Cristian Cleder Machado

Towards SLA Policy Refinement for QoS Management in Software-Defined Networking

Software-Defined Networking (SDN) is a dynamic, adaptable, controllable and flexible network architecture. It provides an extensible platform for delivery of network services, capable of responding quickly to service requirement changes. As a result, SDN has become a suitable scenario for the application of techniques and approaches for improved infrastructure management, such as Policy-Based Management (PBM). In PBM, using techniques such as refinement, a high-level policy-e.g., specified as a Service Level Agreement (SLA) - can be translated into a set of corresponding low-level rules, enforceable in various elements of a system. However, when using SLAs, their translation to low-level policies, e.g., for controller configuration, is not straightforward. If this translation is not done properly, the controller may not be able to meet the implicit requirements of the SLA, failing to satisfy the goals described in the high-level policy. This paper proposes a novel approach towards SLA policy refinement for Quality of Service (QoS) management (based on routing) in Software-Defined Networking. It consists of an initial manual process performed by an administrator, followed by an automatic policy refinement process executed by an OpenFlow controller. As a result, our approach is capable of identifying the requirements and resources that need to be configured in accordance with SLA refinement, and can successfully configure and execute reactive dynamic actions for supporting dynamic infrastructure reconfiguration.Software-Defined Networking (SDN) is a dynamic, adaptable, controllable and flexible network architecture. It provides an extensible platform for delivery of network services, capable of responding quickly to service requirement changes. As a result, SDN has become a suitable scenario for the application of techniques and approaches for improved infrastructure management, such as Policy-Based Management (PBM). In PBM, using techniques such as refinement, a high-level policy-e.g., specified as a Service Level Agreement (SLA) - can be translated into a set of corresponding low-level rules, enforceable in various elements of a system. However, when using SLAs, their translation to low-level policies, e.g., for controller configuration, is not straightforward. If this translation is not done properly, the controller may not be able to meet the implicit requirements of the SLA, failing to satisfy the goals described in the high-level policy. This paper proposes a novel approach towards SLA policy refinement for Quality of Service (QoS) management (based on routing) in Software-Defined Networking. It consists of an initial manual process performed by an administrator, followed by an automatic policy refinement process executed by an OpenFlow controller. As a result, our approach is capable of identifying the requirements and resources that need to be configured in accordance with SLA refinement, and can successfully configure and execute reactive dynamic actions for supporting dynamic infrastructure reconfiguration.

A Scalable Parallel Deduplication Algorithm

The identification of replicas in a database is fundamental to improve the quality of the information. Deduplication is the task of identifying replicas in a database that refer to the same real world entity. This process is not always trivial, because data may be corrupted during their gathering, storing or even manipulation. Problems such as misspelled names, data truncation, data input in a wrong format, lack of conventions (like how to abbreviate a name), missing data or even fraud may lead to the insertion of replicas in a database. The deduplication process may be very hard, if not impossible, to be performed manually, since actual databases may have hundreds of millions of records. In this paper, we present our parallel deduplication algorithm, called FER- APARDA. By using probabilistic record linkage, we were able to successfully detect replicas in synthetic datasets with more than 1 million records in about 7 minutes using a 20- computer cluster, achieving an almost linear speedup. We believe that our results do not have similar in the literature when it comes to the size of the data set and the processing time.MPI (Message Passing Interface) is the de facto standard in High Performance Computing. By using some MPI- 2 new features, such as the dynamic creation of processes, it is possible to implement highly efficient parallel programs that can run on dynamic and/or heterogeneous resources, provided a good schedule of the processes can be computed at run-time. A classical solution to schedule parallel programs on-line is Work Stealing. However, its use with MPI- 2 is complicated by a restricted communication scheme between the processes: namely, spawned processes in MPI-2 can only communicate with their direct parents. This work presents an on-line scheduling algorithm, called Hierarchical Work Stealing, to obtain good load-balancing of MPI- 2 programs that follow a Divide & Conquer strategy. Experimental results are provided, based on a synthetic application, the N-Queens computation. The results show that the Hierarchical Work Stealing algorithm enables the use of MPI with high efficiency, even in parallel dynamic HPC platforms that are not as homogeneous as clusters.

Policy authoring for software-defined networking management

Software-Defined Networking (SDN) permits centralizing part of the decision-logic in controller devices. Thus, controllers can have an overall view of the network, assisting network programmers to configure network-wide services. Despite this, the behavior of network devices and their configurations are often written for specific situations directly in the controller. As an alternative, techniques such as Policy-Based Network Management (PBNM) can be used by business-level operators to write Service Level Agreements (SLAs) in a user-friendly interface without the need to change the code implemented in the controllers. In this paper, we introduce a framework for Policy Authoring to (i) facilitate the specification of business-level goals and (ii) automate the translation of these goals into the configuration of system-level components in an SDN. We use information from the network infrastructure obtained through SDN features and logic reasoning for analyzing policy objectives. As a result, experiments demonstrate that the framework performs well even when increasing the number of expressions in an SLA or increasing the size of the repository.

Identification and Selection of Flow Features for Accurate Traffic Classification in SDN

Software-Defined Networking (SDN) aims to alleviate the limitations imposed by traditional IP networks by decoupling network tasks performed on each device in particular planes. This approach offers several benefits, such as standard communication protocols, centralized network functions, and specific network elements, for example, controller devices. Despite these benefits, there is still a lack of adequate support for performing tasks related to traffic classification, because (i) there are traffic profiles that are very similar, which makes their classification difficult (e.g., Both HTTP and DNS flows are characterized by packet bursts), (ii) Open Flow, the key SDN implementation today, only offers native flow features, such as packet and byte count, that do not describe intrinsic traffic profiles, and (iii) there is a lack of support to determine what is the optimal set of flow features to characterize different types of traffic profiles. In this paper, we introduce an architecture to collect, extend, and select flow features for traffic classification in Open Flow-based networks. The main goal of our solution is to offer an extensive set of flow features that can be analyzed and refined and to be capable of finding the optimal subset of features to classify different types of traffic flows. The experimental evaluation of our proposal shows that some features emerge as meaningful, occupying the top positions for the classification of distinct flows in different experimental scenarios.

ANSwer: Combining NFV and SDN features for network resilience strategies

Software-Defined Networking (SDN) relies on open programmability of network devices, which is achieved by defining new communication interfaces, network operating systems, and changing the traditional decision-making logic of regular TCP/IP networks. Network Functions Virtualization (NFV), in turn, permits virtualizing network functions that are traditionally performed by physical middleboxes (e.g., firewalling and intrusion detection/prevention). Although SDN and NFV improve the flexibility of the management of computer networks, SDN remains vulnerable to major network security problems, such as Distributed Denial of Service (DDoS) attacks. These attacks typically result in the disruption of network services and resources. In this paper, we introduce ANSwer, an architecture that combines NFV and SDN features to create sophisticated network resilience strategies. ANSwer relies on a feedback control-loop which explores SDN features to monitor and analyze the behavior of the network infrastructure, indicating whether parts of an existing resilience strategy can be reconfigured to achieve more satisfactory results, or if an entire resilience strategy needs to be added or replaced. Our experiments demonstrate that ANSwer can rapidly identify and handle distinct anomalies in different scenarios, indicating that the reconfiguration and deployment of resilience strategies can be performed in real-time.

Policy-based dynamic service chaining in Network Functions Virtualization

Network Functions Virtualization (NFV) enables the rapid development, flexible management, and the dynamic placement of new, innovative Virtualized Network Functions (VNFs), such as load balancers, firewalls, and Intrusion Detection Systems (IDSes). Furthermore, NFV along with Software-Defined Networking (SDN) allows VNFs and physical middleboxes to be dynamically composed into service chaining graphs. Despite these benefits, service chaining graphs can be further improved through the use of techniques that have not been satisfactorily explored yet, such as Policy-Based Network Management (PBNM). In PBNM, policies can be written and triggered during runtime, thus supporting the dynamic (re)configuration of service graphs with minimal disruption. In this paper, we propose an approach to automatically design NFV service chaining graphs based on policies. These policies rule the forwarding of traffic and the construction of service chaining graphs. In our approach, service chaining graphs are enforced dynamically in the network during runtime. Finally, to assess its feasibility and generality, we create two different scenarios to demonstrate and discuss how our solution can be employed and its expected results.

