂšse, suivi d'un chapitre consacrĂ© Ă la description de l'Ă©tat de l'art sur les deux aspects mentionnĂ©s ci-dessus. Parmi les solutions proposĂ©es par la communautĂ© scientifique pour s'adapter Ă l'Ă©volution d'Internet, deux nouveaux paradigmes rĂ©seaux sont particuliĂšrement dĂ©crits : Information- Centric Networking (ICN) et Software-Defined Networking (SDN).La thĂšse continue avec la proposition de «Caesar», un dispositif rĂ©seau, inspirĂ© par ICN, capable de gĂ©rer la distribution de contenus Ă partir de primitives de routage basĂ©es sur le nom des donnĂ©es et non les adresses des serveurs. Caesar est prĂ©sentĂ© dans deux chapitres, qui dĂ©crivent l'architecture et deux des principaux modules : le relayage et la gestion de la traçabilitĂ© des requĂȘtes.La suite du manuscrit dĂ©crit un outil mathĂ©matique pour la dĂ©tection efficace de boucles dans un rĂ©seau SDN d'un point de vue thĂ©orique. Les amĂ©liorations de l'algorithme proposĂ© par rapport Ă l'Ă©tat de l'art sont discutĂ©es. â,La thĂšse se conclue par un rĂ©sumĂ© des principaux rĂ©sultats obtenus et une prĂ©sentation des travaux en cours et futurs.This thesis addresses two major aspects of the Internet evolution problem: a behavioral aspect, corresponding to a new type of interactions between users and the network, and a structural aspect, which refers to the evolution problem from an architectural point of view.The manuscript consists of an introductory chapter which outlines the research directions of this thesis, followed by a chapter on the description of the state of the art on the two aforementioned aspects.Among the solutions proposed by the scientific community to adapt to the evolution of the Internet, two new network paradigms are described: Information- Centric Networking (ICN) and Software-Defined Networking (SDN).The thesis continues with the description of "Caesar", a network device, inspired by ICN, capable of managing the distribution of content using forwarding primitives based on the content name and not a server address. Caesar is presented in two chapters describing the architecture of two main modules: theforwarding module, and the pending request management.The second part of the manuscript describes a mathematical tool for the effective loop detection in an SDN network from a theoretical point of view. Some algorithms are proposed and the improvements with respect ta the prior work are discussed.The thesis is concluded with a summary of the main results and a presentation of current and future work
Controlling software router resource sharing by fair packet dropping
International audienc
Fair dropping for multi-resource fairness in software routers Extended Abstract
International audienc
Caesar: A Content Router for High-Speed Forwarding on Content Names
International audienceInternet users are interested in content regardless of its location; however, the current client/server architecture still requires requests to be directed to a specific server. Information-centric networking (ICN) is a recent vein that relaxes this requirement through the use of name-based forwarding, where forwarding decisions are based on content names instead of IP addresses. Despite previous name-based forwarding strategies have been proposed, almost none have actually built a content router. To fill this gap, in this paper we design and prototype a content router called Caesar for high-speed forwarding on content names. Caesar introduces several innovative features, including (i) a longest-prefix matching algorithm based on a novel data structure called prefix Bloom filter; (ii) an incremental design which allows for easy integration with existing protocols and network equipment; (iii) a forwarding scheme where multiple line cards collaborate in a distributed fashion; and (iv) support for offloading packet processing to graphics processing units (GPUs). We build Caesar as an enterprise router, and show that every line card sustains up to 10 Gbps using a forwarding table with more than 10 million content prefixes. Distributed forwarding allows the forwarding table to grow even further, and to scale linearly with the number of line cards at the cost of only a few microseconds in the packet processing latency. GPU offloading, in turn, trades off a few milliseconds of latency for a large speedup in the forwarding rate
High-speed per-flow software monitoring with limited resources
International audienc
Efficient Loop Detection in Forwarding Networks and Representing Atoms in a Field of Sets
The problem of detecting loops in a forwarding network is known to be NP-complete when general rules such as wildcard expressions are used. Yet, network analyzer tools such as Netplumber (Kazemian et al., NSDI'13) or Veriflow (Khurshid et al., NSDI'13) efficiently solve this problem in networks with thousands of forwarding rules. In this paper, we complement such experimental validation of practical heuristics with the first provably efficient algorithm in the context of general rules. Our main tool is a canonical representation of the atoms (i.e. the minimal non-empty sets) of the field of sets generated by a collection of sets. This tool is particularly suited when the intersection of two sets can be efficiently computed and represented. In the case of forwarding networks, each forwarding rule is associated with the set of packet headers it matches. The atoms then correspond to classes of headers with same behavior in the network. We propose an algorithm for atom computation and provide the first polynomial time algorithm for loop detection in terms of number of classes (which can be exponential in general). This contrasts with previous methods that can be exponential, even in simple cases with linear number of classes. Second, we introduce a notion of network dimension captured by the overlapping degree of forwarding rules. The values of this measure appear to be very low in practice and constant overlapping degree ensures polynomial number of header classes. Forwarding loop detection is thus polynomial in forwarding networks with constant overlapping degree
FlowMon-DPDK: Parsimonious Per-Flow Software Monitoring at Line Rate
International audienc