FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2892655561> ?p ?o ?g. }

• W2892655561 abstract "The correct implementation of network policies (e.g., routing, NAT, VPNs, load balancing, and IDS/IPS) for underlying network functions is critical, as it determines the security, availability and performance of a production network. However, it is notoriously known that making sure network policies are correctly implemented is challenging, even for basic reachability policies. This becomes more challenging in cloud environments featured with SDN-enabled NFV, where multiple tenants are hosted with richer in-network services in the form of chained, virtualized network functions with dynamic, customized network policies. To address this problem, existing approaches have been proposed to model network behaviors, generate synthetic network traffic, and verify network policies. However, these solutions face a fundamental challenge in SDN-enabled NFV --- lack of capturing dynamics of the production system. For example, virtual network functions (running in virtual machines) can be arbitrarily composed to realize service chaining on the fly; the chained network functions create more complex unpredictable network policies. Further, the on-demand cloud service model compounds this complexity with dynamic loads and varying network function requirements. One (seemingly straightforward) solution may be to extend existing network models to capture dynamic system behaviors, and thus generate test traffic with broader coverage. However, despite the possibility of doing so, such model-based approaches will easily result in state-space explosion, which will take extensive time for completing a simple network verification task even for a small network. On the other hand, focusing on a subset of intended polices may reduce the state space, but could fail to catch some critical sources of violations in practice --- in most cases, it is even hard (or impossible) to know the polices without really operating network functions in a production environment (e.g., with improvised changes in NFV configurations/policies). Ideally, conducting network verification in a live production environment --- complementary to model-based verification approaches --- is attractive, as production traffic captures the most exact, realistic dynamic state of the system that model-based verification tools cannot provide. However, doing so brings potential risks of impacting or even damaging a live production environment, as mis-configured inline test network functions could wrongly manipulate network traffic --- numerous network outrages are actually caused by (tiny) mis-configurations of a live production system. It becomes more problematic in multi-tenant cloud, as such misbehaviors could impact other tenants. In this paper, we present ShadeNF, a novel online verification platform for testing in-cloud network functions in a production-like environment, without disrupting the live production system. ShadeNF enables such a production-like test environment (i.e., the shadow system) with an exact clone of the production network functions (to be tested), which captures the dynamic state and vulnerabilities of the live production system. Further, ShadeNF delicately steers live production traffic to the shadow system as the test traffic, which captures the dynamic state of the production workloads. The actual verification is operated in a completely isolated environment with desired resources (e.g., CPU, memory and storage), thus not interfering with the production system. We make three key contributions in ShadeNF: First, ShadeNF introduces a new live, consistent snapshot approach to clone chained, dependent network functions by leveraging SDN virtual switches. This approach both preserves a consistent snapshot and reduces performance overhead with no modifications to VMs software and legacy network flows. Second, to capture the dynamics of the production workloads, ShadeNF creates a new traffic forwarding plane, which selectively, unidirectionally steers the production traffic to the test system with new programmable forwarding pipes. These forwarding pipes also enable the autochaining of arbitrary network functions. Last, to explore broader test coverage, ShadeNF advances existing model-based approaches by taking patterns of real production traffic into consideration --- ShadeNF populates synthetic test traffic with realistic traffic patterns that are captured and provided automatically. We have implemented a ShadeNF platform prototype upon OpenStack. Our evaluation in a real cloud testbed shows that: (1) ShadeNF captures the dynamics of a production system without affecting the production system; (2) ShadeNF can effectively detect a variety of policy violations." @default.
• W2892655561 created "2018-10-05" @default.
• W2892655561 creator A5037551573 @default.
• W2892655561 creator A5055434477 @default.
• W2892655561 creator A5082264643 @default.
• W2892655561 creator A5082972501 @default.
• W2892655561 date "2018-10-11" @default.
• W2892655561 modified "2023-10-15" @default.
• W2892655561 title "ShadeNF" @default.
• W2892655561 doi "https://doi.org/10.1145/3267809.3275467" @default.
• W2892655561 hasPublicationYear "2018" @default.
• W2892655561 type Work @default.
• W2892655561 sameAs 2892655561 @default.
• W2892655561 citedByCount "0" @default.
• W2892655561 crossrefType "proceedings-article" @default.
• W2892655561 hasAuthorship W2892655561A5037551573 @default.
• W2892655561 hasAuthorship W2892655561A5055434477 @default.
• W2892655561 hasAuthorship W2892655561A5082264643 @default.
• W2892655561 hasAuthorship W2892655561A5082972501 @default.
• W2892655561 hasConcept C111919701 @default.
• W2892655561 hasConcept C120314980 @default.
• W2892655561 hasConcept C13540734 @default.
• W2892655561 hasConcept C139940560 @default.
• W2892655561 hasConcept C15744967 @default.
• W2892655561 hasConcept C16986412 @default.
• W2892655561 hasConcept C193415008 @default.
• W2892655561 hasConcept C2776874963 @default.
• W2892655561 hasConcept C2779618445 @default.
• W2892655561 hasConcept C31258907 @default.
• W2892655561 hasConcept C41008148 @default.
• W2892655561 hasConcept C49020025 @default.
• W2892655561 hasConcept C542102704 @default.
• W2892655561 hasConcept C79974875 @default.
• W2892655561 hasConceptScore W2892655561C111919701 @default.
• W2892655561 hasConceptScore W2892655561C120314980 @default.
• W2892655561 hasConceptScore W2892655561C13540734 @default.
• W2892655561 hasConceptScore W2892655561C139940560 @default.
• W2892655561 hasConceptScore W2892655561C15744967 @default.
• W2892655561 hasConceptScore W2892655561C16986412 @default.
• W2892655561 hasConceptScore W2892655561C193415008 @default.
• W2892655561 hasConceptScore W2892655561C2776874963 @default.
• W2892655561 hasConceptScore W2892655561C2779618445 @default.
• W2892655561 hasConceptScore W2892655561C31258907 @default.
• W2892655561 hasConceptScore W2892655561C41008148 @default.
• W2892655561 hasConceptScore W2892655561C49020025 @default.
• W2892655561 hasConceptScore W2892655561C542102704 @default.
• W2892655561 hasConceptScore W2892655561C79974875 @default.
• W2892655561 hasLocation W28926555611 @default.
• W2892655561 hasOpenAccess W2892655561 @default.
• W2892655561 hasPrimaryLocation W28926555611 @default.
• W2892655561 hasRelatedWork W1511254540 @default.
• W2892655561 hasRelatedWork W2105685892 @default.
• W2892655561 hasRelatedWork W2128291817 @default.
• W2892655561 hasRelatedWork W2187778972 @default.
• W2892655561 hasRelatedWork W2381235861 @default.
• W2892655561 hasRelatedWork W2543048565 @default.
• W2892655561 hasRelatedWork W2765945255 @default.
• W2892655561 hasRelatedWork W2892655561 @default.
• W2892655561 hasRelatedWork W2941726965 @default.
• W2892655561 hasRelatedWork W3009667610 @default.
• W2892655561 isParatext "false" @default.
• W2892655561 isRetracted "false" @default.
• W2892655561 magId "2892655561" @default.
• W2892655561 workType "article" @default.