COMM

Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and "software-defined" manner. This paper raises the alarm on the security implications of virtual switches. In ...

Middleboxes that process confidential data cannot be securely deployed in untrusted cloud environments. To securely outsource middleboxes to the cloud, state-of-the-art systems advocate network processing over the encrypted traffic. Unfortunately, these ...

Advanced Persistent Threats (APTs) commonly use stepping stone attacks that allow the adversary to move laterally undetected within an enterprise network towards a target. Existing network security techniques provide limited protection against such ...

Recent trends in software-defined networking have extended network programmability to the data plane through programming languages such as P4. Unfortunately, the chance of introducing bugs in the network also increases significantly in this new context. ...

With the rise of programmable network switches, network infrastructure is becoming more flexible and more capable than ever before. Programming languages such as P4 lower the barrier for changing the inner workings of network switches and offer a ...

Enterprise networks often need to implement complex policies that match business objectives. They will embrace IPv6 like ISP networks in the coming years. Among the benefits of IPv6, the recently proposed IPv6 Segment Routing (SRv6) architecture ...

The emerging 5G networks and applications require network traffic to be buffered at different points in a wide area network with different policies based on user mobility, usage patterns, device and application types. Existing Software Defined Network (...

Many network monitoring tasks identify subsets of traffic that stand out, e.g., top-k flows for a particular statistic. A Protocol Independent Switch Architecture (PISA) switch can identify these "heavy hitter" flows directly in the data plane, by ...

Transport networks satisfy requests to forward data in a given topology. At the level of a network element, forwarding decisions are defined by flows. To implement desired data properties during forwarding, a network operator imposes economic models by ...

This paper explores the question: what abstractions are needed to support a more general form of stateful processing in programmable forwarding planes? It argues that we should look for clues from the domain of stream processing. As a case study, it ...

This paper presents the design and implementation of Yates, a software framework that seeks to dramatically lower the cost of experimenting with different traffic engineering approaches. Yates offers a suite of tools that make it possible to rapidly ...

Network simulation plays a crucial role in the field of network research, education, and industry. However, before conducting a simulation on traditional network simulators, operators need to develop a simulative behavioral model, which requires ...

With the Software-Defined Networking paradigm, software switches emerged as the new edge of datacenter networks. The widely adopted Open vSwitch implements the OpenFlow forwarding model; its simple match-action abstraction eases network management, ...

As the complexity of modern networks increases, virtualization techniques, such as software-defined networking (SDN) and network function virtualization (NFV), get highlighted to achieve various network management and operating requirements. However, ...

Existing software dataplanes that run network functions inside VMs or containers can provide either performance (by dedicating CPU cores) or multiplexing (by context switching), but not both at once. Function-based dataplane architectures by replacing ...

Recent advances in Software-Defined Networking (SDN) have enabled flexible and programmable network measurement. A promising trend is to conduct network traffic measurement on widely deployed Open vSwitches (OVS) in data centers. However, little ...

Proactive measurement of the delay in communication networks aims to detect congestion as early as possible and find links on which the traffic flow is obstructed. There is, however, a tradeoff between detection time and cost (e.g., bandwidth ...

Many network functions are moving from hardware to software to get better programmability and lower cost. Measurement is critical to most network functions because getting detailed information about traffic is often the first step to make control ...

Existing OpenFlow based flow expiry mechanisms rely on a fixed timeout after which the switch proactively removes the flow entries from its flow table. Assigning an appropriate value to this timeout presents a tradeoff between efficient flow table ...

Middleboxes in traditional networks relied on purpose-built hardware/software appliances to run data plane services, making it difficult for networks to evolve. OpenNetVM seeks to address this problem by offering a flexible Network Function ...

We present SBAR, a monitoring system compliant with OpenFlow that provides flow-level measurement reports similar to those of NetFlow in traditional networks, but additionally enriched with labels that classify flows at the application layer. For the ...

Software Defined internet eXchange Points (SDXs) are a promising solution to the long-standing limitations and problems of interdomain routing. While proposed SDX architectures have improved the scalability of the control plane, these solutions have ...