An EC-based formalism for policy refinement in software-defined networking

Software-Defined Networking (SDN) provides a sophisticated and accurate solution for managing network traffic. SDN logically centralizes, in devices called controllers, part of the decision-making logic of flow processing and packet routing. The whole network is controlled according to rules written and deployed in the controller device. However, the large amount of network devices, links, and services also gives rise to a large number of rules to be managed in the controller. Policy-Based Network Management (PBNM) can be used to manage complex network infrastructures through policies rather than specifying device-by-device configurations. Particularly, policy refinement techniques can be used to automatically translate high-level policies into a set of low-level ones. In this paper, we define a formal representation of high-level SLA policies using Event Calculus (EC) and apply logical reasoning to model both the system behavior and the policy refinement process for SDN management. We also describe the implementation of this formal model in Prolog, which enables the automatic inference of low-level policies from high-level ones, and present evaluation results.

ARKHAM: An Advanced Refinement toolkit for Handling Service Level Agreements in Software-Defined Networking

Abstract Software-Defined Networking (SDN) provides a more sophisticated and flexible architecture for managing and monitoring network traffic. SDN moves part of the decision-making logic (i.e., flow processing and packet routing) from network devices into a logically centralized controller. However, the expected behavior and configuration of network devices are often defined directly in the controller as static rules for specific situations. This approach becomes an issue when associated with an increasing number of network elements, links, and services, resulting in a large amount of rules and a high overhead related to network configuration. As an alternative, techniques such as Policy-Based Network Management (PBNM) and more specifically policy refinement can be used by operators to write Service Level Agreements (SLAs) in a user-friendly interface without the need to manually reconfigure each network device. To address these issues, we specifically introduce ARKHAM: an Advanced Refinement Toolkit for Handling SLAs in SDN. In this article, we present ( i ) a policy authoring framework that uses logical reasoning for the specification of business-level goals and to automate their refinement; ( ii ) an OpenFlow controller which performs information gathering and configuration deployment; ( iii ) a policy repository that stores information about the behavior of the infrastructure, which is obtained by the OpenFlow Controller, and policy authoring operations; and ( iv ) a formal representation using event calculus that describes our solution. The main contributions of this work are ( i ) the capacity to deploy refined policies with minimal human intervention; ( ii ) analysis of the infrastructures ability to fulfill the requirements of high-level policies; ( iii ) decreased amount of network rules coded into the controller; and ( iv ) management and deployment of new rules with minimal disruption to the network. The experimental results demonstrate that the refinement toolkit achieves the expected results within acceptable performance bounds, even with the increasing complexity and size of SLAs, network topologies, and repositories.

INSpIRE: Integrated NFV-based Intent Refinement Environment

Many aspects of the management of computer networks, such as quality of service and security, must be taken into consideration to ensure that the network meets the users and clients demands. Fortunately, management solutions were developed to address these aspects, such as Intent-Based Networking (IBN). IBN is a novel networking paradigm that abstracts network configurations by allowing administrators to specify how the network should behave and not what it should do. In this paper, we introduce an IBN solution called INSpIRE (Integrated NFV-based Intent Refinement Environment). INSpIRE implements a refinement technique to translate intents into a set of configurations to perform a desired service chain in both homogeneous environments (VNFs only) and heterogeneous environments (VNFs and physical middleboxes). Our solution is capable of (i) determining the specific VNFs required to fulfill an intent, (ii) chaining these VNFs according to their dependencies, and (iii) presenting enough low-level information to network devices for posterior traffic steering. Finally, to assess the feasibility of our solution we detail a case study that reflects real-world management situations and evaluate the scalability of the refinement process.