Opened 9 years ago
Closed 9 years ago
#1373 closed (fixed)
Enhancing an OpenFlow Network with Service Insertion and Payload Inspection
| Reported by: | rnudechu@ncsu.edu | Owned by: | peter.stickney@bbn.com |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | GPO | Version: | SPIRAL7 |
| Keywords: | GEC22 | Cc: | rdutta@ncsu.edu, rnudechu@ncsu.edu |
| Dependencies: |
Description (last modified by )
This is a USIgnite demo.
Demo Title: Enhancing an OpenFlow Network with Service Insertion and Payload Inspection
One-sentence layman’s description: This demo shows a working prototype of an application aware video reconditioning service.
Who should see this demo? Attendees interested in introducing a variety of value-added network services into their networks, such as context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.
Demo description paragraph(s): Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to:
- modify traffic behavior based on payload content (i.e. expedite specific traffic)
- inject/remove information from the payload
- encrypt traffic on the fly
The video reconditioning service prototype demonstrates video traffic steered to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header.
List of equipment that will need AC connections: Switch, monitor, server, and laptop
Total number of wired network connections: 2 standard IP addresses
Number of wired layer 2 VLANs: None necessary
Number of wireless network connections: Not required
Number of static addresses needed: Not required
Monitor: A single monitor with both DVI and VGA connections. DVI connection is required for management while the VGA connection will be used for the demo.
Number of posters: Only 1 necessary
Special requests: This demo is apart of the Extreme Networks SDN Challenge and I believe should be among the US Ignite demos.
Change History (8)
comment:1 Changed 9 years ago by
| Status: | new → accepted |
|---|
comment:2 Changed 9 years ago by
| Description: | modified (diff) |
|---|---|
| Summary: | US Ignite Demo Submission → Enhancing an OpenFlow Network with Service Insertion and Payload Inspection |
comment:4 Changed 9 years ago by
We are now able to confirm the availability of your requested resources. Please update this ticket if you have any questions or concerns. See you in DC!
comment:5 follow-up: 6 Changed 9 years ago by
I would like to update the language for my demo description.
This demo shows a working prototype of how arbitrary application-aware services can be introduced and efficiently managed within an OpenFlow network. Visit us to learn about building value-added network services, such as a context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.
Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to modify traffic behavior based on payload content (i.e. expedite specific traffic); inject/remove information from the payload; and encrypt traffic on the fly.
Our experiment demonstrates how a preferential treatment service powered by an EPB can steer video traffic to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header.
comment:6 Changed 9 years ago by
Replying to rnudechu@…:
I would like to update the language for my demo description.
Demo description has been updated to match ticket request. Please let me know it is ok.
http://groups.geni.net/geni/wiki/GEC22Agenda/EveningDemoSession
comment:7 Changed 9 years ago by
Sorry I forgot a sentence in my last update.
This demo shows a working prototype of how arbitrary application-aware services can be introduced and efficiently managed within an OpenFlow network. Visit us to learn about building value-added network services, such as a context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.
Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to modify traffic behavior based on payload content (i.e. expedite specific traffic); inject/remove information from the payload; and encrypt traffic on the fly.
Our experiment demonstrates how a preferential treatment service powered by an EPB can steer video traffic to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header. We will be demonstrating this using an OpenFlow-enabled Extreme Summit X440-8p switch.
comment:8 Changed 9 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Thanks for joining us in DC this year. We hope everything worked as you expected.
Please feel free to update / append the wiki page for the Demo Night here:
http://groups.geni.net/geni/wiki/GEC22Agenda/EveningDemoSession
Thanks for the demo submission, I will follow up with confirmation of available resources.
Of note, NSF will be looking at this wiki page, so please feel free to update if you notice any errors or wish to update your demo description.
http://groups.geni.net/geni/wiki/GEC22Agenda/EveningDemoSession