2018/6/25 Developing a Traffic Classification Platform for Enterprise Networks with SDN: Experiences & Lessons Learned Author: Bryan Ng 、Matthew Hayes.

Slides:



Advertisements
Similar presentations
MMN Lab 未來教室與雲端化學習 Yueh-Min Huang Department of Engineering Science, National Cheng Kung University, Tainan, Taiwan
Advertisements

“智慧城市”之我见 北京中斗科技股份有限公司 张升
DATE: 14/10/2009 陳威宇 格網技術組 雲端運算相關應用 (Based on Hadoop)
“Internet+” Business Innovation
第3届全国高校 软件定义网络(SDN)应用创新开发大赛
Routing Protocols and Concepts – Chapter 3
计算机网络安全概述.
寻找适合您的工业4.0 Dell/曾峰.
商業智慧與資料倉儲 課程簡介 靜宜大學資管系 楊子青.
摘要的开头: The passage mainly tells us sth.
Academic Year TFC EFL Data Collection Outline 学年美丽中国英语测试数据收集概述
59 中 张丽娟 学习目标: 1. 识记并理解运用 6 个单词和 5 个短语。 (source, accessible, network, access, via, create come up with, from the moment on, consist of, go down , at the.
云实践引导产业升级 沈寓实 博士 教授 MBA 中国云体系产业创新战略联盟秘书长 微软云计算中国区总监 WinHEC 2015
Leftmost Longest Regular Expression Matching in Reconfigurable Logic
Author: Shigeki Takeuchi,Hiroyuki Koga, Katsuyoshi Iida,
An Adaptive Cross-Layer Multi-Path Routing Protocol for Urban VANET
Thinking of Instrumentation Survivability Under Severe Accident
指導教授:許子衡 教授 報告學生:翁偉傑 Qiangyuan Yu , Geert Heijenk
Core Switch 設定 Port的開啟與關閉 Virtual LAN建立 將Port指定到Virtual LAN
W371 如何使网络设备更好的和Windows Vista工作
基於OpenWSN之無線感測網路系統的實作
IGMP Snooping / Proxy / Server
網路技術管理進階班---區域網路的技術發展
網路技術管理進階班---網路連結 講師 : 陳鴻彬 國立東華大學 電子計算機中心.
Internet Radio 網 路 電 台: . 潘柏任 B 許宏瑋 28 曾彥中 32 蔡文軒 40.
从UNIX到Windows的 电信软件移植实践
附錄 通訊協定堆疊.
中国散裂中子源小角谱仪 的实验数据格式与处理算法 报告人:张晟恺 中国科学院高能物理研究所 SCE 年8月18日
CS 網路安全 Network Security
第4章 网络互联与广域网 4.1 网络互联概述 4.2 网络互联设备 4.3 广域网 4.4 ISDN 4.5 DDN
HLA - Time Management 陳昱豪.
AOI (Automatic Optical Inspection )
China Standardization activities of ITS
預官考試輔導 計算機概論提要 91年12月4日.
Dynamic Traffic Diversion in SDN: Testbed vs Mininet
「寬頻匯流網路管理」教材 模組四: 第一章 網路管理架構
2019/1/2 Experimental Analysis on Performance Anomaly for Download Data Transfer at IEEE n Wireless LAN 在IEEE n無線LAN上下載數據傳輸的性能異常的實驗分析 Author:
校園網路架構介紹與資源利用 主講人:趙志宏 圖書資訊館網路通訊組.
第十五课:在医院看病.
IBM SWG Overall Introduction
第二讲 网络基础与网络设备 主讲:史宝慧.
Breaking and Fixing Authentication over TLS
Version Control System Based DSNs
Sensor Networks: Applications and Services
2019/4/8 A Load Balancing Mechanism for multiple SDN Controllers based on Load Informing Strategy Miultiple controller 的 load balancing 機制,使用一個叫 Load informing.
Real-Time System Software Group Lab 408 Wireless Networking and Embedded Systems Laboratory Virtualization, Parallelization, Service 實驗室主要是以系統軟體設計為主,
Guide to a successful PowerPoint design – simple is best
中国科学技术大学计算机系 陈香兰 2013Fall 第七讲 存储器管理 中国科学技术大学计算机系 陈香兰 2013Fall.
虚 拟 仪 器 virtual instrument
Source: Journal of Network and Computer Applications, Vol. 125, No
從 ER 到 Logical Schema ──兼談Schema Integration
期未報告:公眾無線網路的架構,比較 通訊所 鍾國麟 主要的內容還是S.Y.
A Data Mining Algorithm for Generalized Web Prefetching
NASA雜談+電腦網路簡介 Prof. Michael Tsai 2015/03/02.
Distance Vector vs Link State
BiCuts: A fast packet classification algorithm using bit-level cutting
Chapter 10 Mobile IP TCP/IP Protocol Suite
Efficient Query Relaxation for Complex Relationship Search on Graph Data 李舒馨
Mobile IPv4.
Speaker : 翁瑄伶 Advisor : 柯開維 博士 Date: 2016/07/31
Distance Vector vs Link State Routing Protocols
怎樣把同一評估 給與在不同班級的學生 How to administer the Same assessment to students from Different classes and groups.
MGT 213 System Management Server的昨天,今天和明天
ADX series Configuration
Requirements for SPN Information Modeling
簡單迴歸分析與相關分析 莊文忠 副教授 世新大學行政管理學系 計量分析一(莊文忠副教授) 2019/8/3.
A Trie-based Approach to Fast Flow Recognition for OpenFlow
POWER-EFFICIENT RANGE-MATCH-BASED PACKET CLASSIFICATION ON FPGA
Presentation transcript:

2018/6/25 Developing a Traffic Classification Platform for Enterprise Networks with SDN: Experiences & Lessons Learned Author: Bryan Ng 、Matthew Hayes 、Winston K.G. Seah Presenter: Yi-Hsien Wu Date: 2016/11/30 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C. CSIE CIAL Lab 1

Outline Introduction Challenges In Enterprise Network Traffic Classification Architecture Performance Analysis Lessons Learn Conclusion National Cheng Kung University CSIE Computer & Internet Architecture Lab

2018/6/25 Introduction Traffic classification : It is an automated process which categorises computer network traffic according to various parameters (for example, based on port number or protocol) into many traffic classes. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Challenges In Enterprise Network 2018/6/25 Challenges In Enterprise Network Many enterprise network operators who are interested in QoS do not know all the applications running on their network. Port-based classifiers are increasingly out of favour with the advent of IoT,because newer applications may not have a registered port number, while other applications deliberately hide traffic within well known port numbers. With the trend of bring-you-own-device picking up, the number of networked devices in an enterprise will surely grow significantly as new uses are found for the services that they provide. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Challenges In Enterprise Network 2018/6/25 Challenges In Enterprise Network A solution that at least partially automates traffic classification configuration is required so that organizations can efficiently and quickly apply and monitor traffic classification at a policy level, without having to make configurations on a per-flow, per-device or per-port basis. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Traffic Classification Architecture 2018/6/25 Traffic Classification Architecture The two points for consideration pertaining to traffic classification in enterprise networks are : (i)Traffic classification requirements for enterprise networks. (ii)Alignment of the requirements with the SDN paradigm. We deduce that operators of enterprise networks are likely to have functional traffic classification requirements as per Table I. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Traffic classification requirements 2018/6/25 Traffic classification requirements 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Traffic Classification Architecture 2018/6/25 Traffic Classification Architecture 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Traffic Classification Architecture 2018/6/25 Traffic Classification Architecture The nmeta Core reigon (orange shaded area) : Manages communications with switches ( processing of packet-in and switch messages, adding flows etc.) via OpenFlow and handles incoming REST API calls via the Ryu Controllor. The Traffic Classification (blue shaded area) : Classifies packets against a traffic classification policy and Returns results to nmeta Core. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Traffic Classification Architecture 2018/6/25 Traffic Classification Architecture The Flow Metadata region (the purple shaded area) : It stores the enriched metadata in a Python data structure called a dictionary, and controls the installation of flow match entries to switches. The Metadata Consumer - QoS region (the red shaded area): It is a simple stub that provides a QoS treatment (queue assignment) based on matching a QoS flow metadata tag. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Traffic Classification Architecture 2018/6/25 Traffic Classification Architecture All communication from the traffic classification region to the flow metadata region is via the nmeta core region. This rule is to ensure that the forwarding module has visibility of traffic classification status messages. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2018/6/25 Performance Analysis The identity classification module records the identity of endpoints that broadcast Link Layer Discovery Protocol (LLDP) messages. Identity information is stored in two dictionaries : One for Network Interface Controller (NIC) identities and the other is system identities. Two dictionaries are required since an endpoint may have multiple network interface cards (NICs). 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2018/6/25 LLDP It is a link layer protocol . It packages some information to a LLDPDU(Link Layer Discovery Data Unit), and sent to it’s neighbor. At the same time , it store LLDPDU sent by it’s neighbor using standered MIB(Management Information Base) format. LLDP Packet-in events are used by the identity module to accumulate system information and likewise, IPv4 Packet-in events are used to accumulate MAC address to IPv4 address linkages in the NIC dictionary. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2018/6/25 Performance Analysis 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2018/6/25 Performance Analysis In Figure 3, it is designed to demonstrate that the identity classifier can classify traffic to provide differential treatment of connectivity to/from a particular endpoint. Both Client 1 and Client 2 make regular HTTP connections to Server / Controller on tcp-80 and retrieve the same HTML object. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2018/6/25 Performance Analysis Client 1 with LLDP system name pc1.dev.example.com is not matched by the identity classification. Client 2 has an LLDP system name of pc2.audit.example.com and has its connections classified and treated as high priority based on the configured wildcard match for *.audit.example.com. The response time to fetch the HTML object is shown in Figure 4. The base load time for both Client 1 and Client 2 is approximately 0.18s. As the Iperf congestion builds up, the load time for Client 1 significantly increases while the load time for Client 12remains unaffected. Upon terminating Iperf , the load times for both Client 1 and Client 2 revert to the baseline load time observed before congestion was introduced. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2018/6/25 Performance Analysis 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Lessons Learned(Secutity) 2018/6/25 Lessons Learned(Secutity) It is unlikely that SDN will take hold in enterprises until it can be shown to be as secure as monolithic networking. They use Group Secure Association Key Management Protocol(GSAKMP) to providing secured communication for traffic classification modules. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Lessons Learned(Hardware quirks ) 2018/6/25 Lessons Learned(Hardware quirks ) 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Lessons Learned(Hardware quirks ) 2018/6/25 Lessons Learned(Hardware quirks ) 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Lessons Learned(Hardware quirks ) 2018/6/25 Lessons Learned(Hardware quirks ) Response time for HTTP connections on tcp-1234 in test Static-1 in the virtual lab were not materially affected by the link congestion, meeting the expectations of desired outcome. However the hardware queueing implementation on the commodity switches does not provide adequate isolation. Therefore the traffic in the high priority queue was impacted by the Iperf congestion to within 68% of the increase observed in the default priority queue. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2018/6/25 Conclusion Our efforts are helping to identify practical issues with the roll out of traffic classification in SDN. We detected potential incompatibilities with legacy networking devices and protocols, and uncovered indications of possible implementation barriers for enterprise network adoption. 近期因為ruleset size快速成長,因此ruleset複雜度造成一般封包分類方法memory表現很差 Swintop是一種將ruleset去分類的方式 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab