Toward live inter-domain network services on the ExoGENI testbed

A key dimension of reproducibility in testbeds is stable performance that scales in regular and predictable ways in accordance with declarative specifications for virtual resources. We contend that reproducibility is crucial for elastic performance control in live experiments, in which testbed tenants (slices) provide services for real user traffic that varies over time. This paper gives an overview of ExoPlex, a framework for deploying network service providers (NSPs) as a basis for live inter-domain networking experiments on the ExoGENI testbed. As a motivating example, we show how to use ExoPlex to implement a virtual software-defined exchange (vSDX) as a tenant NSP. The vSDX implements security-managed interconnection of customer IP networks that peer with it via direct L2 links stitched dynamically into its slice. An elastic controller outside of the vSDX slice provisions network links and computing capacity for a scalable monitoring fabric within the tenant vSDX slice. The vSDX checks compliance of traffic flows with customer-specified interconnection policies, and blocks traffic from senders that trigger configured rules for intrusion detection in Bro security monitors. We present initial results showing the effect of resource provisioning on Bro performance within the vSDX.

[1]  Joe Mambretti,et al.  Next Generation Clouds, the Chameleon Cloud Testbed, and Software Defined Networking (SDN) , 2015, 2015 International Conference on Cloud Computing Research and Innovation (ICCCRI).

[2]  Jeffrey S. Chase,et al.  Slice-based network transit service: Inter-domain L2 networking on ExoGENI , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[3]  Jeffrey S. Chase,et al.  Certificate Linking and Caching for Logical Trust , 2017, ArXiv.

[4]  Nick Feamster,et al.  In VINI veritas: realistic and controlled network experimentation , 2006, SIGCOMM.

[5]  Ying Zhang,et al.  PGA: Using Graphs to Express and Automatically Reconcile Network Policies , 2015, Comput. Commun. Rev..

[6]  Hitesh Ballani,et al.  End-to-end Performance Isolation Through Virtual Datacenters , 2014, OSDI.

[7]  Jon Crowcroft,et al.  Plutarch: an argument for network pluralism , 2003, FDNA '03.

[8]  Lixin Gao,et al.  How to lease the internet in your spare time , 2007, CCRV.

[9]  Vyas Sekar,et al.  Bohatei: Flexible and Elastic DDoS Defense , 2015, USENIX Security Symposium.

[10]  Robert Ricci,et al.  Trust as the Foundation of Resource Exchange in GENI , 2015, EAI Endorsed Trans. Security Safety.

[11]  Chen Liang,et al.  Participatory networking: an API for application control of SDNs , 2013, SIGCOMM.

[12]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[13]  Jeffrey S. Chase,et al.  A Logical Approach to Cloud Federation , 2017, ArXiv.

[14]  Emin Gün Sirer,et al.  Managing the network with Merlin , 2013, HotNets.

[15]  Jeffrey S. Chase,et al.  ExoGENI: A Multi-Domain Infrastructure-as-a-Service Testbed , 2012, The GENI Book.

[16]  Jeffrey S. Chase,et al.  Towards an Experimental LegoLand: Slice Modification and Recovery in ExoGENI Testbed , 2016, TRIDENTCOM.