good network updates for bad packets
play

Good Network Updates for Bad Packets Arne Ludwig, Matthias Rost, - PowerPoint PPT Presentation

Mar 16, 2023 •227 likes •709 views

Good Network Updates for Bad Packets Arne Ludwig, Matthias Rost, Damien Foucard, Stefan Schmid 1 Updates happen Network updates happen Changing security policies Network updates are challenging Even with global view Potential

  1. Good Network Updates for Bad Packets Arne Ludwig, Matthias Rost, Damien Foucard, Stefan Schmid 1

  2. Updates happen ● Network updates happen – Changing security policies ● Network updates are challenging – Even with global view ● Potential high damage if fail – Security policy violation 2

  3. Example 3

  4. Example 4

  5. Example Waypoint Enforcement (WPE) 5

  6. Example ● Eventual consistency 6

  7. Example Bad packet ✔ Eventual consistency ➢ Transient consistency? 7

  8. Example ✔ Eventual consistency ➢ Transient consistency? 8

  9. Example ✔ Eventual consistency ➢ Transient consistency? 9

  10. Example ✔ Eventual consistency ➢ Transient consistency? 10

  11. Example ✔ Eventual consistency ➢ Transient consistency? 11

  12. Example ✔ Eventual consistency ✗ Transient consistency 12

  13. Outline ● What could possibly go wrong? ● It's not a trivial thing! ● But we present an optimal solution. 13

  14. Model and a Trivial Compression Solid lines = current path 14

  15. Model and a Trivial Compression Solid lines = current path Dashed lines = new path Flow-specific path 15

  16. Model and a Trivial Compression Solid lines = current path Dashed lines = new path Flow-specific path 16

  17. Model and a Trivial Compression Solid lines = current path Dashed lines = new path Flow-specific path Safe to be updated Safe to be left untouched 17

  18. Consistency Properties ● WPE = every packet traverses the waypoint at least once ● LF = loop freedom 18

  19. Update all “simultaneously“? 19

  20. Update all “simultaneously“? Not possible in practice! What could possibly go wrong? 20

  21. Update all “simultaneously“? Not possible in practice! What could possibly go wrong? Update times can vary significantly (up to 10x higher than median [Dionysus – SIGCOMM'14]) 21

  22. Update all “simultaneously“? 22

  23. Update all “simultaneously“? ● Not waypoint enforced! 23

  24. Delay ? 24

  25. Delay ? ● Not loop free! 25

  26. Update possible? 26

  27. Update possible? 27

  28. Update possible? 28

  29. Update possible? ● Consistent transient states! 29

  30. Rounds ● Round = set of parallel updates ● ➔ Minimize number of rounds / communication overhead 30

  31. Greedy Update Fails ● Greedy approach may: See paper! – take up to times more rounds – fail to find solution 31

  32. Greedy Update Fails ● Greedy approach may: See paper! – take up to times more rounds – fail to find solution 32

  33. WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 33

  34. WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 34

  35. WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 35

  36. WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 36

  37. WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 37

  38. WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 3.Remaining switches 38

  39. WPE - Update Algorithm 1.Switches < WP (new), > WP (old) 2.Switches < WP (new), < WP (old) 3.Remaining switches Constant in 3 rounds, but not LF! 39

  40. LF and WPE Conflict 40

  41. LF and WPE Conflict ● violate WPE; violate LF 41

  42. Mixed Integer Program Minimize Rounds LF WPE 42

  43. Mixed Integer Program Optimal solution Mixed Integer Unclassified Program (stopped 600sec) Not solvable (provably) 43

  44. Solvability Analysis ● % of solvable instances? ● % of failed greedy? ● 1k random permutations per size ● Max duration 600 seconds Greedy MIP Unclear No solution 44

  45. Solvability Analysis Greedy MIP Unclear No solution 45

  46. Solvability Analysis Greedy MIP Unclear No solution 46

  47. Solvability Analysis Greedy MIP Unclear No solution 47

  48. Conclusion ● Transient consistency is not easy to guarantee ● LF and WPE might even conflict ● Greedy can fail to find consistent updates Dynamic WPE + LF updates are hard to find! 48

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS3505/5020 Software Practice II Review Network Protocol Updates Project #6 Quiz #2 CS 3505

CS3505/5020 Software Practice II Review Network Protocol Updates Project #6 Quiz #2 CS 3505

CS3505/5020 Software Practice II Review Network Protocol Updates Project #6 Quiz #2 CS 3505 L17 - 1 Blue network design Most problems fixed Frame number added to most packets OWD calculations and latency adjustments refined

586 views • 12 slides
Example Protocol Layers* Exchange a file over a network that corrupts packets Networks

Example Protocol Layers* Exchange a file over a network that corrupts packets Networks

Example Protocol Layers* Exchange a file over a network that corrupts packets Networks are complex! o but doesnt lose or reorder them many pieces: A simple protocol o send file as a series of packets hosts Question:

200 views • 6 slides
the day of Question to send a message containing h Packets I want chambers am using corrupts K

the day of Question to send a message containing h Packets I want chambers am using corrupts K

CS 70 July 9,2020 the day of Question to send a message containing h Packets I want chambers am using corrupts K of the Packets The network I don't know which k Packets are corrupted we is fixed regardless of the length of the K message

538 views • 12 slides
Packets Example Packets Networking Sirindhorn International Institute of Technology Thammasat

Packets Example Packets Networking Sirindhorn International Institute of Technology Thammasat

Networking Packets Terminology Example: IP Packet Size Packets Example Packets Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 September 2013 Common/Reports/packets.tex, r676

668 views • 29 slides
TCP as a Reliable Transport How things can go wrong Lost packets Corrupted packets

TCP as a Reliable Transport How things can go wrong Lost packets Corrupted packets

TCP as a Reliable Transport How things can go wrong Lost packets Corrupted packets Reordered packets Malicious packets Requirements for Reliability Error Detection Receiver Feedback Retransmission Requirements

457 views • 23 slides
Packet Sniffing and Spoofing 1 Shared Networks Every network packet reaches every computer's

Packet Sniffing and Spoofing 1 Shared Networks Every network packet reaches every computer's

Packet Sniffing and Spoofing 1 Shared Networks Every network packet reaches every computer's network Interface card, which then filters packets based on the MAC address. A network packet has multiple concatenated components. 2 How Packets

625 views • 39 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

654 views • 44 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

517 views • 23 slides
Routing Routing is done by the network layer protocol to guide packets through the communication

Routing Routing is done by the network layer protocol to guide packets through the communication

Routing Routing is done by the network layer protocol to guide packets through the communication subnet to their destinations The time when routing decisions are made depends on whether we are using virtual circuits or datagrams connections

664 views • 35 slides
Network Layer (Routing) Where we are in the Course Moving on up to the Network Layer!

Network Layer (Routing) Where we are in the Course Moving on up to the Network Layer!

Network Layer (Routing) Where we are in the Course Moving on up to the Network Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Topics Network service models Datagrams (packets), virtual

757 views • 40 slides
Network Layer Where we are in the Course Moving on up to the Network Layer! Application

Network Layer Where we are in the Course Moving on up to the Network Layer! Application

Network Layer Where we are in the Course Moving on up to the Network Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Topics Network service models Datagrams (packets), virtual circuits

524 views • 28 slides
Network Layer Where we are in the Course Moving on up to the Network Layer! Application

Network Layer Where we are in the Course Moving on up to the Network Layer! Application

Network Layer Where we are in the Course Moving on up to the Network Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Topics Network service models Datagrams (packets), virtual circuits

840 views • 42 slides
Network Coding Network Coding Jie Gao Existing network Existing network Independent data

Network Coding Network Coding Jie Gao Existing network Existing network Independent data

Network Coding Network Coding Jie Gao Existing network Existing network Independent data stream sharing the same network resources Packets over the Internet Signals in a phone network An analog: cars sharing a highway.

1.01k views • 46 slides
Introduction to Security Networking and Packets Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow

Introduction to Security Networking and Packets Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow

Introduction to Security Networking and Packets Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: 1. Dissect packet captures (PCAPs), network traffic 2. Perform network

908 views • 31 slides
Forensic Carving of Network Packets and Associated Data Structures Robert Beverly, Simson

Forensic Carving of Network Packets and Associated Data Structures Robert Beverly, Simson

Forensic Carving of Network Packets and Associated Data Structures Robert Beverly, Simson Garfinkel, Greg Cardwell Naval Postgraduate School {rbeverly,slgarfin,gscardwe}@nps.edu August 2, 2011 DFRWS Conference 2011 R. Beverly, S. Garfinkel,

351 views • 32 slides
Problem: Want to send a message with n packets. Channel: Lossy channel: loses k packets. Question:

Problem: Want to send a message with n packets. Channel: Lossy channel: loses k packets. Question:

Problem: Want to send a message with n packets. Channel: Lossy channel: loses k packets. Question: Can you send n + k packets and recover message? A degree n 1 polynomial determined by any n points! Erasure Coding Scheme: message = m 0 , m 2

314 views • 9 slides
The Quantum Alternating Operator Ansatz on Maximum k-Vertex Cover you joint work with Jeremy

The Quantum Alternating Operator Ansatz on Maximum k-Vertex Cover you joint work with Jeremy

Los Alamos National Laboratory LA-UR-20-28072 The Quantum Alternating Operator Ansatz on Maximum k-Vertex Cover you joint work with Jeremy Cook and Stephan Eidenbenz Andreas Brtschi nt CCS-3 Information Sciences baertschi@lanl.gov wo

777 views • 19 slides
Lattice Agreement in Message Passing Systems Xiong Zheng, Changyong Hu, and Vijay Garg Parallel

Lattice Agreement in Message Passing Systems Xiong Zheng, Changyong Hu, and Vijay Garg Parallel

Lattice Agreement in Message Passing Systems Xiong Zheng, Changyong Hu, and Vijay Garg Parallel and Distributed Systems Lab, Department of Electrical and Computer Engineering, The University of Texas at Austin, Austin, TX 78712 PDSL, UT Austin

413 views • 18 slides
A Practical Attack on KeeLoq Sebastiaan Indesteege 1 Nathan Keller 2 Orr Dunkelman 1 Eli Biham 3

A Practical Attack on KeeLoq Sebastiaan Indesteege 1 Nathan Keller 2 Orr Dunkelman 1 Eli Biham 3

Introduction Our Attacks Practice Conclusions A Practical Attack on KeeLoq Sebastiaan Indesteege 1 Nathan Keller 2 Orr Dunkelman 1 Eli Biham 3 Bart Preneel 1 1 Dept. ESAT/SCD-COSIC, K.U.Leuven, Belgium. 2 Einstein Institute of Mathematics,

806 views • 38 slides
TEMPEST Attacks Against AES Covertly stealing keys for $200 Craig Ramsay &amp; Jasper Lohuis

TEMPEST Attacks Against AES Covertly stealing keys for $200 Craig Ramsay &amp; Jasper Lohuis

TEMPEST Attacks Against AES Covertly stealing keys for $200 Craig Ramsay &amp; Jasper Lohuis September 22, 2017 Introduction Your code just pushes electrons around. 0010101 10 10101010010101 Pushing electrons will make magnetic fjelds.

1.3k views • 111 slides
libNeuroML - NeuroML meets Python Mike Vella Department of Physiology, Development and

libNeuroML - NeuroML meets Python Mike Vella Department of Physiology, Development and

libNeuroML - NeuroML meets Python Mike Vella Department of Physiology, Development and Neuroscience, University of Cambridge, Cambridge, UK NeuroML What is NeuroML and why should I care? NeuroML: An XML-based Model description language that

256 views • 8 slides
CS 330 - Artificial Intelligence - Introduction Instructor: Renzhi Cao Computer Science

CS 330 - Artificial Intelligence - Introduction Instructor: Renzhi Cao Computer Science

1 CS 330 - Artificial Intelligence - Introduction Instructor: Renzhi Cao Computer Science Department Pacific Lutheran University Fall 2019 About me Renzhi Cao Data Science Machine learning Bioinformatics Office: MCLT

1.08k views • 78 slides
Pacing/Teacher's Notes Investigation #3: Comparing DNA Click on the topic to go to that section

Pacing/Teacher's Notes Investigation #3: Comparing DNA Click on the topic to go to that section

Slide 1 / 32 Slide 2 / 32 New Jersey Center for Teaching and Learning AP BIOLOGY Progressive Science Initiative This material is made freely available at www.njctl.org and is intended for the non-commercial use of Investigation #3 students

333 views • 6 slides
Producing Policy-Relevant Scientific Knowledge via (Multiple) Environmental Models: Challenges

Producing Policy-Relevant Scientific Knowledge via (Multiple) Environmental Models: Challenges

Producing Policy-Relevant Scientific Knowledge via (Multiple) Environmental Models: Challenges and Opportunities Christine Keiner, Ph.D. Associate Professor, STS/Public Policy Department Rochester Institute of Technology Modeling

275 views • 12 slides

More recommend