Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844027
Yacine Anser, Chrystel Gaber, Jean-Philippe Wary, S. N. Matheu-García, S. Bouzefrane
To address the growing amount of data generated by the Internet of Things (IoT), Network Functions Virtualization (NFV), 5G, Fog and Edge computing converge to form a Cloud-to-IoT continuum. This complex multi-layer architecture involves several actors among which responsibilities may be blurred. Existing profiles mostly describe deployment aspects and elude responsibility, accountability or liability characteristics. Moreover, the multiplicity of component profiles prevents uniform service management. This paper proposes TRAILS (sTakeholder Responsibility, AccountabIity and Liability deScriptor), an extension of the TOSCA NFV profile that merges the existing profiles and adds a description of the responsibilities and accountabilities of supply chain actors. This allows a uniform and liability-aware management of services involving IoT devices, fog, edge and cloud nodes. To show the usability of our model, we discuss the ecosystem around the generation of the proposed extension as well as its application in an ontology-based referencing module of a liability-aware service manager that we designed.
{"title":"TRAILS: Extending TOSCA NFV profiles for liability management in the Cloud-to-IoT continuum","authors":"Yacine Anser, Chrystel Gaber, Jean-Philippe Wary, S. N. Matheu-García, S. Bouzefrane","doi":"10.1109/NetSoft54395.2022.9844027","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844027","url":null,"abstract":"To address the growing amount of data generated by the Internet of Things (IoT), Network Functions Virtualization (NFV), 5G, Fog and Edge computing converge to form a Cloud-to-IoT continuum. This complex multi-layer architecture involves several actors among which responsibilities may be blurred. Existing profiles mostly describe deployment aspects and elude responsibility, accountability or liability characteristics. Moreover, the multiplicity of component profiles prevents uniform service management. This paper proposes TRAILS (sTakeholder Responsibility, AccountabIity and Liability deScriptor), an extension of the TOSCA NFV profile that merges the existing profiles and adds a description of the responsibilities and accountabilities of supply chain actors. This allows a uniform and liability-aware management of services involving IoT devices, fog, edge and cloud nodes. To show the usability of our model, we discuss the ecosystem around the generation of the proposed extension as well as its application in an ontology-based referencing module of a liability-aware service manager that we designed.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114771835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844078
Francesco D'Alterio, Marco Teodori, L. Rea, F. Matera
Speed-test applications come handy to validate the compliance of any established network connection against the pre-negotiated E2E QoS indicators, even though they have cope with strict requirements to provide correct measures to any user. Therefore Software-Defined Networking approaches can help these measurement instruments driving the choice in terms of paths and resources. In this framework we show a speed-test application which tackles the user-server assignation problem proposing a client-base dispatching framework which operates leveraging two sets of parameters named endogenous (measured by the client itself) and exogenous (requiring the interaction with external elements). Framework implementation is documented, for which step-by-step evaluation of such parameters is provided, followed by their context-dependent optimization via a stochastic gradient-descent approach properly tuned to operate in a real distributed speed-test facility.
{"title":"Probability-based dispatching framework for speed-test applications: design and implementation","authors":"Francesco D'Alterio, Marco Teodori, L. Rea, F. Matera","doi":"10.1109/NetSoft54395.2022.9844078","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844078","url":null,"abstract":"Speed-test applications come handy to validate the compliance of any established network connection against the pre-negotiated E2E QoS indicators, even though they have cope with strict requirements to provide correct measures to any user. Therefore Software-Defined Networking approaches can help these measurement instruments driving the choice in terms of paths and resources. In this framework we show a speed-test application which tackles the user-server assignation problem proposing a client-base dispatching framework which operates leveraging two sets of parameters named endogenous (measured by the client itself) and exogenous (requiring the interaction with external elements). Framework implementation is documented, for which step-by-step evaluation of such parameters is provided, followed by their context-dependent optimization via a stochastic gradient-descent approach properly tuned to operate in a real distributed speed-test facility.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133591863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844071
Shunmugapriya Ramanathan, A. Bhattacharyya, K. Kondepu, M. Razo, M. Tacca, L. Valcarenghi, A. Fumagalli
The 5G Radio Access Network (RAN) architecture provides a split option, whereby a gNodeB Central Unit (gNB-CU) is connected to one or more gNB-Distributed Units (gNB- DUs). The CU is in turn connected to the 5G Core Network (CN) and its functions can be virtualized through software containers. This demonstration showcases live migration of a containerized Central Unit (CU) component in a Cloud-native 5G network without loss of service. In terms of resiliency, virtual function live migration can circumvent the failure of the server hosting the gNB-virtualized CU (gNB-vCU) that would otherwise cause an interruption of user-plane (UP) traffic and disconnection of User Equipment (UE). The proposed gNB-vCU container live migration technique reduces the end-user service temporary downtime by 50% when compared to the traditional backup/restore option.
