research-article

Free access

Practical network-wide packet behavior identification by AP classifier

Authors:

Simon S. LamAuthors Info & Claims

CoNEXT '15: Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies

Article No.: 10, Pages 1 - 13

https://doi.org/10.1145/2716281.2836095

Published: 01 December 2015 Publication History

Abstract

Identifying the network-wide forwarding behaviors of a packet is essential for many network management applications, including rule verification, policy enforcement, attack detection, traffic engineering, and fault localization. Current tools that can perform packet behavior identification either incur large time and memory costs or do not support real-time updates. In this paper we present AP Classifier, a control plane tool for packet behavior identification. AP Classifier is developed based on the concept of atomic predicates which can be used to characterize the forwarding behaviors of packets. Experiments using the data plane network state of two real networks show that the processing speed of AP Classifier is faster than existing tools by at least an order of magnitude. Furthermore, AP Classifier uses very small memory and is able to support real-time updates.

References

[1]

Hassel-C. http://bitbucket.org/peymank/hassel-public/.

[2]

The internet2 observatory data collections. http://www.internet2.edu/observatory/archive/data-collections.html.

[3]

University of oregon route views project. http://www.routeviews.org.

[4]

S. Agarwal, M. Kodialam, and T. Lakshman. Traffic engineering in software defined networks. In Proc. of IEEE INFOCOM, 2013.

[5]

M. Al-Fares, S. Radhakrishnan, B. Raghavan, N. Huang, and A. Vahdat. Hedera: dynamic flow scheduling for data center networks. In Proc. of USENIX NSDI, 2010.

Digital Library

[6]

H. Ballani, P. Costa, T. Karagiannis, and A. Rowstron. Towards predictable datacenter networks. In Proc. of ACM SIGCOMM, 2011.

Digital Library

[7]

T. Benson, A. Akella, and D. A. Maltz. Network traffic characteristics of data centers in the wild. In Proc. of ACM IMC, 2010.

Digital Library

[8]

T. Benson, A. Anand, A. Akella, and M. Zhang. Microte: Fine grained traffic engineering for data centers. In Proc. of ACM CoNEXT, 2011.

Digital Library

[9]

Q. Chen, C. Qian, and S. Zhong. Privacy-preserving cross-domain routing optimization --- a cryptographic approach. In Proc. of IEEE ICNP, 2015.

Digital Library

[10]

W. Cui and C. Qian. Difs: Distributed flow scheduling for adaptive routing in hierarchical data center networks. In Proc. of ACM/IEEE ANCS, 2014.

Digital Library

[11]

M. Dhawan, R. Poddar, K. Mahajan, and V. Mann. Dynamic scheduling of network updates. In Proc. of ACM SIGCOMM, 2014.

Digital Library

[12]

A. Fogel, S. Fung, L. Pedrosa, M. Walraed-Sullivan, R. Govindan, R. Mahajan, and T. Millstein. A general approach to network configuration analysis. In Proc. of USENIX NSDI, 2015.

Digital Library

[13]

T. Inoue, T. Mano, K. Mizutani, S. Minato, and O. Akashi. Rethinking packet classification for global network view of software-defined networking. In Proc. of IEEE ICNP, 2014.

Digital Library

[14]

S. Jain et al. B4: Experience with a Globally-Deployed Software Defined WAN. In Proceedings of ACM Sigcomm, 2013.

Digital Library

[15]

S. Kandula, S. Sengupta, A. Greenberg, P. Patel, and R. Chaiken. The nature of data center traffic: measurements & analysis. In Proc. of ACM IMC, 2009.

Digital Library

[16]

P. Kazemian, M. Chang, H. Zeng, G. Varghese, N. McKeown, and S. Whyte. Real time network policy checking using header space analysis. In Proc. of USENIX NSDI, 2013.

Digital Library

[17]

P. Kazemian, G. Varghese, and N. McKeown. Header space analysis: Static checking for networks. In Proc. of USENIX NSDI, 2012.

Digital Library

[18]

A. R. Khakpour and A. X. Liu. Quantifying and querying network reachability. In Proc. of IEEE ICDCS, 2010.

Digital Library

[19]

A. Khurshid, X. Zou, W. Zhou, M. Caesar, and P. B. Godfrey. Veriflow: Verifying network-wide invariants in real time. In Proc. of USENIX NSDI, 2013.

