Software Defined Networking (SDN) is driving our community toward more flexible and manageable network architectures; this paper explores the design of such an architecture for an Internet Service Provider (ISP). The goal is to enable the ISP to rapidly deploy new customer services without disrupting network operation. The paper argues that the SDN model typically applied to enterprise or datacenter networks (where custom traffic processing happens at a centralized controller) would not serve this goal well. Instead, it proposes that the ISP deploys programmable middleboxes in customer premises; the middlebox dataplane exports a Bro-like application programming interface (API); new customer services take the form of Bro-like scripts that are periodically downloaded to the middleboxes from a centralized ISP location. The authors conclude the paper with a promising proof-of-concept deployment. The reviewers appreciated the concrete proposal that relies on readily available components, as well as the informal testimonies of ISP operators regarding the need for rapid service deployment and the limitations of the centralized-controller model. As a side-note, the paper also provides food for thought regarding ISP interest in SDN and rapid service deployment: 3 out of the 10 example applications used to illustrate the value of the proposal are P2P blocking, content censorship, and P2P traffic shaping. ABSTRACTWith only access billing no longer ensuring profits, an ISP's growth now relies on rolling out new and differentiated services. However, ISPs currently do not have a well-defined architecture for rapid, cost-effective, and scalable dissemination of new services. We present iSDF, a new SDNenabled framework that can meet an ISP's service delivery constraints concerning cost, scalability, deployment flexibility, and operational ease. We show that meeting these constraints necessitates an SDN philosophy for a centralized management plane, a decoupled (from data) control plane, and a programmable data plane at customer premises. We present an ISP service delivery framework (iSDF) that provides ISPs a domain-specific API for network function virtualization by leveraging a programmable middlebox built from commodity home-routers. It also includes an application server to disseminate, configure, and update ISP services. We develop and report results for three diverse ISP applications that demonstrate the practicality and flexibility of iSDF, namely distributed VPN (control plane decisions), pay-per-site (rapid deployment), and BitTorrent blocking (data plane processing).
InKeV is a network virtualization platform based on eBPF, an in-kernel execution engine recently upstreamed into linux kernel. InKeV's key contribution is that it enables in-kernel programmability and configuration of virtualized network functions, allowing to create a distributed virtual network across all edges hosting tenant workloads. Despite high performance demands of production environments, existing virtualization solutions have largely static in-kernel components due to the difficulty of developing and maintaining kernel modules and their years-long feature delivery time. The resulting compromise is either in programmability of network functions that rely on the data plane, such as payload processing, or in performance, due to expensive user-/kernel-space context switching. InKeV addresses these concerns: The use of eBPF allows it to dynamically insert programmable network functions into a running kernel, requiring neither to package a custom-kernel nor to hope for acceptance in mainline kernel. Its novel stitching feature allows to flexibly configure complete virtual networks by creating a graph of network functions inside the kernel. Our evaluation reports on the flexibility of InKeV, and in-kernel implementation benefits such as low-latency and impressive flow creation rate.
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.