-
What Did I Do Wrong? Quantifying LLMs' Sensitivity and Consistency to Prompt Engineering
Authors:
Federico Errica,
Giuseppe Siracusano,
Davide Sanvito,
Roberto Bifulco
Abstract:
Large Language Models (LLMs) changed the way we design and interact with software systems. Their ability to process and extract information from text has drastically improved productivity in a number of routine tasks. Developers that want to include these models in their software stack, however, face a dreadful challenge: debugging their inconsistent behavior across minor variations of the prompt.…
▽ More
Large Language Models (LLMs) changed the way we design and interact with software systems. Their ability to process and extract information from text has drastically improved productivity in a number of routine tasks. Developers that want to include these models in their software stack, however, face a dreadful challenge: debugging their inconsistent behavior across minor variations of the prompt. We therefore introduce two metrics for classification tasks, namely sensitivity and consistency, which are complementary to task performance. First, sensitivity measures changes of predictions across rephrasings of the prompt, and does not require access to ground truth labels. Instead, consistency measures how predictions vary across rephrasings for elements of the same class. We perform an empirical comparison of these metrics on text classification tasks, using them as guideline for understanding failure modes of the LLM. Our hope is that sensitivity and consistency will be powerful allies in automatic prompt engineering frameworks to obtain LLMs that balance robustness with performance.
△ Less
Submitted 18 June, 2024;
originally announced June 2024.
-
AgentQuest: A Modular Benchmark Framework to Measure Progress and Improve LLM Agents
Authors:
Luca Gioacchini,
Giuseppe Siracusano,
Davide Sanvito,
Kiril Gashteovski,
David Friede,
Roberto Bifulco,
Carolin Lawrence
Abstract:
The advances made by Large Language Models (LLMs) have led to the pursuit of LLM agents that can solve intricate, multi-step reasoning tasks. As with any research pursuit, benchmarking and evaluation are key corner stones to efficient and reliable progress. However, existing benchmarks are often narrow and simply compute overall task success. To face these issues, we propose AgentQuest -- a framew…
▽ More
The advances made by Large Language Models (LLMs) have led to the pursuit of LLM agents that can solve intricate, multi-step reasoning tasks. As with any research pursuit, benchmarking and evaluation are key corner stones to efficient and reliable progress. However, existing benchmarks are often narrow and simply compute overall task success. To face these issues, we propose AgentQuest -- a framework where (i) both benchmarks and metrics are modular and easily extensible through well documented and easy-to-use APIs; (ii) we offer two new evaluation metrics that can reliably track LLM agent progress while solving a task. We exemplify the utility of the metrics on two use cases wherein we identify common failure points and refine the agent architecture to obtain a significant performance increase. Together with the research community, we hope to extend AgentQuest further and therefore we make it available under https://github.com/nec-research/agentquest.
△ Less
Submitted 9 April, 2024;
originally announced April 2024.
-
Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild
Authors:
Giuseppe Siracusano,
Davide Sanvito,
Roberto Gonzalez,
Manikantan Srinivasan,
Sivakaman Kamatchi,
Wataru Takahashi,
Masaru Kawakita,
Takahiro Kakumaru,
Roberto Bifulco
Abstract:
Cyber Threat Intelligence (CTI) plays a crucial role in assessing risks and enhancing security for organizations. However, the process of extracting relevant information from unstructured text sources can be expensive and time-consuming. Our empirical experience shows that existing tools for automated structured CTI extraction have performance limitations. Furthermore, the community lacks a common…
▽ More
Cyber Threat Intelligence (CTI) plays a crucial role in assessing risks and enhancing security for organizations. However, the process of extracting relevant information from unstructured text sources can be expensive and time-consuming. Our empirical experience shows that existing tools for automated structured CTI extraction have performance limitations. Furthermore, the community lacks a common benchmark to quantitatively assess their performance. We fill these gaps providing a new large open benchmark dataset and aCTIon, a structured CTI information extraction tool. The dataset includes 204 real-world publicly available reports and their corresponding structured CTI information in STIX format. Our team curated the dataset involving three independent groups of CTI analysts working over the course of several months. To the best of our knowledge, this dataset is two orders of magnitude larger than previously released open source datasets. We then design aCTIon, leveraging recently introduced large language models (GPT3.5) in the context of two custom information extraction pipelines. We compare our method with 10 solutions presented in previous work, for which we develop our own implementations when open-source implementations were lacking. Our results show that aCTIon outperforms previous work for structured CTI extraction with an improvement of the F1-score from 10%points to 50%points across all tasks.
△ Less
Submitted 14 July, 2023;
originally announced July 2023.
-
syslrn: Learning What to Monitor for Efficient Anomaly Detection
Authors:
Davide Sanvito,
Giuseppe Siracusano,
Sharan Santhanam,
Roberto Gonzalez,
Roberto Bifulco
Abstract:
While monitoring system behavior to detect anomalies and failures is important, existing methods based on log-analysis can only be as good as the information contained in the logs, and other approaches that look at the OS-level software state introduce high overheads. We tackle the problem with syslrn, a system that first builds an understanding of a target system offline, and then tailors the onl…
▽ More
While monitoring system behavior to detect anomalies and failures is important, existing methods based on log-analysis can only be as good as the information contained in the logs, and other approaches that look at the OS-level software state introduce high overheads. We tackle the problem with syslrn, a system that first builds an understanding of a target system offline, and then tailors the online monitoring instrumentation based on the learned identifiers of normal behavior. While our syslrn prototype is still preliminary and lacks many features, we show in a case study for the monitoring of OpenStack failures that it can outperform state-of-the-art log-analysis systems with little overhead.
△ Less
Submitted 29 March, 2022;
originally announced March 2022.
-
hXDP: Efficient Software Packet Processing on FPGA NICs
Authors:
Marco Spaziani Brunella,
Giacomo Belocchi,
Marco Bonola,
Salvatore Pontarelli,
Giuseppe Siracusano,
Giuseppe Bianchi,
Aniello Cammarano,
Alessandro Palumbo,
Luca Petrucci,
Roberto Bifulco
Abstract:
FPGA accelerators on the NIC enable the offloading of expensive packet processing tasks from the CPU. However, FPGAs have limited resources that may need to be shared among diverse applications, and programming them is difficult.
We present a solution to run Linux's eXpress Data Path programs written in eBPF on FPGAs, using only a fraction of the available hardware resources while matching the p…
▽ More
FPGA accelerators on the NIC enable the offloading of expensive packet processing tasks from the CPU. However, FPGAs have limited resources that may need to be shared among diverse applications, and programming them is difficult.
We present a solution to run Linux's eXpress Data Path programs written in eBPF on FPGAs, using only a fraction of the available hardware resources while matching the performance of high-end CPUs. The iterative execution model of eBPF is not a good fit for FPGA accelerators. Nonetheless, we show that many of the instructions of an eBPF program can be compressed, parallelized or completely removed, when targeting a purpose-built FPGA executor, thereby significantly improving performance. We leverage that to design hXDP, which includes (i) an optimizing-compiler that parallelizes and translates eBPF bytecode to an extended eBPF Instruction-set Architecture defined by us; a (ii) soft-CPU to execute such instructions on FPGA; and (iii) an FPGA-based infrastructure to provide XDP's maps and helper functions as defined within the Linux kernel.
We implement hXDP on an FPGA NIC and evaluate it running real-world unmodified eBPF programs. Our implementation is clocked at 156.25MHz, uses about 15% of the FPGA resources, and can run dynamically loaded programs. Despite these modest requirements, it achieves the packet processing throughput of a high-end CPU core and provides a 10x lower packet forwarding latency.
△ Less
Submitted 27 October, 2020;
originally announced October 2020.
-
Running Neural Networks on the NIC
Authors:
Giuseppe Siracusano,
Salvator Galea,
Davide Sanvito,
Mohammad Malekzadeh,
Hamed Haddadi,
Gianni Antichi,
Roberto Bifulco
Abstract:
In this paper we show that the data plane of commodity programmable (Network Interface Cards) NICs can run neural network inference tasks required by packet monitoring applications, with low overhead. This is particularly important as the data transfer costs to the host system and dedicated machine learning accelerators, e.g., GPUs, can be more expensive than the processing task itself. We design…
▽ More
In this paper we show that the data plane of commodity programmable (Network Interface Cards) NICs can run neural network inference tasks required by packet monitoring applications, with low overhead. This is particularly important as the data transfer costs to the host system and dedicated machine learning accelerators, e.g., GPUs, can be more expensive than the processing task itself. We design and implement our system -- N3IC -- on two different NICs and we show that it can greatly benefit three different network monitoring use cases that require machine learning inference as first-class-primitive. N3IC can perform inference for millions of network flows per second, while forwarding traffic at 40Gb/s. Compared to an equivalent solution implemented on a general purpose CPU, N3IC can provide 100x lower processing latency, with 1.5x increase in throughput.
△ Less
Submitted 4 September, 2020;
originally announced September 2020.
-
Forecasting Mobile Traffic with Spatiotemporal correlation using Deep Regression
Authors:
Giulio Siracusano,
Aurelio La Corte
Abstract:
The concept of mobility prediction represents one of the key enablers for an efficient management of future cellular networks, which tend to be progressively more elaborate and dense due to the aggregation of multiple technologies. In this letter we aim to investigate the problem of cellular traffic prediction over a metropolitan area and propose a deep regression (DR) approach to model its comple…
▽ More
The concept of mobility prediction represents one of the key enablers for an efficient management of future cellular networks, which tend to be progressively more elaborate and dense due to the aggregation of multiple technologies. In this letter we aim to investigate the problem of cellular traffic prediction over a metropolitan area and propose a deep regression (DR) approach to model its complex spatio-temporal dynamics. DR is instrumental in capturing multi-scale and multi-domain dependences of mobile data by solving an image-to-image regression problem. A parametric relationship between input and expected output is defined and grid search is put in place to isolate and optimize performance. Experimental results confirm that the proposed method achieves a lower prediction error against stateof-the-art algorithms. We validate forecasting performance and stability by using a large public dataset of a European Provider.
△ Less
Submitted 25 July, 2019;
originally announced July 2019.
-
Automatic crack classification by exploiting statistical event descriptors for Deep Learning
Authors:
Giulio Siracusano,
Francesca Garescì,
Giovanni Finocchio,
Riccardo Tomasello,
Francesco Lamonaca,
Carmelo Scuro,
Mario Carpentieri,
Massimo Chiappini,
Aurelio La Corte
Abstract:
In modern building infrastructures, the chance to devise adaptive and unsupervised data-driven health monitoring systems is gaining in popularity due to the large availability of big data from low-cost sensors with communication capabilities and advanced modeling tools such as Deep Learning. The main purpose of this paper is to combine deep neural networks with Bidirectional Long Short Term Memory…
▽ More
In modern building infrastructures, the chance to devise adaptive and unsupervised data-driven health monitoring systems is gaining in popularity due to the large availability of big data from low-cost sensors with communication capabilities and advanced modeling tools such as Deep Learning. The main purpose of this paper is to combine deep neural networks with Bidirectional Long Short Term Memory and advanced statistical analysis involving Instantaneous Frequency and Spectral Kurtosis to develop an accurate classification tool for tensile, shear and mixed modes originated from acoustic emission events (cracks). We investigated on effective event descriptors to capture the unique characteristics from the different types of modes. Tests on experimental results confirm that this method achieves promising classification among different crack events and can impact on the design of future on structural health monitoring (SHM) technologies. This approach is effective to classify incipient damages with 92% of accuracy, which is advantageous to plan maintenance.
△ Less
Submitted 26 November, 2021; v1 submitted 24 July, 2019;
originally announced July 2019.
-
On the Fly Orchestration of Unikernels: Tuning and Performance Evaluation of Virtual Infrastructure Managers
Authors:
Pier Luigi Ventre,
Paolo Lungaroni,
Giuseppe Siracusano,
Claudio Pisa,
Florian Schmidt,
Francesco Lombardo,
Stefano Salsano
Abstract:
Network operators are facing significant challenges meeting the demand for more bandwidth, agile infrastructures, innovative services, while kee** costs low. Network Functions Virtualization (NFV) and Cloud Computing are emerging as key trends of 5G network architectures, providing flexibility, fast instantiation times, support of Commercial Off The Shelf hardware and significant cost savings. N…
▽ More
Network operators are facing significant challenges meeting the demand for more bandwidth, agile infrastructures, innovative services, while kee** costs low. Network Functions Virtualization (NFV) and Cloud Computing are emerging as key trends of 5G network architectures, providing flexibility, fast instantiation times, support of Commercial Off The Shelf hardware and significant cost savings. NFV leverages Cloud Computing principles to move the data-plane network functions from expensive, closed and proprietary hardware to the so-called Virtual Network Functions (VNFs). In this paper we deal with the management of virtual computing resources (Unikernels) for the execution of VNFs. This functionality is performed by the Virtual Infrastructure Manager (VIM) in the NFV MANagement and Orchestration (MANO) reference architecture. We discuss the instantiation process of virtual resources and propose a generic reference model, starting from the analysis of three open source VIMs, namely OpenStack, Nomad and OpenVIM. We improve the aforementioned VIMs introducing the support for special-purpose Unikernels and aiming at reducing the duration of the instantiation process. We evaluate some performance aspects of the VIMs, considering both stock and tuned versions. The VIM extensions and performance evaluation tools are available under a liberal open source licence.
△ Less
Submitted 17 September, 2018;
originally announced September 2018.
-
In-network Neural Networks
Authors:
Giuseppe Siracusano,
Roberto Bifulco
Abstract:
We present N2Net, a system that implements binary neural networks using commodity switching chips deployed in network switches and routers. Our system shows that these devices can run simple neural network models, whose input is encoded in the network packets' header, at packet processing speeds (billions of packets per second). Furthermore, our experience highlights that switching chips could sup…
▽ More
We present N2Net, a system that implements binary neural networks using commodity switching chips deployed in network switches and routers. Our system shows that these devices can run simple neural network models, whose input is encoded in the network packets' header, at packet processing speeds (billions of packets per second). Furthermore, our experience highlights that switching chips could support even more complex models, provided that some minor and cheap modifications to the chip's design are applied. We believe N2Net provides an interesting building block for future end-to-end networked systems.
△ Less
Submitted 17 January, 2018;
originally announced January 2018.
-
Re-designing Dynamic Content Delivery in the Light of a Virtualized Infrastructure
Authors:
Giuseppe Siracusano,
Roberto Bifulco,
Martino Trevisan,
Tobias Jacobs,
Simon Kuenzer,
Stefano Salsano,
Nicola Blefari-Melazzi,
Felipe Huici
Abstract:
We explore the opportunities and design options enabled by novel SDN and NFV technologies, by re-designing a dynamic Content Delivery Network (CDN) service. Our system, named MOSTO, provides performance levels comparable to that of a regular CDN, but does not require the deployment of a large distributed infrastructure. In the process of designing the system, we identify relevant functions that co…
▽ More
We explore the opportunities and design options enabled by novel SDN and NFV technologies, by re-designing a dynamic Content Delivery Network (CDN) service. Our system, named MOSTO, provides performance levels comparable to that of a regular CDN, but does not require the deployment of a large distributed infrastructure. In the process of designing the system, we identify relevant functions that could be integrated in the future Internet infrastructure. Such functions greatly simplify the design and effectiveness of services such as MOSTO. We demonstrate our system using a mixture of simulation, emulation, testbed experiments and by realizing a proof-of-concept deployment in a planet-wide commercial cloud system.
△ Less
Submitted 13 September, 2017;
originally announced September 2017.
-
D-STREAMON: from middlebox to distributed NFV framework for network monitoring
Authors:
Pier Luigi Ventre,
Alberto Caponi,
Giuseppe Siracusano,
Davide Palmisano,
Stefano Salsano,
Marco Bonola,
Giuseppe Bianchi
Abstract:
Many reasons make NFV an attractive paradigm for IT security: lowers costs, agile operations and better isolation as well as fast security updates, improved incident responses and better level of automation. On the other side, the network threats tend to be increasingly complex and distributed, implying huge traffic scale to be monitored and increasingly strict mitigation delay requirements. Consi…
▽ More
Many reasons make NFV an attractive paradigm for IT security: lowers costs, agile operations and better isolation as well as fast security updates, improved incident responses and better level of automation. On the other side, the network threats tend to be increasingly complex and distributed, implying huge traffic scale to be monitored and increasingly strict mitigation delay requirements. Considering the current trend of the net- working and the requirements to counteract to the evolution of cyber-threats, it is expected that also network monitoring will move towards NFV based solutions. In this paper, we present D- StreaMon an NFV-capable distributed framework for network monitoring realized to face the above described challenges. It relies on the StreaMon platform, a solution for network monitoring originally designed for traditional middleboxes. An evolution path which migrates StreaMon from middleboxes to Virtual Network Functions (VNFs) has been realized.
△ Less
Submitted 22 June, 2017;
originally announced June 2017.
-
Implementation of Virtual Network Function Chaining through Segment Routing in a Linux-based NFV Infrastructure
Authors:
Ahmed AbdelSalam,
Francois Clad,
Clarence Filsfils,
Stefano Salsano,
Giuseppe Siracusano,
Luca Veltri
Abstract:
In this paper, we first introduce the NFV architecture and the use of IPv6 Segment Routing (SRv6) network programming model to support Service Function Chaining in a NFV scenario. We describe the concepts of SR-aware and SR-unaware Virtual Network Functions (VNFs). The detailed design of a network domain supporting VNF chaining through the SRv6 network programming model is provided. The operations…
▽ More
In this paper, we first introduce the NFV architecture and the use of IPv6 Segment Routing (SRv6) network programming model to support Service Function Chaining in a NFV scenario. We describe the concepts of SR-aware and SR-unaware Virtual Network Functions (VNFs). The detailed design of a network domain supporting VNF chaining through the SRv6 network programming model is provided. The operations to support SR-aware and SR-unaware VNFs are described at an architectural level and in particular we propose a solution for SR-unaware VNFs hosted in a NFV node. The proposed solution has been implemented for a Linux based NFV host and the software is available as Open Source. Finally, a methodology for performance analysis of the implementation of the proposed mechanisms is illustrated and preliminary performance results are given.
△ Less
Submitted 20 April, 2017; v1 submitted 16 February, 2017;
originally announced February 2017.
-
D-STREAMON - a NFV-capable distributed framework for network monitoring
Authors:
Pier Luigi Ventre,
Alberto Caponi,
Davide Palmisano,
Stefano Salsano,
Giuseppe Siracusano,
Marco Bonola,
Giuseppe Bianchi
Abstract:
Many reasons make NFV an attractive paradigm for IT security: lowers costs, agile operations and better isolation as well as fast security updates, improved incident responses and better level of automation. At the same time, the network threats tend to be increasingly complex and distributed, implying huge traffic scale to be monitored and increasingly strict mitigation delay requirements. Consid…
▽ More
Many reasons make NFV an attractive paradigm for IT security: lowers costs, agile operations and better isolation as well as fast security updates, improved incident responses and better level of automation. At the same time, the network threats tend to be increasingly complex and distributed, implying huge traffic scale to be monitored and increasingly strict mitigation delay requirements. Considering the current trend of the networking and the requirements to counteract to the evolution of cyber-threats, it is expected that also network monitoring will move towards NFV based solutions. In this paper, we present Distributed StreaMon (D-StreaMon) an NFV-capable distributed framework for network monitoring. D-StreaMon has been designed to face the above described challenges. It relies on the StreaMon platform, a solution for network monitoring originally designed for traditional middleboxes. An evolution path which migrates StreaMon from middleboxes to Virtual Network Functions (VNFs) is described. The paper reports a performance evaluation of the realized NFV based solution and discusses potential benefits in monitoring tenants' VMs for Service Providers.
△ Less
Submitted 3 August, 2016;
originally announced August 2016.
-
On-the-Fly TCP Acceleration with Miniproxy
Authors:
Giuseppe Siracusano,
Roberto Bifulco,
Simon Kuenzer,
Stefano Salsano,
Nicola Blefari Melazzi,
Felipe Huici
Abstract:
TCP proxies are basic building blocks for many advanced middleboxes. In this paper we present Miniproxy, a TCP proxy built on top of a specialized minimalistic cloud operating system. Miniproxy's connection handling performance is comparable to that of full-fledged GNU/Linux TCP proxy implementations, but its minimalistic footprint enables new use cases. Specifically, Miniproxy requires as little…
▽ More
TCP proxies are basic building blocks for many advanced middleboxes. In this paper we present Miniproxy, a TCP proxy built on top of a specialized minimalistic cloud operating system. Miniproxy's connection handling performance is comparable to that of full-fledged GNU/Linux TCP proxy implementations, but its minimalistic footprint enables new use cases. Specifically, Miniproxy requires as little as 6 MB to run and boots in tens of milliseconds, enabling massive consolidation, on-the-fly instantiation and edge cloud computing scenarios. We demonstrate the benefits of Miniproxy by implementing and evaluating a TCP acceleration use case.
△ Less
Submitted 20 May, 2016;
originally announced May 2016.
-
PMSR - Poor Man's Segment Routing, a minimalistic approach to Segment Routing and a Traffic Engineering use case
Authors:
Stefano Salsano,
Luca Veltri,
Luca Davoli,
Pier Luigi Ventre,
Giuseppe Siracusano
Abstract:
The current specification of the Segment Routing (SR) architecture requires enhancements to the intra-domain routing protocols (e.g. OSPF and IS-IS) so that the nodes can advertise the Segment Identifiers (SIDs). We propose a simpler solution called PMSR (Poor Man's Segment Routing), that does not require any enhancement to routing protocol. We compare the procedures of PMSR with traditional SR, s…
▽ More
The current specification of the Segment Routing (SR) architecture requires enhancements to the intra-domain routing protocols (e.g. OSPF and IS-IS) so that the nodes can advertise the Segment Identifiers (SIDs). We propose a simpler solution called PMSR (Poor Man's Segment Routing), that does not require any enhancement to routing protocol. We compare the procedures of PMSR with traditional SR, showing that PMSR can reduce the operation and management complexity. We analyze the set of use cases in the current SR drafts and we claim that PMSR can support the large majority of them. Thanks to the drastic simplification of the Control Plane, we have been able to develop an Open Source prototype of PMSR. In the second part of the paper, we consider a Traffic Engineering use case, starting from a traditional flow assignment optimization problem which allocates hop-by-hop paths to flows. We propose a SR path assignment algorithm and prove that it is optimal with respect to the number of segments allocated to a flow.
△ Less
Submitted 16 December, 2015;
originally announced December 2015.
-
Traffic Engineering with Segment Routing: SDN-based Architectural Design and Open Source Implementation
Authors:
Luca Davoli,
Luca Veltri,
Pier Luigi Ventre,
Giuseppe Siracusano,
Stefano Salsano
Abstract:
Traffic Engineering (TE) in IP carrier networks is one of the functions that can benefit from the Software Defined Networking paradigm. By logically centralizing the control of the network, it is possible to "program" per-flow routing based on TE goals. Traditional per-flow routing requires a direct interaction between the SDN controller and each node that is involved in the traffic paths. Dependi…
▽ More
Traffic Engineering (TE) in IP carrier networks is one of the functions that can benefit from the Software Defined Networking paradigm. By logically centralizing the control of the network, it is possible to "program" per-flow routing based on TE goals. Traditional per-flow routing requires a direct interaction between the SDN controller and each node that is involved in the traffic paths. Depending on the granularity and on the temporal properties of the flows, this can lead to scalability issues for the amount of routing state that needs to be maintained in core network nodes and for the required configuration traffic. On the other hand, Segment Routing (SR) is an emerging approach to routing that may simplify the route enforcement delegating all the configuration and per-flow state at the border of the network. In this work we propose an architecture that integrates the SDN paradigm with SR-based TE, for which we have provided an open source reference implementation. We have designed and implemented a simple TE/SR heuristic for flow allocation and we show and discuss experimental results.
△ Less
Submitted 16 December, 2015; v1 submitted 19 June, 2015;
originally announced June 2015.
-
Hybrid IP/SDN networking: open implementation and experiment management tools
Authors:
Stefano Salsano,
Pier Luigi Ventre,
Francesco Lombardo,
Giuseppe Siracusano,
Matteo Gerola,
Elio Salvadori,
Michele Santuari,
Mauro Campanella,
Luca Prete
Abstract:
The introduction of SDN in large-scale IP provider networks is still an open issue and different solutions have been suggested so far. In this paper we propose a hybrid approach that allows the coexistence of traditional IP routing with SDN based forwarding within the same provider domain. The solution is called OSHI - Open Source Hybrid IP/SDN networking as we have fully implemented it combining…
▽ More
The introduction of SDN in large-scale IP provider networks is still an open issue and different solutions have been suggested so far. In this paper we propose a hybrid approach that allows the coexistence of traditional IP routing with SDN based forwarding within the same provider domain. The solution is called OSHI - Open Source Hybrid IP/SDN networking as we have fully implemented it combining and extending Open Source software. We discuss the OSHI system architecture and the design and implementation of advanced services like Pseudo Wires and Virtual Switches. In addition, we describe a set of Open Source management tools for the emulation of the proposed solution using either the Mininet emulator or distributed physical testbeds. We refer to this suite of tools as Mantoo (Management tools). Mantoo includes an extensible web-based graphical topology designer, which provides different layered network "views" (e.g. from physical links to service relationships among nodes). The suite can validate an input topology, automatically deploy it over a Mininet emulator or a distributed SDN testbed and allows access to emulated nodes by opening consoles in the web GUI. Mantoo provides also tools to evaluate the performance of the deployed nodes.
△ Less
Submitted 6 January, 2016; v1 submitted 13 May, 2015;
originally announced May 2015.
-
Generalized Virtual Networking: an enabler for Service Centric Networking and Network Function Virtualization
Authors:
Stefano Salsano,
Nicola Blefari-Melazzi,
Francesco Lo Presti,
Giuseppe Siracusano,
Pier Luigi Ventre
Abstract:
In this paper we introduce the Generalized Virtual Networking (GVN) concept. GVN provides a framework to influence the routing of packets based on service level information that is carried in the packets. It is based on a protocol header inserted between the Network and Transport layers, therefore it can be seen as a layer 3.5 solution. Technically, GVN is proposed as a new transport layer protoco…
▽ More
In this paper we introduce the Generalized Virtual Networking (GVN) concept. GVN provides a framework to influence the routing of packets based on service level information that is carried in the packets. It is based on a protocol header inserted between the Network and Transport layers, therefore it can be seen as a layer 3.5 solution. Technically, GVN is proposed as a new transport layer protocol in the TCP/IP protocol suite. An IP router that is not GVN capable will simply process the IP destination address as usual. Similar concepts have been proposed in other works, and referred to as Service Oriented Networking, Service Centric Networking, Application Delivery Networking, but they are now generalized in the proposed GVN framework. In this respect, the GVN header is a generic container that can be adapted to serve the needs of arbitrary service level routing solutions. The GVN header can be managed by GVN capable end-hosts and applications or can be pushed/popped at the edge of a GVN capable network (like a VLAN tag). In this position paper, we show that Generalized Virtual Networking is a powerful enabler for SCN (Service Centric Networking) and NFV (Network Function Virtualization) and how it couples with the SDN (Software Defined Networking) paradigm.
△ Less
Submitted 18 September, 2014;
originally announced September 2014.
-
Controller selection in a Wireless Mesh SDN under network partitioning and merging scenarios
Authors:
Stefano Salsano,
Giuseppe Siracusano,
Andrea Detti,
Claudio Pisa,
Pier Luigi Ventre,
Nicola Blefari-Melazzi
Abstract:
In this paper we consider a Wireless Mesh Network (WMN) integrating SDN principles. The Wireless Mesh Routers (WMR) are OpenFlow capable switches that can be controlled by SDN controllers, according to the wmSDN (wireless mesh SDN) architecture that we have introduced in a previous work. We consider the issue of controller selection in a scenario with intermittent connectivity. We assume that over…
▽ More
In this paper we consider a Wireless Mesh Network (WMN) integrating SDN principles. The Wireless Mesh Routers (WMR) are OpenFlow capable switches that can be controlled by SDN controllers, according to the wmSDN (wireless mesh SDN) architecture that we have introduced in a previous work. We consider the issue of controller selection in a scenario with intermittent connectivity. We assume that over time a single WMN can become split in two or more partitions and that separate partitions can merge into a larger one. We assume that a set of SDN controllers can potentially take control of the WMRs. At a given time only one controller should be the master of a WMR and it should be the most appropriate one according to some metric. We argue that the state of the art solutions for "master election" among distributed controllers are not suitable in a mesh networking environment, as they could easily be affected by inconsistencies. We envisage a "master selection" approach which is under the control of each WMR, and guarantees that at a given time only one controller will be master of a WMR. We designed a specific master selection procedure which is very simple in terms of the control logic to be executed in the WMR. We have implemented the proposed solution and deployed it over a network emulator (CORE) and over the combination of two physical wireless testbeds (NITOS and wiLab.t).
△ Less
Submitted 10 June, 2014;
originally announced June 2014.
-
OSHI - Open Source Hybrid IP/SDN networking (and its emulation on Mininet and on distributed SDN testbeds)
Authors:
Stefano Salsano,
Pier Luigi Ventre,
Luca Prete,
Giuseppe Siracusano,
Matteo Gerola,
Elio Salvadori
Abstract:
The introduction of SDN in IP backbones requires the coexistence of regular IP forwarding and SDN based forwarding. The former is typically applied to best effort Internet traffic, the latter can be used for different types of advanced services (VPNs, Virtual Leased Lines, Traffic Engineering...). In this paper we first introduce the architecture and the services of an "hybrid" IP/SDN networking s…
▽ More
The introduction of SDN in IP backbones requires the coexistence of regular IP forwarding and SDN based forwarding. The former is typically applied to best effort Internet traffic, the latter can be used for different types of advanced services (VPNs, Virtual Leased Lines, Traffic Engineering...). In this paper we first introduce the architecture and the services of an "hybrid" IP/SDN networking scenario. Then we describe the design and implementation of an Open Source Hybrid IP/SDN (OSHI) node. It combines Quagga for OSPF routing and Open vSwitch for OpenFlow based switching on Linux. The availability of tools for experimental validation and performance evaluation of SDN solutions is fundamental for the evolution of SDN. We provide a set of open source tools that allow to facilitate the design of hybrid IP/SDN experimental networks, their deployment on Mininet or on distributed SDN research testbeds and their test. Finally, using the provided tools, we evaluate key performance aspects of the proposed solutions. The OSHI development and test environment is available in a VirtualBox VM image that can be downloaded.
△ Less
Submitted 18 September, 2014; v1 submitted 18 April, 2014;
originally announced April 2014.