Paulo Veríssimo

Software-Defined Networking: A Comprehensive Survey

The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load, and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-defined networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network’s control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns, introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper, we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound application programming interfaces (APIs), network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms with a focus on aspects such as resiliency, scalability, performance, security, and dependabilityVas well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined

Towards secure and dependable software-defined networks

Software-defined networking empowers network operators with more flexibility to program their networks. With SDN, network management moves from codifying functionality in terms of low-level device configurations to building software that facilitates network management and debugging. By separating the complexity of state distribution from network specification, SDN provides new ways to solve long-standing problems in networking --- routing, for instance --- while simultaneously allowing the use of security and dependability techniques, such as access control or multi-path. However, the security and dependability of the SDN itself is still an open issue. In this position paper we argue for the need to build secure and dependable SDNs by design. As a first step in this direction we describe several threat vectors that may enable the exploit of SDN vulnerabilities. We then sketch the design of a secure and dependable SDN control platform as a materialization of the concept here advocated. We hope that this paper will trigger discussions in the SDN community around these issues and serve as a catalyser to join efforts from the networking and security & dependability communities in the ultimate goal of building resilient control planes.

The Delta-4 Approach to Dependability in Open Distributed Computing Systems

As part of the European Strategic Programme for Research in Information Technology (ESPRIT), the Delta-4 project is seeking to define an open, faulttolerant, distributed computing architecture. This paper presents the overall Delta-4 framework for open, fault-tolerant, distributed computing systems and sketches the current implementation which is based on a local area network with specific atomic multicasting and error-processing protocols for communicating between replicated software components.

Distributed Systems for System Architects

The distributed systems architect assembles pieces of hardware that are at least as large as a computer or a network router, and assigns pieces of software that are self-contained - such as Java applets - to those hardware components. As system complexity, size and diversity grow, the probability of inconsistency, unreliability, non-responsiveness and insecurity, increases. It is absolutely necessary for distributed systems architects to understand the management of such complex systems. Distributed Systems for System Architects addresses these issues.

Intrusion-tolerant architectures: concepts and design

There is a significant body of research on distributed computing architectures, methodologies and algorithms, both in the fields of fault tolerance and security. Whilst they have taken separate paths until recently, the problems to be solved are of similar nature. In classical dependability, fault tolerance has been the workhorse of many solutions. Classical security-related work has on the other hand privileged, with few exceptions, intrusion prevention. Intrusion tolerance (IT) is a new approach that has slowly emerged during the past decade, and gained impressive momentum recently. Instead of trying to prevent every single intrusion, these are allowed, but tolerated: the system triggers mechanisms that prevent the intrusion from generating a system security failure. The paper describes the fundamental concepts behind IT, tracing their connection with classical fault tolerance and security. We discuss the main strategies and mechanisms for architecting IT systems, and report on recent advances on distributed IT system architectures.

CesiumSpray>: a Precise and Accurate Global Time Servicefor Large-scale Systems

In large-scale systems, such as Internet-based distributed systems, classical clock-synchronization solutions become impractical or poorly performing, due to the number of nodes and/or the distance among them. We present a global time service for world-wide systems, based on an innovative clock synchronization scheme, named CesiumSpray. The service exhibits high precision and accuracy; it is virtually indefinitely scalable; and it is fault-tolerant. It is deterministic for real-time machinery in the local area, which makes it particularly well-suited for, though not limited to, large-scale real-time systems. The main features of our clock synchronization scheme can be summarized as follows: hybrid external/internal synchronization protocol improves effectiveness of synchronization; heterogeneous failure semantics for clocks and processors improves previous lower bounds on processors; two-level hierarchy improves scalability. The root of the hierarchy is the GPS satellite constellation, which “sprays” its reference time over a set of nodes provided with GPS receivers, one per local network. The second level of the hierarchy performs internal synchronization, further “spraying” the external time inside the local network.

Fault-tolerant broadcasts in CAN

Fault-tolerant distributed systems based on field-buses may take advantage from reliable and atomic broadcast. There is a current belief that CAN native mechanisms provide atomic broadcast. In this paper, we dismiss this misconception, explaining how network errors may lead to: inconsistent message delivery; generation of message duplicates. These errors may occur when faults hit the last two bits of the end of frame delimiter. Although rare, its influence cannot be ignored, for highly fault-tolerant systems. Finally, we give a protocol suite that handles the problem effectively.

The Delta-4 extra performance architecture (XPA)

The design of an extra performance architecture for Delta-4, which explicitly supports the requirements of real-time systems with respect to throughput and response, is presented. The Delta-4 approach to fault tolerance is based on the replication of software components on distinct host computers using a range of different replication strategies. The problems of replicate divergence are discussed, and a solution based on message selection and preemption synchronization messages is proposed. A description of the ongoing implementation of such a system within the overall Delta-4 framework is included.<<ETX>>

How to tolerate half less one Byzantine nodes in practical distributed systems

The application of dependability concepts and techniques to the design of secure distributed systems is raising a considerable amount of interest in both communities under the designation of intrusion tolerance. However, practical intrusion-tolerant replicated systems based on the state machine approach (SMA) can handle at most f Byzantine components out of a total of n = 3f + 1, which is the maximum resilience in asynchronous systems. This paper extends the normal asynchronous system with a special distributed oracle called TTCB. Using this extended system we manage to implement an intrusion-tolerant service based on the SMA with only 2f + 1 replicas. Albeit a few other papers in the literature present intrusion-tolerant services with this approach, this is the first time the number of replicas is reduced from 3f + 1 to 2f + 1. Another interesting characteristic of the described service is a low time complexity.

AMp: a highly parallel atomic multicast protocol

This paper deals with the problem of reliable group communication for distributed applications, in the context of the Reliable Broadcast class of protocols. An atomic multicast protocol for token passing Lans is presented. The actual implementation is on an 8802/4 Token-bus, although it is applicable to 8802/5 Token-rings and the FDDI Fibre-Optic network. The simplicity and efficiency of reliable broadcast protocols may be considerably improved, if the system fault model is restricted or convenient architectures are used. Fail-controlled communication components are used here to build an efficient reliable multicast protocol on top of the exposed MAC interface of a VLSI Lan controller. The architecture is built on standard Lans, in view of taking advantage of the availability of communications hardware and the possibility of coexistence with standard stations, in the same network. The service offered allows transparent multicasting inside logical groups, which are dynamically created and updated. The primitive is highly parallel and provides atomic agreement and consistent delivery order, respecting logical precedence. These features are an important contribution for the implementation of high performance distributed computing systems.