Series
School of Computer Science Technical Report Series

Permanent Link
https://hdl.handle.net/1853/71007
Series Type
Publication Series
Description
Associated Organization(s)
Associated Organization(s)
Organizational Unit
Organizational Unit

Filters

2009 - 2009 1 2010 - 2013 3
4
4
4
4
Reset filters

Settings
Author: Feamster, Nick × Author: Clark, Russ ×

Publication Search Results

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    SDX: A Software Defined Internet Exchange
    (Georgia Institute of Technology, 2013) Gupta, Arpit ; Shahbaz, Muhammad ; Vanbever, Laurent ; Kim, Hyojoon ; Clark, Russ ; Feamster, Nick ; Rexford, Jennifer ; Shenker, Scott
    Deploying software-defined networking (SDN) at Internet Exchange Points (IXPs) offers new hope for solving long-standing problems in interdomain routing. SDN allows direct expression of more flexible policies, and IXPs are central rendezvous points that are in the midst of a rebirth, making them a natural place to start. We present the design of an SDN exchange point (SDX) that enables much more expressive policies than conventional hop-by-hop, destination- based forwarding. ISPs can apply many diverse actions on packets based on multiple header fields, and distant networks can exercise “remote control” over packet handling. This flexibility enables applications such as inbound traffic engineering, redirection of traffic to middleboxes, wide-area server load balancing, and blocking of unwanted traffic. Supporting these applications requires effective ways to combine the policies of multiple ISPs. Our SDX controller provides each ISP the abstraction of its own virtual switch and sequentially composes the policies of different ISPs into a single set of rules in the physical switches. Preliminary experiments on our operational SDX demonstrate the potential for changing interdomain routing from the inside out.
  • Thumbnail Image
    Item
    Simpler Network Configuration with State-Based Network Policies
    (Georgia Institute of Technology, 2013) Kim, Hyojoon ; Gupta, Arpit ; Shahbaz, Muhammad ; Reich, Joshua ; Feamster, Nick ; Clark, Russ
    Operators make hundreds of changes to a network’s router and switch configurations every day—a painstaking, error-prone process. If the network configuration could instead encode different forwarding behavior for different network states a priori, a network controller could automatically alter forwarding behavior when conditions change. To enable this capability, we introduce state-based network policies, which describe how a network’s forwarding behavior should change in response to arbitrary network events. A state-based network policy comprises many tasks, each of which encodes the forwarding behavior for a single network management operation (e.g., intrusion detection) or part of the network (e.g., a sub-organization), and how that behavior should change when network conditions change. Composing these policies produces a network-wide control program that adapts to different operating conditions. We implement state-based network policies in a system called PyResonance and demonstrate with real-world examples and use cases that PyResonance is expressive enough to specify a wide range of network policies and simple enough for many operators to use. Our evaluation based on event traces from the Georgia Tech campus network shows that PyResonance can achieve good performance in operational settings.
  • Thumbnail Image
    Item
    Lithium: Event-Driven Network Control
    (Georgia Institute of Technology, 2012) Kim, Hyojoon ; Voellmy, Andreas ; Burnett, Sam ; Feamster, Nick ; Clark, Russ
    This paper introduces event-driven network control, a network control framework that makes networks easier to manage by automating many tasks that must currently be performed by manually modifying low-level, distributed, and complex device configuration. We identify four policy domains that inherently capture many events: time, user, history, and traffic flow. We then present Lithium, an event-driven network control framework that can implement policies expressed using these domains. Lithium can support policies that automatically react to a wide range of events, from fluctuations in traffic volumes to changes in the time of day. Lithium allows network operators to specify networkwide policies in terms of a high-level, event-driven policy model, as opposed to configuring individual network devices with low-level commands. To show that Lithium is practical, general, and applicable in different types of network scenarios, we have deployed Lithium in both a campus network and a home network and used it to implement more flexible and dynamic network policies. We also perform evaluations to show that Lithium introduces negligible overhead beyond a conventional OpenFlow-based control framework.
  • Thumbnail Image
    Item
    Pushing Enterprise Security Down the Network Stack
    (Georgia Institute of Technology, 2009) Clark, Russ ; Feamster, Nick ; Nayak, Ankur ; Reimers, Alex
    Network security is typically reactive: Networks provide connectivity and subsequently alter this connectivity according to various security policies, as implemented in middleboxes, or at higher layers. This approach gives rise to complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. In this paper, we propose a proactive approach to securing networks, whereby security-related actions (e.g., dropping or redirecting traffic) are embedded into the network fabric itself, leaving only a fixed set of actions to higher layers. We explore this approach in the context of network access control. Our design uses programmable switches to manipulate traffic at lower layers; these switches interact with policy and monitoring at higher layers. We apply our approach to Georgia Tech’s network access control system, show how the new design can both overcome the current shortcomings and provide new security functions, describe our proposed deployment, and discuss open research questions.