{"title":"Demonstration of Containerized Central Unit Live Migration in 5G Radio Access Network","authors":"Shunmugapriya Ramanathan, A. Bhattacharyya, K. Kondepu, M. Razo, M. Tacca, L. Valcarenghi, A. Fumagalli","doi":"10.1109/NetSoft54395.2022.9844071","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844071","url":null,"abstract":"The 5G Radio Access Network (RAN) architecture provides a split option, whereby a gNodeB Central Unit (gNB-CU) is connected to one or more gNB-Distributed Units (gNB- DUs). The CU is in turn connected to the 5G Core Network (CN) and its functions can be virtualized through software containers. This demonstration showcases live migration of a containerized Central Unit (CU) component in a Cloud-native 5G network without loss of service. In terms of resiliency, virtual function live migration can circumvent the failure of the server hosting the gNB-virtualized CU (gNB-vCU) that would otherwise cause an interruption of user-plane (UP) traffic and disconnection of User Equipment (UE). The proposed gNB-vCU container live migration technique reduces the end-user service temporary downtime by 50% when compared to the traditional backup/restore option.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128870380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844121
Conor Black, Sandra Scott-Hayward
Programmable network data planes are paving the way for networking innovations, with the ability to perform complex, stateful tasks defined in high-level languages such as P4. The enhanced capabilities of programmable data plane devices has made verification of their runtime behaviour, using established methods such as probe packets, impossible to scale beyond probabilistic detection. This has created a potential opportunity for an attacker, with access to a compromised device, to subtly alter its forwarding program to mishandle only a small subset of packets, evading probabilistic detection. In practice, such subtle binary instrumentation attacks require extensive knowledge of the forwarding program, yet it is unclear whether a static analysis of compiled P4 programs to obtain this knowledge can be fast and accurate enough for an on-device attack scenario. In this work, we investigate this possibility by implementing a static analysis of P4 programs compiled to BPF bytecode. This analysis gathers sufficient information for the attacker to identify appropriate (reliably correct) edits to the program. We found that, due to predictable compiler behaviours, our analysis remains accurate even when several program behaviours are abstracted away. Our evaluation of the analysis requirements shows that, from a defensive perspective, there is scope for selectively manipulating those instructions in P4-BPF programs that are critical to attack-focused analysis in order to increase its difficulty, without increasing the number of program instructions.
{"title":"Investigating the Vulnerability of Programmable Data Planes to Static Analysis-Guided Attacks","authors":"Conor Black, Sandra Scott-Hayward","doi":"10.1109/NetSoft54395.2022.9844121","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844121","url":null,"abstract":"Programmable network data planes are paving the way for networking innovations, with the ability to perform complex, stateful tasks defined in high-level languages such as P4. The enhanced capabilities of programmable data plane devices has made verification of their runtime behaviour, using established methods such as probe packets, impossible to scale beyond probabilistic detection. This has created a potential opportunity for an attacker, with access to a compromised device, to subtly alter its forwarding program to mishandle only a small subset of packets, evading probabilistic detection. In practice, such subtle binary instrumentation attacks require extensive knowledge of the forwarding program, yet it is unclear whether a static analysis of compiled P4 programs to obtain this knowledge can be fast and accurate enough for an on-device attack scenario. In this work, we investigate this possibility by implementing a static analysis of P4 programs compiled to BPF bytecode. This analysis gathers sufficient information for the attacker to identify appropriate (reliably correct) edits to the program. We found that, due to predictable compiler behaviours, our analysis remains accurate even when several program behaviours are abstracted away. Our evaluation of the analysis requirements shows that, from a defensive perspective, there is scope for selectively manipulating those instructions in P4-BPF programs that are critical to attack-focused analysis in order to increase its difficulty, without increasing the number of program instructions.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"2011 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130040158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844043
Alexandros Valantasis, N. Makris, T. Korakis
The evolution of the cloud-computing technology has allowed the instantiation of resources almost anywhere. Handheld devices, edge/fog resources, and core cloud datacenters comprise a resource continuum that can be used for hosting almost any service. The rise of micro-services has allowed any application to be hosted over any type of compute resource, regardless of the underlying hardware architecture. In this work, we focus on the far-edge devices that participate in the resource continuum, located at the network access or the fog, and are usually resource constrained. We evaluate two lightweight frameworks which can be used for orchestrating micro-services on top of them. Our evaluation presents experimental evidence in terms of their capabilities for instantiating/tear-down of network services, and their dynamic adaptation to external workloads by using the respective horizontal scaling solutions, when tested under the same experimental environment.
{"title":"Orchestration Software for Resource Constrained Datacenters: an Experimental Evaluation","authors":"Alexandros Valantasis, N. Makris, T. Korakis","doi":"10.1109/NetSoft54395.2022.9844043","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844043","url":null,"abstract":"The evolution of the cloud-computing technology has allowed the instantiation of resources almost anywhere. Handheld devices, edge/fog resources, and core cloud datacenters comprise a resource continuum that can be used for hosting almost any service. The rise of micro-services has allowed any application to be hosted over any type of compute resource, regardless of the underlying hardware architecture. In this work, we focus on the far-edge devices that participate in the resource continuum, located at the network access or the fog, and are usually resource constrained. We evaluate two lightweight frameworks which can be used for orchestrating micro-services on top of them. Our evaluation presents experimental evidence in terms of their capabilities for instantiating/tear-down of network services, and their dynamic adaptation to external workloads by using the respective horizontal scaling solutions, when tested under the same experimental environment.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"149 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121515720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844066
Josef Hammer, H. Hellwagner
Multi-access Edge Computing (MEC) is a central piece of 5G telecommunication systems and is essential to satisfy the challenging low-latency demands of future applications. MEC provides a cloud computing platform at the edge of the radio access network that developers can utilize for their applications. In [1] we argued that edge computing should be transparent to clients and introduced a solution to that end. This paper presents how to efficiently implement such a transparent approach, leveraging Software-Defined Networking. For high performance and scalability, our architecture focuses on three aspects: (i) a modular architecture that can easily be distributed onto multiple switches/controllers, (ii) multiple filter stages to avoid screening traffic not intended for the edge, and (iii) several strategies to keep the number of flows low to make the best use of the precious flow table memory in hardware switches. A performance evaluation is shown, with results from a real edge/fog testbed.
{"title":"Efficient Transparent Access to 5G Edge Services","authors":"Josef Hammer, H. Hellwagner","doi":"10.1109/NetSoft54395.2022.9844066","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844066","url":null,"abstract":"Multi-access Edge Computing (MEC) is a central piece of 5G telecommunication systems and is essential to satisfy the challenging low-latency demands of future applications. MEC provides a cloud computing platform at the edge of the radio access network that developers can utilize for their applications. In [1] we argued that edge computing should be transparent to clients and introduced a solution to that end. This paper presents how to efficiently implement such a transparent approach, leveraging Software-Defined Networking. For high performance and scalability, our architecture focuses on three aspects: (i) a modular architecture that can easily be distributed onto multiple switches/controllers, (ii) multiple filter stages to avoid screening traffic not intended for the edge, and (iii) several strategies to keep the number of flows low to make the best use of the precious flow table memory in hardware switches. A performance evaluation is shown, with results from a real edge/fog testbed.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132573181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844111
Yutaro Yoshinaka, Junji Takemasa, Y. Koizumi, T. Hasegawa
The paper presents a Tbps-class anonymity router that supports both an anonymity protocol and IP by leveraging a programmable switch. The key design issue is to place both the compute-intensive header decryption function for anonymity protocol forwarding and the memory-intensive IP forwarding function on the processing pipes of a switch with satisfying its hardware requirements. A prototype router on a programmable switch achieves Tbps-scale forwarding.
{"title":"Feasibility of Network-layer Anonymity Protocols at Terabit Speeds using a Programmable Switch","authors":"Yutaro Yoshinaka, Junji Takemasa, Y. Koizumi, T. Hasegawa","doi":"10.1109/NetSoft54395.2022.9844111","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844111","url":null,"abstract":"The paper presents a Tbps-class anonymity router that supports both an anonymity protocol and IP by leveraging a programmable switch. The key design issue is to place both the compute-intensive header decryption function for anonymity protocol forwarding and the memory-intensive IP forwarding function on the processing pipes of a switch with satisfying its hardware requirements. A prototype router on a programmable switch achieves Tbps-scale forwarding.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131292530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844030
G. Grieco, D. Striccoli, G. Piro, R. Bolla, G. Boggia, L. Grieco
Digital services and digital service chains are the heart beating of the modern economy. Their composition involves several players, i.e., processes, software, devices, and many kinds of data exchanged among them. In such a scenario, it is important to guarantee data confidentiality, integrity, as well as authentication and authorization procedures between the communicating parties of a service chain. Cyber-security frameworks are explicitly designed for this purpose. They rely on the integration of different software modules, mutually interfaced to accomplish complex security tasks. Nevertheless, it is important to guarantee a high level of protection during data exchange among the modules. Currently, standardized authentication and authorization mechanisms are implemented through proprietary “As-a-Service” products, but the deployment of a mature on-premise solution is still missing. To bridge this gap, this contribution proposes an authentication and authorization module that automatically protects the information flowing among the modules of cyber-security frameworks. It guarantees resource availability only to authenticated subjects. Thus, their operations are confined in what actions they are authorized for. The proposed module has been implemented and tested in a real cyber-security framework under development into the H2020 GUARD project. Experimental tests show that the proposed module enables authentication and authorization procedure delegation among GUARD modules, which eases their implementation, while maximizing the flexibility of the set of access control policies and an efficient protection of the services.
{"title":"Authentication and Authorization in Cyber-Security Frameworks: a Novel Approach for Securing Digital Service Chains","authors":"G. Grieco, D. Striccoli, G. Piro, R. Bolla, G. Boggia, L. Grieco","doi":"10.1109/NetSoft54395.2022.9844030","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844030","url":null,"abstract":"Digital services and digital service chains are the heart beating of the modern economy. Their composition involves several players, i.e., processes, software, devices, and many kinds of data exchanged among them. In such a scenario, it is important to guarantee data confidentiality, integrity, as well as authentication and authorization procedures between the communicating parties of a service chain. Cyber-security frameworks are explicitly designed for this purpose. They rely on the integration of different software modules, mutually interfaced to accomplish complex security tasks. Nevertheless, it is important to guarantee a high level of protection during data exchange among the modules. Currently, standardized authentication and authorization mechanisms are implemented through proprietary “As-a-Service” products, but the deployment of a mature on-premise solution is still missing. To bridge this gap, this contribution proposes an authentication and authorization module that automatically protects the information flowing among the modules of cyber-security frameworks. It guarantees resource availability only to authenticated subjects. Thus, their operations are confined in what actions they are authorized for. The proposed module has been implemented and tested in a real cyber-security framework under development into the H2020 GUARD project. Experimental tests show that the proposed module enables authentication and authorization procedure delegation among GUARD modules, which eases their implementation, while maximizing the flexibility of the set of access control policies and an efficient protection of the services.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123150399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844050
Stefan Senk, Marian Ulbricht, J. Acevedo, Giang T. Nguyen, P. Seeling, F. Fitzek
Deterministic communications are required for industrial environments, yet their realization is a challenging task. Time-Sensitive Networking (TSN) is intended to enable deterministic communication over inexpensive Ethernet networks. Standardized by the IEEE TSN working group, TSN enables precise control of time synchronization, traffic shaping, reliability enhancements, and network administration to answer the demands of industrial control applications. Subsequently, there is a significant need to enable turnkey research and implementation efforts. However, a current lack of open-sourced testbed implementations to investigate and study the behavior of TSN network devices limits verification to simulation and theoretical models. We introduce a publicly available, flexible, and open-sourced measurement testbed for evaluating TSN in the context of industrial automation applications to address the need to perform real-world measurements. In this contribution, we describe our testbed combining Commercial-Off-The-Shelf (COTS) hardware and existing open-source tools as a platform for in-depth evaluation of TSN devices. Providing detailed TSN backgrounds, we describe an in-depth performance analysis for our implementation. For a common Tactile Internet scenario, we observe an accuracy of close to 5 ns achievable with our publicly available COTS setup.
{"title":"Flexible Measurement Testbed for Evaluating Time-Sensitive Networking in Industrial Automation Applications","authors":"Stefan Senk, Marian Ulbricht, J. Acevedo, Giang T. Nguyen, P. Seeling, F. Fitzek","doi":"10.1109/NetSoft54395.2022.9844050","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844050","url":null,"abstract":"Deterministic communications are required for industrial environments, yet their realization is a challenging task. Time-Sensitive Networking (TSN) is intended to enable deterministic communication over inexpensive Ethernet networks. Standardized by the IEEE TSN working group, TSN enables precise control of time synchronization, traffic shaping, reliability enhancements, and network administration to answer the demands of industrial control applications. Subsequently, there is a significant need to enable turnkey research and implementation efforts. However, a current lack of open-sourced testbed implementations to investigate and study the behavior of TSN network devices limits verification to simulation and theoretical models. We introduce a publicly available, flexible, and open-sourced measurement testbed for evaluating TSN in the context of industrial automation applications to address the need to perform real-world measurements. In this contribution, we describe our testbed combining Commercial-Off-The-Shelf (COTS) hardware and existing open-source tools as a platform for in-depth evaluation of TSN devices. Providing detailed TSN backgrounds, we describe an in-depth performance analysis for our implementation. For a common Tactile Internet scenario, we observe an accuracy of close to 5 ns achievable with our publicly available COTS setup.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114195681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844100
Minh-Ngoc Tran, Younghan Kim
Recently, container orchestration technology has been widely adopted by telco companies in network function virtualization (NFV) architecture. The communication between containerized virtual network functions (VNFs) is implemented by the networking models which contain switches and router functions in the host system. Different kinds of networking models which support packet acceleration features (OvS-DPDK, VPP, SR-IOV, eBPF, or combination), and different container deployment configurations (CPU isolation, NUMA alignment, service function chaining, inter-node networking technologies) have significant impacts on the performance of container network. This paper aims to accurately benchmark container network performance based on these aspects. Especially, we categorize and cover some missing models and configuration scenarios that were not presented in previous related works.
{"title":"Network Performance Benchmarking for Containerized Infrastructure in NFV environment","authors":"Minh-Ngoc Tran, Younghan Kim","doi":"10.1109/NetSoft54395.2022.9844100","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844100","url":null,"abstract":"Recently, container orchestration technology has been widely adopted by telco companies in network function virtualization (NFV) architecture. The communication between containerized virtual network functions (VNFs) is implemented by the networking models which contain switches and router functions in the host system. Different kinds of networking models which support packet acceleration features (OvS-DPDK, VPP, SR-IOV, eBPF, or combination), and different container deployment configurations (CPU isolation, NUMA alignment, service function chaining, inter-node networking technologies) have significant impacts on the performance of container network. This paper aims to accurately benchmark container network performance based on these aspects. Especially, we categorize and cover some missing models and configuration scenarios that were not presented in previous related works.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129681059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: