Presentation is loading. Please wait.

Presentation is loading. Please wait.

Flow-level State Transition as a New Switch Primitive for SDN Masoud Moshref, Apoorv Bhargava, Adhip Gupta, Minlan Yu, Ramesh Govindan (HotSDN’14)

Published byUlises Arington Modified over 9 years ago

Similar presentations

Presentation on theme: "Flow-level State Transition as a New Switch Primitive for SDN Masoud Moshref, Apoorv Bhargava, Adhip Gupta, Minlan Yu, Ramesh Govindan (HotSDN’14)"— Presentation transcript:

1 Flow-level State Transition as a New Switch Primitive for SDN Masoud Moshref, Apoorv Bhargava, Adhip Gupta, Minlan Yu, Ramesh Govindan (HotSDN’14)

2 Motivation 2 Current practice Proactive needs a priori knowledge Reactive has high delay Opportunity: Local state is enough for many policies (stateful firewall, FTP monitoring, large source IP detection) Key idea: State machine is a general but efficient abstraction to allow dynamic actions at switches

3 FAST (Flow-level State Transitions) Abstraction 3 Examples: Stateful firewall: TCP state machine with actions that drop uninitiated flows FTP Monitoring: Track the states of control channel & allow data channel traffic Large source IP detection: Keep a counter per IP and compare it against a threshold Controller proactively programs state transitions and actions at switches Switches run state machines and actions of a state

4 FAST Control Plane 4 None Init1 Init2 Est Close 1 Close 2 SYN SYNACK ACK FIN FINACK FAST controller FAST compiler Switch agent Network Controller translates state machines to switch API

5 FAST Data Plane 5 MatchState machine index 1100**0 (UDP) 100***1 (TCP) IndexState 0Est 1Init2 2Est MatchStateAction 20.1/16NoneDrop 10.1/16*Port1 State machine filter State table State transition tableAction table Pick fields and hash Packet Packet, H(p) Packet, Est Update state Packet, Close1 Packet MatchStateNext state FinEstClose1 *Est Close1 FAST data plane is implementable in hardware switch components

6 FAST Data Plane Evaluation in Open vSwitch 6 Delay of going through all TCP states for FAST is small 1 packet, 1 flow : FAST: 28x faster (3ms) > 64 concurrent flows: 6ms FAST state lookup has small overhead: Iperf throughput (Gbps): <5% overhead

7 FAST Data Plane Evaluation in Open vSwitch ApproachMean (ms)5 th %95 th % Proactive1.851.453.68 Reactive84.857.84109.7 FAST3.021.345.93 7 Delay of going through all TCP states for FAST is small FAST Delay is small even for many concurrent connections ApproachMean (Gbps)STD Reactive8.20.2 FAST7.80.2 FAST state lookup has small overhead Flow completion time for TCP connections with 1 data packet Iperf (large flow) throughput

Download ppt "Flow-level State Transition as a New Switch Primitive for SDN Masoud Moshref, Apoorv Bhargava, Adhip Gupta, Minlan Yu, Ramesh Govindan (HotSDN’14)"

Similar presentations

Reconsidering Reliable Transport Protocol in Heterogeneous Wireless Networks Wang Yang Tsinghua University 1.

Reconsidering Reliable Transport Protocol in Heterogeneous Wireless Networks Wang Yang Tsinghua University 1.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.

Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.

Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.
High-Fidelity Switch Models for SDN Emulation

High-Fidelity Switch Models for SDN Emulation
Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.

Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.
Presenter : Cheng-Ta Wu Kenichiro Anjo, Member, IEEE, Atsushi Okamura, and Masato Motomura IEEE JOURNAL OF SOLID-STATE CIRCUITS, VOL. 39,NO. 5, MAY 2004.

Presenter : Cheng-Ta Wu Kenichiro Anjo, Member, IEEE, Atsushi Okamura, and Masato Motomura IEEE JOURNAL OF SOLID-STATE CIRCUITS, VOL. 39,NO. 5, MAY 2004.
TCP Probe: A TCP with Built-in Path Capacity Estimation Anders Persson, Cesar Marcondes, Ling-Jyh Chen, Li Lao, M. Y. Sanadidi, Mario Gerla Computer Science.

TCP Probe: A TCP with Built-in Path Capacity Estimation Anders Persson, Cesar Marcondes, Ling-Jyh Chen, Li Lao, M. Y. Sanadidi, Mario Gerla Computer Science.
Finishing Flows Quickly with Preemptive Scheduling

Finishing Flows Quickly with Preemptive Scheduling
RED-PD: RED with Preferential Dropping Ratul Mahajan Sally Floyd David Wetherall.

RED-PD: RED with Preferential Dropping Ratul Mahajan Sally Floyd David Wetherall.
Incremental Update for a Compositional SDN Hypervisor Xin Jin Jennifer Rexford, David Walker.

Incremental Update for a Compositional SDN Hypervisor Xin Jin Jennifer Rexford, David Walker.
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Compiling Path Queries in Software-Defined Networks Srinivas Narayana Jennifer Rexford and David Walker Princeton University.

Compiling Path Queries in Software-Defined Networks Srinivas Narayana Jennifer Rexford and David Walker Princeton University.
Scalable Rule Management for Data Centers Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan 4/3/2013.

Scalable Rule Management for Data Centers Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan 4/3/2013.
VCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012.

VCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.

Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.

OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

Similar presentations

Ads by Google