The development of programmable switches such as the Intel Tofino has allowed network designers to implement a wide range of new in-network applications and network control logic. However, current switch programming l...
详细信息
ISBN:
(纸本)9783031248405;9783031248412
The development of programmable switches such as the Intel Tofino has allowed network designers to implement a wide range of new in-network applications and network control logic. However, current switch programming languages, like P4, operate at a very low level of abstraction. This paper introduces SwitchLog, a new experimental logic programming language designed to lift the level of abstraction at which network programmers operate, while remaining amenable to efficient implementation on programmable switches. SwitchLog is inspired by previous distributed logic programming languages such as NDLog, in which programmers declare a series of facts, each located at a particular switch in the network. Logic programming rules that operate on facts at different locations implicitly generate network communication, and are updated incrementally, as packets pass through a switch. In order to ensure these updates can be implemented efficiently on switch hardware, SwitchLog imposes several restrictions on the way programmers can craft their rules. We demonstrate that SwitchLog can be used to express a variety of networking applications in a mere handful of lines of code.
Software-defined networking (SDN) has notably improved networks by providing Machine Learning-Powered programming capabilities at the control plane (CP), making it easier to dynamically manage the network resources ac...
详细信息
ISBN:
(纸本)9798350310900
Software-defined networking (SDN) has notably improved networks by providing Machine Learning-Powered programming capabilities at the control plane (CP), making it easier to dynamically manage the network resources according to varying traffic conditions. However, the geographically remote location of the CP from the dataplane (DP) leads to significant round-trip delays in the order of milliseconds, which can adversely impact the performance of delay-sensitive and real-time traffic. To address this issue, this paper proposes a novel innetwork reinforcement learning (RL) inference framework that extends programming capability from the CP to the DP for fine-grained control of network resources to meet the Quality of Service (QoS) demands of real-time applications. The in-network RL inference is achieved by adopting a match-action table mapping strategy in the DP and validating it through programming protocol-independent packet processors (P4). A P4 meter extern is utilized to allocate bandwidth to individual traffic flows based on their QoS requirements. Our proposed strategy achieves in-network RL inference at the line rate with negligible processing overhead while reducing packet loss rate and jitter by up to 92% and 57%, respectively, compared to the CPbased approach. Additionally, we evaluate the performance of our proposed bandwidth allocation framework using a state-of-theart deep-deterministic policy gradient (DDPG)-based RL agent with a heuristic priority experience replay (hPER) technique. Our proposed DDPG agent achieves a faster convergence rate, higher reward, superior training stability, and up to 56% reduction in operational cost compared to two alternative agents.
We currently see a shift from fixed-function network devices with limited configurability towards network devices with a fully programmable processing pipeline. A prominent example of this development is P4 that provi...
详细信息
ISBN:
(纸本)9783948377021
We currently see a shift from fixed-function network devices with limited configurability towards network devices with a fully programmable processing pipeline. A prominent example of this development is P4 that provides a language and reference architecture model to design and program network devices. The core element of this reference model is the programmable match-action table that defines the processing steps for the network packets. In this paper, we demonstrate that these tables, which we use to create our own modeling framework, are the key driver of device performance. P4-programmable devices come in a wide variety regarding their underlying hardware architecture, such as CPU-based systems or ASICs, as representatives of both ends of the spectrum. CPU-based P4 target platforms offer limited performance but are easily extensible. ASIC P4 targets have dedicated P4 processing pipelines with limited programmability but offer highly optimized performance. To reflect these fundamental differences, our modeling framework incorporates different approaches to accurately model and predict the performance of P4-enabled devices.
Emerging distributed applications, such as big data analytics, generate a large number of flows t hat concurrently transport data across data center networks. To improve their performance, it is required to account fo...
详细信息
ISBN:
(纸本)9781665405225
Emerging distributed applications, such as big data analytics, generate a large number of flows t hat concurrently transport data across data center networks. To improve their performance, it is required to account for the behavior of such a collection of flows, i.e., c oflows, ra ther th an in dividual ones. State-of-the-art solutions achieve near-optimal completion time by continuously reordering unfinished c oflows at th e end-host and using network priorities. This paper shows that dynamically changing flow priorities at the end-host, without considering in-flight p ackets, c an cause high degrees of packet reordering, thus imposing pressure on the congestion control and potentially harming network performance in the presence of switches with shallow buffers. We present pCoflow, a n ew s olution t hat i ntegrates e nd-host b ased coflow ordering with in-network scheduling based on packet history. Our evaluation shows that pCoflow improves in coflow completion time upon state-of-the-art solutions by up to 34% for varying loads.
Network operators are facing great challenges in terms of cost and complexity in order to incorporate new communication technologies (e.g., 4G, 5G, fiber) and to keep up with increasing demands of new network services...
详细信息
Network operators are facing great challenges in terms of cost and complexity in order to incorporate new communication technologies (e.g., 4G, 5G, fiber) and to keep up with increasing demands of new network services to address emerging use cases. Softwarizing the network operations using SoftwareDefined Networking (SDN) and Network Function Virtualization (NFV) paradigms can simplify control and management of networks and provide network services in a cost effective way. SDN decouples control and data traffic processing in the network and centralizes the control traffic processing to simplify the network management, but may face scalability issues due to the same reasons. NFV decouples hardware and software of network appliances for cost effective operations of network services, but faces performance degradation issues due to data traffic processing in software. In order to address scalability and performance issues in SDN/NFV, we propose in the first part of the thesis, a modular network control and management architecture, in which the SDN controller delegates part of its responsibilities to specific network functions instantiated in network devices at strategic locations in the infrastructure. We have chosen to focus on a modern application using an IP multicast service for live video streaming applications (e.g., Facebook Live or Periscope) that illustrates well the SDN scalability problems. Our solution exploits benefits of the NFV paradigm to address the scalability issue of centralized SDN control plane by offloading processing of multicast service specific control traffic to Multicast Network Functions (MNFs) implemented in software and executed in NFV environment at the edge of the network. Our approach provides smart, flexible and scalable group management and leverages centralized control of SDN for Lazy Load Balance Multicast (L2BM) traffic engineering policy in software defined ISP networks. Evaluation of this approach is tricky, as real world SDN tes
According to a 2019 Radware report, guarding sensitive data is the highest priority area for investment in cyber security. This is no surprise given the high number of reported data breach incidents annually, and the ...
详细信息
According to a 2019 Radware report, guarding sensitive data is the highest priority area for investment in cyber security. This is no surprise given the high number of reported data breach incidents annually, and the implication of these on the individuals or organisations targeted. data exfiltration is a key stage in this form of cyber-attack, and the use of the Domain Name System protocol for data exfiltration is popular due to the essential nature of the protocol for network communication. This paper presents a DNS data exfiltration Protection (DNSxP) security architecture leveraging Software-Defined Networking and dataplane Programmability. The solution is developed based on analysis of different malicious use cases for transmitting data over the DNS protocol. By performing coarse-grained packet filtering and analysis in the dataplane, clear benign or malicious traffic can be identified quickly, while suspicious traffic is passed to additional security controls at the SDN controller for classification. As the results demonstrate, this approach offers the combined benefit of reducing data loss during an exfiltration attack and reducing network resource consumption.
Industrial networks are introducing Internet of Things (IoT) technologies in their manufacturing processes in order to enhance existing methods and obtain smarter, greener and more effective processes. Global predicti...
详细信息
Industrial networks are introducing Internet of Things (IoT) technologies in their manufacturing processes in order to enhance existing methods and obtain smarter, greener and more effective processes. Global predictions forecast a massive widespread of IoT technology in industrial sectors in the near future. However, these innovations face several challenges, such as achieving short response times in case of time-critical applications. Concepts like in-network computing or edge computing can provide adequate communication quality for these industrial environments, and data plane programming has been proved as a useful mechanism for their implementation. Specifically, P4 language is used for the definition of the behavior of programmable switches and network elements. This paper presents a solution for industrial IoT (IIoT) network communications to reduce response times using in-network computing through data plane programming and P4. Our solution processes Message Queuing Telemetry Transport (MQTT) packets sent by a sensor in the dataplane and generates an alarm in case of exceeding a threshold in the measured value. The implementation has been tested in an experimental facility, using a Netronome SmartNIC as a P4 programmable network device. Response times are reduced by 74% while processing, and delay introduced by the P4 network processing is insignificant.
暂无评论