Digital Library

[20]

M. Kuzniar, P. Peresini, and D. Kostic. What you need to know about SDN flow tables. In Proc. of PAM, 2015.

[21]

X. Li and C. Qian. Traffic and failure aware vm placement for multi-tenant cloud computing. In Proceedings of IEEE IWQoS, 2015.

[22]

H. Liu, S. Kandula, R. Mahajan, M. Zhang, and D. Gelernter. Traffic engineering with forward fault correction. In Proc. of ACM SIGCOMM, 2014.

Digital Library

[23]

N. P. Lopes, N. BjØrner, P. Godefroid, K. Jayaraman, and G. Varghese. Checking beliefs in dynamic networks. In Proc. of USENIX NSDI, 2015.

Digital Library

[24]

H. Mai, A. Khurshid, R. Agarwal, M. Caesar, P. B. Godfrey, and S. T. King. Debugging the data plane with Anteater. In Proc. of ACM SIGCOMM, 2011.

Digital Library

[25]

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. Openflow: enabling innovation in campus networks. ACM SIGCOMM CCR, 38(2):69--74, 2008.

Digital Library

[26]

A. Nayak, A. Reimers, N. Feamster, and R. Clark. Resonance: Dynamic access control for enterprise networks. In Proc. of ACM WREN, 2009.

Digital Library

[27]

Z. A. Qazi, C. Tu, L. Chiang, R. Miao, V. Sekar, and M. Yu. Simple-fying middlebox policy enforcement using SDN. In Proc. of ACM SIGCOMM, 2013.

Digital Library

[28]

G. Xie, J. Zhan, D. A. Maltz, H. Zhang, A. Greenberg, G. Hjalmtysson, and J. Rexford. On static reachability analysis of IP networks. In Proc. of IEEE INFOCOM, 2005.

[29]

H. Yang and S. S. Lam. Real-time verification of network properties using atomic predicates. Technical Report TR-13-15, The Univ. of Texas at Austin, Dept. of Computer Science, Aug. 2013.

[30]

H. Yang and S. S. Lam. Real-time verification of network properties using atomic predicates. In Proc. of IEEE ICNP, 2013, extended version in IEEE/ACM Transactions on Networking.

Digital Library

[31]

Y. Yu and C. Qian. Space shuffle: A scalable, flexible, and high-bandwidth data center network. In Proc. of IEEE ICNP, 2014.

Digital Library

[32]

Y. Yu, C. Qian, and X. Li. Distributed collaborative monitoring in software defined networks. In Proc. of ACM HotSDN, 2014.

Digital Library

[33]

H. Zeng, P. Kazemiany, G. Varghese, and N. McKeown. Automatic test packet generation. In Proc. of ACM CoNEXT, 2012.

Digital Library

Cited By

Cai JYang GLiu JXie Y(2023)FuzzyCAT: A Framework for Network Configuration Verification Based on Fuzzing2023 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC59175.2023.10253841(123-131)Online publication date: 17-Nov-2023
https://doi.org/10.1109/IPCCC59175.2023.10253841
Xiang QWen RHuang CWang YLe F(2022)Network can check itselfProceedings of the 21st ACM Workshop on Hot Topics in Networks10.1145/3563766.3564095(85-92)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3563766.3564095
Guo DChen SGao KXiang QZhang YYang YKuipers FOrda A(2022)FlashProceedings of the ACM SIGCOMM 2022 Conference10.1145/3544216.3544246(314-335)Online publication date: 22-Aug-2022
https://dl.acm.org/doi/10.1145/3544216.3544246
Show More Cited By

Index Terms

Practical network-wide packet behavior identification by AP classifier
1. Networks

Recommendations

Practical Network-Wide Packet Behavior Identification by AP Classifier

Identifying the network-wide forwarding behaviors of a packet is essential for many network management applications, including rule verification, policy enforcement, attack detection, traffic engineering, and fault localization. Current tools that can ...
Packet Access Control Mechanism Based on Cipher Identification in Software-defined Network
IMMS '19: Proceedings of the 2nd International Conference on Information Management and Management Sciences

Software defined networking (SDN) decouples the controller plane from the data plane, offering flexible network configure and management. Because of this architecture, the SDN network is vulnerable to threats caused by user identity forgery, such as ...
Study of temporal behaviour of packet loss in packet switches with bursty traffic arrivals

The study of packet loss is of great importance to the design of fast packet switching systems. Fast packet switching is generally accepted as the best technique for designing high-speed computer networks. Due to the high throughput demands and the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CoNEXT '15: Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies

December 2015

483 pages

ISBN:9781450334129

DOI:10.1145/2716281

General Chairs:
Felipe Huici
NEC Europe Ltd
,
Giuseppe Bianchi
University of Rome Tor Vergata

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

CoNEXT '15

Sponsor:

SIGCOMM

CoNEXT '15: Conference on emerging Networking Experiments and Technologies

December 1 - 4, 2015

Heidelberg, Germany

Acceptance Rates

Overall Acceptance Rate 198 of 789 submissions, 25%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
304
Total Downloads

Downloads (Last 12 months)77
Downloads (Last 6 weeks)8

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cai JYang GLiu JXie Y(2023)FuzzyCAT: A Framework for Network Configuration Verification Based on Fuzzing2023 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC59175.2023.10253841(123-131)Online publication date: 17-Nov-2023
https://doi.org/10.1109/IPCCC59175.2023.10253841
Xiang QWen RHuang CWang YLe F(2022)Network can check itselfProceedings of the 21st ACM Workshop on Hot Topics in Networks10.1145/3563766.3564095(85-92)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3563766.3564095
Guo DChen SGao KXiang QZhang YYang YKuipers FOrda A(2022)FlashProceedings of the ACM SIGCOMM 2022 Conference10.1145/3544216.3544246(314-335)Online publication date: 22-Aug-2022
https://dl.acm.org/doi/10.1145/3544216.3544246
Zhang CChen JCai SLiu BWu YGeng Y(2020)iTES: Integrated Testing and Evaluation System for Software Vulnerability Detection Methods2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00196(1455-1460)Online publication date: Dec-2020
https://doi.org/10.1109/TrustCom50675.2020.00196
Wang HLi XWang YZhao YYu YYang HQian C(2020)SICS: Secure and Dynamic Middlebox OutsourcingIEEE/ACM Transactions on Networking10.1109/TNET.2020.302338628:6(2713-2726)Online publication date: Dec-2020
https://doi.org/10.1109/TNET.2020.3023386
Jagadeesh HVithalkar AKabra MJhunjhunwala NManav PHu Y(2020)Double-Edge Embedding Based Provenance Recovery for Low-Latency Applications in Wireless NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.3001185(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.3001185
WATABE KMANO TINOUE TMIZUTANI KAKASHI ONAKAGAWA K(2019)Measuring Lost Packets with Minimum Counters in Traffic Matrix EstimationIEICE Transactions on Communications10.1587/transcom.2018EBP3072E102.B:1(76-87)Online publication date: 1-Jan-2019
https://doi.org/10.1587/transcom.2018EBP3072
Yu YQian CWu WZhang Y(2018)NetCP: Consistent, Non-Interruptive and Efficient Checkpointing and Rollback of SDN2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)10.1109/IWQoS.2018.8624142(1-10)Online publication date: Jun-2018
https://doi.org/10.1109/IWQoS.2018.8624142
Inoue TChen RMano TMizutani KNagata HAkashi O(2017)An Efficient Framework for Data-Plane Verification With Geometric Windowing QueriesIEEE Transactions on Network and Service Management10.1109/TNSM.2017.272372514:4(1113-1127)Online publication date: 1-Dec-2017
https://dl.acm.org/doi/10.1109/TNSM.2017.2723725
Wang HQian CYu YYang HLam SHuazhe Wang Chen Qian Ye Yu Hongkun Yang Lam S(2017)Practical Network-Wide Packet Behavior Identification by AP ClassifierIEEE/ACM Transactions on Networking10.1109/TNET.2017.272063725:5(2886-2899)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1109/TNET.2017.2720637
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents