Changes between Version 11 and Version 12 of GEC22Agenda/EveningDemoSession


Ignore:
Timestamp:
01/23/15 18:05:44 (5 years ago)
Author:
peter.stickney@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GEC22Agenda/EveningDemoSession

    v11 v12  
    8989  * Aditya Prakash,  aprakash6@wisc.edu, Univ. of Wisconsin-Madison
    9090
     91==== PrimoGENI ====
     92
     93PrimoGENI allows hybrid network experiments consisted of simulated and emulated network entities. * Each PrimoGENI experiment consists of a model of a virtual network, which includes the specification of the network topology with detailed configuration of network entities, and possible specification of background network traffic. * MyExperiment? is an online repository, where experimenters can create, view, and modify network models; one can also publish network models and share experiment results with the user community. * MyExperiment? contains plugins for various network topology and traffic generators. * MyExperiment? manages network models created by each user and supports translation between different formats. * Users can publish their models and share experiment results to facilitate model reuse and validation.
     94
     95Participants:
     96  * Jason Liu, liux@cis.fiu.edu, Florida International Univ
     97
     98==== Enhancing an OpenFlow Network with Service Insertion and Payload Inspection ====
     99
     100Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to: - modify traffic behavior based on payload content (i.e. expedite specific traffic) - inject/remove information from the payload - encrypt traffic on the fly
     101
     102The video reconditioning service prototype demonstrates video traffic steered to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header.
     103
     104Participants:
     105  * Robinson Udechukwu, rnudechu@ncsu.edu, North Carolina State Univ.
     106  * Rudra Dutta, rdutta@ncsu.edu, North Carolina State Univ.
     107
     108==== Experimentation of SDN-Supported Collaborative DDoS Attack Detection and Containment ====
     109
     110Software-defined networking (SDN) and OpenFlow offer great support to dynamically adapt a network and to access data on different network layers as needed. Such advantages have been driving recent research efforts to develop new security applications and services. However, most studies on attack detection and containment have not really differentiated their solutions from the traditional ones, without fully taking advantage of the unique capabilities provided by SDN. Moreover, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. We present a novel attack detection and containment approach that is coordinated by distributed network monitors and controllers/correlators centralized on an SDN OpenFlow Virtual Switch (OVS). With different views and information availability, these elements collaboratively detect signature constituents of an attack that possess different characteristics of scale and detail. Therefore, this approach is able to not only quickly issue an alert against potential threats followed by careful verification for high accuracy, but also balance the workload on the OVS. We apply the proposed approach to TCP SYN flood attacks using Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful to our goal toward a systematic methodology of SDN-supported attack detection and containment. First, we have demonstrated through experimentation the scalability of our collaborative scheme. Second, we have studied how the combination of alerts by the monitor and deep packet inspection by the correlator, can increase the speed and accuracy of attack identification. Our experiments, in the context of a small to medium corporate network, have demonstrated the effectiveness and scalability of the SDN-supported detection and containment approach.
     111
     112Participants:
     113  * Xenia Mountrouidou, xmountr@ju.edu, Jacksonville Univ.
     114
    91115=== Federation / International Projects ===
    92116
     
    127151  * Shu Yamamoto,  shu@iii.u-tokyo.ac.jp
    128152
     153==== SDXs: Software Define Network Exchanges at StarLight and Partner Sites ====
     154
     155The challenges in connecting and exchanging different types of network traffic for research and education communities are not well known topics outside of the network exchange communities. The recent proliferation of SDN/OpenFlow technology brings this challenge to the attention of all the interested parties.
     156
     157The !StarLight and partner sites present through these demonstrations current prototype work underway to address such challenges, the prototype SDXs include Network Service Interface (NSI), ofNSI (OpenFlow NSI), GENI AM integration, virtual SDXs for Open Genomic Data Common and Virtual SDXs for Chameleon Cloud, one of the National Science Foundation’s NSFCloud testbeds.
     158
     159Participants:
     160  * Jim Chen, jim-chen@northwestern.edu, Northwestern Univ.
     161
     162==== Demand-driven Network Management with ProtoRINA ====
     163
     164We demonstrate how video can be efficiently multicast to many clients on demand by dynamically creating a delivery tree using ProtoRINA, our prototype of the Recursive InterNetwork Architecture (RINA). Under RINA, multicast can be enabled through a secure communication container that is dynamically formed to support video transport either through application proxies or via relay IPC processes. The former represents application-level management, while the latter represents communication layer management, both forms are part of RINA’s repeating management structure. RINA supports demand-driven network management, where mechanisms (including registration, authentication, enrollment, addressing, etc.) are policy-instantiated to allow the dynamic formation of private communication layers in support of various requirements. This demo highlights RINA's inherent support for envisioned software-defined virtual networking scenarios.
     165
     166Participants:
     167  * Ibrahim Matta, matta@bu.edu, Boston University
     168
    129169=== Wireless Projects ===