| 1. |
- Chiesa, Marco, 1987-, et al.
(författare)
-
Inter-domain networking innovation on steroids : Empowering IXPs with SDN capabilities
- 2016
-
Ingår i: IEEE Communications Magazine. - : Institute of Electrical and Electronics Engineers (IEEE). - 0163-6804 .- 1558-1896. ; 54:10, s. 102-108
-
Tidskriftsartikel (refereegranskat)abstract
- While innovation in inter-domain routing has remained stagnant for over a decade, Internet exchange points (IXPs) are consolidating their role as economically advantageous interconnection points for reducing path latencies and exchanging ever increasing amounts of traffic. As such, IXPs appear as a natural place to foster network innovation and assess the benefits of SDN, a recent technological trend that has already boosted innovation within data center networks. In this article, we give a comprehensive overview of use cases for SDN at IXPs, which leverage the superior vantage point of an IXP to introduce advanced features like load balancing and DDoS mitigation. We discuss the benefits of SDN solutions by analyzing real-world data from one of the largest IXPs. We also leverage insights into IXP operations to shape benefits not only for members but also for operators.
|
|
| 2. |
- Alowayed, Y., et al.
(författare)
-
Picking a partner : A fair blockchain based scoring protocol for autonomous systems
- 2018
-
Ingår i: ANRW 2018 - Proceedings of the 2018 Applied Networking Research Workshop. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450355858 ; , s. 33-39
-
Konferensbidrag (refereegranskat)abstract
- We tackle the problem of enabling Autonomous Systems to evaluate network providers on the basis of their adherence to Service Level Agreements (SLAs) regarding interconnection agreements. In current Internet practices, choices of interconnection partners are driven by factors such as word of mouth, personal relationships, brand recognition and market intelligence, and not by proofs of previous performance. Given that Internet eXchange Points provide increasingly more peering choices, rudimentary schemes for picking interconnection partners are not adequate anymore. Although the current interconnection ecosystem is shrouded in confidentiality, our key observation is that recently-emerged blockchain technology and advances in cryptography enable a privacy-preserving decentralized solution based on actual performance measurements. We propose the concept of SLA score to evaluate network providers and introduce a privacy-preserving protocol that allows networks to compute and verify SLA scores.
|
|
| 3. |
- Chiesa, Marco, 1987-, et al.
(författare)
-
SIXPACK : Securing internet eXchange points against curious onlookers
- 2017
-
Ingår i: CoNEXT 2017 - Proceedings of the 2017 13th International Conference on emerging Networking EXperiments and Technologies. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450354226 ; , s. 120-133
-
Konferensbidrag (refereegranskat)abstract
- Internet eXchange Points (IXPs) play an ever-growing role in Internet inter-connection. To facilitate the exchange of routes amongst their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's peering policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This poses fundamental questions regarding the privacy guarantees of route-computation on confidential business information. Indeed, as evidenced by interaction with IXP administrators and a survey of network operators, this state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design sixpack1, an RS service that leverages Secure Multi-Party Computation (SMPC) to keep peering policies confidential, while extending, the functionalities of today's RSes. As SMPC is notoriously heavy in terms of communication and computation, our design and implementation of sixpack aims at moving computation outside of the SMPC without compromising the privacy guarantees. We assess the effectiveness and scalability of our system by evaluating a prototype implementation using traces of data from one of the largest IXPs in the world. Our evaluation results indicate that sixpack can scale to support privacy-preserving route-computation, even at IXPs with many hundreds of member networks.
|
|
| 4. |
- Chiesa, Marco, 1987-, et al.
(författare)
-
Towards securing internet eXchange points against curious onlooKers
- 2016
-
Ingår i: ANRW 2016 - Proceedings of the ACM, IRTF and ISOC Applied Networking Research Workshop. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450344432 ; , s. 32-34
-
Konferensbidrag (refereegranskat)abstract
- The growing relevance of Internet eXchange Points (IXPs), where an increasing number of networks exchange routing information, poses fundamental questions regarding the privacy guarantees of confidential business information. To facilitate the exchange of routes among their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's export policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design SIXPACK (which stands for "Securing Internet eXchange Points Against Curious onlooKers"), a RS service that leverages Secure Multi-Party Computation (SMPC) techniques to keep export policies confidential, while maintaining the same functionalities as today's RSes. We assess the effectiveness and scalability of our system by evaluating our prototype implementation and using traces of data from one of the largest IXPs in the world.
|
|
| 5. |
- Marcos, P., et al.
(författare)
-
Dynam-IX : A dynamic interconnection exchange
- 2018
-
Ingår i: SIGCOMM 2018 - Proceedings of the 2018 Posters and Demos, Part of SIGCOMM 2018. - New York, NY, USA : Association for Computing Machinery, Inc. - 9781450359153 ; , s. 12-14
-
Konferensbidrag (refereegranskat)
|
|
| 6. |
- Bogdanov, Kirill, et al.
