Elsevier

Computer Networks

Volume 184, 15 January 2021, 107637
Computer Networks

LOcAl DEcisions on Replicated States (LOADER) in programmable dataplanes: Programming abstraction and experimental evaluation

https://doi.org/10.1016/j.comnet.2020.107637Get rights and content

Abstract

Programmable data planes recently emerged as a prominent innovation in Software Defined Networking (SDN). They provide support for stateful per-packet/per-flow operations over hardware network switches specifically designed for network processing. Unlike early SDN solutions such as OpenFlow, modern stateful data planes permit to keep (and dynamically update) per-flow states local to each switch, thus dramatically improving reactiveness of network applications to different state changes. Still, in stateful data planes, the management of non-local states is assumed to be completely delegated to a centralized controller, thus requiring extra overhead to be accessed. Our LOADER proposal aims at contrasting the apparent dichotomy between local and non-local states. We do so by introducing a new possibility: permit to take localized (in-switch) decisions not only on local states but also on global replicated states, thus providing support for network-wide applications without incurring the drawbacks of classic approaches. To this purpose, (i) we provide high-level programming abstractions devised to define the states and the update logic of a generic network-wide application, and (ii) we detail the underlying low-level state management and replication mechanisms. We then show LOADER’s independence of the stateful data plane technology employed, by implementing it over two distinct stateful data planes (P4 switches and OPP – Open Packet Processor – switches), and by experimentally validating both implementations in an emulated testbed using a simple distributed Deny-of-Service (DoS) detection application.

Introduction

Future networks are called to efficiently and flexibly support an ever-growing variety of heterogeneous network functions such as network address translation, tunneling, load balancing, traffic engineering, monitoring, intrusion detection, and so on. Software-based programmability of such type of functions has been first pioneered by early Software Defined Networking (SDN) proposals, and then by the more recent trend of Network Function Virtualization (NFV). However, both these approaches have shown shortcomings. Indeed, original SDN approaches (and, more specifically, the OpenFlow-based ones), were relying on stateless switching architectures, and thus suffered of the need to centralize any state update and maintenance to a centralized controller, thus paying a significant toll in terms of latency and communication overhead. On the other side, NFV has addressed the design of middlebox functionalities in software, typically using commodity CPUs. However, early NFV implementations appeared to be performance-limited: it is a fact that there exists a substantial gap (a 50× factor) between the speed attainable in software as opposed to dedicated HW devices, and such gap is not going to decrease in the future, with HW switches capable to attain many Terabit per seconds, opposed to the tens of Gigabit per second attainable by their SW counterparts.

In order to overcome such limitations, starting from 2014 with OpenState [1] and P4 [2], a new innovation trend emerged with the introduction of programmable/stateful data planes. Stateful data planes offer an additional level of programmability with respect to the traditional stateless SDN paradigm, by introducing the possibility of keeping and manipulating persistent states locally at the network device. Opposed to stateless switches, persistent states can now be directly deployed and managed inside network devices in the form of simple user-defined memory elements. Furthermore, arbitrary algorithms for packet/flow processing, e.g., described in terms of simple Mealy Finite State Machines [1] or more sophisticated Extended Finite State Machines [3], [4], can be directly loaded and run inside the processing pipeline of individual network devices, thus providing opportunities of implementing network applications directly within the network device at line rate.

The crucial advantage of stateful data plane technologies consists in the possibility to significantly reduce the interaction between switches and the controller. Opposed to a stateless data plane, in which any change of the forwarding decision requires the intervention of the controller, a stateful data plane permits to take localized decisions, i.e., adapt the forwarding behavior to network events and handle changing states locally inside the switch. This approach significantly reduces the reliance upon a centralized controller, and mitigates the relevant severe penalties in terms of latency and signaling overhead [5], hence greatly improving the reactivity of network control applications.

Unfortunately, the benefits of distributing network applications on stateful switches cannot be achieved in cases where non-local states need to be considered. For example, an application that identifies the occurrence of a particular event based on multiple statistics gathered from different switches, operates on a global state that is the combination of different local statistics of different switches. Even in the case of stateful data planes, the control and update of the global state is still delegated to a centralized entity, either to a controller or a single switch [6]. The traditional approach of employing a centralized controller for global state management greatly simplifies the implementation, but non-local states can be accessed and updated only at the price of extra delay, thus affecting the overall reactivity. On the other hand, solutions employing global states centralized in a stateful switch lead to performance impairments. Indeed, all flows affected by/ affecting a global state should traverse the switches storing it. This ultimately leads to overall higher network utilization and traffic concentration, thus affecting network congestion and available capacity. Furthermore, any failure to the switch can jeopardize the state integrity due to the presence of a single replica of the global state.

In this work we propose a novel framework, namely LOADER (LOcAl DEcisions on Replicated states), which enables a new possibility for stateful data planes: the states and the corresponding control logic are distributed across the switches and the controller, while permitting multiple replicas of the same state/control logic to be present in the network. This permits to run network applications operating on global states without a unique central entity. Switches can take instantaneous decisions based on local replicas of non-local states, without any controller intervention, thus re-establishing the beneficial effects of stateful data planes also for non-local states. LOADER provides:

  • the programming abstractions to define generic (either local or non-local) states and the control logic of any network application;

  • the engine to optimally embed the states and the control logic into the network devices and the controller, to optimize performance while taking into account the available resources in terms of processing and state storage capabilities;

  • the mechanism to transparently replicate non-local states across multiple network devices.

The rest of the paper is organized as follows. In Section 2 we discuss the related work. In Section 3 we discuss the issues and possible solutions for offloading network applications to the data plane. In Section 4 we first provide a high-level abstraction of the LOADER framework by defining its core modules and later delve into the details of each module and the way LOADER abstraction is exposed to the network programmer. In Section 5 we analyze consistency-related issues when dealing with replicated states and how to overcome them. In Section 6 we describe how we implemented a lightweight version of the LOADER framework in ONOS [7] with major emphasis on the data plane implementation in P4 [2] and Open Packet Processor (OPP) [3]. The implementation on these two different architectures is aimed at showing the generality of the proposed programming model, which is agnostic of the adopted data plane implementation. In Section 7 we show how to program a distributed Deny-of-Service (DoS) detection application in LOADER and experimentally assess the performance for both P4 and OPP based implementations. Furthermore, to highlight the versatility of the proposed framework, we provide details about the implementation of other network applications. The corresponding LOADER code is reported in the appendix. Finally, we draw our conclusions in Section 8.

Section snippets

Related work

Data plane embedding of network applications is steadily gaining attention from the industry and the research community. Numerous frameworks and abstraction models have been proposed which try to expose to the programmer data plane resources allowing them to embed custom logic and persistent states directly inside the data plane. Yet no significant effort have been put into dealing with scalability issues which inevitably arise when embedded network applications must operate on network-wide

Offloading network applications

Classic SDN management schemes present a series of limitations such as poor reactiveness, big communication overhead and compromised fault-tolerance caused by the excessive centralization of the control plane. Stateful data planes introduce the possibility of embedding custom logic inside network devices, thus offering a new way of mitigating the aforementioned issues by providing means of offloading control plane functionalities to the data plane.

LOADER abstraction model and framework

LOADER naturally extends functionalities of previously proposed frameworks based on single-replica states. As shown in Fig. 2, the proposed framework is based on three main blocks which define the lifecycle of deploying a LOADER application: (i) application are defined by means of a predefined set of APIs which expose to the programmer LOADER-specific functionalities; (ii) once defined, the applications undergo a compilation phase by means of a compiler capable of translating them into basic

Bounding inconsistency among states

To provide correct functionality of the application, all replicas of a state must be consistent. Consequently, a read operation of any replica at any given time should eventually return the same result. The CAP theorem [21] states that, for a replication scheme, out of Consistency, Availability and Partition tolerance, only two properties can be picked at the same time. Considering that network failures may occur, partition tolerance cannot be left out of the design of the replication

LOADER implementation

To prove LOADER feasibility, we developed a lightweight implementation of the framework. We integrated LOADER into ONOS v1.14 while using P4 [2] and Open Packet Processor (OPP) [3] switches for the data plane. The choice of these two distinct data plane architectures aims at showing the generality of the proposed approach, which results to be independent of the specific type of devices adopted in the network.

Implementation and evaluation of network applications with LOADER

As a proof of concept, we used the LOADER programming model to developed a simple yet significant application for the distributed detection of Distributed Denial of Service (DDoS) attacks, denoted as DDoSD. The main idea of the distributed detection is to exploit the typical temporal correlation between the increase of traffic across all the network devices at the border of the network, due to the distributed nature of the attack. Clearly, the correlated traffic increase across the edge routers

Conclusion

We propose a novel framework, namely LOADER, to address the limitation of stateful data planes in the presence of non-local states at the switches in the definition of the network applications. LOADER enables stateful switches to take decisions based on information which is not locally available. This is achieved by introducing a state replication mechanism among the switches. We discuss the main practical design challenges to support state replication, whose implementation is validated using

CRediT authorship contribution statement

German Sviridov: Methodology, Software, Validation, Writing - original draft. Marco Bonola: Methodology, Software, Validation, Writing - original draft. Angelo Tulumello: Methodology, Software, Validation, Writing - original draft. Paolo Giaccone: Methodology, Writing - original draft, Writing - review & editing. Andrea Bianco: Supervision, Writing - review & editing. Giuseppe Bianchi: Supervision, Writing - review & editing.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgment

The work has been supported by European Horizon 2020 Programme through the project 5G-EVE on “European 5G validation platform for extensive trials” (grant agreement n. 815074).

German Sviridov received his B.Sc. in Computer Engineering and M.Sc. in Telecommunication Engineering, both from Politecnico di Torino, Italy. In 2017 he joined the Telecommunication Networks Group at Politecnico di Torino as a Ph.D. student. He worked as a visiting researcher at Huawei Technologies France between 2019 and 2020. His current research interests involve programmable data planes for SDN and scheduling mechanisms for data center networks.

References (30)

  • BianchiG. et al.

    OpenState: Programming platform-independent stateful openflow applications inside the switch

    ACM SIGCOMM CCR

    (2014)
  • BosshartP. et al.

    P4: Programming protocol-independent packet processors

  • BianchiG. et al.

    Open packet processor: a programmable architecture for wire speed platform-independent stateful in-network processing

    (2016)
  • PontarelliS. et al.

    Flowblaze: Stateful packet processing in hardware

  • YeganehS.H. et al.

    On scalability of software-defined networking

    IEEE Commun. Mag.

    (2013)
  • ArashlooM.T. et al.

    SNAP: Stateful network-wide abstractions for packet processing

  • BerdeP. et al.

    ONOS: towards an open, distributed SDN OS

  • AlizadehM. et al.

    CONGA: Distributed congestion-aware load balancing for datacenters

  • RaghavanB. et al.

    Cloud control with distributed rate limiting

  • R. Harrison, Q. Cai, A. Gupta, J. Rexford, Network-wide heavy hitter detection with commodity switches, in: Proceedings...
  • KimH. et al.

    Kinetic: Verifiable dynamic network control

  • YuanY. et al.

    Netegg: Programming network policies by examples

  • BeckettR. et al.

    Temporal netkat

  • YeganehS.H. et al.

    Beehive: Simple distributed programming in software-defined networks

  • McClurgJ. et al.

    Event-driven network programming

  • German Sviridov received his B.Sc. in Computer Engineering and M.Sc. in Telecommunication Engineering, both from Politecnico di Torino, Italy. In 2017 he joined the Telecommunication Networks Group at Politecnico di Torino as a Ph.D. student. He worked as a visiting researcher at Huawei Technologies France between 2019 and 2020. His current research interests involve programmable data planes for SDN and scheduling mechanisms for data center networks.

    Marco Bonola received the Ph.D. degrees in telecommunications engineering from the University of Rome Tor Vergata in 2007 and is currently a senior researcher at CNIT (Consorzio Nazionale Interuniversitario per le Telecomunicazioni). He is also a contract professor of Network Labs and Enterprise Networks at the University of Rome Tor Vergata. He has participated to several EU research projects and coordinated the technical aspects of the H2020 project BEBA.

    Angelo Tulumello is an undergraduate student (with bachelor degree) at University of Rome Tor Vergata, working on stateful dataplanes and in-switch telemetry. He won the third place at the SIGCOMM Student Research Competition with the work “A Fully Portable TCP Implementation Using XFSMs”. He has participated to the H2020 SUPERFLUIDITY project. He is the principal maintainer of the DPDK based FlowBlaze SW implementation.

    Paolo Giaccone received the Dr.Ing. and Ph.D. degrees in telecommunications engineering from the Politecnico di Torino, Italy, in 1998 and 2001, respectively. He is currently an Associate Professor in the Department of Electronics, Politecnico di Torino. During 2000–2001 and in 2002 he was with the Information Systems Networking Lab, Electrical Engineering Dept., Stanford University, Stanford, CA. His main area of interest is the design of network control and optimization algorithms.

    Andrea Bianco is Full Professor and Department Head of the Dipartimento di Elettronica e Telecomunicazioni of Politecnico di Torino, Italy. He has co-authored over 200 papers published in international journals and presented in leading international conferences in the area of telecommunication networks. His current research interests are in the fields of protocols and architectures of all-optical networks, switch architectures for high-speed networks, SDN networks and software routers.

    Giuseppe Bianchi is Full Professor of Networking and Network Security at the School of Engineering of the University of Roma Tor Vergata since 2007. He has carried out pioneering research work on WLAN performance modeling, and is currently interested in network programmability, privacy and security, and performance evaluation. He has chaired more than 10 international conferences (e.g., IEEE Infocom, ACM CoNext, ITC, WoWMoM, LANMAN, etc.), and has coordinated to date six large scale European Projects.

    View full text