-
AutoNet: Automatic Reachability Policy Management in Public Cloud Networks
Authors:
German Sviridov,
Zheng Tao Shen,
Jorge Cardoso
Abstract:
Virtual Private Cloud (VPC) is the main network abstraction technology used in public cloud systems. VPCs are composed of a set of network services that permit the definition of complex network reachability properties among internal and external cloud entities such as tenants' VMs or some generic internet nodes. Although hiding the underlying complexity through a comprehensible abstraction layer,…
▽ More
Virtual Private Cloud (VPC) is the main network abstraction technology used in public cloud systems. VPCs are composed of a set of network services that permit the definition of complex network reachability properties among internal and external cloud entities such as tenants' VMs or some generic internet nodes. Although hiding the underlying complexity through a comprehensible abstraction layer, manually enforcing particular reachability intents in VPC networks is still notably error-prone and complex. In this paper, we propose AutoNet, a new model for assisting cloud tenants in managing reachability-based policies in VPC networks. AutoNet is capable of safely generating incremental VPC configurations while satisfying some metric-based high-level intent defined by the tenants. To achieve this goal, we leverage a MaxSAT-based encoding of the network configuration combined with several optimizations to scale to topologies with thousands of nodes. Our results show that the developed system is capable of achieving a sub-second response time for production VPC deployments while still providing fine-grained control over the generated configurations.
△ Less
Submitted 30 April, 2024;
originally announced April 2024.
-
LOcAl DEcisions on Replicated States (LOADER) in programmable data planes: programming abstraction and experimental evaluation
Authors:
German Sviridov,
Marco Bonola,
Angelo Tulumello,
Paolo Giaccone,
Andrea Bianco,
Giuseppe Bianchi
Abstract:
Programmable data planes recently emerged as a prominent innovation in Software Defined Networking (SDN), by permitting support of stateful flow processing functions over hardware network switches specifically designed for network processing. Unlike early SDN solutions such as OpenFlow, modern stateful data planes permit to keep (and dynamically update) local per-flow states inside network switche…
▽ More
Programmable data planes recently emerged as a prominent innovation in Software Defined Networking (SDN), by permitting support of stateful flow processing functions over hardware network switches specifically designed for network processing. Unlike early SDN solutions such as OpenFlow, modern stateful data planes permit to keep (and dynamically update) local per-flow states inside network switches, thus dramatically improving reactiveness of network applications to state changes. Still, also in stateful data planes, the control and update of non-local states is assumed to be completely delegated to a centralized controller and thus accessed only at the price of extra delay.
Our LOADER proposal aims at contrasting the apparent dichotomy between local states and global states. We do so by introducing a new possibility: permit to take localized (in-switch) decisions not only on local states but also on replicated global states, thus providing support for network-wide applications without incurring the drawbacks of classical approaches. To this purpose, i) we provide high-level programming abstractions devised to define the states and the update logic of a generic network-wide application, and ii) we detail the underlying low level state management and replication mechanisms. We then show LOADER's independence of the stateful data plane technology employed, by implementing it over two distinct stateful data planes (P4 switches and OPP - Open Packet Processor - switches), and by experimentally validating both implementations in an emulated testbed using a simple distributed Deny-of-Service (DoS) detection application.
△ Less
Submitted 11 November, 2020; v1 submitted 21 January, 2020;
originally announced January 2020.
-
Optimal state replication in stateful data planes
Authors:
Abubakar Siddique Muqaddas,
German Sviridov,
Paolo Giaccone,
Andrea Bianco
Abstract:
In SDN stateful data planes, switches can execute algorithms to process traffic based on local states. This approach permits to offload decisions from the controller to the switches, thus to reduce the latency to react to network events. We consider distributed network applications that process traffic at each switch based on local replicas of network-wide states. Replicating a state across multip…
▽ More
In SDN stateful data planes, switches can execute algorithms to process traffic based on local states. This approach permits to offload decisions from the controller to the switches, thus to reduce the latency to react to network events. We consider distributed network applications that process traffic at each switch based on local replicas of network-wide states. Replicating a state across multiple switches poses many challenges, because the number of state replicas and their placement affects both the data traffic and the synchronization traffic among the replicas. In our work, we formulate the optimal placement problem for replicated states, taking into account the data traffic routing, to ensure that the network applications affect the proper traffic flows, and the synchronization traffic between replicas, to ensure state coherence. Due to the high complexity required to find the optimal solution, we propose an approximated algorithm able to scale to large network instances. We show numerically that this algorithm, despite its simplicity, approximates quite well the optimal solution. We also show the beneficial effects of replicating the states with respect to the single-replica scenario, so far considered in the literature. Finally, we provide an asymptotic analysis to find the optimal number of replicas.
△ Less
Submitted 2 March, 2020; v1 submitted 6 December, 2019;
originally announced December 2019.
