SNAP: Stateful Network-Wide Abstractions for Packet Processing
|
|
- Linda Clarke
- 5 years ago
- Views:
Transcription
1 SNAP: Stateful Network-Wide Abstractions for Packet Processing Mina Tahmasbi Arashloo1, Yaron Koral1, Michael Greenberg2, Jennifer Rexford1, and David Walker1 1 Princeton University, 2 Pomona College
2 Early SDN Switch Interfaces Manipulate packet forwarding rules Read predefined set of counters 2
3 Programmable Switch Interfaces P4, OpenState, Open vswitch, Programmable state (e.g. indexed arrays) Basic arithmetic operations 3
4 SNAP: Stateful Network Wide Programming Language One big stateful switch 4
5 SNAP Contributions Modular Stateful Language One Big Stateful Switch Placement + Routing 5
6 Talk Outline Language through example Compiler Implementation Evaluation Related Work & Conclusion 6
7 Language through example Compiler Implementation Evaluation Related Work & Conclusion 7
8 Example - DNS Reflection Attacks Spoofed DNS Requests DNS Resolvers Attacker Botnet Victim DNS Responses 8
9 Detecting DNS Reflection Attacks 1. Log DNS requests 2. Match Log responses requests Bohatei: flexible and elastic DDoSdefense, Fayaz et.al., USENIX SECURITY Check unmatched count 9
10 DNS Reflection Detection in SNAP Seen: Keep track of DNS requests by client and DNS identifier Unmatched: Count DNS responses that don t match prior requests Susp: Suspected victims receive many unmatched responses 10
11 OBSS Forwarding in SNAP ISP1 ISP2 CS EE 11
12 Single Network Policy DNS Reflection Detection Forwarding ; 12
13 SNAP Applications 13
14 Single Network Policy 14
15 Language through example Compiler Implementation Evaluation Related Work & Conclusion 15
16 SNAP Compiler Where to place state variables How to forward packets through them 16
17 Routing + Placement Jointly Topology Traffic Matrix MILP State Dependency Packet- State Map Minimize congestion Routing Paths State Placement 17
18 Intermediate Representation (IR) Maintain all programs in a single data structure Composable and easily partitioned IR Distribute the program to switches 18
19 xfdds: Extended Forwarding Decision Diagrams Intermediate node: test on header fields and state Leaf: set of action sequences Three kinds of tests field = value field1 = field2 state_var[idx] = val dstip = srcip = dstip s[srcip] = 2 {s[dstip] 2} {drop} True-Solid line False-Dashed 19
20 xfdd for DNS Reflection Detection Maintain all programs in a single data structure 20
21 xfdd for DNS Reflection Detection Fixes the order in which programs access state. We could distribute the programs by placing cuts 21
22 Partitioning to Sub-Programs Distribute the program to switches CS 22
23 Partitioning to Sub-Programs Distribute the program to switches CS 23
24 Putting It All Together ISP1 ISP2 CS EE 24
25 Putting It All Together ISP1 ISP2 4 CS EE 25
26 Putting It All Together ISP1 ISP2 4 CS EE 26
27 Putting It All Together ISP1 ISP2 4 CS EE 27
28 Language through example Compiler Implementation Evaluation Related Work & Conclusion 28
29 SNAP Implementation Compiler written in Python MILP solver: Gurobi Optimizer Resulting switch code NetASM (language + software switch) M. Shahbaz and N. Feamster. The case for an intermediate representation for programmable data planes. SOSR
30 Talk Outline Language through example Compiler Implementation Evaluation Related Work & Conclusion 30
31 Compiler Evaluation 7 campus and ISP topologies Order of 100s of switches and links Scenarios Cold start (freq. weeks) Policy change (freq. days) Topology/TM change (freq. minutes) 31
32 Compiler Evaluation - Results 5s-1m 0.5m-2m 1m-6m Planned in advance 32
33 Talk Outline Language through example Compiler Implementation Evaluation Related Work & Conclusion 33
34 Related Work Stateful languages Switch level mechanisms Optimizing placement & routing 34
35 Conclusion - SNAP A new modular stateful SDN programming language with: One-big switch programming model Persistent global arrays Compiler implements algorithms that: Jointly optimize routing and state placement Use efficient IR based on FDDs Evaluated about 20 applications 35
States on a (Data) Plane. Jennifer Rexford
States on a (Data) Plane Jennifer Rexford Traditional data planes are stateless 1 Software Defined Networks (SDN) Program your network from a logically central point! 2 OpenFlow Rule Tables Prio match
More informationSNAP: Stateful Network-Wide Abstractions for Packet Processing. Collaboration of Princeton University & Pomona College
SNAP: Stateful Network-Wide Abstractions for Packet Processing Collaboration of Princeton University & Pomona College Brief Overview: Motivation Introduction to SNAP/Example(s) of SNAP SNAP Syntax Overview
More informationCompiling Path Queries
Compiling Path Queries Princeton University Srinivas Narayana Mina Tahmasbi Jen Rexford David Walker Management = Measure + Control Network Controller Measure Control Software-Defined Networking (SDN)
More informationBringing SDN to the Internet, one exchange point at the time
Bringing SDN to the Internet, one exchange point at the time Joint work with: Arpit Gupta, Muhammad Shahbaz, Sean P. Donovan, Russ Clark, Brandon Schlinker, E. Katz-Bassett, Nick Feamster, Jennifer Rexford
More informationLanguages for Software-Defined Networks
Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich, Mark Reitblatt, Jennifer Rexford, Cole Schlesinger,
More informationComposing Software-Defined Networks
Composing Software-Defined Networks Chris Monsanto*, Joshua Reich* Nate Foster^, Jen Rexford*, David Walker* www.frenetic- lang.org/pyretic Princeton* Cornell^ Software Defined Networks (SDN) Enable network
More informationBuilding Efficient and Reliable Software-Defined Networks. Naga Katta
FPO Talk Building Efficient and Reliable Software-Defined Networks Naga Katta Jennifer Rexford (Advisor) Readers: Mike Freedman, David Walker Examiners: Nick Feamster, Aarti Gupta 1 Traditional Networking
More informationProfessor Yashar Ganjali Department of Computer Science University of Toronto
Professor Yashar Ganjali Department of Computer Science University of Toronto yganjali@cs.toronto.edu http://www.cs.toronto.edu/~yganjali Some slides courtesy of J. Rexford (Princeton), N. Foster (Cornell)
More informationNetwork Programming Languages. Nate Foster
Network Programming Languages Nate Foster We are at the start of a revolution! Network architectures are being opened up giving programmers the freedom to tailor their behavior to suit applications!
More informationAdvanced Computer Networks. Network Virtualization
Advanced Computer Networks 263 3501 00 Network Virtualization Patrick Stuedi Spring Semester 2014 1 Oriana Riva, Department of Computer Science ETH Zürich Outline Last week: Portland VL2 Today Network
More informationNext Week. Network Security (and related topics) Project 3 Q/A. Agenda. My definition of network security. Network Security.
Next Week No sections Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other
More informationNetwork Security (and related topics)
Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton
More informationCS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013
CS 5114 Network Programming Languages Data Plane http://www.flickr.com/photos/rofi/2097239111/ Nate Foster Cornell University Spring 2013 Based on lecture notes by Jennifer Rexford and Michael Freedman
More informationTemporal NetKAT. Ryan Beckett Michael Greenberg*, David Walker. Pomona College* Princeton University
Temporal NetKAT Ryan Beckett Michael Greenberg*, David Walker Princeton University Pomona College* Software-Defined Networking Controller Software-Defined Networking Controller Match Action dst=1.2.3.4
More informationHY436: Modular Network Programming with Pyretic
HY436: Modular Network Programming with Pyretic Xenofontas Dimitropoulos 27/10/2014 Credits: Slides modified from Joshua Reich s (Princeton) NSDI 13 talk on Composing Software Defined Networks Running
More informationCoVisor: A Composi,onal Hypervisor for So6ware- Defined Networks
CoVisor: A Composi,onal Hypervisor for So6ware- Defined Networks Xin Jin Jennifer Gossels, Jennifer Rexford, David Walker 1 So6ware- Defined Networking Centralized control with open APIs OpenFlow Applica,on
More informationThe Road to SDN: An Intellectual History of Programmable Networks Network Virtualization and Data Center Networks SDN - Introduction
The Road to SDN: An Intellectual History of Programmable Networks Network Virtualization and Data Center Networks 263-3825-00 SDN - Introduction Qin Yin Fall Semester 2013 1 2 Data, Control, and Planes
More informationSDX: A Software Defined Internet Exchange
SDX: A Software Defined Internet Exchange @SIGCOMM 2014 Laurent Vanbever Princeton University FGRE Workshop (Ghent, iminds) July, 8 2014 The Internet is a network of networks, referred to as Autonomous
More informationState Replication for Programmable Stateful Data Planes in SDN
State Replication for Programmable Stateful Data Planes in SDN Paolo Giaccone Giuseppe Bianchi, Andrea Bianco, Marco Bonola, Abubakar Muqaddas, Janvi Palan, German Sviridov, Angelo Tulumello Workshop on
More informationAutomatic Test Packet Generation
Automatic Test Packet Generation Hongyi Zeng, Peyman Kazemian, Nick McKeown University, Stanford, CA, USA George Varghese UCSD, La Jolla Microsoft Research, Mountain View, CA, USA https://github.com/eastzone/atpg/wiki
More informationIQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.
IQ for DNA Interactive Query for Dynamic Network Analytics Haoyu Song www.huawei.com Motivation Service Provider s pain point Lack of real-time and full visibility of networks, so the network monitoring
More informationLecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 14 SDN and NFV Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Traditional network vs SDN TRADITIONAL Closed equipment Software + hardware Cost Vendor-specific management.
More informationSDN-enabled Internet Exchange Point
SDN-enabled Internet Exchange Point Muhammad Shahbaz Georgia Tech Internet2 Innovation Award Joint collaboration with: Arpit Gupta, Laurent Vanbever, Hyojoon Kim, Sean Donovan, Russ Clark, Nick Feamster,
More informationRob Sherwood Bobby Bhattacharjee Ryan Braud. University of Maryland. Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.
Rob Sherwood Bobby Bhattacharjee Ryan Braud University of Maryland UCSD Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.1 Sender Receiver Sender transmits packet 1:1461 Time Misbehaving
More informationData Plane Verification and Anteater
Data Plane Verification and Anteater Brighten Godfrey University of Illinois Work with Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, and Sam King Summer School on Formal Methods and Networks
More informationProgrammable NICs. Lecture 14, Computer Networks (198:552)
Programmable NICs Lecture 14, Computer Networks (198:552) Network Interface Cards (NICs) The physical interface between a machine and the wire Life of a transmitted packet Userspace application NIC Transport
More informationProgrammable Software Switches. Lecture 11, Computer Networks (198:552)
Programmable Software Switches Lecture 11, Computer Networks (198:552) Software-Defined Network (SDN) Centralized control plane Data plane Data plane Data plane Data plane Why software switching? Early
More informationSDN SEMINAR 2017 ARCHITECTING A CONTROL PLANE
SDN SEMINAR 2017 ARCHITECTING A CONTROL PLANE NETWORKS ` 2 COMPUTER NETWORKS 3 COMPUTER NETWORKS EVOLUTION Applications evolve become heterogeneous increase in traffic volume change dynamically traffic
More informationthe Presence of Adversaries Sharon Goldberg David Xiao, Eran Tromer, Boaz Barak, Jennifer Rexford
Internet Path-Quality Monitoring in the Presence of Adversaries Sharon Goldberg David Xiao, Eran Tromer, Boaz Barak, Jennifer Rexford Princeton University Penn State University CS Seminar November 29,
More informationProfessor Yashar Ganjali Department of Computer Science University of Toronto.
Professor Yashar Ganjali Department of Computer Science University of Toronto yganjali@cs.toronto.edu http://www.cs.toronto.edu/~yganjali Today Outline What this course is about Logistics Course structure,
More informationAutomated Synthesis of NFV Topology: A Security Requirement-Oriented Design
Automated Synthesis of NFV Topology: A Security Requirement-Oriented Design A H M Jakaria, Mohammad Ashiqur Rahman, and Carol J Fung Department of Computer Science, Tennessee Tech University, Cookeville,
More informationMultidimensional Aggregation for DNS monitoring
Multidimensional Aggregation for DNS monitoring Jérôme François, Lautaro Dolberg, Thomas Engel jerome.francois@inria.fr 03/11/15 2 1 Motivation 2 Aggregation 3 MAM 4 DNS applications 5 DNS monitoring 6
More informationFrenetic: Functional Reactive Programming for Networks
Frenetic: Functional Reactive Programming for Networks Nate Foster (Cornell) Mike Freedman (Princeton) Rob Harrison (Princeton) Matthew Meola (Princeton) Jennifer Rexford (Princeton) David Walker (Princeton)
More informationSoftware Defined Networking
Software Defined Networking Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 http://www.cs.princeton.edu/courses/archive/spr12/cos461/ The Internet: A Remarkable
More informationNetwork Verification Solvers, Symmetries, Surgeries. Nikolaj Bjørner
Network Verification Solvers, Symmetries, Surgeries Nikolaj Bjørner NetPL, August, 2016 Networking needs: Configuration Sanity/Synthesis, Programming, Provisioning Network Design Automation Z3 Z3 advances:
More informationOn the Practical Applicability of SDN Research
On the Practical Applicability of SDN Research Roberto di Lallo Gabriele Lospoto Massimo Rimondini Mirko Gradillo Claudio Pisa IEEE/IFIP Network Operations and Management Symposium Istanbul Turkey 25/29
More informationDYNAMIC CONTROL OF SOFTWARE-DEFINED NETWORKS XIN JIN A DISSERTATION PRESENTED TO THE FACULTY RECOMMENDED FOR ACCEPTANCE COMPUTER SCIENCE
DYNAMIC CONTROL OF SOFTWARE-DEFINED NETWORKS XIN JIN A DISSERTATION PRESENTED TO THE FACULTY OF PRINCETON UNIVERSITY IN CANDIDACY FOR THE DEGREE OF DOCTOR OF PHILOSOPHY RECOMMENDED FOR ACCEPTANCE BY THE
More informationAdvanced Topics in Routing
Advanced Topics in Routing EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton and UC
More informationDebugging the Data Plane with Anteater
Debugging the Data Plane with Anteater Haohui Mai, Ahmed Khurshid Rachit Agarwal, Matthew Caesar P. Brighten Godfrey, Samuel T. King University of Illinois at Urbana-Champaign Network debugging is challenging
More informationDDoS Defense by Offense
DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, SIGCOMM 06 Presented by Nikki Benecke, Nov. 7 th, 2006, for CS577 DDoS: Defense by Offense
More informationSOFTWARE DEFINED NETWORKS. Jonathan Chu Muhammad Salman Malik
SOFTWARE DEFINED NETWORKS Jonathan Chu Muhammad Salman Malik Credits Material Derived from: Rob Sherwood, Saurav Das, Yiannis Yiakoumis AT&T Tech Talks October 2010 (available at:www.openflow.org/wk/images/1/17/openflow_in_spnetworks.ppt)
More informationA Flow Aggregation Method Based on End-to-End Delay in SDN
A Flow Aggregation Method Based on End-to-End Delay in SDN Takuya Kosugiyama, Kazuki Tanabe, Hiroki Nakayama, Tsunemasa Hayashi and Katsunori Yamaoka Tokyo Institute of Technology, Japan Bosco Technologies
More informationOutline. Motivation. Our System. Conclusion
Outline Motivation Our System Evaluation Conclusion 1 Botnet A botnet is a collection of bots controlled by a botmaster via a command and control (C&C) channel Centralized C&C, P2P-based C&C Botnets serve
More informationSoftware-Defined Networking:
Software-Defined Networking: OpenFlow and Frenetic Mohamed Ismail Background Problem: Programming Networks is Hard 3/39 Network Stack Pros Key to the success of the Internet Layers and layers of abstraction
More informationOptimizing the One Big Switch Abstraction in Software-Defined Networks
Optimizing the One Big Switch Abstraction in Software-Defined Networks Nanxi Kang, Zhenming Liu, Jennifer Rexford, and David Walker Computer Science Department, Princeton University ABSTRACT Software Defined
More informationOTSDN What is it? Does it help?
OTSDN What is it? Does it help? Dennis Gammel Schweitzer Engineering Laboratories, Inc. Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security cred-c.org Important Aspects
More informationIncremental Update for a Compositional SDN Hypervisor
Incremental Update for a Compositional SDN Hypervisor Xin Jin Princeton University xinjin@cs.princeton.edu Jennifer Rexford Princeton University jrex@cs.princeton.edu David Walker Princeton University
More informationCommunication Networks
Communication Networks Prof. Laurent Vanbever Solution: Exercises week 15 E-mail and recap E-mail Answer the following questions about e-mail with True or False and justify your choice. a) SMTP and IMAP
More informationCoVisor: A Compositional Hypervisor for Software-Defined Networks
CoVisor: A Compositional Hypervisor for Software-Defined Networks Xin Jin, Jennifer Gossels, Jennifer Rexford, and David Walker, Princeton University https://www.usenix.org/conference/nsdi5/technical-sessions/presentation/jin
More informationCS 498 Cloud Networking
Syllabus subject to change CS 498 Cloud Networking Course Description Computer communication networks are among the most important and influential global infrastructures that humanity has created. The
More informationTransport and TCP. EE122 Fall 2011 Scott Shenker
Transport and TCP EE122 Fall 2011 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton and UC Berkeley
More informationCS 5114 Network Programming Languages Control Plane. Nate Foster Cornell University Spring 2013
CS 5 Network Programming Languages Control Plane http://www.flickr.com/photos/rofi/0979/ Nate Foster Cornell University Spring 0 Based on lecture notes by Jennifer Rexford and Michael Freedman Announcements
More informationA configuration-only approach to shrinking FIBs. Prof Paul Francis (Cornell)
A configuration-only approach to shrinking FIBs Prof Paul Francis (Cornell) 1 Virtual Aggregation An approach to shrinking FIBs (and RIBs) In routers, not in route reflectors Works with legacy routers
More informationSoftware Defined Networking
Software Defined Networking 1 2 Software Defined Networking Middlebox Switch Controller Switch Switch Server Server Server Server Standardization: switches support a vendor-agnostic, open API Off-device
More informationTheComponentsthatcanBuildFlexibleEfficientSoftwareDefinedNetwork
Global Journal of Computer Science and Technology: E Network, Web & Security Volume 17 Issue 1 Version 1.0 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals Inc.
More informationTraceback Attacks in Cloud Pebbletrace Botnet nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee
Traceback Attacks in Cloud Pebbletrace Botnet 2012 32nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee Outline Introduction Key Identification Botnet attack in
More informationProgrammable Packet Processing With
The Promise of Programmable Packet Processing With Aaron A. Glenn internetworking curmudgeon The First Router 1. Many features to make the IMPs run reliably and with minimal on-site assistance and with
More informationPrevent DoS using IP source address spoofing
Prevent DoS using IP source address spoofing MATSUZAKI maz Yoshinobu 06-Sep-2006 Copyright (C) 2006 Internet Initiative Japan Inc. 1 ip spoofing creation of IP packets with source addresses
More informationRelease Date: October 27, 2017
Introduction Release Date: October 27, 2017 This release note summarizes the new features, general enhancements, resolved issues and known limitations for ArrayOS APV 8.6.1.37. Contacting Customer Support
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationP4 Workshop Welcome. Nate Foster Cornell University
P4 Workshop Welcome Nate Foster Cornell University State of P4 "Our whole networking industry stands to benefit from a language like P4 that unambiguously specifies forwarding behavior, with dividends
More informationCOCONUT: Seamless Scale-out of Network Elements
COCONUT: Seamless Scale-out of Network Elements Soudeh Ghorbani P. Brighten Godfrey University of Illinois at Urbana-Champaign Simple abstractions Firewall Loadbalancer Router Network operating system
More informationVFence: A Defense against Distributed Denial of Service Attacks using Network Function Virtualization
2016 IEEE 40th Annual Computer Software and Applications Conference VFence: A Defense against Distributed Denial of Service Attacks using Network Function Virtualization A H M Jakaria, Wei Yang, Bahman
More informationAnnouncements. Designing IP. Our Story So Far (Context) Goals of Today s Lecture. Our Story So Far (Context), Con t. The Internet Hourglass
Announcements Designing IP EE 122: Intro to Communication Networks Fall 200 (MW -:30 in Donner 1) Homework #2 out Wednesday rather than today And due Oct 11 instead of Oct We will likely shift the remaining
More informationProgress Report 1. Group RP16. All work done by Ivan Gromov and Andrew McConnell
Progress Report 1 Group RP16 All work done by Ivan Gromov and Andrew McConnell Steps completed: Task Mode Task Name Duration Start Finish Predecessor s Resource Names Manually Schedule d First Lab research
More informationA Hypothesis Testing Framework for Network Security
A Hypothesis Testing Framework for Network Security P. Brighten Godfrey University of Illinois at Urbana-Champaign TSS Seminar, September 15, 2015 Part of the SoS Lablet with David Nicol Kevin Jin Matthew
More informationEE/CSCI 451: Parallel and Distributed Computation
EE/CSCI 451: Parallel and Distributed Computation Lecture #8 2/7/2017 Xuehai Qian Xuehai.qian@usc.edu http://alchem.usc.edu/portal/xuehaiq.html University of Southern California 1 Outline From last class
More informationComputer Networks. Sándor Laki ELTE-Ericsson Communication Networks Laboratory
Computer Networks Sándor Laki ELTE-Ericsson Communication Networks Laboratory ELTE FI Department Of Information Systems lakis@elte.hu http://lakis.web.elte.hu Based on the slides of Laurent Vanbever. Further
More informationDetecting malware even when it is encrypted
Detecting malware even when it is encrypted Machine Learning for network HTTPS analysis František Střasák strasfra@fel.cvut.cz @FrenkyStrasak Sebastian Garcia sebastian.garcia@agents.fel.cvut.cz @eldracote
More informationPOMP: Protocol Oblivious SDN Programming with Automatic Multi-Table Pipelining
POMP: Protocol Oblivious SDN Programming with Automatic Multi-Table Pipelining Chunhui He School of Computer Science and Technology University of Science and Technology of China hchunhui@mail.ustc.edu.cn
More informationFOUNDATIONS OF INTENT- BASED NETWORKING
FOUNDATIONS OF INTENT- BASED NETWORKING Loris D Antoni Aditya Akella Aaron Gember Jacobson Network Policies Enterprise Network Cloud Network Enterprise Network 2 3 Tenant Network Policies Enterprise Network
More informationStratum Filtering for DDoS Resilient Clouds
Stratum Filtering for DDoS Resilient Clouds Michael Waidner Joint work with Amir Herzberg and Haya Shulman A CRISP Member 8rd ACM Cloud Computing Security Workshop Vienna,
More informationFrancisco Amato evilgrade, "You have pending upgrades..."
Francisco Amato evilgrade, "You have pending upgrades..." Introduction Topics Client side explotation Update process Poor implementation of update processes Attack vectors evilgrade framework presentation
More informationApplication of SDN: Load Balancing & Traffic Engineering
Application of SDN: Load Balancing & Traffic Engineering Outline 1 OpenFlow-Based Server Load Balancing Gone Wild Introduction OpenFlow Solution Partitioning the Client Traffic Transitioning With Connection
More informationDetecting Behavior Propagation in BGP Trace Data Brian J. Premore Michael Liljenstam David Nicol
Detecting Behavior Propagation in BGP Trace Data Brian J. Premore Michael Liljenstam David Nicol Institute for Security Technology Studies, Dartmouth College 1 Motivation Is there a causal connection between
More informationBit Index Explicit Replication (BIER) Multicasting in Transport Networks
Bit Index Explicit Replication (BIER) Multicasting in Transport Networks A. Giorgetti(1), A. Sgambelluri(1), F. Paolucci(1), N. Sambo(1), P. Castoldi(1), F. Cugini(2) (1) Scuola Superiore Sant Anna, Pisa,
More informationRavana: Controller Fault-Tolerance in SDN
Ravana: Controller Fault-Tolerance in SDN Software Defined Networking: The Data Centre Perspective Seminar Michel Kaporin (Mišels Kaporins) Michel Kaporin 13.05.2016 1 Agenda Introduction Controller Failures
More informationPractical Network-wide Packet Behavior Identification by AP Classifier
Practical Network-wide Packet Behavior Identification by AP Classifier NETWORK-WIDE PACKET BEHAVIOR IDENTIFICATION o An control plane application identifying forwarding behaviors of packets in a flow:
More informationA quick guide to the Internet. David Clark 6.978J/ESD.68J Lecture 1 V1.0 Spring 2006
A quick guide to the Internet David Clark 6.978J/ESD.68J Lecture 1 V1.0 Spring 2006 Why should you care? People say: Why doesn t the Internet Protect me from spam. Control porn Keep terrorists from plotting
More informationCSE 123A Computer Networks
CSE 123A Computer Networks Winter 2005 Lecture 6: Data-Link III: Hubs, Bridges and Switches Some portions courtesy Srini Seshan or David Wetherall Last Time How do multiple hosts share a single channel?
More informationSDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich
SDN-based Network Obfuscation Roland Meier PhD Student ETH Zürich This Talk This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Hi Bob, Hi Bob, Payload encryption ǾǼōĦ
More informationTable of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1
Table of Contents 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1 i 1 Intrusion Detection Statistics Overview Intrusion detection is an important network
More informationLecture 17: Network Layer Addressing, Control Plane, and Routing
Lecture 17: Network Layer Addressing, Control Plane, and Routing COMP 332, Spring 2018 Victoria Manfredi Acknowledgements: materials adapted from Computer Networking: A Top Down Approach 7 th edition:
More informationCAuth Protecting DNS application from spoofing attacks
IJCSNS International Journal of Computer Science and Network Security, VOL.16 No.6, June 2016 125 CAuth Protecting DNS application from spoofing attacks NM SAHRI and Koji OKAMURA Summary UDP-based DNS
More informationSoftware-Defined Networking. Daphné Tuncer Department of Computing Imperial College London (UK)
Software-Defined Networking Daphné Tuncer Department of Computing Imperial College London (UK) dtuncer@ic.ac.uk 25/10/2018 Agenda Part I: Principles of Software-Defined Networking (SDN) 1. Why a lecture
More informationIntroduction to Security. Computer Networks Term A15
Introduction to Security Computer Networks Term A15 Intro to Security Outline Network Security Malware Spyware, viruses, worms and trojan horses, botnets Denial of Service and Distributed DOS Attacks Packet
More informationSENSS Against Volumetric DDoS Attacks
SENSS Against Volumetric DDoS Attacks Sivaram Ramanathan 1, Jelena Mirkovic 1, Minlan Yu 2 and Ying Zhang 3 1 University of Southern California/Information Sciences Institute 2 Harvard University 3 Facebook
More informationAchieving Efficient Bandwidth Utilization in Wide-Area Networks While Minimizing State Changes
1 Achieving Efficient Bandwidth Utilization in Wide-Area Networks While Minimizing State Changes 2 WAN Traffic Engineering Maintaining private WAN infrastructure is expensive Must balance latency-sensitive
More informationCSE 3214: Computer Network Protocols and Applications. Midterm Examination
Department of Computer Science and Engineering CSE 3214: Computer Network Protocols and Applications Midterm Examination Instructions: Instructor: Peter Lian Date: February 14, 2013 1. Examination time:
More informationThinking Architecturally (80 Minutes Inside Scott s Head)
Thinking Architecturally (80 Minutes Inside Scott s Head) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other
More informationExtensible Network Security Services on Software Programmable Router OS. David Yau, Prem Gopalan, Seung Chul Han, Feng Liang
Extensible Network Security Services on Software Programmable Router OS David Yau, Prem Gopalan, Seung Chul Han, Feng Liang System Software and Architecture Lab Department of Computer Sciences Purdue University
More informationSome portions courtesy Srini Seshan or David Wetherall
CSE 123 Computer Networks Fall 2009 Lecture 6: Data-Link III: Hubs, Bridges and Switches Some portions courtesy Srini Seshan or David Wetherall Misc Homework solutions have been posted I ll post a sample
More informationNetworking Acronym Smorgasbord: , DVMRP, CBT, WFQ
Networking Acronym Smorgasbord: 802.11, DVMRP, CBT, WFQ EE122 Fall 2011 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other
More information2020: Time to Shutdown DDoS?
2020: Time to Shutdown DDoS? Stefano Vissicchio University College London @ Cosener s July 6th, 2018 2020: Time to Shutdown DDoS? Stefano Vissicchio NOT a security expert @ Cosener s July 6th, 2018 Isn
More informationCSCI-1680 Network Layer:
CSCI-1680 Network Layer: Wrapup Rodrigo Fonseca Based partly on lecture notes by Jennifer Rexford, Rob Sherwood, David Mazières, Phil Levis, John JannoA Administrivia Homework 2 is due tomorrow So we can
More informationNetwork Wide Policy Enforcement. Michael K. Reiter (joint work with V. Sekar, R. Krishnaswamy, A. Gupta)
Network Wide Policy Enforcement Michael K. Reiter (joint work with V. Sekar, R. Krishnaswamy, A. Gupta) 1 Enforcing Policy in Future Networks MF vision includes enforcement of rich policies in the network
More informationEnhanced Malware Monitor in SDN using Kinetic Controller
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727 PP 46-52 www.iosrjournals.org Enhanced Malware Monitor in SDN using Kinetic Controller Jiphi T S, Simi Krishna K R Department
More informationSoftware-Defined Networking (Continued)
Software-Defined Networking (Continued) CS640, 2015-04-23 Announcements Assign #5 released due Thursday, May 7 at 11pm Outline Recap SDN Stack Layer 2 Learning Switch Control Application Design Considerations
More informationScalable Enterprise Networks with Inexpensive Switches
Scalable Enterprise Networks with Inexpensive Switches Minlan Yu minlanyu@cs.princeton.edu Princeton University Joint work with Alex Fabrikant, Mike Freedman, Jennifer Rexford and Jia Wang 1 Enterprises
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ISSN: 2229-6948 (ONLINE) ICTACT JOURNAL OF COMMUNICATION TECHNOLOGY, JUNE 2010, VOLUME: 01, ISSUE: 02 DOI: 10.21917/ijct.2010.0013 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING
More information