hierarchical policies for software defined networks
play

Hierarchical Policies for Software Defined Networks Andrew - PowerPoint PPT Presentation

Jan 24, 2023 •123 likes •1.03k views

Hierarchical Policies for Software Defined Networks Andrew Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi 1 Particpatory Networking 2 3 4 5 TCP Nice: A Mechanism for Background Transfers Arun Venkataramani

  1. Hierarchical Policies for Software Defined Networks Andrew Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi 1

  2. Particpatory Networking 2

  3. 3

  4. 4

  5. 5

  6. TCP Nice: A Mechanism for Background Transfers Arun Venkataramani Ravi Kokku Mike Dahlin Laboratory of Advanced Systems Research Department of Computer Sciences University of Texas at Austin, Austin, TX 78712 arun, rkoku, dahlin @cs.utexas.edu Abstract bandwidth consumption and possibly disk space for im- proved service latency [15, 18, 26, 32, 38, 50], improved Many distributed applications can make use of large availability [11, 53], increased scalability [2], stronger background transfers transfers of data that humans consistency [53], or support for mobility [28, 41, 47]. are not waiting for to improve availability, reliability, Many of these services have potentially unlimited band- latency or consistency. However, given the rapid fl uc- width demands where incrementally more bandwidth tuations of available network bandwidth and changing consumption provides incrementally better service. For resource costs due to technology trends, hand tuning the example, a web prefetching system can improve its hit aggressiveness of background transfers risks (1) compli- rate by fetching objects from a virtually unlimited col- cating applications, (2) being too aggressive and inter- lection of objects that have non-zero probability of ac- fering with other applications, and (3) being too timid cess [8, 10] or by updating cached copies more fre- and not gaining the bene fi ts of background transfers. quently as data change [13, 50, 48]; Technology trends Our goal is for the operating system to manage network suggest that “wasting” bandwidth and storage to im- resources in order to provide a simple abstraction of near prove latency and availability will become increasingly zero-cost background transfers. Our system, TCP Nice, attractive in the future: per-byte network transport costs can provably bound the interference in fl icted by back- and disk storage costs are low and have been improv- ground fl ows on foreground fl ows in a restricted network ing at 80-100% per year [9, 17, 37]; conversely net- model. And our microbenchmarks and case study appli- work availability [11, 40, 54] and network latencies im- cations suggest that in practice it interferes little with prove slowly, and long latencies and failures waste hu- foreground fl ows, reaps a large fraction of spare net- man time. work bandwidth, and simpli fi es application construction Current operating systems and networks do not provide and deployment. For example, in our prefetching case good support for aggressive background transfers. In study application, aggressive prefetching improves de- particular, because background transfers compete with mand performance by a factor of three when Nice man- foreground requests, they can hurt overall performance ages resources; but the same prefetching hurts demand and availability by increasing network congestion. Ap- performance by a factor of six under standard network plications must therefore carefully balance the bene fi ts congestion control. of background transfers against the risk of both self- interference , where applications hurt their own perfor- 1 Introduction mance, and cross-interference , where applications hurt other applications’ performance. Often, applications at- Many distributed applications can make use of large tempt to achieve this balance by setting “magic num- background transfers transfers of data that humans are bers” (e.g., the prefetch threshold in prefetching algo- not waiting for to improve service quality. For exam- rithms [18, 26]) that have little obvious relationship to ple, a broad range of applications and services such as system goals (e.g., availability or latency) or constraints data backup [29], prefetching [50], enterprise data dis- (e.g., current spare network bandwidth). tribution [20], Internet content distribution [2], and peer- Our goal is for the operating system to manage net- to-peer storage [16, 43] can trade increased network work resources in order to provide a simple abstrac- This work was supported in part by an NSF CISE grant (CDA- tion of zero-cost background transfers. A self-tuning 9624082), the Texas Advanced Technology Program, the Texas Ad- background transport layer will enable new classes of vanced Research Program, and Tivoli. Dahlin was also supported by applications by (1) simplifying applications, (2) reduc- an NSF CAREER award (CCR-9733842) and an Alfred P. Sloan Re- search Fellowship. ing the risk of being too aggressive, and (3) making 6

  7. 7

  8. 7

  9. 8

  10. 9

  11. 9

  12. 10

  13. 11

  14. 11

  15. 12

  16. 12

  17. 12

  18. 13

  19. 13

  20. 13

  21. Participatory Networking 14

  22. 15

  24. 17

  25. Participatory Networking Secure? Fair? Safe? Black holes? Loop freedom? 18

  26. Participatory Networking 1. semantics + protocol (Hot-ICE ’12) 19

  27. Participatory Networking 1. semantics + protocol (Hot-ICE ’12) 2. implementation (this talk) 20

  28. Participatory Networking 1. semantics + protocol (Hot-ICE ’12) 2. implementation (this talk) PANE 20

  29. Hierarchical Flow Tables 21

  30. 22

  31. 22

  32. bandwidth root 100Mbps bandwidth root adf 50Mbps Hierarchy of Privileges 23

  33. Hierarchy of Policies 24

  34. (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchy of Policies 24

  35. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchy of Policies 25

  36. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 26

  37. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 27

  38. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d ? (dstIP=10.0.0.2, GMB=30) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 27

  39. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d ? +S (dstIP=10.0.0.2, GMB=30) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 27

  40. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d ? 0 +P +S (dstIP=10.0.0.2, GMB=30) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 27

  41. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d GMB=10 ? 0 +P +S (dstIP=10.0.0.2, GMB=30) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 27

  42. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d GMB=30 GMB=10 ? 0 +P +S (dstIP=10.0.0.2, GMB=30) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 27

  43. : t e k c a P GMB=30 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d GMB=30 GMB=10 ? 0 +P +S (dstIP=10.0.0.2, GMB=30) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 27

  44. GMB=30 +P (dstPort = 22, Deny) GMB=30 GMB=10 +S (dstIP=10.0.0.2, GMB=30) +D GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 28

  45. Only Requirements: GMB=30 Associative, 0 -identity +P (dstPort = 22, Deny) GMB=30 GMB=10 +S (dstIP=10.0.0.2, GMB=30) +D GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Table 28

  46. +D D and S identical. In node Deny overrides Allow. +S Sibling GMB combines as max Child overrides Parent Parent-Sibling +P for Access Control GMB combines as max PANE’s HFT Operators 29

  47. Implementation 30

  48. (d (d (d (d (s (d (d (s (d (d (d (d (s (d (d (s (d (d (d (s PANE 31

  49. (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) 32

  50. (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) 32

  51. PANE 33

  52. PANE 33

  53. PANE                           34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MED: The Monitor-Emulator-Debugger for Software-Defined Networks Quanquan Zhi and Wei Xu

MED: The Monitor-Emulator-Debugger for Software-Defined Networks Quanquan Zhi and Wei Xu

MED: The Monitor-Emulator-Debugger for Software-Defined Networks Quanquan Zhi and Wei Xu Institute for Interdisciplinary Information Sciences Tsinghua University Software-Defined Networks (SDN): promises and challenges SDN will simplify

414 views • 25 slides
Networks in the Software Software Age Defined Clouds and Internet Ravinder Shergill of

Networks in the Software Software Age Defined Clouds and Internet Ravinder Shergill of

Networks in the Software Software Age Defined Clouds and Internet Ravinder Shergill of Things Principal Architect Technology Strategy, TELUS June 06, 2016 TELUS RESTRICTED Storyboard Generational changes via Software Defined

601 views • 18 slides
Effective Topology Tampering Attacks and Defenses in Software- Defined Networks RICHARD

Effective Topology Tampering Attacks and Defenses in Software- Defined Networks RICHARD

Effective Topology Tampering Attacks and Defenses in Software- Defined Networks RICHARD SKOWYRA, LEI XU, GUOFEI GU, VEER DEDHIA, THOMAS HOBSON, HAMED OHKRAVI, JAMES LANDRY Software Defined Networks Allows controller to modify network

766 views • 29 slides
ENERGY EFFICIENT SOFTWARE DEFINED NETWORKS Nicolas HUIN COATI and

ENERGY EFFICIENT SOFTWARE DEFINED NETWORKS Nicolas HUIN COATI and

ENERGY EFFICIENT SOFTWARE DEFINED NETWORKS Nicolas HUIN COATI and SigNet, I3S/Inria Supervisors: Frdric Giroire & Dino Lopez 28 th September 2017 2 9/28/17 Energy Efficient Software Defined Networks Energy

927 views • 91 slides
Layering, dynamics, optimization & control in software defined networks Nikolai Matni

Layering, dynamics, optimization & control in software defined networks Nikolai Matni

Layering, dynamics, optimization & control in software defined networks Nikolai Matni Computing and Mathematical Sciences joint work with John Doyle (Caltech) and Kevin Tang (Cornell) Distributed optimal control & software defined

591 views • 21 slides
CompSci 514: Computer Networks Lecture 11: Software Defined Networking Xiaowei Yang 1

CompSci 514: Computer Networks Lecture 11: Software Defined Networking Xiaowei Yang 1

CompSci 514: Computer Networks Lecture 11: Software Defined Networking Xiaowei Yang 1 Overview Introducing SDN A real-world application of SDN Googles B4 netwok 2 Software Defined Networking Slides adapted from Mohammad

661 views • 50 slides
Software-Defined Networks Jennifer Rexford Princeton University Traditional Networks 2 control

Software-Defined Networks Jennifer Rexford Princeton University Traditional Networks 2 control

Software-Defined Networks Jennifer Rexford Princeton University Traditional Networks 2 control plane: distributed algorithms data plane: packet processing decouple control and data planes Software Defined Networks 3 decouple control and

370 views • 20 slides
The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg

The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg

This Document Does Not Contain Controlled Technology or Technical Data Draper Proprietary The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg Sullivan (Draper) (presenting), Andr DeHon (UPenn), Eli

432 views • 19 slides
Policy Routing using Process-Level Identifiers IEEE International Symposium on Software Defined

Policy Routing using Process-Level Identifiers IEEE International Symposium on Software Defined

Policy Routing using Process-Level Identifiers IEEE International Symposium on Software Defined Systems April 4th, 2016, Berlin, Germany Oliver Michel, Eric Keller Networking and Security Research Group Network Policies 2 Network Policies

1.3k views • 81 slides
Software Defined Networks A quick overview Based primarily on the presentations of Prof.

Software Defined Networks A quick overview Based primarily on the presentations of Prof.

Software Defined Networks A quick overview Based primarily on the presentations of Prof. Scott Shenker of UC Berkeley The Future of Networking, and the Past of Protocols Please watch the YouTube video of Shenkers talk

927 views • 49 slides
Procurement of innovative software-defined optics in backbone networks in HORIZON2020 ICT LEIT

Procurement of innovative software-defined optics in backbone networks in HORIZON2020 ICT LEIT

Procurement of innovative software-defined optics in backbone networks in HORIZON2020 ICT LEIT WP2015 Bart Van Caenegem European Commission bart.van-caenegem@ec.europa.eu DG CONNECT (Communications Networks, Content and Technology)

729 views • 27 slides
Infinite CacheFlow in Software-Defined Networking Na Naga Katta Omid Alipourfard, Jennifer

Infinite CacheFlow in Software-Defined Networking Na Naga Katta Omid Alipourfard, Jennifer

Infinite CacheFlow in Software-Defined Networking Na Naga Katta Omid Alipourfard, Jennifer Rexford, David Walker Princeton on University Recent News 2 SDN Promises Flexible Policies Controller Switch TCAM 3 SDN Promises Flexible Policies

461 views • 35 slides
Software-Defined Networks Mayutan Arumaithurai , Jiachen Chen , Edo Monticelli ,

Software-Defined Networks Mayutan Arumaithurai , Jiachen Chen , Edo Monticelli ,

Exploiting ICN for Flexible Management of Software-Defined Networks Mayutan Arumaithurai , Jiachen Chen , Edo Monticelli , Xiaoming Fu and K. K. Ramakrishnan * University of Goettingen, Germany * University of California,

669 views • 36 slides
Enforcing Customizable Consistency Properties in Software-Defined Networks Wenxuan Zhou , Dong

Enforcing Customizable Consistency Properties in Software-Defined Networks Wenxuan Zhou , Dong

Enforcing Customizable Consistency Properties in Software-Defined Networks Wenxuan Zhou , Dong Jin, Jason Croft, Matthew Caesar, Brighten Godfrey 1 Network changes control applications, changes in traffic load, system upgrades,

476 views • 21 slides
FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon

FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon

FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon Osindero, Tom Schaul, Nicolas Heess, Max Jaderberg, David Silver, Koray Kavukcuoglu Topic: Hierarchical RL Presenter: Thophile Gaudin Why Hierarchical

