40 min per Presentation (including Questions & Discussion)
Opening 09:00 - 09:10 - Welcome
Irena Trajkovska, Kurt Baumann
(1) 09:10 - 09:30 - Irena Trajkovska, ICCLab, ZHAW
Title: Automated network service deployment in multiple datacenters and lessons learnt
This brief demonstration will show the deployment of network services in NFV stack: from Marketplace, via Orchestrator and SDK for SDN, using WAN Infrastructure Connectivity Manager and couple of Virtual Network Functions (VNFs): virtual traffic classifier, virtual security appliance and virtual proxy as a service. These components have been developed within the scope of the European T-Nova project. We will show the Customer interaction with a Marketplace Dashboard for VNFs selection and service composition. This will be followed by service provisioning in OpenStack cloud and SDN-based service chain creation. Some monitored metrics will be included, associated to the service statistics. Finally some challenges and future works will be discussed.
(2) 09:35 - 10:15 - Andy Wingo, Igalia S.L.
Title: Practical virtual network functions with Snabb
The Snabb network function toolkit has grown over the last year to include a number of practical network functions that can be of direct use to network engineers, from test rigs to packet filtering and capturing tools to core IPv6 transition technology border router implementations. After a brief summary of what Snabb is, this talk updates the audience on the network functions included in Snabb, and how they can be easily put to use and even extended to new uses.
(3) 10:20 - 11:00 - Roland Meier, ETH Zurich
Title: iTAP: In-network Traffic Analysis Prevention using Software-Defined Networks
The focus of the talk will be on iTAP (itap.ethz.ch), our recent work on network traffic obfuscation. iTAP is a system that provides strong anonymity guarantees within a network. Akin to onion routing, iTAP rewrites packet headers at the network edges by leveraging SDN devices. As large LANs can see millions of flows, the key challenge is to rewrite headers in a way that guarantees strong anonymity while, at the same time, scaling in the control-plane and in the data-plane. iTAP addresses these challenges by adopting a hybrid rewriting scheme that scales by reusing rewriting rules across distinct flows and by distributing them on multiple switches. As reusing headers leaks information, iTAP monitors this leakage and adapts the rewriting rules before any eavesdropper could provably de-anonymize any host.
11:00 - 11:20 Break - Coffee/Tea Time
(4) 11:20 - 12:00 - Dang Ngo, Cisco
Title: NFV in modern DC networks – How to improve network agility in an SDN enabled environment
For today’s service providers and enterprises, bandwidth demands continue to increase and evolve. The introduction of Internet of Things (IoT) solutions, such as smart homes, smart cities, connected cars, and connected medical devices, is forcing organizations to change existing business models and to build more cost-effective networks. Network functions virtualization (NFV) technologies are designed to meet this challenge. They can provide the tools to effectively grow complex network and server environments to meet business, application, and subscriber needs, while better matching revenue through smart utilization of the network.
In the presentation, it will be discussed and demonstrated how NFV technology can solve these challenges in a modern DC network and how to use NFV in a very efficient way, regardless of a software- or hardware based solution.
(5) 12:05 - 12:45 - Bruno Rodriguez, University of Zurich
Title: Cooperative DDoS Signaling System Based on SDN and Blockchains
The increasing traffic volume and frequency of recent Distributed Denial-of-Service (DDoS) attacks shows that existing, centralized DDoS defense systems are still not capable of withstanding against large-scale attacks. A coordinated effort across multiple domains has become an attractive alternative to extending DDoS defense capabilities. However, the complexity of existing collaborative defense systems including the operation of a distributed infrastructure with a gossip-based protocol for signaling attacks, are a bottleneck to make
these systems fully operational. The emergence of Software-Defined Network (SDN) and Blockchains has offered a solution to reduce such complexity, allowing to share information through an already existing distributed database. This work presents a system for signaling DDoS attacks combining these elements and introducing novel opportunities for flexible and efficient DDoS mitigation solutions across multiple domains.
12:45 - 13:45 Lunch by SWITCH - foodLAB
(6) 13:45 - 14:25 - Roberto Riggio, CREATENET, Italy
Title: Where is the SDK for my Software-Defined Mobile Network
Software-Defined Networking (SDN) has received, in the last years, significant interest from the academic and the industrial communities alike. The decoupled control and data planes found in an SDN allows for logically centralized intelligence in the control plane and generalized network hardware in the data plane. Although the current SDN ecosystem provides a rich support for wired packet–switched networks, the same cannot be said for wireless networks where specific radio data-plane abstractions, controllers, and programming primitives are still yet to be established. In this talk we will discuss a set of programming abstractions modeling the fundamental aspects of a mobile network. The proposed abstractions have been implemented in Python–based Software Development Kit and in a proof-of-concept data-plane and controller for[masked] networks. Finally, we will conclude the talk with an overview of our current work on performance isolation and virtual network function orchestration in mobile networks.
(7) 14:30 - 15:10 Adrian Perrig, ETH Zurich
Title: SD-WAN, how it can be realized with the SCION secure Internet architecture
SD-WAN promises SDN properties in an inter-domain context, such as path transparency and control, load balancing across different paths, and simultaneous usage and fine-grained control of all multi-homed connections. How can we achieve these properties? We will describe how the SCION secure Internet architecture can deliver all the SD-WAN Features. Link: SCION, Chapter 2 https://www.scion-architecture.net/pdf/SCION-book.pdf
15:10 - 15:30 Break - Coffee/Tea Time
(8) 15:30 - 16:10 - Douglas Copas, Swisscom
Title: Operational Challenges Deploying SDN Solutions in Productive Environments
Modern cloud technologies such as Kubernetes, Cloud Foundry, and Open Shift require modern networking solutions. Without the introduction of Software Defined Networking, deployment of these cloud solutions is problematic at best, and impossible at worst. Despite the power and flexibility of network virtualization, without corresponding changes to the operational model, entire new sets of problems arise. In this talk, we will look at what these problem sets are, as well as their causes, effects and strategies for mitigation.
(9) 16:15 - 16:55 - Mitch Gusat , IBM Research
Title: zMon: Online IPS/IDS in Endeavour SDN
The scale, speed and sophistication of network attacks are exponentially increasing beyond today's capabilities of established Intrusion Detection/Prevention Systems (IDS/IPS). Indeed, intrusions and DoS attacks are no longer "anomalies", but permanent and evolving fixtures of Internet and Datacenter/Cloud-based IT. Further aggravating the cyber-threats, the mobile and IoT devices are adding monthly millions of potential new bots to attackers' arsenals. This talk presents an online 100Gbps IDS/IPS system capable of (i) globally mirroring all the ports of a Tbps-class SDN switch (Intel RRC FM10K), (ii) detecting dDoS attacks, and (iii) mitigating the latter with a sub-ms reaction time (400us). Effectively such an SDN IDS/IPS method can detect and combat dDoS attacks in near-real-time, as demonstrated by a live zMon demo.
(10) 17:00 - 17:15 - Desislava Dimitrova, ETH
Title: DeltaPath: fast incremental routing for dynamic network topologies
Programmable networks allow flexible control by logically centralizing the control plane, including decisions. However, this comes at a price: centralized route calculations can become a bottleneck in large networks which need to react quickly to restore service after link or switch failures. We present DeltaPath, a routing module for an SDN controller which outperforms known SDN modules . DeltaPath can recompute paths for all affected flows after a network failure under 4ms. In a large data center network, DeltaPath can process more than 1000 changes to network state per second with a latency of 1 second. The superior performance comes from its execution platform, Timely Dataflow, and the incremental, batched processing of network updates. Compared to previous incremental graph algorithms, DeltaPath offers a concise and clear implementation by delegating the complexity of the incrementality to the underlying execution platform.
17:15 Wrap up / Discussion, Future steps / End of Workshop
The steering board committee would like to invite you to the the 8th. SDN workshop where researchers, academic ICTs and the industry meet to present new ideas, elaborate concepts, and show demos of SDN applications. We are also open for collaborations.
This time the Motto for the SDN Workshop is “SDN more than a concept” and reflects the scope of the following workshop topics:
- Real-time applications and operations enabled by SDN
- Multimedia services and streaming over SDN-enabled architectures
- Economic aspect of SDN applications
- Solutions for SDN in container networks
- Use cases and applications based on SDN/NFV
- QoS assessment in SDN-enabled environment
- Management and orchestration of SDN-NFV services
- 5G success storied enabled by SDN and NFV
- The future of Service Function Chaining in SDN-NFV environment
- Performance monitoring and verification technologies (QoA),
- Scalability, benchmarking, and disaster recovery concept
- Evaluation reports from SDN-NFV experimental testbeds and industry solutions
- Survey on SDN: status, experiences, future directions, community, etc.
- Hybrid approaches on SDN and other technologies
If you would like to be a part of the program, please send us your presentation proposal on SDN meetup page or on the mailing list: [masked] (not more than 100 words) not later than 07th. of May 2017, EOB.
If you have a question, please do not hesitate to contact us.
Many thanks for your attention.
SC SDN Workshop
Irena Trajkovska (ICCLab)
Kurt Baumann (SWITCH)