Results 1 - 10
of
50
Real time network policy checking using header space analysis.
- In Proc. 10th USENIX NSDI,
, 2013
"... Abstract Network state may change rapidly in response to customer demands, load conditions or configuration changes. But the network must also ensure correctness conditions such as isolating tenants from each other and from critical services. Existing policy checkers cannot verify compliance in rea ..."
Abstract
-
Cited by 50 (6 self)
- Add to MetaCart
(Show Context)
Abstract Network state may change rapidly in response to customer demands, load conditions or configuration changes. But the network must also ensure correctness conditions such as isolating tenants from each other and from critical services. Existing policy checkers cannot verify compliance in real time because of the need to collect "state" from the entire network and the time it takes to analyze this state. SDNs provide an opportunity in this respect as they provide a logically centralized view from which every proposed change can be checked for compliance with policy. But there remains the need for a fast compliance checker. Our paper introduces a real time policy checking tool called NetPlumber based on HSA
Software-Defined Networking: A Comprehensive Survey
, 2014
"... The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to pre- ..."
Abstract
-
Cited by 20 (3 self)
- Add to MetaCart
The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to pre-defined policies, and to reconfigure it to respond to faults, load and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network’s control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their
A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks
, 2013
"... The idea of programmable networks has recently re-gained considerable momentum due to the emergence of the Software-Defined Networking (SDN) paradigm. SDN, often referred to as a “radical new idea in networking”, promises to dramatically simplify network management and enable in-novation through net ..."
Abstract
-
Cited by 16 (2 self)
- Add to MetaCart
The idea of programmable networks has recently re-gained considerable momentum due to the emergence of the Software-Defined Networking (SDN) paradigm. SDN, often referred to as a “radical new idea in networking”, promises to dramatically simplify network management and enable in-novation through network programmability. This paper surveys the state-of-the-art in programmable networks with an emphasis on SDN. We provide a historic perspective of programmable networks from early ideas to recent developments. Then we present the SDN architecture and the OpenFlow standard in particular, discuss current alternatives for implementation and testing of SDN-based protocols and services, examine current and future SDN applications, and explore promising research directions based on the SDN paradigm.
Network Innovation using OpenFlow: A Survey
- IEEE COMMUNICATIONS SURVEYS & TUTORIALS, ACCEPTED FOR PUBLICATION
, 2013
"... OpenFlow is currently the most commonly deployed ..."
HotSwap: Correct and Efficient Controller Upgrades for Software-Defined Networks
"... Like any complex software, SDN programs must be updated periodically, whether to migrate to a new controller platform, repair bugs, or address performance issues. Nowadays, SDN operators typically perform such upgrades by stopping the old controller and starting the new one—an approach that wipes ou ..."
Abstract
-
Cited by 7 (2 self)
- Add to MetaCart
(Show Context)
Like any complex software, SDN programs must be updated periodically, whether to migrate to a new controller platform, repair bugs, or address performance issues. Nowadays, SDN operators typically perform such upgrades by stopping the old controller and starting the new one—an approach that wipes out all installed flow table entries and causes substantial disruption including losing packets, increasing latency, and even compromising correctness. This paper presents HOTSWAP, a system for upgrading SDN controllers in a disruption-free and correct manner. HOTSWAP is a hypervisor (sitting between the switches and the controller) that maintains a history of network events. To upgrade from an old controller to a new one, HOTSWAP bootstraps the new controller (by replaying the history) and monitors its output (to determine which parts of the network state may be reused with the new controller). To ensure good performance, HOTSWAP filters the history using queries specified by programmers. We describe our design and preliminary implementation of HOTSWAP, and present experimental results demonstrating its effectiveness for managing upgrades to third-party controller programs.
PolicyCop: An Autonomic QoS Policy Enforcement Framework for Software Defined Networks
"... Abstract—Network management is becoming increas-ingly challenging with the relentless growth in network size, traffic volume, and the diversity in QoS requirements. Traditionally, the concept of predefined Service Level Agreements (SLAs) has been utilized to establish QoS parameters. However, state- ..."
Abstract
-
Cited by 7 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Network management is becoming increas-ingly challenging with the relentless growth in network size, traffic volume, and the diversity in QoS requirements. Traditionally, the concept of predefined Service Level Agreements (SLAs) has been utilized to establish QoS parameters. However, state-of-the-art technologies in this area are both proprietary and inflexible. To this end, Software Defined Networking (SDN) has the potential to make network management tasks flexible and scalable, and to provide an open platform to encourage innovation. In this paper, we present PolicyCop – an open, flexible, and vendor agnostic QoS policy management framework targeted towards OpenFlow based SDN. PolicyCop pro-vides an interface for specifying QoS-based SLAs and enforces them using the OpenFlow API. It monitors the network and autonomically readjusts network parameters to satisfy customer SLAs. We present experimental re-sults to demonstrate PolicyCop’s effectiveness in ensuring throughput, latency, and reliability guarantees. I.
