Opened 4 years ago

Closed 4 years ago

#1373 closed (fixed)

Enhancing an OpenFlow Network with Service Insertion and Payload Inspection

Reported by: rnudechu@ncsu.edu Owned by: peter.stickney@bbn.com
Priority: major Milestone:
Component: GPO Version: SPIRAL7
Keywords: GEC22 Cc: rdutta@ncsu.edu, rnudechu@ncsu.edu
Dependencies:

Description (last modified by hdempsey@bbn.com)

This is a USIgnite demo.

Demo Title: Enhancing an OpenFlow Network with Service Insertion and Payload Inspection

One-sentence layman’s description: This demo shows a working prototype of an application aware video reconditioning service.

Who should see this demo? Attendees interested in introducing a variety of value-added network services into their networks, such as context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.

Demo description paragraph(s): Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to:

  • modify traffic behavior based on payload content (i.e. expedite specific traffic)
  • inject/remove information from the payload
  • encrypt traffic on the fly

The video reconditioning service prototype demonstrates video traffic steered to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header.

List of equipment that will need AC connections: Switch, monitor, server, and laptop

Total number of wired network connections: 2 standard IP addresses

Number of wired layer 2 VLANs: None necessary

Number of wireless network connections: Not required

Number of static addresses needed: Not required

Monitor: A single monitor with both DVI and VGA connections. DVI connection is required for management while the VGA connection will be used for the demo.

Number of posters: Only 1 necessary

Special requests: This demo is apart of the Extreme Networks SDN Challenge and I believe should be among the US Ignite demos.

Change History (8)

comment:1 Changed 4 years ago by peter.stickney@bbn.com

Status: newaccepted

Thanks for the demo submission, I will follow up with confirmation of available resources.

Of note, NSF will be looking at this wiki page, so please feel free to update if you notice any errors or wish to update your demo description.

http://groups.geni.net/geni/wiki/GEC22Agenda/EveningDemoSession

comment:2 Changed 4 years ago by hdempsey@bbn.com

Description: modified (diff)
Summary: US Ignite Demo SubmissionEnhancing an OpenFlow Network with Service Insertion and Payload Inspection

comment:3 Changed 4 years ago by rnudechu@ncsu.edu

Cc: rnudechu@ncsu.edu added

Including my email to be CC

comment:4 Changed 4 years ago by peter.stickney@bbn.com

We are now able to confirm the availability of your requested resources. Please update this ticket if you have any questions or concerns. See you in DC!

comment:5 Changed 4 years ago by rnudechu@ncsu.edu

I would like to update the language for my demo description.

This demo shows a working prototype of how arbitrary application-aware services can be introduced and efficiently managed within an OpenFlow network. Visit us to learn about building value-added network services, such as a context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.

Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to modify traffic behavior based on payload content (i.e. expedite specific traffic); inject/remove information from the payload; and encrypt traffic on the fly.

Our experiment demonstrates how a preferential treatment service powered by an EPB can steer video traffic to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header.

comment:6 in reply to:  5 Changed 4 years ago by lnevers@bbn.com

Replying to rnudechu@…:

I would like to update the language for my demo description.

Demo description has been updated to match ticket request. Please let me know it is ok.

http://groups.geni.net/geni/wiki/GEC22Agenda/EveningDemoSession

comment:7 Changed 4 years ago by rnudechu@ncsu.edu

Sorry I forgot a sentence in my last update.

This demo shows a working prototype of how arbitrary application-aware services can be introduced and efficiently managed within an OpenFlow network. Visit us to learn about building value-added network services, such as a context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.

Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to modify traffic behavior based on payload content (i.e. expedite specific traffic); inject/remove information from the payload; and encrypt traffic on the fly.

Our experiment demonstrates how a preferential treatment service powered by an EPB can steer video traffic to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header. We will be demonstrating this using an OpenFlow-enabled Extreme Summit X440-8p switch.

comment:8 Changed 4 years ago by peter.stickney@bbn.com

Resolution: fixed
Status: acceptedclosed

Thanks for joining us in DC this year. We hope everything worked as you expected.

Please feel free to update / append the wiki page for the Demo Night here:

http://groups.geni.net/geni/wiki/GEC22Agenda/EveningDemoSession

Note: See TracTickets for help on using tickets.