Rick McGeer

A safe, efficient update protocol for openflow networks

We describe a new protocol for update of OpenFlow networks, which has the packet consistency condition of [?] and a weak form of the flow consistency condition of [?]. The protocol conserves switch resources, particularly TCAM space, by ensuring that only a single set of rules is present on a switch at any time. The protocol exploits the identity of switch rules with Boolean functions, and the ability of any switch to send packets to a controller for routing. When a network changes from one ruleset (ruleset 1) to another (ruleset 2), the packets affected by the change are computed, and are sent to the controller. When all switches have been updated to send affected packets to the controller, ruleset 2 is sent to the switches and packets sent to the controller are re-released into the network.

Minimizing Rulesets for TCAM Implementation

Packet classification is a function increasingly used in a number of networking appliances and applications. Typically, this consists of a set of abstract classifications, and a set of rules which sort packets into the various classifications. For packet classification at line speeds, Ternary Content-Addressable Memories (TCAMs) have become a norm in most networking hardware. However, TCAMs are expensive and power-hungry. Hence, a packet classification ruleset need to be minimized before populating the TCAM. In this paper, we formulate the Ruleset Minimization Problem for TCAM as an abstract optimization problem based on two-level logic minimization, and propose an exact solution and a number of heuristics. We present experimental results with two different datasets-artificial filter sets generated using ClassBench tool suite and a real firewall Access Control List (ACL) from a large enterprise. We observe an average reduction of 41% in artificial filter sets and 72.5% reduction in the firewall ACL using the proposed heuristics.

The InstaGENI initiative: An architecture for distributed systems and advanced programmable networks

In this paper, we describe InstaGENI, a distributed cloud based on programmable networks designed for the GENI Mesoscale deployment and large-scale distributed research projects. The InstaGENI architecture closely integrates a lightweight cluster design with software-defined networking, Hardware-as-a-Service and Containers-as-a-Service, remote monitoring and management, and high-performance inter-site networking. The initial InstaGENI deployment will encompass 34 sites across the United States, interconnected through a specialized GENI backbone network deployed over national, regional and campus research and education networks, with international network extensions to sites across the world.

Verification of switching network properties using satisfiability

In this paper, we consider a network of OpenFlow switches as an acyclic network of high-dimensional Boolean functions. We reduce classic network properties to logic functions over the variables of this network, and demonstrate that these properties hold if and only if the conjunction of the derived Boolean network and proposition is satisfied. We demonstrate that the derived satisfiability instance is polynomially related to the size of the switch network and the network property. The problem of verification of OpenFlow networks is thus demonstrated to be in the class NP. We show that OpenFlow Verification is NP-complete by a reduction from SAT. We further consider a slight restriction in the OpenFlow rule set to prefix rules, and demonstrate that OpenFlow Verification is polynomial when the ruleset is restricted to prefix rules.

Chimpp: a click-based programming and simulation environment for reconfigurable networking hardware

Reconfigurable network hardware makes it easier to experiment with and prototype high-speed networking systems. However, these devices are still relatively hard to program; for example, requiring users to develop in Verilog or VHDL. Further, these devices are commonly designed to work with software on a host computer, requiring the co-development of these hardware and software components. We address this situation with Chimpp, a development environment for reconfigurable network hardware, modeled on the popular Click modular router system. Chimpp employs a modular approach to designing hardware-based packet-processing systems, featuring a simple configuration language similar to that of Click. We demonstrate this development environment by targeting the NetFPGA platform. Chimpp can be combined with Click itself at the software layer for a highly modular, mixed hardware and software design framework. We also enable the integrated simulation of the hardware and software components of a network device together with other network devices using the OMNeT++ network simulator. The goal of Chimpp is to make experimentation easy by providing a toolbox of reusable, modular elements and a way to easily combine them. In contrast with some prior work, Chimpp avoids unnecessary restrictions on module interfaces and design styles. Rather, it is easy to add custom interfaces and to incorporate existing hardware modules. We describe our design and implementation of Chimpp, and provide initial evaluations showing how Chimpp makes it easier to implement, simulate, and modify a variety of packet-processing systems on the NetFPGA platform.

A correct, zero-overhead protocol for network updates

In this paper, we describe a new protocol for the safe up- date of OpenFlow networks. This protocol meets the packet consistency and weak flow consistency conditions, requires neither on-switch resources nor the diversion of packets to refuges during updates, and alls into the family of Trace- based update protocols. The feature of this protocol is a se- quence of per-switch rule updates. We derive a logic circuit for the update sequence, such that there exists a consistency- preserving update for the switch network if and only if the circuit is satisfiable subject to unsatisfiability of invariant violations; further, each satisfying minterm of the circuit yields a consistency-preserving update sequence.

Distributed Cloud Computing: Applications, Status Quo, and Challenges

A distributed cloud connecting multiple, geographically distributed and smaller datacenters, can be an attractive alternative to todays massive, centralized datacenters. A distributed cloud can reduce communication overheads, costs, and latencies by o ering nearby computation and storage resources. Better data locality can also improve privacy. In this paper, we revisit the vision of distributed cloud computing, and identify di erent use cases as well as research challenges. This article is based on the Dagstuhl Seminar on Distributed Cloud Computing, which took place in February 2015 at Schloss Dagstuhl.

Open Web: Seamless Proxy Interconnection at the Switching Layer

The Internet was designed around the end-to-end principle, mimicking in many ways the architecture of the old telephone network: services were accessed by naming the specific end-host offering the service. The demands of robustness, performance, and ubiquitous low latency for a worldwide population have led to an architecture where the names of services are largely symbolic, and do not name specific hosts or locations. Traffic is redirected onto a service network through the use of proxies. A typical example is a web proxy. Currently, proxies are generally accessed through layer 4-7 scripts and commands, such as the route command on Posix systems and, usually, manual configuration or Javascript code for a web proxy. This process is tedious and error-prone, and far from robust. New open protocols at the switching layer (layer 2) now enable far more robust and seamless packet redirection, without need for user configuration or unreliable scripts. In this paper, we describe Open web, a layer-2 redirection engine implemented as an application of the Open flow switch architecture.

On the Complexity of Power Minimization Schemes in Data Center Networks

In this paper, we consider migration of virtual machines in a data center to minimize network power consumption. Network power is consumed when switches are turned on, and conserved when they are turned off; the optimization problem then is to site virtual machines within the data center to achieve connectivity and desired bandwidth while turning on as few switches as possible. Depending upon specifics of the permissible optimization, and topology considerations within the data center, this optimization problem can be easy, or hard. We fully taxonomize the suite of optimization problems in this general space, showing that the most complex problem (placement and routing of virtual machines in a topologically-rich data center network) is NP- hard. We offer a placement technique based on a classic VLSI placement algorithm, and demonstrate efficacy on a trace set derived from a production data center.

Network Integrated Transparent TCP Accelerator

Network device vendors have recently opened up the processing capabilities on their hardware platform to support third-party applications. In this paper, we explore the requirements and overheads associated with co-locating middlebox functionality on such computing resources on networking hardware. In particular, we use an example of TCP acceleration proxy (CHART) that improves throughput over networks with delay and loss. The CHART system, developed by HP and its partners provides enhanced TCP/IP performance and service quality guarantees by deploying performance accelerating proxies, which enables legacy clients to benefit by high-performance network service. Use of the TCP proxy, however, requires manual configuration on the clients changing http proxy and/or routing table settings. Can we remove the need to configure end-hosts by inserting a {\em transparent} TCP proxy in the path, without losing performance? To address this question, we implement the accelerator on HPs x86-based processing blade designed to integrate network applications within switch architecture as well as on low-end home routers with OpenWRT. We describe the implementation detail such as flow redirection for transparency and new mechanisms required for easy insertion of proxies in the network path. We also evaluate its performance on HPs experimental testbed in terms of throughput and additional processing overhead.