(författare)
-
Fast and accurate load balancing for geo-distributed storage systems
- 2018
-
Ingår i: SoCC 2018 - Proceedings of the 2018 ACM Symposium on Cloud Computing. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450360111 ; , s. 386-400
-
Konferensbidrag (refereegranskat)abstract
- The increasing density of globally distributed datacenters reduces the network latency between neighboring datacenters and allows replicated services deployed across neighboring locations to share workload when necessary, without violating strict Service Level Objectives (SLOs). We present Kurma, a practical implementation of a fast and accurate load balancer for geo-distributed storage systems. At run-time, Kurma integrates network latency and service time distributions to accurately estimate the rate of SLO violations for requests redirected across geo-distributed datacenters. Using these estimates, Kurma solves a decentralized rate-based performance model enabling fast load balancing (in the order of seconds) while taming global SLO violations. We integrate Kurma with Cassandra, a popular storage system. Using real-world traces along with a geo-distributed deployment across Amazon EC2, we demonstrate Kurma’s ability to effectively share load among datacenters while reducing SLO violations by up to a factor of 3 in high load settings or reducing the cost of running the service by up to 17%.
|
|
| 7. |
- Canini, M., et al.
(författare)
-
A Self-Organizing Distributed and In-Band SDN Control Plane
- 2017
-
Ingår i: Proceedings - International Conference on Distributed Computing Systems. - 9781538617915 ; , s. 2656-2657
-
Konferensbidrag (refereegranskat)abstract
- Adopting distributed control planes is critical towards ensuring high availability and fault-tolerance of dependable Software-Defined Networks (SDNs). However, designing and bootstrapping a distributed SDN control plane is a challenging task, especially if to be done in-band, without a dedicated control network, and without relying on legacy networking protocols. One of the most appealing and powerful notions of fault-tolerance is self-organization and this paper discusses the possibility of selforganizing algorithms for in-band control planes.
|
|
| 8. |
- Canini, M., et al.
(författare)
-
Renaissance: A self-stabilizing distributed SDN control plane
- 2018
-
Ingår i: Proceedings - International Conference on Distributed Computing Systems. ; 2018-July, s. 233-243
-
Konferensbidrag (refereegranskat)abstract
- By introducing programmability, automated verification, and innovative debugging tools, Software-Defined Networks (SDNs) are poised to meet the increasingly stringent dependability requirements of today's communication networks. However, the design of fault-tolerant SDNs remains an open challenge. This paper considers the design of dependable SDNs through the lenses of self-stabilization - a very strong notion of fault-tolerance. In particular, we develop algorithms for an in-band and distributed control plane for SDNs, called Renaissance, which tolerates a wide range of (concurrent) controller, link, and communication failures. Our self-stabilizing algorithms ensure that after the occurrence of an arbitrary combination of failures, (i) every non-faulty SDN controller can eventually reach any switch in the network within a bounded communication delay (in the presence of a bounded number of concurrent failures) and (ii) every switch is managed by at least one non-faulty controller. We evaluate Renaissance through a rigorous worst-case analysis as well as a prototype implementation (based on OVS and Floodlight), and we report on our experiments using Mininet.
|
|
| 9. |
- Canini, M., et al.
(författare)
-
Renaissance: A self-stabilizing distributed SDN control plane using in-band communications
- 2022
-
Ingår i: Journal of Computer and System Sciences. - : Elsevier BV. - 1090-2724 .- 0022-0000. ; 127, s. 91-121
-
Tidskriftsartikel (refereegranskat)abstract
- By introducing programmability, automated verification, and innovative debugging tools, Software-Defined Networks (SDNs) are poised to meet the increasingly stringent dependability requirements of today's communication networks. However, the design of fault-tolerant SDNs remains an open challenge. This paper considers the design of dependable SDNs through the lenses of self-stabilization—a very strong notion of fault-tolerance. In particular, we develop algorithms for an in-band and distributed control plane for SDNs, called Renaissance, which tolerate a wide range of failures. Our self-stabilizing algorithms ensure that after the occurrence of arbitrary failures, (i) every non-faulty SDN controller can reach any switch (or another controller) within a bounded communication delay (in the presence of a bounded number of failures) and (ii) every switch is managed by a controller. We evaluate Renaissance through a rigorous worst-case analysis as well as a prototype implementation (based on OVS and Floodlight, and Mininet).
|
|
| 10. |
- Dethise, A., et al.
(författare)
-
Prelude : Ensuring inter-domain loop-freedom in SDN-enabled networks
- 2018
-
Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : Association for Computing Machinery. - 9781450363952 ; , s. 50-56
-
Konferensbidrag (refereegranskat)abstract
- Software-Defined eXchanges (SDXes) promise to improve the interdomain routing ecosystem through SDN deployment. Yet, the nave deployment of SDN on the Internet raises concerns about the correctness of the interdomain data-plane. By allowing operators to deflect traffic from default BGP routes, SDN policies can create permanent forwarding loops that are not visible to the control-plane. We propose Prelude, a system for detecting SDN-induced forwarding loops between SDXes with high accuracy without leaking private routing information of network operators. To achieve this, we leverage Secure Multi-Party Computation (SMPC) techniques to build a novel and general privacy-preserving primitive that detects whether any subset of SDN rules might affect the same portion of traffic without learning anything about those rules. We then leverage this primitive as the main building block of a distributed system tailored to detect forwarding loops among any set of SDXes. We leverage the particular nature of SDXes to further improve the efficiency of our SMPC solution. The number of valid SDN rules rejected by our solution is 100x lower than previous privacy-preserving solutions, and provides better privacy guarantees. Furthermore, our solution naturally provides network operators with some insights on the cost of the deflected paths.
|
|
| 11. |
- Dethise, A., et al.
(författare)
-
Privacy-preserving detection of inter-domain SDN rules overlaps
- 2017
-
Ingår i: SIGCOMM Posters and Demos 2017 - Proceedings of the 2017 SIGCOMM Posters and Demos, Part of SIGCOMM 201722 August 2017. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450350570 ; , s. 6-8
-
Konferensbidrag (refereegranskat)abstract
- SDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naïve deployment of SDN on the Internet is dangerous as the control-plane expressiveness of BGP is significantly more limited than the data-plane expressiveness of SDN, which allows fine-grained rules to deflect traffic from BGP's default routes. This mismatch may lead to incorrect forwarding behaviors such as forwarding loops and blackholes, ultimately hindering SDN deployment at the inter-domain level. In this work, we make a first step towards verifying the correctness of inter-domain forwarding state with a focus on loop freedom while keeping private the SDN rules, as they comprise confidential routing information. To this end, we design a simple yet powerful primitive that allows two networks to verify whether their SDN rules overlap, i.e., the set of packets matched by these rules is non-empty, without leaking any information about the SDN rules. We propose an efficient implementation of this primitive by using recent advancements in Secure Multi-Party Computation and we then leverage it as the main building block for designing a system that detects Internet-wide forwarding loops among any set of SDN-enabled Internet eXchange Points.
|
|
| 12. |
- Nguyen, T. D., et al.
(författare)
-
Decentralized consistent updates in SDN
- 2017
-
Ingår i: SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research. - New York, NY, USA : Association for Computing Machinery (ACM). ; , s. 21-33
-
Konferensbidrag (refereegranskat)abstract
- We present ez-Segway, a decentralized mechanism to consistently and quickly update the network state while preventing forwarding anomalies (loops and blackholes) and avoiding link congestion. In our design, the centralized SDN controller only pre-computes information needed by the switches during the update execution. This information is distributed to the switches, which use partial knowledge and direct message passing to efficiently realize the update. This separation of concerns has the key benefit of improving update performance as the communication and computation bottlenecks at the controller are removed. Our evaluations via network emulations and large-scale simulations demonstrate the efficiency of ez-Segway, which compared to a centralized approach, improves network update times by up to 45% and 57% at the median and the 99th percentile, respectively. A deployment of a system prototype in a real OpenFlow switch and an implementation in P4 demonstrate the feasibility and low overhead of implementing simple network update functionality within switches.
|
|
| 13. |
- Nguyen, T. D., et al.
(författare)
-
Towards decentralized fast consistent updates
- 2016
-
Ingår i: ANRW 2016 - Proceedings of the ACM, IRTF and ISOC Applied Networking Research Workshop. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450344432 ; , s. 19-25
-
Konferensbidrag (refereegranskat)abstract
- Updating data plane state to adapt to dynamic conditions is a fundamental network control operation. Software-Defined Networking (SDN) offers abstractions for updating network state while preserving consistency properties. However, realizing these abstractions in a purely centralized fashion is inefficient, due to the inherent delays between switches and the SDN controller, we argue for delegating the responsibility of coordinated updates to the switches. To make our case, we propose ez-Segway, a mechanism that enables decentralized network updates while preventing forwarding anomalies and avoiding link congestion. In our architecture, the controller is only responsible for computing the intended network configuration. This information is distributed to the switches, which use partial knowledge and direct message passing to efficiently schedule and implement the update. This separation of concerns has the key benefit of improving update performance as the communication and computation bottlenecks at the controller are removed. Our extensive simulations show update speedups up to 2x.
|
|