Demystifying the Dark Side of the Middle: A Field Study of Middlebox Failures in Datacenters
"... Network appliances or middleboxes such as firewalls, intru-sion detection and prevention systems (IDPS), load bal-ancers, and VPNs form an integral part of datacenters and enterprise networks. Realizing their importance and short-comings, the research community has proposed software im-plementations ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
(Show Context)
Network appliances or middleboxes such as firewalls, intru-sion detection and prevention systems (IDPS), load bal-ancers, and VPNs form an integral part of datacenters and enterprise networks. Realizing their importance and short-comings, the research community has proposed software im-plementations, policy-aware switching, consolidation appli-ances, moving middlebox processing to VMs, end hosts, and even offloading it to the cloud. While such efforts can use middlebox failure characteristics to improve their reliability, management, and cost-effectiveness, little has been reported on these failures in the field. In this paper, we make one of the first attempts to perform a large-scale empirical study of middlebox failures over two years in a service provider network comprising thousands of middleboxes across tens of datacenters. We find that mid-dlebox failures are prevalent and they can significantly im-pact hosted services. Several of our findings differ in key as-pects from commonly held views: (1) Most failures are grey dominated by connectivity errors and link flaps that exhibit intermittent connectivity, (2) Hardware faults and overload problems are present but they are not in majority, (3) Mid-dleboxes experience a variety of misconfigurations such as incorrect rules, VLAN misallocation and mismatched keys, and (4) Middlebox failover is ineffective in about 33 % of the cases for load balancers and firewalls due to configuration bugs, faulty failovers and software version mismatch. Fi-nally, we analyze current middlebox proposals based on our study and discuss directions for future research.
Diagnosing Missing Events in Distributed Systems with Negative Provenance
"... When debugging a distributed system, it is sometimes necessary to explain the absence of an event – for instance, why a certain route is not available, or why a certain packet did not arrive. Existing debuggers offer some support for explaining the presence of events, usually by providing the equiva ..."
Abstract
-
Cited by 6 (4 self)
- Add to MetaCart
(Show Context)
When debugging a distributed system, it is sometimes necessary to explain the absence of an event – for instance, why a certain route is not available, or why a certain packet did not arrive. Existing debuggers offer some support for explaining the presence of events, usually by providing the equivalent of a backtrace in conventional debuggers, but they are not very good at answering “Why not?” questions: there is simply no starting point for a possible backtrace. In this paper, we show that the concept of negative provenance can be used to explain the absence of events in distributed systems. Negative provenance relies on counterfactual reasoning to identify the conditions under which the missing event could have occurred. We define a formal model of negative provenance for distributed systems, and we present the design of a system called Y! that tracks both positive and negative provenance and can use them to answer diagnostic queries. We describe how we have used Y! to debug several realistic problems in two application domains: software-defined networks and BGP interdomain routing. Results from our experimental evaluation show that the overhead of Y! is moderate.
The NEBULA Future Internet Architecture
"... The NEBULA Future Internet Architecture (FIA) project is focused on a future network that enables the vision of cloud computing [8,12] to be realized. With computation and storage moving to data centers, networking to these data centers must be several orders of magnitude more resilient for some app ..."
Abstract
-
Cited by 5 (1 self)
- Add to MetaCart
(Show Context)
The NEBULA Future Internet Architecture (FIA) project is focused on a future network that enables the vision of cloud computing [8,12] to be realized. With computation and storage moving to data centers, networking to these data centers must be several orders of magnitude more resilient for some applications to
Virtual Network Diagnosis as a Service
"... Today’s cloud network platforms allow tenants to construct sophisticated virtual network topologies among their VMs on a shared physical network infrastructure. However, these platforms provide little support for tenants to diagnose problems in their virtual networks. Network virtualization hides th ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
Today’s cloud network platforms allow tenants to construct sophisticated virtual network topologies among their VMs on a shared physical network infrastructure. However, these platforms provide little support for tenants to diagnose problems in their virtual networks. Network virtualization hides the underlying infrastructure from tenants as well as prevents deploying existing network diagnosis tools. This paper makes a case for providing virtual network diagnosis as a service in the cloud. We identify a set of technical challenges in providing such a service and propose a Virtual Network configuration and query interfaces for cloud tenants to troubleshoot their virtual networks. It controls software switches to collect flow traces, distributes traces storage, and executes distributed queries for different tenants for network diagnosis. It reduces the data collection and processing overhead by performing local flow capture and on-demand query execution. Our experiments validate VND’s functionality and shows its feasibility in terms of quick service response and acceptable overhead; our simulation proves the VND architecture scales to the size of a real data center network. 1
