Tal Mizrahi

TimeFlip: Scheduling network updates with timestamp-based TCAM ranges

Network configuration and policy updates occur frequently, and must be performed in a way that minimizes transient effects caused by intermediate states of the network. It has been shown that accurate time can be used for coordinating network-wide updates, thereby reducing temporary inconsistencies. However, this approach presents a great challenge; even if network devices have perfectly synchronized clocks, how can we guarantee that updates are performed at the exact time for which they were scheduled? In this paper we present a practical method for implementing accurate time-based updates, using TIMEFLIPs. A TimeFlip is a time-based update that is implemented using a timestamp field in a Ternary Content Addressable Memory (TCAM) entry. TIMEFLIPs can be used to implement Atomic Bundle updates, and to coordinate network updates with high accuracy. We analyze the amount of TCAM resources required to encode a TimeFlip, and show that if there is enough flexibility in determining the scheduled time, a TimeFlip can be encoded by a single TCAM entry, using a single bit to represent the timestamp, and allowing the update to be performed with an accuracy on the order of 1 microsecond.

Time-based updates in software defined networks

Network configuration updates are a routine necessity, and must be performed in a way that minimizes transient effects caused by intermediate states of the network. This challenge is especially critical in Software Defined Networks, where the control plane is managed by a logically centralized controller, and configuration updates occur frequently. In this paper we discuss the tradeoff between maintaining consistency during configuration updates and the update performance. We introduce an approach that uses time to coordinate network configuration and reconfiguration. We show a simple time-based configuration approach called TIMECONF and show that this approach offers significant advantages over existing update approaches at the cost of a brief inconsistency. We also show that time can be used as a tool for simplifying existing update approaches without compromising consistency.

Continuous consensus via common knowledge

This paper introduces the continuous consensus problem, in which a core M[k] of information is continuously maintained at all correct sites of the system. All local copies of the core must be identical at all times k, and every interesting event should eventually enter the core. The continuous consensus problem is studied in synchronous systems with crash and omission failures, assuming an upper bound of t on the number of failures in any given run of the system. A simple protocol for continuous consensus, called ConCon, is presented. This protocol is knowledge-based: The actions processes take depend explicitly on their knowledge, as well as on their knowledge of what other processes know about failures and about events that occurred in the system. A close connection between continuous consensus and knowledge is established by showing that in every continuous consensus protocol, the information in the core at any given time must be common knowledge. Based on the characterization of common knowledge by Moses and Tuttle, it is shown that ConCon is an optimum protocol for continuous consensus, maintaining the most up-to-date core possible at all times: For every pattern of failures and external inputs and each point in time, the core provided by ConCon contains the cores of all correct protocols for continuous consensus. Indeed, the ConCon protocol can be viewed as a simplification of the Moses and Tuttle construction for computing the common knowledge at a given point. Finally, a uniform version of continuous consensus is considered, in which all processes (faulty and nonfaulty) are guaranteed to maintain the same core at any given time. An algorithm for uniform continuous consensus is presented, and is also shown to be an optimum solution.

A game theoretic analysis of delay attacks against time synchronization protocols

Time synchronization protocols have become very common in packet networks, and are consequently exposed to various security attacks. One of the most effective attacks against synchronization protocols is the delay attack, in which a man-in-the-middle attacker selectively delays the time protocol packets. This attack is exceptionally effective, as it cannot be prevented by conventional security measures such as authentication or encryption. In this paper we introduce a new approach to analyzing the delay attack, using a game theoretic model. We analyze the possible strategies of the attacker and attackee, and introduce a novel strategy for mitigating delay attacks using multiple paths between the master and slave clocks. We also discuss the Nash equilibria in our model and their connection to the possible outcomes of real-life attacks.

Timed consistent network updates

Network updates such as policy and routing changes occur frequently in Software Defined Networks (SDN). Updates should be performed consistently, preventing temporary disruptions, and should require as little overhead as possible. Scalability is increasingly becoming an essential requirement in SDN. In this paper we propose to use time-triggered network updates to achieve consistent updates. Our proposed solution requires lower overhead than existing update approaches, without compromising the consistency during the update. We demonstrate that accurate time enables far more scalable consistent updates in SDN than previously available. In addition, it provides the SDN programmer with fine-grained control over the tradeoff between consistency and scalability.

Time synchronization security using IPsec and MACsec

The wide deployment of the IEEE 1588 Precision Time Protocol (PTP) raises significant security concerns; its quick assimilation has outrun security standardization efforts. In the absence of a standard security solution for PTP, several different alternatives have been suggested as a means to fill this vacuum using existing off-the-shelf security protocols. In this paper, we analyze PTP security solutions using two such protocols; IPsec and MACsec. We characterize the common deployment scenarios for PTP using these protocols, and then present a security threat analysis under these scenarios.

Software defined networks: It's about time

With the rise of Software Defined Networks (SDN), there is growing interest in dynamic and centralized traffic engineering, where decisions about forwarding paths are taken dynamically from a network-wide perspective. Frequent path reconfiguration can significantly improve the network performance, but should be handled with care, so as to minimize disruptions that may occur during network updates. In this paper we introduce Time4, an approach that uses accurate time to coordinate network updates. We characterize a set of update scenarios called flow swaps, for which Time4 is the optimal update approach, yielding less packet loss than existing update approaches. We define the lossless flow allocation problem, and formally show that in environments with frequent path allocation, scenarios that require simultaneous changes at multiple network devices are inevitable. We present the design, implementation, and evaluation of a time4-enabled OpenFlow prototype. The prototype is publicly available as open source. Our work includes an extension to the OpenFlow protocol that has been adopted by the Open Networking Foundation (ONF), and is now included in OpenFlow 1.5. Our experimental results demonstrate the significant advantages of Time4 compared to other network update approaches.

Slave diversity: Using multiple paths to improve the accuracy of clock synchronization protocols

Running clock synchronization protocols over packet based networks introduces a considerable challenge, since clock accuracy is highly sensitive to the network latency behavior. As packet based networks are becoming the common transport for most applications requiring clock synchronization, accuracy requirements are becoming increasingly stringent. In this paper we introduce a novel approach that uses multiple communication paths between the master and slave clocks to improve the clock accuracy without increasing the total rate of protocol messages. We show that the multi-path approach can also be used to reduce the time error caused by asymmetric communication paths. We present simulation results that demonstrate the effectiveness of our approach.

Compressing Forwarding Tables for Datacenter Scalability

With the rise of datacenter virtualization, the number of entries in the forwarding tables of datacenter switches is expected to scale from several thousands to several millions. Unfortunately, such forwarding table sizes would not fit on-chip memory using current implementations. In this paper, we investigate the compressibility of forwarding tables. We first introduce a novel forwarding table architecture with separate encoding in each column. It is designed to keep supporting fast random accesses and fixed-width memory words. Then, we show that although finding the optimal encoding is NP-hard, we can suggest an encoding whose memory requirement per row entry is guaranteed to be within a small additive constant of the optimum. Next, we analyze the common case of two-column forwarding tables, and show that such tables can be presented as bipartite graphs. We deduce graph-theoretical bounds on the encoding size. We also introduce an algorithm for optimal conditional encoding of the second column given an encoding of the first one. In addition, we explain how our architecture can handle table updates. Last, we evaluate our suggested encoding techniques on synthetic forwarding tables as well as on real-life tables.

Time4: Time for SDN

With the rise of software defined networks (SDNs), there is a growing interest in dynamic and centralized traffic engineering, where decisions about forwarding paths are taken dynamically from a network-wide perspective. Frequent path reconfiguration can significantly improve the network performance, but should be handled with care soas to minimize disruptions that may occur during network updates. Network updates are especially challenging when the network is heavily utilized; some of the existing approaches suggest that spare capacity should be reserved in the network in order to allow updates in such scenarios, or that the network load should be temporarily reduced prior to a network update. In this paper, we introduce Time4, an approach that uses accurate time to coordinate network updates. Time4 is a powerful tool in softwarized environments that can be used for various network update scenarios, including in heavily utilized networks. Specifically, we characterize a set of update scenarios called flow swaps, for which Time4 is the optimal update approach, yielding less packet loss than existing update approaches without requiring spare capacity, and without temporarily reducing the networks bandwidth. We define the lossless flow allocation problem, and formally show that in environments with frequent path allocation, scenarios that require simultaneous changes at multiple network devices are inevitable. We present the design, implementation, and evaluation of a Time4-enabled OpenFlow prototype. The prototype is publicly available as open source. This paper includes an extension to the OpenFlow protocol that has been adopted by the open networking foundation, and is now included in OpenFlow 1.5. Our experimental results show the significant advantages of Time4 compared to other network update approaches, and demonstrate an SDN use case that is infeasible without Time4. Our experimental results demonstrate the significant advantages of Time4 compared to other network update approaches.