Closing the Network Control Loop-可预期网络论坛（20页）.pdf

《Closing the Network Control Loop-可预期网络论坛（20页）.pdf》由会员分享，可在线阅读，更多相关《Closing the Network Control Loop-可预期网络论坛（20页）.pdf（20页珍藏版）》请在三个皮匠报告上搜索。

1、Closing the Network Control LoopJennifer RexfordPrinceton UniversityProgrammability From Top-to-Bottom and End-to-EndNICNICKernel stackUser spaceDPDKXDP/eBPF5G MobileNetworkDoS MitigationTraffic EngineeringLoadBalancingOverlay VirtualizationSDN ControllerWhat Will Network Owners Do?What will network

2、 owners do with this new flexibility?We believe they will want to run their networks better!Adding New DialsTrafficPerformanceCyberattacksFailuresSignal strengthAdding New KnobsDropMarkRate-limitRerouteHand-offClosed-Loop ControlMeasure(dials)Adapt(knobs)AnalyzeExample#1:Microbursts5x3x1x16:00:000:0

3、0:008:00:0016:00:00Time in day(24h)QueueLengthMicroburstsSmall timescale traffic burstsLong queues caused by incast,attacks,etc.Lead to high packet delay and loss despite low average link utilizationExample#1:Microburst MeasurementData-plane measurement and analysisBacklog in the queueA flows own co

4、ntribution to the queue55%10%ConQuest:Fine-grained queue measurement in the data plane in CoNEXT19.Example#1:Microburst MitigationData-plane adaptationDrop or mark an arriving packet probabilisticallyBased on its flows contribution to the queue55%10%Example#2:Distributed Denial-of-Service Attacks DD

5、oS attacksDNS reflection attackSYN or HTTP floodingSlowloris attackOverwhelm the victimExhausting network and server resourcesVictimDNSDNSDNSDNSAttacker.Example#2:DDoS DetectionData-plane measurement and analysisIdentify suspected victim destinations(key DstIP)receiving traffic from distinct senders

6、(attribute SrcIP)in excess of a threshold(threshold T)select DstIP where distinct(SrcIP)TKeyAttributeThresholdBeauCoup:“Answering many network traffic queries,one memory update at a time”in SIGCOMM20Example#2:DDoS Mitigation Data-plane adaptationDrop or rate-limit packets to susp