Dynamic bandwidth allocation(DBA)is a fundamental challenge in the realm of networking.The rapid,accurate,and fair allocation of bandwidth is crucial for network service providers to fulfill service-level agreements,a...Dynamic bandwidth allocation(DBA)is a fundamental challenge in the realm of networking.The rapid,accurate,and fair allocation of bandwidth is crucial for network service providers to fulfill service-level agreements,alleviate link congestion,and devise strategies to counter network attacks.However,existing bandwidth allocation algorithms operate mainly on the control plane of the software-defined networking paradigm,which can lead to considerable probing overhead and convergence latency.Moreover,contemporary network architectures necessitate a hierarchical bandwidth allocation system that addresses latency requirements.We introduce a finegrained,hierarchical,and scalable DBA algorithm,i.e.,the HSDBA algorithm,implemented on the programmable data plane.This algorithm reduces network overhead and latency between the data plane and the controller,and it is proficient in dynamically adding and removing network configurations.We investigate the practicality of HSDBA using protocol-oblivious forwarding switches.Experimental results show that HSDBA achieves fair bandwidth allocation and isolation guarantee within approximately 25 packets.It boasts a convergence speed 0.5times higher than that of the most recent algorithm,namely,approximate hierarchical allocation of bandwidth(AHAB);meanwhile,it maintains a bandwidth enforcement accuracy of 98.1%.展开更多
Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is fac...Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is facing challenges.To solve the above problems,we propose a flexible and secure SDP mechanism named Mimic SDP(MSDP).MSDP consists of endogenous secure controllers and a dynamic gateway.The controllers avoid single point failure by heterogeneity and redundancy.And the dynamic gateway realizes flexible forwarding in programmable data plane by changing the processing of packet construction and deconstruction,thereby confusing the potential adversary.Besides,we propose a Markov model to evaluate the security of our SDP framework.We implement a prototype of MSDP and evaluate it in terms of functionality,performance,and scalability in different groups of systems and languages.Evaluation results demonstrate that MSDP can provide a secure connection of 93.38%with a cost of 6.34%under reasonable configuration.展开更多
The rapid growth of distributed data-centric applications and AI workloads increases demand for low-latency,high-throughput communication,necessitating frequent and flexible updates to network routing configurations.H...The rapid growth of distributed data-centric applications and AI workloads increases demand for low-latency,high-throughput communication,necessitating frequent and flexible updates to network routing configurations.However,maintaining consistent forwarding states during these updates is challenging,particularly when rerouting multiple flows simultaneously.Existing approaches pay little attention to multi-flow update,where improper update sequences across data plane nodes may construct deadlock dependencies.Moreover,these methods typically involve excessive control-data plane interactions,incurring significant resource overhead and performance degradation.This paper presents P4LoF,an efficient loop-free update approach that enables the controller to reroute multiple flows through minimal interactions.P4LoF first utilizes a greedy-based algorithm to generate the shortest update dependency chain for the single-flow update.These chains are then dynamically merged into a dependency graph and resolved as a Shortest Common Super-sequence(SCS)problem to produce the update sequence of multi-flow update.To address deadlock dependencies in multi-flow updates,P4LoF builds a deadlock-fix forwarding model that leverages the flexible packet processing capabilities of the programmable data plane.Experimental results show that P4LoF reduces control-data plane interactions by at least 32.6%with modest overhead,while effectively guaranteeing loop-free consistency.展开更多
基金Project supported by the Strategic Priority Research Program of Chinese Academy of Sciences(No.XDA031050100。
文摘Dynamic bandwidth allocation(DBA)is a fundamental challenge in the realm of networking.The rapid,accurate,and fair allocation of bandwidth is crucial for network service providers to fulfill service-level agreements,alleviate link congestion,and devise strategies to counter network attacks.However,existing bandwidth allocation algorithms operate mainly on the control plane of the software-defined networking paradigm,which can lead to considerable probing overhead and convergence latency.Moreover,contemporary network architectures necessitate a hierarchical bandwidth allocation system that addresses latency requirements.We introduce a finegrained,hierarchical,and scalable DBA algorithm,i.e.,the HSDBA algorithm,implemented on the programmable data plane.This algorithm reduces network overhead and latency between the data plane and the controller,and it is proficient in dynamically adding and removing network configurations.We investigate the practicality of HSDBA using protocol-oblivious forwarding switches.Experimental results show that HSDBA achieves fair bandwidth allocation and isolation guarantee within approximately 25 packets.It boasts a convergence speed 0.5times higher than that of the most recent algorithm,namely,approximate hierarchical allocation of bandwidth(AHAB);meanwhile,it maintains a bandwidth enforcement accuracy of 98.1%.
基金supported by the National Key Research and Development Program of China(Grant No.2022YFB2901304)。
文摘Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is facing challenges.To solve the above problems,we propose a flexible and secure SDP mechanism named Mimic SDP(MSDP).MSDP consists of endogenous secure controllers and a dynamic gateway.The controllers avoid single point failure by heterogeneity and redundancy.And the dynamic gateway realizes flexible forwarding in programmable data plane by changing the processing of packet construction and deconstruction,thereby confusing the potential adversary.Besides,we propose a Markov model to evaluate the security of our SDP framework.We implement a prototype of MSDP and evaluate it in terms of functionality,performance,and scalability in different groups of systems and languages.Evaluation results demonstrate that MSDP can provide a secure connection of 93.38%with a cost of 6.34%under reasonable configuration.
基金supported by the National Key Research and Development Program of China under Grant 2022YFB2901501in part by the Science and Technology Innovation leading Talents Subsidy Project of Central Plains under Grant 244200510038.
文摘The rapid growth of distributed data-centric applications and AI workloads increases demand for low-latency,high-throughput communication,necessitating frequent and flexible updates to network routing configurations.However,maintaining consistent forwarding states during these updates is challenging,particularly when rerouting multiple flows simultaneously.Existing approaches pay little attention to multi-flow update,where improper update sequences across data plane nodes may construct deadlock dependencies.Moreover,these methods typically involve excessive control-data plane interactions,incurring significant resource overhead and performance degradation.This paper presents P4LoF,an efficient loop-free update approach that enables the controller to reroute multiple flows through minimal interactions.P4LoF first utilizes a greedy-based algorithm to generate the shortest update dependency chain for the single-flow update.These chains are then dynamically merged into a dependency graph and resolved as a Shortest Common Super-sequence(SCS)problem to produce the update sequence of multi-flow update.To address deadlock dependencies in multi-flow updates,P4LoF builds a deadlock-fix forwarding model that leverages the flexible packet processing capabilities of the programmable data plane.Experimental results show that P4LoF reduces control-data plane interactions by at least 32.6%with modest overhead,while effectively guaranteeing loop-free consistency.
