Figure 1 - uploaded by Aggelos Lazaris
Content may be subject to copyright.
Source publication
A major benefit of software-defined networking (SDN) over traditional networking is simpler and easier control of network devices. The diversity of SDN switch implementation properties, which include both diverse switch hardware capabilities and diverse controlplane software behaviors, however, can make it difficult to understand and/or to control...
Contexts in source publication
Context 1
... refer to these three vendors as Vendor #1, Vendor #2, and Vendor #3; their switches as Switch #1, Switch #2, and Switch #3 respectively. Figure 1 illustrates the architecture of an OpenFlow enabled hardware switch. It usually includes three key components: Communication Layer: This layer is responsible for the communication between the switch and remote controllers. ...
Context 2
... assume explicitly specifies priorities for their rules, Tango can optimize the rules with priority pattern (called Priority sorting). Figure 10 shows the results of LF, TE1, and TE2 scenarios. By applying only a rule-type optimal pattern, Tango gets 0% 3 , 20%, and 26% improvement compared to Dionysus, respectively. ...
Context 3
... addition, by applying both rule-type pattern optimization and priority pattern optimization, Tango could further reduce the flow installation time by 70%, 33% and 28%, respectively. Figure 11 explores two settings about priorities: The first is priority sorting as described above. The second is priority enforcement. ...
Context 4
... the TE case, we implement a traffic matrix change in the B4 topology that triggers a sequence of rule additions, modifications, and deletions, based on the max-min fair allocation algorithm used in [5]. The results are shown in Figure 12. We observe 8% flow installation improvement compared with Dionysus results, for a total of 2200 end-to-end flow requests. ...
Similar publications
The Northbound (NB) APIs that SDN controllers provide differ in terms of architecture, syntax, naming convention, data resources, and usage. Using NB APIs to write SDN applications makes each application dependent on the API of a specific controller. To bring NB APIs from different vendors under one umbrella and make programming of SDN applications...
Citations
... On the one hand, some works have studied the mismatch between the control and data plane states of a device [16], [18], [20]- [23], [25]- [28]. As an interesting finding, authors in [16] have shown that inserting a new OpenFlow rule into the flow table of a carrier-grade OpenFlow hardware switch can take a significant amount of time (can be over a second). ...
To provide the predictability required by emerging applications, operators typically rely on policing and/or shaping at the edge to ensure that tenants do not use excess bandwidth that was not accounted for. One of the promises of 6G is to deploy applications with strict predictability requirements across subnets and even over the Internet, where policing cannot be implemented in the end hosts. This paper presents an empirical study of the ability of modern programmable network devices to implement predictable traffic policing in the network. We find out that none of the five investigated hardware switches can provide accurate traffic policing, a key requirement for providing predictable service to applications. We observe that the switches let applications send more than what they should be allowed to, reaching up to 60% and 100% relative error for the rate and burst parameters. We further uncover the fact that switches cannot police arbitrarily low bursts, e.g., not less than 13 kilobit for one of our switches. We investigate how such limitations impact the performance of state-of-the-art solutions for predictable latency such as Chameleon. We observe that, for ensuring its predictable guarantees, Chameleon rejects around 50% of the tenants it could accommodate if switches were perfect, hence decreasing by the same ratio the revenue for the operator. Based on these observations, we discuss solutions toward more accurate and predictable policing in wide-area networks.
... Fourth, to synchronize the rule table states among switches and between the controller and the switch data plane, an SDN controller needs to coordinate [18], [39], [40], schedule [41], [42], and compress the updates [41]. Also, during an update, which can last for hundreds of milliseconds, some commercial switches (e.g., HP-5406zl and Pica8-3290) [43] are found to stop receiving further updates [44]. ...
... In this work (a shorter version of which was presented in [26], and [39]), similar to the work in [19] and [21], we focus on the problem of traffic measurement in SDN using TCAM-based counters since it provides immediate deployability in commercial hardware switches. In addition, our previous work in [47] provided a unified framework for overcoming the challenges that switch diversity imposes to network management (including traffic measurement) that can introduce significant delays to the control or data plane and prevent the controller from being able to query the hardware switches for traffic counters. On the other hand, a) hash-based counters are not currently supported in commercial hardware switches, b) they require complex switch hardware upgrades (e.g. ...
Providing fine-grained traffic measurement is crucial for many network management and optimization tasks such as traffic engineering, anomaly detection, load balancing, power management, and traffic matrix estimation. Software-defined networks can potentially enable fine-grained measurement by providing statistics for each forwarding rule. However, the TCAMs that are used for rule matching and statistics generation have limited size due to their high cost and power consumption. This allows only a fraction of the flows to be monitored. In this paper, we present DeepFlow, a framework for scalable software-defined measurement that relies on an efficient mechanism that a) adaptively detects the most active source and destination IP prefixes, b) collects fine-grained measurements for the most active prefixes and coarse grained for the less active ones, and c) uses historical measurements in order to train a Long Short-Term Memory (LSTM) model that can be used to provide short-term predictions whenever exact flow counters cannot be placed at a switch due to its limited resources. Thus the number of fine-grained flows measured can increase significantly without the need to use other flow sampling solutions that suffer from low accuracy. An extensive experimental evaluation study using real network traces shows that DeepFlow outperforms the baselines in terms of the total number of flows measured.
... Several studies have been done based on P4 which are integrated into other technologies and not directly related to SBIs. For example, Tango (Lazaris et al., 2014) is a control system to optimize the SDN controller for switch diversity. Similarly, Dasu et al. (2017) proposed the addition of geotags to IP packets to provide location-based services and enhance the capabilities of communication. ...
Software Defined Network implementation has seen tremendous growth and deployment in different types of networks. Compared to traditional networks it decouples the control logic from network layer devices and centralizes it for efficient traffic forwarding and flow management across the domain. This multi-layered architecture has data forwarding devices at the bottom in the data plane, which is programmed by controllers in the control plane. The high-level management plane interacts with the control plane to program the whole network and enforce different policies. The interaction among these planes is done through interfaces that work as communication/programming protocols. In this survey, we present a comprehensive study of these interface and programming protocols, which are primarily classified into southbound, northbound, and east/westbound interfaces. This work first classifies each of them into subcategories and then presents a comprehensive comparative analysis. As the different interfaces have different properties, hence, the sub-classification and their analysis are done using different properties. In addition, we also discuss the impact of different virtualization techniques, such as hypervisors, on interface protocols and inter-plane communication. More over specialized interfaces for emerging technologies such as the Internet of Things and wireless sensor networks are also presented. Finally, the paper highlights several short term and long term research challenges and open issues specific to the SDN interface protocols.
... They have determined the performance of the SDN switch under the FPGA platform. Lazaris et al. [9] showed the effect of processing time on a high packet arrival rate. They demonstrated that the ability of the SDN switch negatively extends the service time of the switch, which likewise influences the execution of the control plane. ...
The back-haul networks of 5G are formed by heterogeneous links which need to handle massive traffic. The service providers are not able to provide good QoS for their users. The technology like Software Defined Networks(SDN) and Network Slicing helps a little for a service provider to providing QoS for multiple links. The service providers face a challenge in the efficient utilization of resources to fulfill the QoS requirement of users to comply with the growth and thereby increasing the revenue. These problems require an accurate traffic model to determine the steady-state of the system. The proposed model uses an architecture that has the combination of two technologies: SDN and network slicing, which empowers an administrator a flexible, programmable network, and the best management of network resources. Heterogeneous application is well managed by creating multiple logical networks called slicing. The slicing can be modeled using multi-class queuing networks. These technologies encourage service providers to fulfill QoS and revenue growth. To leverage the benefits of these technologies in allocating QoS is to identify the performance of the system, which requires a precise model of traffic to decide the steady-state condition of the framework. In this paper, we focus on SDN and slicing in mobile networks and quantify the performance measure considering an in-band OpenFlow architecture for a single node and homogeneous traffic class, which is further extended to the multi-class heterogeneous class queuing model and analyzed. The results obtained help a service provider to monitor the utilization of resources in every node by every class of core network, which in turn helps to allocate the resources precisely to fulfill QoS requirements. INDEX TERMS Mobile networks, network modeling, network slicing, software defined network, traffic flow analysis.
... Our work builds on a rich literature on network measurements and modeling. Both the control plane [22,36,38,53] and data plane [7,13,15,24,28] performance of programmable switches have been investigated. Whereas these studies are consistent with our analysis of carrier-grade switches in §2.3, the prior work does not consider low-cost devices. ...
A predictable network performance is mission critical for many applications and yet hard to provide due to difficulties in modeling the behavior of the increasingly complex network equipment. This paper studies the problem of providing deterministic latency guarantees in small networks based on low-capacity hardware (e.g., in-cabin and industrial networks): such networks are of increasing importance, need to meet stringent performance requirements, but have hardly been explored so far. Our main contribution is the design, implementation, and evaluation of Loko, a system which provides predictable latency guarantees in programmable networks using low-cost hardware. Loko relies on a novel measurement-based methodology and uses deterministic network calculus to derive a reliable performance model of a given switch. To this end, we also show that state-of-the-art models in the literature like QJump and Silo fall short to model the behavior of such switches, due to incorrect architectural and performance assumptions. As a case study, we implement Loko for the Zodiac FX switch. Our experiments are encouraging: we find that the derived models are indeed accurate, allowing Loko to provide deterministic end-to-end guarantees with low-cost programmable devices.
... First, SDN-enabled hardware switches contain simple CPUs, which restrict their capabilities for parsing and processing packets [10,46]. Second, SDN-enabled hardware switches have a small flow table space that can only accommodate from hundreds to a few thousand flow rules [10,20,26]. For example, a widely used SDN-enabled hardware switch like Pica8 can only support 8192 flow entries [1]. ...
Software-Defined Networking (SDN) is a novel network approach that has revolutionised existent network architectures by decoupling the control plane from the data plane. Researchers have shown that SDN networks are highly vulnerable to security attacks. For instance, adversaries can tamper with the controller's network topology view to hijack the hosts' location or create fake inter-switch links. These attacks can be launched for various purposes, ranging from impersonating hosts to bypassing middleboxes or intercepting network traffic. Several countermeasures have been proposed to mitigate topology attacks but to date there has been no comprehensive analysis of the level of security they offer. A critical analysis is thus an important step towards better understanding the possible limitations of the existing solutions and building stronger defences against topology attacks.
In this paper, we evaluate the actual security of the existing mechanisms for network topology discovery in SDN. Our analysis reveals 6 vulnerabilities in the state-of-the-art countermeasures against topology attacks: TopoGuard,</> <>TopoGuard+,</>SPV</> and SecureBinder.</> We show that these vulnerabilities can be exploited in practice to manipulate the network topology view at the controller. Furthermore, we present 2 novel topology attacks, called Topology Freezing</> and Reverse Loop,</> that exploit vulnerabilities in the widely used Floodlight controller. We responsibly disclosed these vulnerabilities to Floodlight. While we show that it is difficult to fully eradicate these attacks, we propose fixes to mitigate them. In response to our findings, we conclude the paper by detailing practical ways of further improving the existing countermeasures.
... Loko [19] also focuses on predictability but derives a completely new model for a low-cost switch for which the state-of-the-art models investigated here are not valid [4]- [7]. Software implementations have also been investigated [26], [34]- [37]. However, as suggested by these works, our measurements confirm that software processing using OS-based CPUs is not a viable solution for predictable performance. ...
... The traditional approach to update consistency [35], on which most other update mechanisms [12,14,16,20,29,33] build, is atomic in nature -packets either traverse the old path or the new path, but never both. Some improvements in this vein focus on reducing overheads [16,31,36] or congestion [12,20]; others focus on finding better update orderings [8,14,17,19,23,24,33]. Despite these improvements, enforcing atomicity places a fundamental limit on the speed with which the network can be updated by forcing packets (or flows) to wait until the new path is completely updated before it can be used. ...
Though centrally managed by a controller, a software-defined network (SDN) can still encounter routing inconsistencies among its switches due to the non-atomic updates to their forwarding tables. In this paper, we propose a new method to rectify these inconsistencies that is inspired by causal consistency, a consistency model for shared-memory systems. Applied to SDNs, causal consistency would imply that once a packet is matched to ("reads") a forwarding rule in a switch, it can be matched in downstream switches only to rules that are equally or more up-to-date. We propose and analyze a relaxed but functionally equivalent version of this property called suffix causal consistency (SCC) and evaluate an implementation of SCC in Open vSwitch and P4 switches, in conjunction with the Ryu and P4Runtime controllers. Our results show that SCC provides greater efficiency than competing consistent-update alternatives while offering consistency that is strong enough to ensure high-level routing properties (black-hole freedom, bounded looping, etc.).
... Related Work Past work on giving QoS ensures utilizing Open-Flow can be divided into three classifications. To start with, studies about conveying dynamic QoS in an SDN domain [20][21] [22]. Second, ponders on switch assorted variety [23] [24] [25] [26].Third, look into on ...
Software Defined Networking (SDN) is a rising technique to deal with replace patrimony network
(coupled hardware and software program) control and administration by separating the control plane
(software program) from the information plane (hardware). It gives adaptability to the engineers by influencing
the focal control to plane straightforwardly programmable. Some new difficulties, for example, single purpose
of disappointment, may be experienced because of the original control plane. SDN concentrated on flexibility
where the security of the system was not essentially considered. It promises to give a potential method to
present Quality of Service (QoS) ideas in the present correspondence networks. SDN automatically changes
the behavior and functionality of system devices utilizing a single state program. Its immediate OpenFlow is
planned by these properties. The affirmation of Quality of Service (QoS) thoughts winds up possible in a
versatile and dynamic path with SDN. It gives a couple of favorable circumstances including, organization and
framework versatility, improved exercises and tip-top performances.
