Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964962
Madhav Tummula, Manish Kausik H, S. Saha
IoT-technology is gaining a wide popularity over a large range of applications including not only monitoring of structures but also management and control of smart-systems. An IoT-system, in general, is composed of a number of IoT-devices which form a wireless decentralized setting as they get installed over a specific area to serve a particular purpose. The structure of the underlying wireless network depends on the structure of the target where the system gets deployed and hence, widely varies based on the exact application. Such structural variations often have an impact on the performance of the underlying IoT-protocols. Unfortunately most of the network protocols do not take care of such issues explicitly. For instance, although there have been quite significant development in the data-sharing protocols, especially with the advent of Synchronous-Transmission (ST), most of them are designed without considering the variation in the structural formation of the base networks. These protocols are tested over either in small scale simulated networks or in testbed settings bearing fixed/homogeneous structures. In this work, we demonstrate that the property of self-adaptability in an IoT-system can enable it not only to run faster but also save substantial energy which is an extremely important issue in the context of low-power system, in general. In particular, we design and implement a flexible and structure-adaptive many-to-many data-sharing protocol FlexiCast. Through extensive experiments under emulation-settings and IoT-testbeds we demonstrate that FlexiCast performs upto 49% faster and consumes upto 53% lesser energy compared to the case when it does not adapt to the network structure.
{"title":"FlexiCast: A Structure-Adaptive Protocol for Efficient Data-Sharing in IoT","authors":"Madhav Tummula, Manish Kausik H, S. Saha","doi":"10.23919/CNSM55787.2022.9964962","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964962","url":null,"abstract":"IoT-technology is gaining a wide popularity over a large range of applications including not only monitoring of structures but also management and control of smart-systems. An IoT-system, in general, is composed of a number of IoT-devices which form a wireless decentralized setting as they get installed over a specific area to serve a particular purpose. The structure of the underlying wireless network depends on the structure of the target where the system gets deployed and hence, widely varies based on the exact application. Such structural variations often have an impact on the performance of the underlying IoT-protocols. Unfortunately most of the network protocols do not take care of such issues explicitly. For instance, although there have been quite significant development in the data-sharing protocols, especially with the advent of Synchronous-Transmission (ST), most of them are designed without considering the variation in the structural formation of the base networks. These protocols are tested over either in small scale simulated networks or in testbed settings bearing fixed/homogeneous structures. In this work, we demonstrate that the property of self-adaptability in an IoT-system can enable it not only to run faster but also save substantial energy which is an extremely important issue in the context of low-power system, in general. In particular, we design and implement a flexible and structure-adaptive many-to-many data-sharing protocol FlexiCast. Through extensive experiments under emulation-settings and IoT-testbeds we demonstrate that FlexiCast performs upto 49% faster and consumes upto 53% lesser energy compared to the case when it does not adapt to the network structure.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128928247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964741
Christoph Hardegen
Flow monitoring allows to obtain an aggregated network traffic view that can be leveraged for subsequent analysis. Since network management tasks like flow-based traffic classification or prediction benefit from broader data views, the flow tracking scope used to export required traffic metadata can be enlarged: First, coherent packet streams can not only be monitored in a unidirectional but also bidirectional context that combines interrelated forward and backward direction views. Second, time-based subflow management for both contexts separates observed packet streams into consecutive windows covering a particular fraction to gain higher data granularity. To support these diversified traffic views in combination with variable feature sets for demand-driven data export serving different traffic analysis tasks, flow tracking and export strategies are required to operate in a dynamic manner. This paper proposes a flow monitoring approach enabling to track the four aforementioned scopes while adapting timeout-based data export operating on programmable switches. A multi-level system architecture and an adaptive protocol ensure flexible sharing and analysis of data records. Evaluations show that exported data can be used to improve analysis outcomes, whereby the considered data scope affects achieved accuracy but also the monitoring overhead.
{"title":"Scope-based Flow Monitoring to Improve Traffic Analysis in Programmable Networks","authors":"Christoph Hardegen","doi":"10.23919/CNSM55787.2022.9964741","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964741","url":null,"abstract":"Flow monitoring allows to obtain an aggregated network traffic view that can be leveraged for subsequent analysis. Since network management tasks like flow-based traffic classification or prediction benefit from broader data views, the flow tracking scope used to export required traffic metadata can be enlarged: First, coherent packet streams can not only be monitored in a unidirectional but also bidirectional context that combines interrelated forward and backward direction views. Second, time-based subflow management for both contexts separates observed packet streams into consecutive windows covering a particular fraction to gain higher data granularity. To support these diversified traffic views in combination with variable feature sets for demand-driven data export serving different traffic analysis tasks, flow tracking and export strategies are required to operate in a dynamic manner. This paper proposes a flow monitoring approach enabling to track the four aforementioned scopes while adapting timeout-based data export operating on programmable switches. A multi-level system architecture and an adaptive protocol ensure flexible sharing and analysis of data records. Evaluations show that exported data can be used to improve analysis outcomes, whereby the considered data scope affects achieved accuracy but also the monitoring overhead.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124754333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964569
A. Mayer, L. Bracciale, Paolo Lungaroni, P. Loreti, S. Salsano, Giuseppe Bianchi
With the rise of the Network Softwarization era, eBPF has become a hot technology for efficient packet processing on commodity hardware. However the development of custom eBPF solutions is a challenging process that requires highly qualified human resources. In this paper we propose the eCLAT framework with the goal to lower the learning curve of engineers by re-using eBPF code in a programmable way. eCLAT offers a high level programming abstraction to eBPF based network programmability, allowing a developer to create custom application logic in eBPF with no need of understanding the complex details of regular eBPF programming. To support such modularity at the eBPF level, we created an eBPF library that implements a virtual machine, called HIKe VM. The HIKe VM library extends the conventional eBPF programs so that they can be integrated in eCLAT. The eCLAT/HIKe solution does not require any kernel modification.
{"title":"eBPF Programming Made Easy with eCLAT","authors":"A. Mayer, L. Bracciale, Paolo Lungaroni, P. Loreti, S. Salsano, Giuseppe Bianchi","doi":"10.23919/CNSM55787.2022.9964569","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964569","url":null,"abstract":"With the rise of the Network Softwarization era, eBPF has become a hot technology for efficient packet processing on commodity hardware. However the development of custom eBPF solutions is a challenging process that requires highly qualified human resources. In this paper we propose the eCLAT framework with the goal to lower the learning curve of engineers by re-using eBPF code in a programmable way. eCLAT offers a high level programming abstraction to eBPF based network programmability, allowing a developer to create custom application logic in eBPF with no need of understanding the complex details of regular eBPF programming. To support such modularity at the eBPF level, we created an eBPF library that implements a virtual machine, called HIKe VM. The HIKe VM library extends the conventional eBPF programs so that they can be integrated in eCLAT. The eCLAT/HIKe solution does not require any kernel modification.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123145435","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964658
F. Rezabek, Max Helm, Tizian Leonhardt, G. Carle
The Precision Time Protocol (PTP) synchronizes clocks in a network with high precision. The protocol finds use in many areas, such as smart manufacturing, intra-vehicular networks, and critical infrastructure. It becomes clear that striving for security is an important goal. If an attacker succeeds in disturbing the network synchronization, the impact can result in a cascading set of failures. Unfortunately, neither the previous two IEEE standards for PTP, nor the popular implementation linuxptp, feature or implement sufficient security options.This work focuses on implementing the security extensions for PTP based on the latest PTP standard IEEE 1588-2019 to minimize the threat of attacks and their possible impact. We provide a detailed analysis on PTP synchronicity and security. Based on that, we design and implement software-only tooling to quantify the PTP performance using commercial off-the-shelf hardware and open-source solutions on a linear topology with four to nine hops.The measurements compare the End-to-End (E2E) and Peer-to-Peer (P2P) delay calculation modes and the usage of Transparent Clocks (TC) in parts of the network. Both E2E and P2P show visible degradation of clock synchronization with each hop and standard deviations of 118.6 to 571 ns. The TCs perform better, demonstrating a standard deviation between 90 to 140 ns on four to nine hops. We evaluate different logSyncInterval values corresponding to different PTP profiles and do not observe a major impact on the clock behavior caused by the extensions. The measurement precision of the system is within ±40 ns.Our evaluation of the newly implemented security extensions to linuxptp shows that the security extensions do not have a significant impact on the clock synchronization and our approach is a feasible addition to PTP. Besides, our contributions can aid network managers in assessing their PTP synchronicity systematically.
PTP (Precision Time Protocol)是指在网络中对时钟进行高精度同步的协议。该协议可用于许多领域,如智能制造、车载网络和关键基础设施。显然,争取安全是一个重要目标。如果攻击者成功扰乱了网络同步,则会导致一连串的故障。不幸的是,无论是前两个IEEE PTP标准,还是流行的linuxptp实现,都没有提供或实现足够的安全选项。本工作的重点是基于最新的PTP标准IEEE 1588-2019实现PTP的安全扩展,以最大限度地减少攻击的威胁及其可能的影响。详细分析了PTP的同步性和安全性。在此基础上,我们设计并实现了仅使用软件的工具来量化PTP性能,使用商业现成的硬件和开源解决方案,在4到9跳的线性拓扑上。这些测量比较了端到端(E2E)和点对点(P2P)延迟计算模式以及透明时钟(TC)在部分网络中的使用情况。端到端和P2P都表现出明显的时钟同步退化,每跳误差为118.6 ~ 571 ns。TCs性能更好,在4到9跳上的标准偏差在90到140 ns之间。我们评估了对应于不同PTP配置文件的不同logSyncInterval值,并且没有观察到扩展对时钟行为造成的重大影响。系统测量精度在±40ns以内。我们对新实现的linuxptp安全扩展的评估表明,安全扩展对时钟同步没有显著影响,我们的方法是PTP的一个可行的补充。此外,我们的贡献可以帮助网络管理者系统地评估他们的PTP同步性。
{"title":"PTP Security Measures and their Impact on Synchronization Accuracy","authors":"F. Rezabek, Max Helm, Tizian Leonhardt, G. Carle","doi":"10.23919/CNSM55787.2022.9964658","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964658","url":null,"abstract":"The Precision Time Protocol (PTP) synchronizes clocks in a network with high precision. The protocol finds use in many areas, such as smart manufacturing, intra-vehicular networks, and critical infrastructure. It becomes clear that striving for security is an important goal. If an attacker succeeds in disturbing the network synchronization, the impact can result in a cascading set of failures. Unfortunately, neither the previous two IEEE standards for PTP, nor the popular implementation linuxptp, feature or implement sufficient security options.This work focuses on implementing the security extensions for PTP based on the latest PTP standard IEEE 1588-2019 to minimize the threat of attacks and their possible impact. We provide a detailed analysis on PTP synchronicity and security. Based on that, we design and implement software-only tooling to quantify the PTP performance using commercial off-the-shelf hardware and open-source solutions on a linear topology with four to nine hops.The measurements compare the End-to-End (E2E) and Peer-to-Peer (P2P) delay calculation modes and the usage of Transparent Clocks (TC) in parts of the network. Both E2E and P2P show visible degradation of clock synchronization with each hop and standard deviations of 118.6 to 571 ns. The TCs perform better, demonstrating a standard deviation between 90 to 140 ns on four to nine hops. We evaluate different logSyncInterval values corresponding to different PTP profiles and do not observe a major impact on the clock behavior caused by the extensions. The measurement precision of the system is within ±40 ns.Our evaluation of the newly implemented security extensions to linuxptp shows that the security extensions do not have a significant impact on the clock synchronization and our approach is a feasible addition to PTP. Besides, our contributions can aid network managers in assessing their PTP synchronicity systematically.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124607016","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964556
Josef Koumar, T. Čejka
Even though encryption hides the content of communication from network monitoring and security systems, this paper shows a feasible way to retrieve useful information about the observed traffic. The paper deals with detection of periodic behavioral patterns of the communication that can be detected using time series created from network traffic by autocorrelation function and Lomb-Scargle periodogram. The revealed characteristics of the periodic behavior can be further exploited to recognize particular applications. We have experimented with the created dataset of 61 classes, and trained a machine learning classifier based on XGBoost that performed the best in our experiments, reaching 90% F1-score.
{"title":"Network traffic classification based on periodic behavior detection","authors":"Josef Koumar, T. Čejka","doi":"10.23919/CNSM55787.2022.9964556","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964556","url":null,"abstract":"Even though encryption hides the content of communication from network monitoring and security systems, this paper shows a feasible way to retrieve useful information about the observed traffic. The paper deals with detection of periodic behavioral patterns of the communication that can be detected using time series created from network traffic by autocorrelation function and Lomb-Scargle periodogram. The revealed characteristics of the periodic behavior can be further exploited to recognize particular applications. We have experimented with the created dataset of 61 classes, and trained a machine learning classifier based on XGBoost that performed the best in our experiments, reaching 90% F1-score.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"1108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116056114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964562
Gabriele Gemmi, Llorenç Cerdà-Alabern, L. Maccari
Broadband Internet provision is an increasing demand in many rural areas and wireless internet service providers have emerged as an opportunity to fill this need. However, this type of operator typically consists of a small business with little resources, and difficulty to plan and assess a reliable and economically sustainable infrastructure. In this paper, we try to bring some aid to this challenging problem by describing a reliable mesh-based backhaul design, together with a detailed CapEx/OpEx economic assessment. We apply our model using real data from ten Italian rural municipalities. Our numerical results show that having clusters of 200 subscribers, a reliable backhaul could be deployed with a monthly subscription and price per Mb/s extremely competitive compared to existing market offers.
{"title":"A Realistic Open-Data-based Cost Model for Wireless Backhaul Networks in Rural Areas","authors":"Gabriele Gemmi, Llorenç Cerdà-Alabern, L. Maccari","doi":"10.23919/CNSM55787.2022.9964562","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964562","url":null,"abstract":"Broadband Internet provision is an increasing demand in many rural areas and wireless internet service providers have emerged as an opportunity to fill this need. However, this type of operator typically consists of a small business with little resources, and difficulty to plan and assess a reliable and economically sustainable infrastructure. In this paper, we try to bring some aid to this challenging problem by describing a reliable mesh-based backhaul design, together with a detailed CapEx/OpEx economic assessment. We apply our model using real data from ten Italian rural municipalities. Our numerical results show that having clusters of 200 subscribers, a reliable backhaul could be deployed with a monthly subscription and price per Mb/s extremely competitive compared to existing market offers.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133142768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964497
Stefanos G. Sagkriotis, D. Pezaros
Computation offloading to the programmable data plane enabled the acceleration of key-value stores which offer coordination services for large-scale data centres. Previous research reduced the response latency of key-value requests by half through deploying the store in the programmable data plane. In this work, we examine Kubernetes’ central store, etcd, as a candidate for deployment in data plane. We discuss performance and scalability limitations existing in the default architecture of Kubernetes and how these can be alleviated through data plane offloading. Moreover, we investigate previous design decisions of in-network caching mechanisms that led to increased traffic generation and latency. We propose a new in-network key-value store platform that maintains strong consistency and fault-tolerance while improving performance and scalability over the state-of-the-art.
{"title":"Scalable Data Plane Caching for Kubernetes","authors":"Stefanos G. Sagkriotis, D. Pezaros","doi":"10.23919/CNSM55787.2022.9964497","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964497","url":null,"abstract":"Computation offloading to the programmable data plane enabled the acceleration of key-value stores which offer coordination services for large-scale data centres. Previous research reduced the response latency of key-value requests by half through deploying the store in the programmable data plane. In this work, we examine Kubernetes’ central store, etcd, as a candidate for deployment in data plane. We discuss performance and scalability limitations existing in the default architecture of Kubernetes and how these can be alleviated through data plane offloading. Moreover, we investigate previous design decisions of in-network caching mechanisms that led to increased traffic generation and latency. We propose a new in-network key-value store platform that maintains strong consistency and fault-tolerance while improving performance and scalability over the state-of-the-art.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"128 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123061725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9965141
Christoph Hardegen
Running state monitoring for network switches and links enables the derivation of a path-based data view. Thereby, various monitoring intents like utilization and latency awareness can be targeted during data collection. Whereas each of these objectives relies on a particular set of state metrics, different monitoring methods may be run to gather the data basis serving as decision input for subsequent analysis purposes. In addition, path conditions have an impact on the state observed for individual packet streams being forwarded along a specific path. While path level state data is of relevance, e.g., to evaluate past load ratios in order to run state-aware and efficient path determination, flow level state helps to monitor flow experience conditions like achieved throughput or perceived latency, e.g., to track the compliance with flow-based requirements. This paper presents a modular architecture for path state monitoring that considers port counter query, network probing and in-band network telemetry as methods for demand-driven data collection and focuses on utilization and latency awareness as monitoring intents. State data is collected by a centralized controller in collaboration with distributed modules deployed in a switch’s data plane to run data tracking, wherefore programmable switches are used as operational basis to ensure a flexible monitoring protocol. Evaluations show that continuously collected data snapshots allow to track accurate path state trends that – w.r.t. path state-aware traffic steering – can be leveraged to improve flow-based load distribution across available path capacities and to resolve inefficiencies like imbalanced path load or congestion.
{"title":"Intent-Driven Path State Monitoring to Enable Centralized State-Aware Flow Steering","authors":"Christoph Hardegen","doi":"10.23919/CNSM55787.2022.9965141","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9965141","url":null,"abstract":"Running state monitoring for network switches and links enables the derivation of a path-based data view. Thereby, various monitoring intents like utilization and latency awareness can be targeted during data collection. Whereas each of these objectives relies on a particular set of state metrics, different monitoring methods may be run to gather the data basis serving as decision input for subsequent analysis purposes. In addition, path conditions have an impact on the state observed for individual packet streams being forwarded along a specific path. While path level state data is of relevance, e.g., to evaluate past load ratios in order to run state-aware and efficient path determination, flow level state helps to monitor flow experience conditions like achieved throughput or perceived latency, e.g., to track the compliance with flow-based requirements. This paper presents a modular architecture for path state monitoring that considers port counter query, network probing and in-band network telemetry as methods for demand-driven data collection and focuses on utilization and latency awareness as monitoring intents. State data is collected by a centralized controller in collaboration with distributed modules deployed in a switch’s data plane to run data tracking, wherefore programmable switches are used as operational basis to ensure a flexible monitoring protocol. Evaluations show that continuously collected data snapshots allow to track accurate path state trends that – w.r.t. path state-aware traffic steering – can be leveraged to improve flow-based load distribution across available path capacities and to resolve inefficiencies like imbalanced path load or congestion.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123675864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9964999
Alexandros Valantasis, Nikos Psaromanolakis, V. Theodorou
The shift towards distributed computing architectures that push data storage and processing to the edge of the network, is resulting into a convergence of cloud-computing services and next generation mobile network technologies. In order to uniformly manage resources and services in the formed cloud/core to edge/devices continuum and to handle the diversity of multi-party underlying infrastructure technologies in a latency-aware, reliable and trustworthy fashion, management automation has become more crucial than ever. In this work, we present the security analytics mechanisms of the π-Edge platform–our edge management platform that embodies zero-touch automation features for interoperability, Quality of Service (QoS) assurance, resilience and trust. To this end, we introduce a declarative NFV MANO Information Model (IM) and methods for automatically enhancing Network Slices at the edge, with security services that i) continuously monitor user-plane traffic on the links between Virtual Network Functions (VNFs), ii) detect possible network vulnerabilities or malicious behaviour and iii) apply relevant actions to effectively observe and mitigate identified threats. The implementation of such mechanisms is evaluated through experimentation on a use case of DDoS attacking scenarios, showcasing the usability and the benefits of our proposed solution.
{"title":"Zero-touch security automation mechanisms for edge NFV: the π-Edge approach","authors":"Alexandros Valantasis, Nikos Psaromanolakis, V. Theodorou","doi":"10.23919/CNSM55787.2022.9964999","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9964999","url":null,"abstract":"The shift towards distributed computing architectures that push data storage and processing to the edge of the network, is resulting into a convergence of cloud-computing services and next generation mobile network technologies. In order to uniformly manage resources and services in the formed cloud/core to edge/devices continuum and to handle the diversity of multi-party underlying infrastructure technologies in a latency-aware, reliable and trustworthy fashion, management automation has become more crucial than ever. In this work, we present the security analytics mechanisms of the π-Edge platform–our edge management platform that embodies zero-touch automation features for interoperability, Quality of Service (QoS) assurance, resilience and trust. To this end, we introduce a declarative NFV MANO Information Model (IM) and methods for automatically enhancing Network Slices at the edge, with security services that i) continuously monitor user-plane traffic on the links between Virtual Network Functions (VNFs), ii) detect possible network vulnerabilities or malicious behaviour and iii) apply relevant actions to effectively observe and mitigate identified threats. The implementation of such mechanisms is evaluated through experimentation on a use case of DDoS attacking scenarios, showcasing the usability and the benefits of our proposed solution.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116449374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-31DOI: 10.23919/CNSM55787.2022.9965146
Marco Polverini, D. Aureli, A. Cianfrani, F. Lavacca, M. Listanti
In this paper we introduce QLR, a per-router control agent that aims at reducing the occupancy of the local buffers by performing re-routing operations. The Segment Routing architecture is exploited to manage the uncoordinated selection of re-routing performed by different nodes, thus avoiding the creation of routing loops, while the Extensible In-band Processing is used to allow the network nodes to have a detailed and updated view of the wide network status. Data and control plane programmability are considered to define a prototype implementation of QLR that allows for the execution of a preliminary performance evaluation and proof-of-concept. From the conducted experiments has emerged that QLR can effectively reduce the maximum queue occupancy and end-to-end delay up to 43% and 63%, respectively.
{"title":"Real Time Local Re-Routing to limit Queuing Delay exploiting SRv6 and Extensible In-Band Processing","authors":"Marco Polverini, D. Aureli, A. Cianfrani, F. Lavacca, M. Listanti","doi":"10.23919/CNSM55787.2022.9965146","DOIUrl":"https://doi.org/10.23919/CNSM55787.2022.9965146","url":null,"abstract":"In this paper we introduce QLR, a per-router control agent that aims at reducing the occupancy of the local buffers by performing re-routing operations. The Segment Routing architecture is exploited to manage the uncoordinated selection of re-routing performed by different nodes, thus avoiding the creation of routing loops, while the Extensible In-band Processing is used to allow the network nodes to have a detailed and updated view of the wide network status. Data and control plane programmability are considered to define a prototype implementation of QLR that allows for the execution of a preliminary performance evaluation and proof-of-concept. From the conducted experiments has emerged that QLR can effectively reduce the maximum queue occupancy and end-to-end delay up to 43% and 63%, respectively.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122837168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: