-
Peregrine: ML-based Malicious Traffic Detection for Terabit Networks
Authors:
João Romeiras Amado,
Francisco Pereira,
David Pissarra,
Salvatore Signorello,
Miguel Correia,
Fernando M. V. Ramos
Abstract:
Malicious traffic detectors leveraging machine learning (ML), namely those incorporating deep learning techniques, exhibit impressive detection capabilities across multiple attacks. However, their effectiveness becomes compromised when deployed in networks handling Terabit-speed traffic. In practice, these systems require substantial traffic sampling to reconcile the high data plane packet rates w…
▽ More
Malicious traffic detectors leveraging machine learning (ML), namely those incorporating deep learning techniques, exhibit impressive detection capabilities across multiple attacks. However, their effectiveness becomes compromised when deployed in networks handling Terabit-speed traffic. In practice, these systems require substantial traffic sampling to reconcile the high data plane packet rates with the comparatively slower processing speeds of ML detection. As sampling significantly reduces traffic observability, it fundamentally undermines their detection capability.
We present Peregrine, an ML-based malicious traffic detector for Terabit networks. The key idea is to run the detection process partially in the network data plane. Specifically, we offload the detector's ML feature computation to a commodity switch. The Peregrine switch processes a diversity of features per-packet, at Tbps line rates - three orders of magnitude higher than the fastest detector - to feed the ML-based component in the control plane. Our offloading approach presents a distinct advantage. While, in practice, current systems sample raw traffic, in Peregrine sampling occurs after feature computation. This essential trait enables computing features over all traffic, significantly enhancing detection performance. The Peregrine detector is not only effective for Terabit networks, but it is also energy- and cost-efficient. Further, by shifting a compute-heavy component to the switch, it saves precious CPU cycles and improves detection throughput.
△ Less
Submitted 27 March, 2024;
originally announced March 2024.
-
Automatic Parallelization of Software Network Functions
Authors:
Francisco Pereira,
Fernando M. V. Ramos,
Luis Pedrosa
Abstract:
Software network functions (NFs) trade-off flexibility and ease of deployment for an increased challenge of performance. The traditional way to increase NF performance is by distributing traffic to multiple CPU cores, but this poses a significant challenge: how to parallelize an NF without breaking its semantics? We propose Maestro, a tool that analyzes a sequential implementation of an NF and aut…
▽ More
Software network functions (NFs) trade-off flexibility and ease of deployment for an increased challenge of performance. The traditional way to increase NF performance is by distributing traffic to multiple CPU cores, but this poses a significant challenge: how to parallelize an NF without breaking its semantics? We propose Maestro, a tool that analyzes a sequential implementation of an NF and automatically generates an enhanced parallel version that carefully configures the NIC's Receive Side Scaling mechanism to distribute traffic across cores, while preserving semantics. When possible, Maestro orchestrates a shared-nothing architecture, with each core operating independently without shared memory coordination, maximizing performance. Otherwise, Maestro choreographs a fine-grained read-write locking mechanism that optimizes operation for typical Internet traffic. We parallelized 8 software NFs and show that they generally scale-up linearly until bottlenecked by PCIe when using small packets or by 100Gbps line-rate with typical Internet traffic. Maestro further outperforms modern hardware-based transactional memory mechanisms, even for challenging parallel-unfriendly workloads.
△ Less
Submitted 13 October, 2023; v1 submitted 27 July, 2023;
originally announced July 2023.
-
Random Linear Network Coding on Programmable Switches
Authors:
Diogo Gonçalves,
Salvatore Signorello,
Fernando M. V. Ramos,
Muriel Médard
Abstract:
By extending the traditional store-and-forward mechanism, network coding has the capability to improve a network's throughput, robustness, and security. Given the fundamentally different packet processing required by this new paradigm and the inflexibility of hardware, existing solutions are based on software. As a result, they have limited performance and scalability, creating a barrier to its wi…
▽ More
By extending the traditional store-and-forward mechanism, network coding has the capability to improve a network's throughput, robustness, and security. Given the fundamentally different packet processing required by this new paradigm and the inflexibility of hardware, existing solutions are based on software. As a result, they have limited performance and scalability, creating a barrier to its wide-spread adoption. By leveraging the recent advances in programmable networking hardware, in this paper we propose a random linear network coding data plane written in P4, as a first step towards a production-level platform. Our solution includes the ability to combine the payload of multiple packets and of executing the required Galois field operations, and shows promise to be practical even under the strict memory and processing constraints of switching hardware.
△ Less
Submitted 5 September, 2019;
originally announced September 2019.
-
Rama: Controller Fault Tolerance in Software-Defined Networking Made Practical
Authors:
André Mantas,
Fernando M. V. Ramos
Abstract:
In Software-Defined Networking (SDN), network applications use the logically centralized network view provided by the controller to remotely orchestrate the network switches. To avoid the controller being a single point of failure, traditional fault-tolerance techniques are employed to guarantee availability, a fundamental requirement in production environments. Unfortunately, these techniques fal…
▽ More
In Software-Defined Networking (SDN), network applications use the logically centralized network view provided by the controller to remotely orchestrate the network switches. To avoid the controller being a single point of failure, traditional fault-tolerance techniques are employed to guarantee availability, a fundamental requirement in production environments. Unfortunately, these techniques fall short of ensuring correct network behaviour under controller failures. The problem of these techniques is that they deal with only part of the problem: guaranteeing that application and controller state remains consistent between replicas. However, in an SDN the switches maintain hard state that must also be handled consistently. Fault-tolerant SDN must therefore include switch state into the problem. A recently proposed fault-tolerant controller platform, Ravana, solves this problem by extending fault-tolerant SDN control with mechanisms that guarantee control messages to be processed transactionally and exactly once, at both the controllers and the switches. These guarantees are given even in the face of controller and switch crashes. The elegance of this solution comes at a cost. Ravana requires switches to be modified and OpenFlow to be extended with hitherto unforeseen additions to the protocol. In face of this challenge we propose Rama, a fault-tolerant SDN controller platform that offers the same strong guarantees as Ravana without requiring modifications to switches or to the OpenFlow protocol. Experiments with our prototype implementation show the additional overhead to be modest, making Rama the first fault-tolerant SDN solution that can be immediately deployable.
△ Less
Submitted 5 February, 2019;
originally announced February 2019.
-
ANCHOR: logically-centralized security for Software-Defined Networks
Authors:
Diego Kreutz,
Jiangshan Yu,
Fernando M. V. Ramos,
Paulo Esteves-Verissimo
Abstract:
While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an…
▽ More
While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.
△ Less
Submitted 31 December, 2018; v1 submitted 9 November, 2017;
originally announced November 2017.
-
Secure Multi-Cloud Virtual Network Embedding
Authors:
Max Alaluna,
Luís Ferrolho,
José Rui Figueira,
Nuno Neves,
Fernando M. V. Ramos
Abstract:
Modern network virtualization platforms enable users to specify custom topologies and arbitrary addressing schemes for their virtual networks. These platforms have, however, been targeting the data center of a single provider, which is insufficient to support (critical) applications that need to be deployed across multiple trust domains, while enforcing diverse security requirements. This paper ad…
▽ More
Modern network virtualization platforms enable users to specify custom topologies and arbitrary addressing schemes for their virtual networks. These platforms have, however, been targeting the data center of a single provider, which is insufficient to support (critical) applications that need to be deployed across multiple trust domains, while enforcing diverse security requirements. This paper addresses this limitation by presenting a novel solution for the central resource allocation problem of network virtualization -- the virtual network embedding, which aims to find efficient map**s of virtual network requests onto the substrate network. We improve over the state-of-the-art by considering security as a first-class citizen of virtual networks, while enhancing the substrate infrastructure with resources from multiple cloud providers. Our solution enables the definition of flexible policies in three core elements: on the virtual links, where alternative security compromises can be explored (e.g., encryption); on the virtual switches, supporting various degrees of protection and redundancy if necessary; and on the substrate infrastructure, extending it across multiple clouds, including public and private facilities, with their inherently diverse trust levels associated. We propose an optimal solution to this problem formulated as a Mixed Integer Linear Program (MILP). The results of our evaluation give insight into the trade-offs associated with the inclusion of security demands into network virtualization. In particular, they provide evidence that enhancing the user's virtual networks with security does not preclude high acceptance rates and an efficient use of resources, and allows providers to increase their revenues.
△ Less
Submitted 6 October, 2018; v1 submitted 3 March, 2017;
originally announced March 2017.
-
The KISS principle in Software-Defined Networking: An architecture for Kee** It Simple and Secure
Authors:
Diego Kreutz,
Jiangshan Yu,
Paulo Esteves-Verissimo,
Catia Magalhaes,
Fernando M. V. Ramos
Abstract:
Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane…
▽ More
Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN.
We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms.
△ Less
Submitted 2 November, 2017; v1 submitted 14 February, 2017;
originally announced February 2017.
-
An SDN-based approach to enhance BGP security
Authors:
Regivaldo Costa,
Fernando M. V. Ramos
Abstract:
BGP is vulnerable to a series of attacks. Many solutions have been proposed in the past two decades, but the most effective remain largely undeployed. This is due to three fundamental reasons: the solutions are too computationally expensive for current routers, they require changes to BGP, and/or they do not give the right incentives to promote deployment.
In this abstract we propose a Software-…
▽ More
BGP is vulnerable to a series of attacks. Many solutions have been proposed in the past two decades, but the most effective remain largely undeployed. This is due to three fundamental reasons: the solutions are too computationally expensive for current routers, they require changes to BGP, and/or they do not give the right incentives to promote deployment.
In this abstract we propose a Software-Defined Networking (SDN) architecture to secure BGP routing. Our solution, BGPSecX, targets an IXP and it includes techniques to allow different IXPs to collaborate. With SDN we remove the computational burden from routers and do not make changes to BGP. Targeting IXPs and promoting inter-IXP collaboration enables the creation of incentives to foster adoption of BGP security services.
△ Less
Submitted 12 March, 2016; v1 submitted 7 February, 2016;
originally announced February 2016.
-
Consistent and fault-tolerant SDN with unmodified switches
Authors:
André Mantas,
Fernando M. V. Ramos
Abstract:
In a reliable SDN environment, different controllers coordinate different switches and backup controllers can be set in place to tolerate faults. This approach increases the challenge to maintain a consistent network view. If this global view is not consistent with the actual network state, applications will operate on a stale state and potentially lead to incorrect behavior.
Faced with this pro…
▽ More
In a reliable SDN environment, different controllers coordinate different switches and backup controllers can be set in place to tolerate faults. This approach increases the challenge to maintain a consistent network view. If this global view is not consistent with the actual network state, applications will operate on a stale state and potentially lead to incorrect behavior.
Faced with this problem, we propose a fault-tolerant SDN controller that is able to maintain a consistent network view by using transactional semantics on both control and data plane state. Different from previous proposals, our solution does not require changes to OpenFlow or to switches, increasing the chances of quicker adoption.
△ Less
Submitted 13 March, 2016; v1 submitted 12 February, 2016;
originally announced February 2016.
-
Secure and Dependable Virtual Network Embedding
Authors:
Luís Ferrolho,
Max Alaluna,
Nuno Neves,
Fernando M. V. Ramos
Abstract:
One of the fundamental problems in network virtualization is Virtual Network Embedding (VNE). The VNE problem deals with finding an effective map** of the virtual nodes & links onto the substrate network. The recent advances in network virtualization gave cloud operators the ability to extend their cloud computing offerings with virtual networks. This trend, jointly with the increasing evidence…
▽ More
One of the fundamental problems in network virtualization is Virtual Network Embedding (VNE). The VNE problem deals with finding an effective map** of the virtual nodes & links onto the substrate network. The recent advances in network virtualization gave cloud operators the ability to extend their cloud computing offerings with virtual networks. This trend, jointly with the increasing evidence of incidents in cloud facilities demonstrate that security and dependability is becoming a critical factor that should be considered by VNE algorithms. In this abstract we propose a VNE solution that considers security and dependability as first class citizens. The resiliency properties of our solution are enhanced by assuming a multiple cloud provider model.
△ Less
Submitted 6 February, 2016;
originally announced February 2016.
-
(Literally) above the clouds: virtualizing the network over multiple clouds
Authors:
Max Alaluna,
Fernando M. V. Ramos,
Nuno Neves
Abstract:
Recent SDN-based solutions give cloud providers the opportunity to extend their "as-a-service" model with the offer of complete network virtualization. They provide tenants with the freedom to specify the network topologies and addressing schemes of their choosing, while guaranteeing the required level of isolation among them. These platforms, however, have been targeting the datacenter of a singl…
▽ More
Recent SDN-based solutions give cloud providers the opportunity to extend their "as-a-service" model with the offer of complete network virtualization. They provide tenants with the freedom to specify the network topologies and addressing schemes of their choosing, while guaranteeing the required level of isolation among them. These platforms, however, have been targeting the datacenter of a single cloud provider with full control over the infrastructure.
This paper extends this concept further by supporting the creation of virtual networks that span across several datacenters, which may belong to distinct cloud providers, while including private facilities owned by the tenant. In order to achieve this, we introduce a new network layer above the existing cloud hypervisors, affording the necessary level of control over the communications while hiding the heterogeneity of the clouds. The benefits of this approach are various, such as enabling finer decisions on where to place the virtual machines (e.g., to fulfill legal requirements), avoiding single points of failure, and potentially decreasing costs. Although our focus in the paper is on architecture design, we also present experimental results of a first prototype of the proposed solution.
△ Less
Submitted 10 March, 2016; v1 submitted 3 December, 2015;
originally announced December 2015.
-
Medusa: An Efficient Cloud Fault-Tolerant MapReduce
Authors:
Pedro A. R. S. Costa,
Xiao Bai,
Fernando M. V. Ramos,
Miguel Correia
Abstract:
Applications such as web search and social networking have been moving from centralized to decentralized cloud architectures to improve their scalability. MapReduce, a programming framework for processing large amounts of data using thousands of machines in a single cloud, also needs to be scaled out to multiple clouds to adapt to this evolution. The challenge of building a multi-cloud distributed…
▽ More
Applications such as web search and social networking have been moving from centralized to decentralized cloud architectures to improve their scalability. MapReduce, a programming framework for processing large amounts of data using thousands of machines in a single cloud, also needs to be scaled out to multiple clouds to adapt to this evolution. The challenge of building a multi-cloud distributed architecture is substantial. Notwithstanding, the ability to deal with the new types of faults introduced by such setting, such as the outage of a whole datacenter or an arbitrary fault caused by a malicious cloud insider, increases the endeavor considerably.
In this paper we propose Medusa, a platform that allows MapReduce computations to scale out to multiple clouds and tolerate several types of faults. Our solution fulfills four objectives. First, it is transparent to the user, who writes her typical MapReduce application without modification. Second, it does not require any modification to the widely used Hadoop framework. Third, the proposed system goes well beyond the fault-tolerance offered by MapReduce to tolerate arbitrary faults, cloud outages, and even malicious faults caused by corrupt cloud insiders. Fourth, it achieves this increased level of fault tolerance at reasonable cost. We performed an extensive experimental evaluation in the ExoGENI testbed, demonstrating that our solution significantly reduces execution time when compared to traditional methods that achieve the same level of resilience.
△ Less
Submitted 23 November, 2015;
originally announced November 2015.
-
SMaRtLight: A Practical Fault-Tolerant SDN Controller
Authors:
Fábio Botelho,
Alysson Bessani,
Fernando M. V. Ramos,
Paulo Ferreira
Abstract:
The increase in the number of SDN-based deployments in production networks is triggering the need to consider fault-tolerant designs of controller architectures. Commercial SDN controller solutions incorporate fault tolerance, but there has been little discussion in the SDN literature on the design of such systems and the tradeoffs involved. To fill this gap, we present a by-construction design of…
▽ More
The increase in the number of SDN-based deployments in production networks is triggering the need to consider fault-tolerant designs of controller architectures. Commercial SDN controller solutions incorporate fault tolerance, but there has been little discussion in the SDN literature on the design of such systems and the tradeoffs involved. To fill this gap, we present a by-construction design of a fault-tolerant controller, and materialize it by proposing and formalizing a practical architecture for small to medium-sized scale networks. A central component of our particular design is a replicated shared database that stores all network state. Contrary to the more common primary-backup approaches, the proposed design guarantees a smooth transition in case of failures and avoids the need of an additional coordination service. Our preliminary results show that the performance of our solution fulfills the demands of the target networks. We hope this paper to be a first step in what we consider a necessary discussion on how to build robust SDNs.
△ Less
Submitted 22 July, 2014;
originally announced July 2014.
-
Software-Defined Networking: A Comprehensive Survey
Authors:
Diego Kreutz,
Fernando M. V. Ramos,
Paulo Verissimo,
Christian Esteve Rothenberg,
Siamak Azodolmolky,
Steve Uhlig
Abstract:
Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network p…
▽ More
Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound APIs, network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -- with a focus on aspects such as resiliency, scalability, performance, security and dependability -- as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.
△ Less
Submitted 8 October, 2014; v1 submitted 2 June, 2014;
originally announced June 2014.