Search Results (8)

Virtual private network (VPN) gateways are widely applied to provide secure end-to-end remote access and to relay reliable interconnected communication in cloud computing. As network convergence nodes, the performance of VPN gateways is limited by traditional methods of packet receiving and sending, the kernel protocol stack and the virtual network interface card. This paper proposes a generic high-performance architecture (GHPA) for VPN gateways in consideration of its generality and performance. In terms of generality, we redesign a generic VPN core framework by modeling a generic VPN communication model, formulating generic VPN core technologies and presenting corresponding core algorithms. In terms of performance, we propose a three-layer GHPA for VPN gateways by designing a VPN packet processing layer based on a data plane development kit (DPDK), implementing a user space basic protocol stack and applying our proposed generic VPN core framework. On the basis of the research work above, we implement a high-performance VPN (HP-VPN) and a traditional VPN (T-VPN) that complies with GHPA and traditional methods, respectively. Experimental results prove that the performance of HP-VPN based on GHPA is superior to T-VPN and other common VPNs in RTT, system throughput, packet forwarding rate and jitter. In addition, GHPA is extensible and applicable for other VPN gateways to improve their performance. Full article

Concurrent access to large-scale video data streams in edge computing is an important application scenario that currently faces a high cost of network access equipment and high data packet loss rate. To solve this problem, a low-cost link aggregation video stream data concurrent transmission method is proposed. Data Plane Development Kit (DPDK) technology supports the concurrent receiving and forwarding function of multiple Network Interface Cards (NICs). The Q-learning data stream scheduling model is proposed to solve the load scheduling of multiple queues of multiple NICs. The Central Processing Unit (CPU) transmission processing unit was dynamically selected by data stream classification, as well as a reward function, to achieve the dynamic load balancing of data stream transmission. The experiments conducted demonstrate that this method expands the bandwidth by 3.6 times over the benchmark scheme for a single network port, and reduces the average CPU load ratio by 18%. Compared to the UDP and DPDK schemes, it lowers the average system latency by 21%, reduces the data transmission packet loss rate by 0.48%, and improves the overall system transmission throughput. This transmission optimization scheme can be applied in data centers and edge computing clusters to improve the communication performance of big data processing. Full article

With the increasing awareness of privacy protection, Virtual Private Networks (VPNs) are widely used to build a more secure communication tunnel. However, a traffic hijacking attack called blind in/on-path has seriously threatened the security of VPNs. Inspired by Moving Target Defense (MTD), Moving VPN architecture (MVPN) is designed to defend against such attacks. MVPN includes multiple nodes to encrypt and decrypt traffic to enhance reliability. Thus, the consistency judgment algorithm is proposed to make MVPN obtain the ability to perceive attacks. Moreover, according to the judgment result and the state update strategy, the MVPN state is dynamically changed so as to achieve the purpose of active defense. In addition, this paper also designs the multichannel packet classification mechanism and availability assurance strategy, which not only ensures the security and availability of the system but also reduces the performance loss caused by the defense strategy. The simulation verifies that MVPN architecture can reduce the success rate of blind in/on-path attacks by five orders of magnitude. In addition, we implemented and deployed MVPN based on the fast-forwarding framework of the Data Plane Development Kit (DPDK). Experiments in the real environment also show that the MVPN system can effectively prevent attackers from carrying out blind in/on-path attacks. Full article

Digitalization is one of the factors that affects the acceleration of the application of telecommunications technologies such as 5G. The 5G technology that has been developed today does not yet meet different performance and manageability standards, particularly for data center networks as a supportive technology. Software-defined networking (SDN) and network function virtualization (NFV) are two complementary technologies that are currently used by almost all data centers in the telecommunications industry to rectify performance and manageability issues. In this study, we deliver an integrated SDN-NFV architecture to simplify network management activities in telecommunication companies. To improve network performance at the computing level, we performed a modification of a networking system at the computing level, underlying NFV devices by replacing the default virtual switch with a data plane development kit (DPDK) and single root I/O virtualization (SR-IOV). This study evaluated the proposed architecture design in terms of network performance and manageability. Based on 30 days of observation in prime time, the proposed solution increased throughput up to 200 Mbps for the server leaf and 1.6 Gbps for the border leaf compared to the legacy architecture. Meanwhile, the latency decreased to 12 ms for the server leaf and 17 ms for the border leaf. For manageability, we tested three different scenarios and achieved savings of 13 min for Scenario 1, 22 min for Scenario 2 and 9 min for Scenario 3. Full article

Recently, many new network paths have been introduced while old paths are still in use. The trade-offs remain vague and should be further addressed. Since last decade, the Internet is playing a major role in people’s lives, and the demand on the Internet in all fields has increased rapidly. In order to get a fast and secure connection to the Internet, the networks providing the service should get faster and more reliable. Many network data paths have been proposed in order to achieve the previous objectives since the 1970s. It started with the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) and later followed by several more modern paths including Quick UDP Internet Connections (QUIC), remote direct memory access (RDMA), and the Data Plane Development Kit (DPDK). This raised the question on which data path should be adopted and based on which features. In this work, we try to answer this question using different perspectives such as the protocol techniques, latency and congestion control, head of line blocking, the achieved throughput, middleboxes consideration, loss recovery mechanisms, developer productivity, host resources utilization and targeted application. Full article

Information-centric networking (ICN) separates the identifier and locator of network entities, providing a natural advantage in supporting mobility. To gain the advantage of ICN to support mobility, an urgent challenge is the problem of practical implementation with performance optimization. Software-defined networking (SDN) can be regarded as infrastructure to implement ICN mobility. However, it is difficult for the centralized SDN controller to quickly process mobile signaling. Therefore, this paper proposes enhanced programmable data plane supporting ICN mobility. By offloading mobility-related control plane functions from the controller to the data plane, the data plane can locally process mobile signaling without interacting with the controller. We propose an offloading mechanism for control plane functions, based on a rule table, where the controller authorizes the data plane to process the mobile signaling by loading the programmable rule table to data plane’s control element, and the control element intercepts the mobile signaling, matches the predefined rule table, and executes a series of application logic actions. In addition, we propose an improved SmartSplit algorithm to manage the rule table and speed up packets matching the rule table. Based on Intel’s Data Plane Development Kit (DPDK), we implement the enhanced programmable data plane. Our experimental results prove that the proposed enhanced programmable data plane has a stronger ability to process mobile signaling and reduce latency. Full article

Software-defined networking (SDN) separates the control plane and the data plane, which provides network applications with global network topology and the flexibility to customize packet forwarding rules. SDN has a wide range of innovative applications in 5G, Internet of Things, and information center networks. However, the match-action programming model represented by OpenFlow/Protocol Oblivious Forwarding (POF) in SDN can only process limited types of data such as packets and metadata, making it hard to fulfill future network applications. In this paper, data type and data location are added in the matching fields and actions to make the match-action table (MAT) compatible with multiple types of data, hence improving the data plane’s programmability. Data type helps the MAT to perceive multiple types of data, allowing them to be processed by a single MAT. Data location allows MAT to be decoupled from data meaning, quickly locating specific data in the switch. Based on Intel’s Data Plane Development Kit (DPDK), we design and implement a pipeline that is compatible with multiple types of data processing. Protocol and data type oblivious match-action tables and atomic instructions are included in the pipeline. Experiments show that representing data with data type and data location makes the pipeline compatible with multiple types of data without sacrificing forwarding performance, fulfilling the needs of network applications to handle a variety of types of data while avoiding repeating hardware design. Full article

Internet of Things (IoT) technologies are undeniably already all around us, as we stand at the cusp of the next generation of IoT technologies. Indeed, the next-generation of IoT technologies are evolving before IoT technologies have been fully adopted, and smart dust IoT technology is one such example. The concept of smart dust IoT technology, which features very small devices with low computing power, is a revolutionary and innovative concept that enables many things that were previously unimaginable, but at the same time creates unresolved problems. One of the biggest problems is the bottlenecks in data transmission that can be caused by this large number of devices. The bottleneck problem was solved with the Dual Plane Development Kit (DPDK) architecture. However, the DPDK solution created an unexpected new problem, which is called the mixed packet problem. The mixed packet problem, which occurs when a large number of data packets and control packets mix and change at a rapid rate, can slow a system significantly. In this paper, we propose a dynamic partitioning algorithm that solves the mixed packet problem by physically separating the planes and using a learning algorithm to determine the ratio of separated planes. In addition, we propose a training data model eXtended Permuted Frame (XPF) that innovatively increases the number of training data to reflect the packet characteristics of the system. By solving the mixed packet problem in this way, it was found that the proposed dynamic partitioning algorithm performed about 72% better than the general DPDK environment, and 88% closer to the ideal environment. Full article