Changes between Version 129 and Version 130 of GEC22Agenda/EveningDemoSession


Ignore:
Timestamp:
03/16/15 11:26:39 (4 years ago)
Author:
lnevers@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GEC22Agenda/EveningDemoSession

    v129 v130  
    6969
    7070==== GENI Cinema ====
    71 ''This demonstration shows a live video streaming service for the reception, hosting, routing, and transmission of live video streams using OpenFlow in GENI. Visit us to learn about OpenFlow/SDN use-cases, video streaming and content delivery.''
    72 
    73 Video streaming over the Internet, be it static or live streaming, is rapidly increasing in popularity. Many video streaming services exist to serve a variety of needs, such as video conferencing, entertainment, education, and the broadcast of live events. These services rely heavily on the server application to adapt to increasing and decreasing demand for a particular video resource. Furthermore, they require the reallocation of resources and the restart of the stream when a client stops, starts, and/or switches to a different stream. SDN (Software-Defined Networking) and specifically OpenFlow can be creatively used to reallocate some of these tasks to the network and link layers.
    74 
    75 Our goal is to provide a scalable service for GENI using OpenFlow that supports the broadcast of live video streams from an arbitrary number of video-producers to an arbitrary number of video-consumers, where video-consumers can change “channels” without disrupting their existing stream and without affecting the load on a particular video stream source.
     71''This demonstration shows a live video streaming service for the reception, hosting, routing, and transmission of live video streams using !OpenFlow in GENI. Visit us to learn about !OpenFlow/SDN use-cases, video streaming and content delivery.''
     72
     73Video streaming over the Internet, be it static or live streaming, is rapidly increasing in popularity. Many video streaming services exist to serve a variety of needs, such as video conferencing, entertainment, education, and the broadcast of live events. These services rely heavily on the server application to adapt to increasing and decreasing demand for a particular video resource. Furthermore, they require the reallocation of resources and the restart of the stream when a client stops, starts, and/or switches to a different stream. SDN (Software-Defined Networking) and specifically !OpenFlow can be creatively used to reallocate some of these tasks to the network and link layers.
     74
     75Our goal is to provide a scalable service for GENI using !OpenFlow that supports the broadcast of live video streams from an arbitrary number of video-producers to an arbitrary number of video-consumers, where video-consumers can change “channels” without disrupting their existing stream and without affecting the load on a particular video stream source.
    7676
    7777Participants:
     
    367367''This demo shows a working prototype of an application-aware video reconditioning service.  Visit us to learn about building value-added network services, such as a context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.''
    368368
    369 Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the ''de facto'' early standard for Software-Defined Networking, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to modify traffic behavior based on payload content (i.e. expedite specific traffic);  inject/remove information from the payload; and encrypt traffic on the fly.
     369Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. !OpenFlow, the ''de facto'' early standard for Software-Defined Networking, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to !OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the !OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an !OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to modify traffic behavior based on payload content (i.e. expedite specific traffic);  inject/remove information from the payload; and encrypt traffic on the fly.
    370370
    371371The video reconditioning service prototype demonstrates video traffic steered to travel either a best-effort route or an expedited route based on the video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform, because the information lies in the L7 header.
     
    504504''This demo shows Internet2 resources being allocated as part of a GENI experiment, and also describes the steps to get a slice of virtualized backbone resources.  Visit us to see what GENI resources are available on the Internet2 backbone, and how they are implemented.''
    505505
    506 Internet2 will demo circuits being created on the Advanced Layer 2 Service with the AL2S Aggregate Manager, and also virtualization on the Advanced Layer 2 Service with !FlowSpace Firewall, showing a guest controller in addition to the standard Advanced Layer 2 Service OESS controller. We will talk about our experience with guest controllers to date, and field questions on how we support experimental GENI OpenFlow controllers, running alongside our production AL2S controller.
     506Internet2 will demo circuits being created on the Advanced Layer 2 Service with the AL2S Aggregate Manager, and also virtualization on the Advanced Layer 2 Service with !FlowSpace Firewall, showing a guest controller in addition to the standard Advanced Layer 2 Service OESS controller. We will talk about our experience with guest controllers to date, and field questions on how we support experimental GENI !OpenFlow controllers, running alongside our production AL2S controller.
    507507
    508508Participants:
     
    532532
    533533==== KanREN-GENI/GpENI ====
    534 ''This poster presents the current state of infrastructure deployment in KanREN-GENI and GpENI, including the location and status of Brocade OpenFlow switches in higher education institutions throughout the state of Kansas, and its relationship to other GENI infrastructure, including the KU and UMKC InstaGENI racks, and the GpENI testbed. ''
     534''This poster presents the current state of infrastructure deployment in KanREN-GENI and GpENI, including the location and status of Brocade !OpenFlow switches in higher education institutions throughout the state of Kansas, and its relationship to other GENI infrastructure, including the KU and UMKC InstaGENI racks, and the GpENI testbed. ''
    535535
    536536Participants:
     
    11011101''This demo uses collaborative monitoring and correlation to mitigate effects of the network traffic surge of a flooding Denial of Service attack that can cause loss of service for legitimate sites.  Visit us to learn about cybersecurity attack detection and mitigation.''
    11021102
    1103 Software-defined networking (SDN) and OpenFlow offer great support to dynamically adapt a network and to access data on different network layers as needed. Such advantages have been driving recent research efforts to develop new security applications and services. However, most studies on attack detection and containment have not really differentiated their solutions from the traditional ones, without fully taking advantage of the unique capabilities provided by SDN. Moreover, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. We present a novel attack detection and containment approach that is coordinated by distributed network monitors and controllers/correlators centralized on an SDN OpenFlow Virtual Switch (OVS). With different views and information availability, these elements collaboratively detect signature constituents of an attack that possess different characteristics of scale and detail. Therefore, this approach is able to not only quickly issue an alert against potential threats followed by careful verification for high accuracy, but also balance the workload on the OVS. We apply the proposed approach to TCP SYN flood attacks using the Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful to our goal toward a systematic methodology of SDN-supported attack detection and containment. First, we have demonstrated through experimentation the scalability of our collaborative scheme. Second, we have studied how the combination of alerts by the monitor and deep packet inspection by the correlator, can increase the speed and accuracy of attack identification. Our experiments, in the context of a small to medium corporate network, have demonstrated the effectiveness and scalability of the SDN-supported detection and containment approach.
     1103Software-defined networking (SDN) and !OpenFlow offer great support to dynamically adapt a network and to access data on different network layers as needed. Such advantages have been driving recent research efforts to develop new security applications and services. However, most studies on attack detection and containment have not really differentiated their solutions from the traditional ones, without fully taking advantage of the unique capabilities provided by SDN. Moreover, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. We present a novel attack detection and containment approach that is coordinated by distributed network monitors and controllers/correlators centralized on an SDN !OpenFlow Virtual Switch (OVS). With different views and information availability, these elements collaboratively detect signature constituents of an attack that possess different characteristics of scale and detail. Therefore, this approach is able to not only quickly issue an alert against potential threats followed by careful verification for high accuracy, but also balance the workload on the OVS. We apply the proposed approach to TCP SYN flood attacks using the Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful to our goal toward a systematic methodology of SDN-supported attack detection and containment. First, we have demonstrated through experimentation the scalability of our collaborative scheme. Second, we have studied how the combination of alerts by the monitor and deep packet inspection by the correlator, can increase the speed and accuracy of attack identification. Our experiments, in the context of a small to medium corporate network, have demonstrated the effectiveness and scalability of the SDN-supported detection and containment approach.
    11041104
    11051105Participants:
     
    11171117''This demo shows consequences of compromised routers, controllers, and other systems.  Visit us if you are interested in network security.''
    11181118
    1119 GENI is making wide use of software-defined networking. This technology makes use of protocols such as OpenFlow, which implements the software-defined networking. This demo explores what could happen if a router is misconfigured or the nodes with the controllers are compromised. How would such a compromise affect other routers? What would be the effects on the network as a whole?
     1119GENI is making wide use of software-defined networking. This technology makes use of protocols such as !OpenFlow, which implements the software-defined networking. This demo explores what could happen if a router is misconfigured or the nodes with the controllers are compromised. How would such a compromise affect other routers? What would be the effects on the network as a whole?
    11201120
    11211121Participants: