I
- Article name: sdpa: Toward a stateful data plane in
Software-defined networking
- Posting time: 2017
- Journal Source: IEEE, sigcomm
- Solution:
- I. openflow only provides a single "Action matching" paradigm for the SDN data plane. It lacks the stateful forwarding feature, which limits the ability to support advanced network applications. Over-reliance on SDN controllers to maintain the status leads to scalability and performance problems between the two.
- 2. openflow is concentrated in L2/L3 network transmission. The control plane has limited support for stateful packet processing. If no controller is involved, openflow cannot monitor the streaming status.
- 3. Because of the processing latency and channel bottleneck associated between the switch and the Controller, the dependency on the Controller to maintain the data packet status may cause scalability and performance problems between the two.
- 4. openfow is designed to implement pre-defined header fields and use pre-defined actions to process data packets on fixed-function switches. Header fields and actions cannot expand flexibility to meet different application requirements. Limits the scalability and scalability of SDN data plane openflow.
- 5. p4 is highly programmable in the data plane, but it cannot support direct programmability of stateful applications, nor can it centralize the paradigm or concept for special advanced stateful applications. In addition, P4 lacks a data plane that can interact with the data plane application to dynamically publish the data plane configuration.
- Contribution:
- 1. A novel stateful structure (sdpa) is proposed to support the intuitive programmable and high-performance processing of SDN flat applications. Sdpa supports the "match-state-action" paradigm and can be used to implement stateful firewall and DNS reflection defense .. Sdpa is suitable for different network applications that need to process status information on the data plane.
- Ii. Design and Implement the extended openflow protocol to support sdpa. Through this protocol, the SDN controller can communicate with the status processing module FP (forwarding processor) and maintain the status information on the data plane switch.
- 3. a simple network function chain is developed based on the sdpa software and hardware switch prototype, and based on the sdpa software and hardware switch prototype. This network function chain is composed of a stateful firewall, DNS reflection defense and height detection applications.
- 4. Evaluate our method with additional experiments. The results show that in SDN-based networks, sdpa can greatly reduce the forwarding latency of stateful applications through manageable processing overhead.
- Disadvantages:
- The ability of sdpa is equal to limited automation in Automation Theory, so it is not completely switched
- Experiment comparison:
- I. Performance of software switches in sdpa architecture vs performance of traditional openflow software Switches
- 2. Stateless Forwarding software switch performance vs traditional openflow software switch performance
- Iii. Elastic test with a status table. During this test, the size of the sdpa software switch table and its impact on latency and throughput
- 4. stateful firewall in sdpa hardware switch vssdpa Software Switch
- V. Performance of sdpa with stateful firewalls vs stateless forwarding performance of traditional openflow hardware switches
- 6. Network Function chain performance in sdpa hardware switches vs network function chain performance in sdpa software Switches
II
- Article name: openstate: programming platform-independent stateful openflow applications inside the switch
- Posting time: 2014
- Journal Source: ACM sigcomm computer communication review journal
- Solution:
- 1. The data plane API does not allow programmers to deploy the status on the switch.
- Contribution:
- 1. a feasible and stateful stream processing concept (implemented inside the device) is described on the data plane without requiring the device to be open-source or expose the internal design ). The feasibility and implementation problems are also described.
- Disadvantages:
- 1. the abstract concept of stream processing is limited.
3.
- Article name: Supporting virtualized network functions with stateful data plane login action
- Supports network function virtualization with band status
- Posting time: 2016
- Journal Source: IEEE Network
- Solution:
- 1. Based on SDN, NFV can better expand the programming and flexibility features of advanced network functions. Many of these network functions require specific stream status information to process network streams. However, openflow only provides a simple match-Action paradigm and lacks the stateful processing function.
- Contribution:
- 1. Propose a new concept of stateful data plane to support NFV. A new paradigm "Match-state-action" is proposed to support different functions that need to process state information on the SDN data plane.
- 2. We have designed a collaborative processing unit and command and status table for the SDN switch to support status processing in the SDN data plane. By adding data information to an SDN switch, you can greatly improve the scalability and flexibility of the SDN data plane.
- Iii. Based on the proposed sdpa architecture, we have implemented a typical network function, a stateful firewall, and proved that our method can efficiently support vnfs (virtual network function ).
- Disadvantages:
- 1. Adding intelligence to a vswitch may increase its complexity.
- Experiment comparison:
- Performance of a stateful firewall in the sdpa architecture vs that in the traditional SDN Architecture
- Sdpa architecture stateless forwarding performance vs traditional SDN Architecture
- Sdpa architecture: stateful firewall performance vs Stateless firewall performance based on traditional SDN Architecture
- Sdpa architecture: stateful firewall performance vs stateful firewall (Netfilter/iptables)
Thu
- Article name: relaxing state-access constraints in stateful Programmable Data planes
- Relax state access constraints on the stateful programmable data plane
- Posting time: 2018
- Journal Source: ACM sigcomm computer communication review journal (somewhat unknown)
- Solution:
- 1. The support for programmable variable-band status data packet forwarding on hardware requires a high balance between functionality and performance.
- 2. Data can be read and written in a phase on the stateful data plane. If multiple stages can be read and written, the data may be compromised. In particular, the read/write status takes longer and the risk of inconsistent States increases.
- Contribution:
- 1. We build and provide a Simulator Based on the tracking variable-length pipeline, allowing different stages to access the same status
- 2. When processing 6 Actual traffic traces from carriers and data center networks, we consider the data packet size and different traffic granularities to evaluate the probability of State inconsistency caused by different pipeline lengths.
- Iii. Proof that a simple Locking Scheme can prevent state inconsistency. In terms of test traffic results, it can also provide line rate performance in many examples.
V.
- Article name: troubleshooting data plane with rule verification in software-defined networks
- Use software defined network rules to verify data plane troubleshooting
- Posting time: 2017
- Journal Source: transactions on network and service management journal
- Solution:
- I. End-to-end active detection, which compares the actual verification with the ideal network behavior. It usually has the following defects: failure to locate the exact fault point in time and failure to determine the responsible rules in time.
- Contribution:
- I. propose active detection for each node to compare the behavior rules of each network. It can detect data plane network faults and locate responsible rules in a timely manner to verify the effectiveness of all rules.
- 2. Deploy a detection generator on each device to reduce the time needed to generate a detector and develop an SMRT model to identify a small number of detectors for each network.
- 3. proposed and implemented the serve design, evaluated the detector generation performance, and verified the capabilities of the serve three typical use cases in small deployment.
- Disadvantages:
- 1. serve only considers action faults that cover the most likely fault conditions (that is, rule matching is always correct) rather than matching or priority faults;
- 2. Serve assumes a stateless data plane, so it cannot detect network faults in the dynamic intermediate box, such as firewall or Server Load balancer.
- 3. Serve cannot find responsible rules that do not display as failure rules for data plane network problems, such as static random packet discarding.
- Experiment comparison:
- A network device shows the impact of the SMRT structure on performance, and compares the number of probes generated by serve and monocle.
- Conduct large-scale simulation to prove the scalability of the research method.
- Use two public available datasets provided by ATPG to compare ATPG performance.
Rough reading of stateful papers (1)