-
Gebert, S.: Architectures for Softwarized Networks and their Performance Evaluation, (2017).
-
Zinner, T., Geissler, S., Lange, S., Gebert, S., Seufert, M., Tran-Gia, P.: A Discrete-Time Model for Optimizing the Processing Time of Virtualized Network Functions. Computer Networks. 125, 4-14 (2017).
The softwarization of networks promises cost savings and better scalability of network functions by moving functionality from specialized devices into commercial off-the-shelf hardware. Generalized computing hardware offers many degrees of adjustment and tuning, which can affect performance and resource utilization. One of these adjustments are interrupt moderation techniques implemented by modern network interface cards and operating systems. Using these, an administrator can optimize either for low latencies or low CPU overhead for processing of network traffic. In this work, an analytical model that allows the computation of relevant performance metrics like packet processing time and packet loss for generic virtualized network functions running on commodity hardware is presented. Based on this model, impact factors like average packet interarrival time, interarrival time distribution, and duration of the interrupt aggregation interval are studied. Furthermore, we significantly improve the computational tractability of this discrete-time model by proving and leveraging a property regarding its limit behavior. We also demonstrate that using this property does not affect the accuracy of the model in the context of realistic parameter combinations. Finally, the improved runtime for numerical evaluations allows administrators to dynamically adapt their interrupt mitigation settings to changing network conditions by recalculating optimal parameters.
-
Geissler, S., Gebert, S., Herrnleben, S., Zinner, T., Bauer, R., Jarschel, M.: TableVisor 2.0: Towards Full-Featured, Scalable and Hardware-Independent Multi Table Processing. NetSoft 2017, Best Student Paper Award (2017).
Modern Software Defined Networking (SDN) appli- cations rely on sophisticated packet processing. However, there is a mismatch between control plane requirements and data plane capabilities caused by increasing hardware heterogeneity. To overcome this challenge, we propose TableVisor, a proxy-layer for the OpenFlow control channel that enables the flexible and scalable abstraction of multiple physical devices into one emu- lated data plane switch that meets the requirements of the control plane application. TableVisor registers with the SDN controller as a single switch with use-case specific capabilities. It translates the instructions and rules from the control application towards the appropriate physical device where they are executed. In this paper, we present the updated architecture and functionality of TableVisor as well as first evaluation results based on testbed experiments.
-
Gray, N., Lorenz, C., Müssig, A., Gebert, S., Zinner, T., Tran-Gia, P.: A Priori State Synchronization for Fast Failover of Stateful Firewall VNFs. Workshop on Software-Defined Networking and Network Function Virtualization for Flexible Network Management (SDNFlex 2017). , Göttingen, Germany (2017).
Network Functions Virtualization (NFV) replaces physical middleboxes with software instances running network functions in cloud environments. To support this new paradigm, it is necessary to port the code basis from highly specialized hardware devices to virtual machines running on COTS hard- ware. In order to fully exploit the inherent capabilities of cloud environments it is further necessary to redesign the software to support a large amount of distributed, cooperating function instances instead of single, isolated and monolithic instances. This development can be observed for network functions like stateful firewalling. Until now, available software firewalls lack support for active/active operation in clustered environments, which hinders horizontal scalability. This is due to the fact that the required synchronization of connection states among the cluster’s instances is an impediment that still has to be resolved. Therefore, this work investigates different synchronization strategies and mechanisms, which allow to share connection states among the cluster to maintain scalability and high-availability
-
Hoffmann, M., Jarschel, M., Pries, R., Schneider, P., Jukan, A., Bziuk, W., Gebert, S., Zinner, T., Tran-Gia, P.: SDN and NFV as Enabler for the Distributed Network Cloud. Mobile Networks and Applications. (2017).
-
Lorenz, C., Hock, D., Scherer, J., Durner, R., Kellerer, W., Gebert, S., Gray, N., Zinner, T., Tran-Gia, P.: An SDN/NFV-enabled Enterprise Network Architecture Offering Fine-Grained Security Policy Enforcement. IEEE Communications Magazine. 55, 217 - 223 (2017).
In recent years, the number of attacks and threat vectors against enterprise networks have been constantly increasing in numbers and variety. In addition, new challenges arise not only to the level of provided security, but also to the scalability and manageability of the deployed countermeasures such as firewalls and intrusion detection systems. Despite these attacks, the main security systems, e.g., network firewalls, have remained rather unchanged. Due to the tight integration into the physical network’s infrastructure, a dynamic resource allocation to adapt the security measures to the current network conditions is a difficult undertaking. Therefore, in this work, we analyze and compare different architectural design patterns for the integration of SDN/NFV-based security solutions into enterprise networks.
-
Gebert, S., Geissler, S., Zinner, T., Nguyen-Ngoc, A., Lange, S., Tran-Gia, P.: ZOOM: Lightweight SDN-based Elephant Detection. First International Workshop on Programmability for Cloud Networks and Applications (PROCON). , Würzburg, Germany (2016).
Software Defined Networking (SDN) offers a holistic view of the network through a centralized control plane. Consequently, routing decisions can be made based on global knowledge about the network topology as well as its current state. As long living flows are suitable candidates for rerouting, their detection is crucial for efficient flow based traffic management. This work proposes the ZOOM algorithm for elephant detection in SDN networks. To this end, ZOOM follows a very lightweight approach that only uses packet counters implemented by OpenFlow switches and thus does not require any additional hardware. By exploiting this feature of OpenFlow switches, ZOOM allows lightweight and cost-effective elephant detection.
-
Gebert, S., Zinner, T., Lange, S., Schwartz, C., Tran-Gia, P.: Performance Modeling of Softwarized Network Functions Using Discrete-Time Analysis. 28th International Teletraffic Congress (ITC). , Würzburg, Germany (2016).
The softwarization of networks promises cost savings and better scalability of network functions by moving functionality from specialized devices into commercial off-the-shelf hardware. Generalized computing hardware offers many degrees for adjustment and tuning, which can affect performance and resource utilization. One of these adjustments are the interrupt mitigation techniques implemented by modern network interface cards and operating systems. Using these, an administrator can optimize either lower latencies or lower CPU overhead for processing of network traffic. In this work, an analytical model that allows computing relevant performance metrics like the packet processing time and the packet loss for generic virtualized network functions running on commodity hardware is developed. The applicability of the model is shown by comparing its outcome with measurements conducted in a local testbed. Based on this model, impact factors like the average packet interarrival time, the interarrival time distribution, and the duration of the interrupt aggregation interval are studied.
-
Gebert, S., Zinner, T., Gray, N., Durner, R., Lorenz, C., Lange, S.: Demonstrating a Personalized Secure-By-Default Bring Your Own Device Solution Based on Software Defined Networking, (2016).
Network virtualization is one classical use-case for Software Defined Networks (SDN). By programmatically instantiating virtual networks, traffic from one or more devices can be separated or connectivity can be established as needed. S- BYOD, which is presented in this demonstration, applies the SDN concept to Bring Your Own Device (BYOD) scenarios and offers personalized virtual networks that are set up and extended on demand. This is done once the user authenticates, activates access to additional applications, or as soon as applications scale out and involve more servers. The described proof-of-concept implementation explores, to what degree an agent-less BYOD solution, based only on SDN, can lower the attack surface by explicit user opt-ins for particular services. Further, an assessment of the number of required rules within the flow tables of switches completes this work.
-
Nguyen-Ngoc, A., Lange, S., Gebert, S., Zinner, T., Tran-Gia, P., Jarschel, M.: Performance Evaluation Mechanisms for FlowMod Message Processing in OpenFlow Switches. IEEE Sixth International Conference on Communications and Electronics. , Ha Long City, Vietnam (2016).
Network operators can benefit in terms of flexibility, cost, and vendor-independence when adopting the Software Defined Networking (SDN) paradigm. In many scenarios, the SDN controller orders the installation of new flow table entries in the switches it manages. Since such operations are handled in the slow path of the switches, the corresponding processing times constitute an important performance indicator for switches. This work focuses on a comparison of two mechanisms for evaluating the performance of OpenFlow switches with respect to the processing time of FlowMod messages. These mechanisms are characterized by different degrees of accuracy, cost, complexity, and the capability of performing measurements at run time. The first mechanism is based on the Spirent C1 dedicated testing platform, while the other uses a software module for the OpenDaylight controller. We assess their capabilities with respect to the abovementioned characteristics and quantify their accuracy by means of wiretaps that provide a ground truth regarding the measured processing times. By using three different switches in the experiments, it is possible to distinguish between hardware specific side-effects and general phenomena.
-
Gebert, S., Zinner, T., Lange, S., Schwartz, C., Tran-Gia, P.: Discrete-Time Analysis: Deriving the Distribution of the Number of Events in an Arbitrarily Distributed Interval. University of Wuerzburg (2016).
-
Gebert, S.: Performance Modeling of Softwarized Network Functions using Discrete-Time Analysis. , Fachgruppentagung ITG 5.2.1, Technische Universität Hamburg-Harburg (2016).
-
Gebert, S., Müssig, A., Lange, S., Zinner, T., Gray, N., Tran-Gia, P.: Processing Time Comparison of a Hardware-Based Firewall and its Virtualized Counterpart. 8th EAI International Conference on Mobile Networks and Management (MONAMI 2016). , Abu Dhabi, United Arab Emirates (2016).
-
Gray, N., Zinner, T., Gebert, S., Tran-Gia, P.: Simulation Framework for Distributed SDN-Controller Architectures in OMNeT++. 8th EAI International Conference on Mobile Networks and Management (MONAMI 2016). , Abu Dhabi, United Arab Emirates (2016).
SDN introduces the seperation of network control and network data plane. The control plane is removed from distributed network entities and logically centralized as the SDN controller. To provide resilience and performance such a logically centralized controller may again be physically distributed. Scenarios featuring distributed controller architectures include data center deployments, where controller instances synchronize states on small distances and delays, or continental WAN deployments with long distances and delays between controllers. The contribution of this paper is an OMNET++ based simulation framework for assessing the performance of distributed SDN controller architectures. Relevant protocols and controller applications are modelled with a high level of detail. Further, an exemplary implementation of two different controller architectures, namely Hyperflow and Kandoo, is included. Initial results based on the provided implementations are presented.
-
Gebert, S., Schwartz, C., Zinner, T., Tran-Gia, P.: Continuously Delivering Your Network, (2015).
-
Metter, C., Gebert, S., Lange, S., Zinner, T., Tran-Gia, P., Jarschel, M.: Investigating the Impact of Network Topology on the Processing Times of SDN Controllers. Seventh IFIP/IEEE International Workshop on Management of the Future Internet. , Ottawa, Canada (2015).
Software Defined Networking (SDN) introduces the concept of logically-centralized controllers in charge of managing the forwarding behavior of network elements. The new possibilities enabled through the centralization of control logic come with a certain risk: The controller might become a performance bottleneck. Therefore, ensuring sufficient controller performance is one of the crucial tasks prior to a successful SDN deployment. Furthermore, fine-grained traffic engineering, e.g., to achieve higher link utilization, results in a higher frequency of requests that are sent to the controller, which leads to an increased controller load. It is therefore important to analyze the capabilities of SDN controllers prior to deployment. This paper investigates two software implementations, the OpenDaylight and Ryu controllers. The control message throughput of different controllers has been studied several times already; however, it is not yet known what influence the number and topology of connected switches have. This paper investigates this influence in detail for a fat-tree data center topology and a WAN topology as well as 261 topologies with varying characteristics from the Internet Topology Zoo.
-
Nguyen-Ngoc, A., Lange, S., Gebert, S., Zinner, T., Tran-Gia, P., Jarschel, M.: Investigating Isolation between Virtual Networks in Case of Congestion for a Pronto 3290 Switch. Workshop on Software-Defined Networking and Network Function Virtualization for Flexible Network Management (SDNFlex 2015). , Cottbus, Germany (2015).
Resource isolation between virtual networks is one of the key features of network virtualization. It is typically realized by configuring queues with specific rate guarantees on the egress ports of the network devices. The drawback of this architectural choice, however, is that traffic from several ingress ports may result in congestion on an egress port. Hence, the question arises to which extent isolation between virtual networks is realized in state-of-the-art hardware. This work aims at investigating whether congestion within one virtual network may affect the throughput performance of another virtual network. For that, measurements in a local testbed using a Pronto 3290 switch running an OpenFlow-enabling Pica8 firmware are performed.
-
Gebert, S., Schwartz, C., Zinner, T., Tran-Gia, P.: Continuously Delivering Your Network (Short Paper). IEEE/IFIP International Symposium on Integrated Network Management (IM). , Ottawa, Canada (2015).
Softwarization and cloudification of networks through software defined networking and network functions virtualisation promise a new degree of flexibility and agility. By moving logic from device firmware into software applications and applying software development mechanisms, innovation can be introduced with less effort. Concrete ways how to operate and orchestrate such systems are not yet defined. The process of making changes to a controller software or a virtualized network function in a production network without the risk of network disruption is not covered by literature. Complexity of systems brings the risk of unexpected side-effects and has so long been a show-stopper for administrators applying changes to networking devices. This paper suggests the adaption of the successful concept of continuous delivery into the software defined networking world. Test-driven development and automatic acceptance tests demonstrate that the software engineering community already found ways to ensure that changes do not break. Applied to network engineering, the adaption of continuous delivery can be seen as an enabler for risk-free and frequent changes in production infrastructure through push button deployments.
-
Lange, S., Gebert, S., Spoerhase, J., Rygielski, P., Zinner, T., Kounev, S., Tran-Gia, P.: Specialized Heuristics for the Controller Placement Problem in Large Scale SDN Networks. International Teletraffic Congress (ITC 27). , Ghent, Belgium (2015).
The Software Defined Networking~(SDN) concept introduces a paradigm shift in the networking world towards an externalized control plane which is logically centralized. When designing an SDN-based WAN architecture, it is of vital importance to find a feasible solution to the controller placement problem, i.e., to decide where to position a limited amount of resources within the network. In addition to time-independent constraints regarding aspects like scalability, resilience, and control plane communication delays, dynamically changing network conditions like traffic patterns or bandwidth demands need to be considered as well. Consequently, such dynamic environments call for a regular and fast recalculation of placements in order to adapt to the current situation in a timely manner. While an exhaustive evaluation of all possible solutions can be performed within a practically feasible time frame for small and medium-sized networks, such an approach is out of scope for large problem instances which have significantly higher time and memory requirements. Therefore, this work investigates a specialized heuristic, which takes into account a particular set of optimization objectives and returns solutions representing the possible trade-offs between them. Due to its low computation time and acceptable margin of error, this heuristic can be employed by automatic decision systems operating in dynamic environments.
-
Gebert, S., Jarschel, M., Herrnleben, S., Zinner, T., Tran-Gia, P.: TableVisor: An Emulation Layer for Multi-Table OpenFlow Switches. 4th European Workshop on Software Defined Networks (EWSDN). , Bilbao, Spain (2015).
This demonstration introduces TableVisor, which acts as a proxy layer between an OpenFlow controller and switches. Multiple hardware switches connect to TableVisor before it establishes a connection with the OpenFlow controller instance. During connection establishment, TableVisor advertises in the answer to the controller's features-request that this switch comprises a certain number of tables, which actually reflects the number of connected switches. All communication between controller and switch is passed through the proxy layer. Depending on the type of message, it will be answered directly by TableVisor (hello, features-reply), modified in such a way that particular fields are rewritten (packet-in, flow-mod), or a response merging data from multiple switches will be returned (flow-stats). The demonstration shows TableVisor in a MPLS use case using multiple switches, which is motivated by a mobile network scenario.
-
Lange, S., Nguyen-Ngoc, A., Gebert, S., Zinner, T., Jarschel, M., Koepsel, A., Sune, M., Raumer, D., Gallenmüller, S., Carle, G., Tran-Gia, P.: Performance Benchmarking of a Software-Based LTE SGW. 2nd International Workshop on Management of SDN and NFV Systems. , Barcelona, Spain (2015).
Network Functions Virtualization (NFV) is a concept that aims at providing network operators with benefits in terms of cost, flexibility, and vendor independence by utilizing virtualization techniques to run network functions as software on commercial off-the-shelf (COTS) hardware. In contrast, prior solutions rely on specialized hardware for each function. Performance evaluation of such systems usually requires a dedicated testbed for each individual component. Rather than analyzing these proprietary black-box components, Virtualized Network Functions (VNFs) are pieces of software that run on COTS hardware and whose properties can be investigated in a generic testbed. However, depending on the underlying hardware, operating system, and implementation, VNFs might behave differently. Therefore, mechanisms for the performance evaluation of VNFs should be similar to benchmarking of software, where different implementations are compared by applying them to predefined test cases and scenarios. This work presents a first step towards a benchmarking framework for VNFs. Given two different implementations of a VNF that acts as LTE Serving Gateway (SGW), influence factors and key performance indicators are identified and a comparison between the two mechanisms is drawn.
-
Gebert, S., Schwartz, C., Zinner, T., Tran-Gia, P.: Agile Management of Software Based Networks. University of Wuerzburg (2015).
-
Gebert, S.: TableVisor: An Emulation Layer for Multi-Table OpenFlow Switches. , Lightning Talk at 4th European Workshop on Software Defined Networks (EWSDN), Bilbao, Spain (2015).
-
Gebert, S., Jarschel, M., Hoffmann, M.: Demonstrating the Optimal Placement of Virtualized Cellular Network Functions in Case of Large Crowd Events, (2015).
-
Tran-Gia, P., Zinner, T., Gebert, S.: Performance Issues in SDN and NFV. , University of Toronto (2015).
-
Lange, S., Gebert, S., Zinner, T., Tran-Gia, P., Hock, D., Jarschel, M., Hoffmann, M.: Heuristic Approaches to the Controller Placement Problem in Large Scale SDN Networks. IEEE Transactions on Network and Service Management - Special Issue on Efficient Management of SDN and NFV-based Systems. 12, 4 - 17 (2015).
Software Defined Networking (SDN) marks a paradigm shift towards an externalized and logically centralized network control plane. A particularly important task in SDN architectures is that of controller placement, i.e., the positioning of a limited number of resources within a network in order to meet various requirements. These requirements range from latency constraints to failure tolerance and load balancing. In most scenarios, at least some of these objectives are competing, thus no single best placement is available and decision makers need to find a balanced trade-off. This work presents POCO, a framework for Pareto-based Optimal COntroller placement that provides operators with Pareto optimal placements with respect to different performance metrics. In its default configuration, POCO performs an exhaustive evaluation of all possible placements. While this is practically feasible for small and medium sized networks, realistic time and resource constraints call for an alternative in the context of large scale networks or dynamic networks whose properties change over time. For these scenarios, the POCO toolset is extended by a heuristic approach that is less accurate, but yields faster computation times. An evaluation of this heuristic is performed on a collection of real world network topologies from the Internet Topology Zoo. Utilizing a measure for quantifying the error introduced by the heuristic approach allows an analysis of the resulting trade-off between time and accuracy. Additionally, the proposed methods can be extended to solve similar virtual functions placement problems which appear in the context of Network Functions Virtualization (NFV).
-
Gebert, S.: DevOps und Continuous Delivery. , Datev Trendscout, Nürnberg (2014).
-
Gebert, S.: SDN interfaces and performance analysis of SDN components. (2014).
-
Hock, D., Hartmann, M., Gebert, S., Zinner, T., Tran-Gia, P.: POCO-PLC: Enabling Dynamic Pareto-Optimal Resilient Controller Placement in SDN Networks, (2014).
-
Hock, D., Gebert, S., Hartmann, M., Zinner, T., Tran-Gia, P.: POCO: A Framework for the Pareto-Optimal Resilient Controller Placement in SDN-based Core Networks, (2014).
-
Gebert, S., Hock, D., Zinner, T., Tran-Gia, P., Hoffmann, M., Jarschel, M., Schmidt, E.-D., Braun, R.-P., Banse, C., Koepsel, A.: Demonstrating the Optimal Placement of Virtualized Cellular Network Functions in Case of Large Crowd Events, (2014).
-
Jarschel, M., Metter, C., Zinner, T., Gebert, S., Tran-Gia, P.: OFCProbe: A Platform-Independent Tool for OpenFlow Controller Analysis. 5th IEEE International Conference on Communications and Electronics (IEEE ICCE 2014). , Da Nang, Vietnam (2014).
Controller performance and behavior are key to the operation of an SDN network. Therefore, choosing the right controller implementation and corresponding set of applications is essential. In order to facilitate this decision we previously introduced a tool for controller performance analysis called ”OFCBenchmark”. In this paper, we present ”OFCProbe” a platform-independent and extended re-design of our original approach. We describe the new architecture and explain the implemented features. Finally, we provide some sample results to illustrate the kind of investigations that can be performed using the tool.
-
Gebert, S., Hock, D., Hartmann, M., Spoerhase, J., Zinner, T., Tran-Gia, P.: Including Energy Efficiency Aspects in Multi-Layer Optical Network Design. 5th International Conference on Communications and Electronics (ICCE 2014). , Da Nang, Vietnam (2014).
This paper investigates the influence of the network planning process on a higher energy-awareness of optical multi-layer core networks. In particular, we propose to remove redundant links in the network, and to route corresponding network traffic on other links. Based on the reduced network topology, we compute the required network equipment for realistic traffic demands using a network planning tool. Due to the lack of an accurate model for operational expenditures and energy consumption, we choose the link length as cost function. We show the applicability of our idea and demonstrate the energy saving potential using realistic network topologies.
