《Closing the Network Control Loop-可预期网络论坛(20页).pdf》由会员分享,可在线阅读,更多相关《Closing the Network Control Loop-可预期网络论坛(20页).pdf(20页珍藏版)》请在三个皮匠报告上搜索。
1、Closing the Network Control LoopJennifer RexfordPrinceton UniversityProgrammability From Top-to-Bottom and End-to-EndNICNICKernel stackUser spaceDPDKXDP/eBPF5G MobileNetworkDoS MitigationTraffic EngineeringLoadBalancingOverlay VirtualizationSDN ControllerWhat Will Network Owners Do?What will network
2、 owners do with this new flexibility?We believe they will want to run their networks better!Adding New DialsTrafficPerformanceCyberattacksFailuresSignal strengthAdding New KnobsDropMarkRate-limitRerouteHand-offClosed-Loop ControlMeasure(dials)Adapt(knobs)AnalyzeExample#1:Microbursts5x3x1x16:00:000:0
3、0:008:00:0016:00:00Time in day(24h)QueueLengthMicroburstsSmall timescale traffic burstsLong queues caused by incast,attacks,etc.Lead to high packet delay and loss despite low average link utilizationExample#1:Microburst MeasurementData-plane measurement and analysisBacklog in the queueA flows own co
4、ntribution to the queue55%10%ConQuest:Fine-grained queue measurement in the data plane in CoNEXT19.Example#1:Microburst MitigationData-plane adaptationDrop or mark an arriving packet probabilisticallyBased on its flows contribution to the queue55%10%Example#2:Distributed Denial-of-Service Attacks DD
5、oS attacksDNS reflection attackSYN or HTTP floodingSlowloris attackOverwhelm the victimExhausting network and server resourcesVictimDNSDNSDNSDNSAttacker.Example#2:DDoS DetectionData-plane measurement and analysisIdentify suspected victim destinations(key DstIP)receiving traffic from distinct senders
6、(attribute SrcIP)in excess of a threshold(threshold T)select DstIP where distinct(SrcIP)TKeyAttributeThresholdBeauCoup:“Answering many network traffic queries,one memory update at a time”in SIGCOMM20Example#2:DDoS Mitigation Data-plane adaptationDrop or rate-limit packets to suspected victimsRun sta
7、teful firewall for suspected victimsPushback upstream toward the sendersVictimDNSDNSDNSDNSAttacker.Example#3:Path PerformanceNetwork path diversityLoad balancing to achieve good performanceTrack the performance(load,loss,delay)of pathsSplit traffic effectively over the multiple pathsExample#3:Path P
8、erformance MonitoringData-plane tracking of path performance E.g.,lowest maximum link utilizationE.g.,minimum end-to-end latency or loss30%25%20%50%20%10%10%30%30%10%50%Probes along reverse pathExample#3:Performance-Aware Load BalancingData-plane adaptation to direct traffic over the best pathSendin
9、g packets in the forward direction along the path with the best performance30%25%20%50%20%10%Contra:A programmable system for performance-aware routing”(NSDI20)p4.orgEnabler:Programmable Data PlanesStagesMemoryRegistersALUMatch-Action TableParserDeparserp4.orgChallenges:Resource LimitationsStagesMem
10、oryRegistersALUMatch-Action TableParserDeparserLimited depthLimited#bitsLimited#rulesLimited#registers and#of accessesLimited ALUoperationsSolution:Compact Data StructuresApproximate analysis is fineMicrobursts:size estimate for just the large flowsDDoS:rough count for large#s of distinct sourcesPat
11、h performance:rough estimates for best pathsData structures can fit in data-plane registersSketch(e.g.,Bloom filter,count-min sketch,etc.)Small hash table(e.g.,cache of the popular keys)Grand ChallengeHigh-level goalsCompilerSwitch OSswitchControllerSwitch OSswitchNICNICvSwitchNICNICvSwitchDistributed softwarecontrolloopTHANKS