Software Defined Networking envisions smart centralized controllers governing the forwarding behavior of dumb low-cost switches. But are "dumb" switches an actual strategic choice, or (at least to some extent) are they a consequence of the lack of viable alternatives to OpenFlow as programmatic data plane forwarding interface? Indeed, some level of (programmable) control logic in the switches might be beneficial to offload logically centralized controllers (de facto complex distributed systems) from decisions
just
based on local states (versus network-wide knowledge), which could be handled at wire speed
inside
the device itself. Also, it would reduce the amount of flow processing tasks currently delegated to specialized middleboxes. The underlying challenge is: can we devise a
stateful
data plane programming abstraction (versus the stateless OpenFlow match/action table) which still entails high performance and remains consistent with the vendors' preference for closed platforms? We posit that a promising answer revolves around the usage of extended finite state machines, as an extension (super-set) of the OpenFlow match/action abstraction. We concretely turn our proposed abstraction into an actual table-based API, and, perhaps surprisingly, we show how it can be supported by (mostly) reusing core primitives already implemented in OpenFlow devices.
The fast evolving nature of modern cyber threats and network monitoring as well as the increasing interest in virtualization approaches for more complex network middlebox functionalities call for new, "software-defined", solutions to virtualize and simplify the programming and deployment of online (stream-based) traffic analysis functions. StreaMon is based on a data-plane abstraction devised to scalably decouple the "programming logic" of a traffic analysis application (tracked states, features, anomaly conditions, etc.) from elementary primitives (counting and metering, matching, events generation, etc), efficiently pre-implemented in the probes, and used as common instruction set for supporting the desired logic. The proposed SDN approach entails platformindependent, portable, multi-tenant online traffic analysis tasks written in a high level language and enables system users to completely virtualize network monitoring functionalities, isolate aggregated traffic flows and run multiple independent applications on a single software instance of the StreaMon platform. We validate our design by developing a prototype and a set of simple (but functionally demanding) use-case applications and by testing them over real traffic traces.
Abstract-In this paper we describe an application level Mobility Management mechanism for IP networks, called UPMT (Universal Per-Application Mobility management using Tunnels). The mechanism is able to provide Vertical Handovers over heterogeneous IP based access networks on a per-application basis, i.e. it is possible to independently route different applications over different access networks and take separate handover decisions for each application. UPMT is able to support legacy applications, does not require any support from the access networks nor any change to the TCP/IP stacks in the Mobile Hosts (MH), is able to run on NATed access networks that provide private IP addresses to MH and is fully transparent to Correspondent Hosts. UPMT relies on tunneling the IP packets from the MH to an Anchor Node on IP/UDP tunnels. UPMT provide the MH and the applications with a "virtual" NAT service across many different physical access network. The paper provide the specification of the tunneling architecture and of the mobility management signaling, based on SIP protocol. The Open Source implementation of UPMT for Linux OS is ongoing and its status is presented.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.