What’s on

In here I try to offer a glimpse of the stuff I’m working on, and what I antecipate to be some of the future topics of my research.

    ===First, a look at the future===

The master student’s project proposals I have for next academic year (starting in Sept/Oct) give a good idea of the topics I will work on in the near future:

#1: Efficient network virtualization

A network virtualization platform entails at least three components: performing address virtualization, to allow tenants to choose their IP and/or MAC addresses; topology virtualization, to give them the freedom to chose the topologies they want for their workloads; and resource isolation, guarantee the agreed share of the resources to the tenant, offering them the illusion that they are the sole owners of the network.

Software-defined networking (SDN) [1][2] is a new networking paradigm that gives the flexibility required for full network virtualisation, as required in current cloud environments. This technique has been recently very successfully applied to offer network virtualization [3][4][5].

Starting from these SDN-based network virtualization platforms, the objective of this project is to investigate efficient techniques for network virtualization, (potentially) considering the three components above. As an example, current network virtualization platforms, such as VMware NVP/NSX [3], create pair-wise tunnels between every pair of host-hypervisors. This creates scalability challenges – as tunnels are expensive to maintain, for instance – and hence one idea to explore would be to give some structure to the overall tunnel configuration in order to improve scalability.

[1] SDN survey
[2] Softwarization of networking
[3] NVP
[4] FlowVisor
[5] OVX

#2: Live migration of networks

VM migration is a fundamental management tool in cloud environments. As a VM rarely acts alone (VMs are often part of multi-tier web applications, with significant interaction between tiers), migrating a single VM in isolation could lead to significant performance degradation and high bandwidth costs. As such, it becomes necessary to migrate the network alongside the VMs that interconnect them.

With the advent of SDNs[1][2], recent work has proposed transparent, live migration of these networks: LIME [3]. We have recently started working on this problem, looking in particular at optimal solutions for migration scheduling (e.g., to minimise control plane latencies). We plan to work on efficient heuristics, integrate our proposed scheduler with LIME, and integrate all into a network hypervisor.

[1] SDN survey
[2] Softwarization of networking
[3] LIME

#3: Resilient network coding data plane

Network coding [1] is a technique that can be used to improve a network’s throughput and resilience. The idea is for switches or routers to mix the information content in the packets received before forwarding them. By doing it cleverly, gains in capacity and resilience may be achieved.

Computer networking has been recently shifting paradigm, from configurable to programmable networks. Its first deployable instance can be considered to be SDN [2][3], which enables control plane programmability. In the past couple of years some work has started looking at the ability to program the network switches themselves [4][5] – the data plane. The possibility of programming the switches brings new opportunities for coding at the network level.

Our proposal is to program switches using the P4 language [5][6] to enable network coding at the network layer. The recently proposed P4 compiler [7] for Open vSwitch [8][9] will enable our solution to be made practical in virtualised environments.

This project will be co-supervised by Professor Muriel Médard. Muriel is Professor at MIT, leader of The Network Coding and Reliable Communication Group, and a leading expert in network coding.

[1] XORs in the air (ACM TON)
[2] SDN survey (Proceedings of the IEEE)
[3] Softwarization of networking (Cutter IT Journal)
[4] RMT (SIGCOMM’14)
[5] P4 (CCR, May 2014)
[6] P4 website
[8] Open vSwitch (NSDI’15)
[9] OVS website

#4: Secure network monitoring

SDNs [1][2] have been recently touted as ideal for network monitoring [3]. Unfortunately, SDN-based monitoring solutions have security vulnerabilities that make them vulnerable to attacks (even relatively unsophisticated ones).

The objective of this project is to investigate advanced techniques to secure an SDN-based network monitor. We plane to leverage on recently-proposed techniques and languages for data plane programmability (for instance, P4[4]) to offer advanced monitoring functionality.

This project will be co-supervised by Professor Nuno Neves.

[1] SDN survey
[2] Softwarization of networking
[3] SLAM
[4] P4

#5: Resilient routing for smart grids

For better manage their network, by means if effective traffic engineering, smart grid operators are moving towards an MPLS-based core. Unfortunately, MPLS networks are complex to manage and operate, mostly due to its reliance on complicated distributed control protocols that have to be processed by all MPLS nodes.

The Software-Defined Networking paradigm [1][2] promises to break the current state of affair by logically centralising control. However, smart grid operators may be reluctant to move all their network elements to SDN.

Fortunately, a new network technology has been proposed by the IETF – segment routing [3] – which allows SDN to be used in MPLS networks. With this technique the core MPLS data plane (that is, the MPLS routers) do not have to be changed, but SDN can still control the network from the edge.

The objective of this project is to explore novel resilient routing techniques for smart grids using segment routing.

This project will be co-supervised by Professor Nuno Neves.

[1] SDN survey
[2] Softwarization of networking
[3] Segment routing

#6: SDN for intermittent networks

The context of this work are alternative/community networks[1]: networking technologies run by, and for, a local community, usually to compensate for lack of access to ICT. These network are, by their nature, intermittent and unreliable, as nodes have a relatively unpredictable off and on behaviour.

The goal of this project is to make SDNs [2][3] work on intermittent networks. For this purpose, several questions will be explored: what sort of consensus algorithms are good for SDN in community networks? What are the right network abstractions?

This project will be co-supervised by Dr. Arjuna Sathiaseelan. Dr. Sathiaseelan is a Senior Research Associate at the Computer Laboratory, University of Cambridge, leader of the Networking for Development (N4D Lab) and Chair of IRTF Global Access to the Internet for All (GAIA) research group.

[1] Alternative/community networks
[2] SDN survey
[3] Softwarization of networking

#7: BGP security using SDN

The networking community is well aware with a fundamental problem with the Internet core: BGP is insecure. As such, several solutions have been proposed to secure BGP in the past 15 years. Unfortunately, the most effective BGP security solutions remain largely undeployed [1]. This is fundamentally due to three reasons: the solution a) requires changes to BGP; b) is computationally expensive for routers; c) does not give network operators incentives for deployment.

Our proposal, BGPSecX, aims to offer equivalent security to the most complete secure BGP solution while solving problems a) and b) by using an SDN-based approach. With SDN [2][3] the control plane is separated from the data plane and is implemented in a logically centralised controller. As such, BGP processing can be moved from the routers to an external (cluster of) controller(s). In addition, we aim to address the challenging problem c) by targeting (clusters of collaborating) Internet eXchange Points (IXPs) [4].

[1] Why is it taking so long to secure internet routing?
[2] SDN survey
[3] Softwarization of networking
[4] Anatomy of a large European IXP

#8: Network verification

SDN [1][2] has created a change of paradigm in networks: from configurable to programmable networks. The logical centralisation of control offered by an SDN creates the possibility to answer operational questions that were very hard to answer with traditional networking: “are there loops in my network?”; “can host A talk to host B?”; “can an external host access my server X?”

With this change in paradigm a new field – network verification – is emerging [3][4], with some anticipating this to become a billion dollar business soon (Nick McKeown@SIGCOMM’12).

The objective of this project is to explore well-known approaches from the software verification literature and apply them to this new domain: networks. An example objective would be, for instance, to verify if the network is behaving as expected from a security point of view. The resulting framework should aim to achieve a good balance between expressiveness and performance.

This project will be co-supervised by Professor João Marques Silva.

[1] SDN survey
[2]Softwarization of networking
[3] Vision for network verification
[4] Real time HSA

    ===Now, a glimpse at the present===

These are my current lines of research (in no particular order):

#1 We are building a multi-cloud, resilient network virtualization platform based on SDN in SUPERCLOUD (an H2020 project). My PhD student Max Alaluna is working on the core of the platform (virtualization of addressing, topology, and isolation of all components). My MSc students Luís Ferrolho and José Soares are working on two modules of the platform: the (secure) network embedder and the module for network migration, respectively. As the platform is SDN-based, and we want it to scale and be resilient, my PhD student Túlio Silva is investigating distributed SDN control, and my MSc student André Mantas is building a fault-tolerant, consistent SDN controller.

#2 In another European project, SEGRID, we are working on a resilient communication infrastructure for Smart Grids. My MSc student Frederico Brito is looking at fast reroute algorithms using segment routing (a technique that couples the novel SDN paradigm perfectly with MPLS, the core network infrastructure of most smart grids). My MSc student Pedro Maia and our Researcher Ricardo Fonseca are working on a secure monitor for Smart Grid networks. Pedro is focusing on software switches, while Ricardo is working with OpenFlow hardware switches.

#3 With my PhD student Regivaldo Costa I am working on the design of an SDN-based approach to improve the security of BGP. Our proposal targets Internet Exchange Points, and aims to address the problem of the lack of deployability of BGP security solutions.

#4 My PhD student Pedro Sá da Costa is building a multi-cloud, byzantine fault-tolerant Map Reduce. He is near the end of his is thesis, and is also advised by my colleague Miguel Correia, from the Instituto Superior Técnico (IST) of the Universidade de Lisboa (ULisboa).

#5 I am also working on the security of SDN with my PhD student Diego Kreutz and with Professor Paulo Veríssimo from the University of Luxembourg and the SnT.

#6 My MSc student Tiago Santos is working on an intrusion detection and response system for mobile devices. This is joint work with my colleague Tiago Guerreiro and the PhD student Diogo Marques.

#7 My MSc student Nuno Ferreira, an engineer at Coriant, is working on SDN-based security solutions for optical networks. He is currently devising a platform that mitigates DoS attacks.

Comments are closed.