921 views • 22 slides
APPLYING BCMP MULTI-CLASS QUEUEING NETWORKS FOR THE PERFORMANCE EVALUATION OF HIERARCHICAL AND

APPLYING BCMP MULTI-CLASS QUEUEING NETWORKS FOR THE PERFORMANCE EVALUATION OF HIERARCHICAL AND

APPLYING BCMP MULTI-CLASS QUEUEING NETWORKS FOR THE PERFORMANCE EVALUATION OF HIERARCHICAL AND MODULAR SOFTWARE SYSTEMS Simonetta Balsamo Gian-Luca Dei Rossi Andrea Marin Dipartimento di Informatica Universit` a Ca Foscari, Venezia

298 views • 15 slides
TIPS AND TOOLS FOR IMPLEMENTING PROFICIENCY- BASED TEACHING AND LEARNING Debbie Connolly:

TIPS AND TOOLS FOR IMPLEMENTING PROFICIENCY- BASED TEACHING AND LEARNING Debbie Connolly:

TIPS AND TOOLS FOR IMPLEMENTING PROFICIENCY- BASED TEACHING AND LEARNING Debbie Connolly: Supervisor of Curriculum and Assessment Carla Dahlin: Staff Development Specialist- former Middle School Math Teacher Hal Jones: High School

534 views • 32 slides
Optimal Automatic Multipass Shader Partitioning by Dynamic Programming Alan Heirich Sony

Optimal Automatic Multipass Shader Partitioning by Dynamic Programming Alan Heirich Sony

Optimal Automatic Multipass Shader Partitioning by Dynamic Programming Alan Heirich Sony Computer Entertainment America 31 July 2005 Disclaimer This talk describes GPU architecture research carried out at Sony Computer Entertainment. It

815 views • 34 slides
A Parallel, In-Place, Rectangular Matrix Transpose Algorithm Computational Complexity Analysis

A Parallel, In-Place, Rectangular Matrix Transpose Algorithm Computational Complexity Analysis

Stefan Amberger ICA & RISC amberger.stefan@gmail.com A Parallel, In-Place, Rectangular Matrix Transpose Algorithm Computational Complexity Analysis Table of Contents 1. Introduction 2. Revision of TRIP 3. Analysis of Computational

440 views • 42 slides
Archer First Quarter 2019 Executive Chairman Kjell-Erik stdahl and CFO Dag Skindlo 9 May 2019

Archer First Quarter 2019 Executive Chairman Kjell-Erik stdahl and CFO Dag Skindlo 9 May 2019

Archer First Quarter 2019 Executive Chairman Kjell-Erik stdahl and CFO Dag Skindlo 9 May 2019 Disclaimer forward looking statements Cautionary Statement Regarding Forward-Looking Statements In addition to historical information, this

186 views • 17 slides
Particle filter-based Gaussian process optimisation for parameter inference IFAC World Congress

Particle filter-based Gaussian process optimisation for parameter inference IFAC World Congress

Particle filter-based Gaussian process optimisation for parameter inference IFAC World Congress 2014, Cape Town, South Africa, August 28, 2014. Johan Dahlin johan.dahlin@liu.se Division of Automatic Control, Linkping University, Sweden.

570 views • 25 slides
Corporate Presentation Q1 2014 Carlson Rezidor Hotel Group 665 hotels 189 hotels 430 hotels 76,000

Corporate Presentation Q1 2014 Carlson Rezidor Hotel Group 665 hotels 189 hotels 430 hotels 76,000

1 / Corporate Presentation Q1 2014 Carlson Rezidor Hotel Group 665 hotels 189 hotels 430 hotels 76,000 rooms 32,000 rooms 95,000 rooms THE AMERICAS ASIA PACIFIC EMEA 2 / Creation of the Carlson Rezidor Hotel Group: A strategic, global

365 views • 32 slides
Specific Learning Disability in Math and The Role of Working Memory by Zander Cellarius

Specific Learning Disability in Math and The Role of Working Memory by Zander Cellarius

Specific Learning Disability in Math and The Role of Working Memory by Zander Cellarius Working Memory What is it? How does it relate to math? Working Memory (WM) What is it? Working memory refers to the system or systems

345 views • 16 slides
The Path Forward: recommendations to advance an end to homelessness in the Coachella Valley

The Path Forward: recommendations to advance an end to homelessness in the Coachella Valley

The Path Forward: recommendations to advance an end to homelessness in the Coachella Valley REPORT TO THE BOARD OF THE DESERT HEALTHCARE DISTRICT AND DESERT HEALTHCARE FOUNDATION NOVEMBER 27, 2018 Barbara Poppe and Associates How the

482 views • 30 slides

More recommend