Dezhang Kong,Xiang Chen,Hang Lin,Zhengyan Zhou,Yi Shen,Hongyan Liu,Qiumei Cheng,Xuan Liu,Dong Zhang,Chunming Wu,Muhammad Khurram Khan

DOI: https://doi.org/10.1109/tnsm.2024.3504563

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:In-band Network Telemetry (INT) is a widely used monitoring framework in modern large-scale networks. It provides packet-level visibility into network conditions by inserting telemetry data into packets, enabling unprecedented fine-grained network management. However, this mechanism also introduces new vulnerabilities that malicious attackers can exploit. In this paper, we present eight In-band Network Telemetry Manipulation Attacks that take advantage of INT’s weakness, demonstrating that attackers can cause severe damage with little effort by manipulating INT packets. To address this issue, we designed SecureINT, a security-enhanced INT prototype that provides encryption and integrity verification for INT packets. Specifically, SecureINT deploys Even-Mansour and SipHash for confidentiality and integrity, respectively. It also uses a zero-delay rotation mechanism, which enables administrators to dynamically change the version of the deployed Even-Mansour/SipHash running on programmable switches without the need to re-install new programs. In this way, SecureINT can provide lasting security for INT packets using the limited resources of programmable switches. According to the experiments, SecureINT can be deployed on programmable switches using a single pipeline. Besides, the overhead of the rotation mechanism running on the control plane is still minimal.

Jiayi Cai,Hang Lin,Tingxin Sun,Zhengyan Zhou,Longlong Zhu,Haodong Chen,Jiajia Zhou,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/infocom52122.2024.10621221

2024-01-01

Abstract:The normal operation of data center network management tasks relies on accurate measurement of the network status. In-band Network Telemetry (INT) leverages programmable data planes to provide fine-grained and accurate network status. However, existing INT-related works have not considered the telemetry data required for dynamic adjustments of INT under uninterrupted conditions, including additions, deletions, and modifications. To address this issue, this paper proposes OpenINT, a lightweight and flexible In-band Network Telemetry system. The key innovation of OpenINT lies in decoupling telemetry operations in the data plane, using three generic sub-modules to achieve lightweight telemetry. Meanwhile, the control plane utilizes heuristic algorithms for dynamic planning to achieve near-optimal telemetry paths. Additionally, OpenINT provides primitives for defining network measurement tasks, which abstract the underlying telemetry architecture’s details, enabling network operator to conveniently access network status. A prototype of OpenINT is implemented on a programmable switch equipped with the Tofino chip. Experimental results demonstrate that OpenINT achieves highly flexible dynamic telemetry and significantly reduces network overhead.

Hongyan Liu,Xiang Chen,Yi Shen,Qun Huang,Zhengyan Zhou,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iwqos57198.2023.10188714

2023-01-01

Abstract:In programmable networks, some networking systems coordinate data plane switches to realize in-network functions (e.g., in-band network telemetry). However, the vulnerabilities of inter-device coordination are still largely unknown and neglected, which is highly concerning given the increasing popularity of this paradigm. In this paper, we identify three attack scenarios built upon such vulnerabilities, where attackers mislead the behaviors of networking systems that exploit inter-device coordination to execute in-network functions. We implement 20 existing networking systems on Tofino-based switches and a simulator, and attack these systems with the identified attacks. The experimental results indicate that our attacks significantly interfere with the normal operations of the selected networking systems, e.g., the cache hit rate of NetCache drops 38%. Our analysis also demonstrates that none of existing methods can fully mitigate our attacks since they fail to verify the packets for inter-device coordination.

Xinyue Jiang,Risheng Deng,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics53846.2021.00035

2021-01-01

Abstract:The large-scale distributed network has exposed increasing attack surfaces to cyber attackers. In this paper, we present a refined network measurement mechanism, called DDoS Collaborative Mitigation Mechanism (DDoSCCM). Based on former achievements in the programmable network, our work aims at capturing the characters of abnormal traffic and presenting an antedating reaction, constrained by limited resources of the switching ASIC. In-band Network Telemetry (INT) technique achieves real-time monitoring of the network by utilizing the device data acquisition on the data plane. Our work helps the network operator not only to learn the status of the network but also to issue an appropriate mitigation strategy faster and more accurately. DDoSCCM aims at delegating both detection and mitigation processes to the programmable switch. Consequently, the theoretical analysis and experimental results show that DDoSCCM can meet practical requirements and have a certain application value.

Tian Pan,Enge Song,Chenhao Jia,Wendi Cao,Tao Huang,Bin Liu

DOI: https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162684

2020-01-01

Abstract:In-band Network Telemetry (INT) enables hop-by hop device-internal state exposure for reliably maintaining and troubleshooting networks. For achieving network-wide telemetry, high-level orchestration over the INT primitive is further needed. Existing solutions either incur significant bandwidth overhead or fail to promptly handle link failures. In this work, we propose INT-label, a lightweight network-wide telemetry architecture without introducing probe packets. INT-label periodically labels device states onto sampled packets, which is cost-effective with minuscule bandwidth overhead and seamlessly adapts to topology changes. Preliminary evaluation on software P4 switches BMv2 suggests that INT-label can achieve 98.54% network-wide visibility coverage under a label frequency of 100 times per second.

Zichen Xu,Ziye Lu,Zuqing Zhu

DOI: https://doi.org/10.1109/tnet.2024.3448244

2024-01-01

Abstract:With the development of programmable data plane (PDP), in-band network telemetry (INT) has become a promising network monitoring technique to visualize network operations in a fine-grained and real-time way. In this work, to better balance the tradeoff between INT overheads and monitoring accuracy, we design and optimize an information-sensitive INT system (namely, P4InfoSen-INT), which makes each PDP switch decide locally whether and what type(s) of telemetry data should be inserted in a packet based on the “information content” of the data, and implement it in P4-based PDP switches. We first realize the basic principle of P4InfoSen-INT with P4 programs. Then, we propose algorithms to estimate the information content of telemetry data accurately in a dynamic network and optimize the tradeoff between INT overheads and monitoring accuracy. Finally, we further optimize the implementation of P4InfoSen-INT by proposing table merging to reduce stage occupation in each switch. Experimental results verify that our proposed P4InfoSen-INT can balance the tradeoff between INT overheads and monitoring accuracy better than existing benchmarks.

Shaofei Tang,Deyun Li,Bin Niu,Jianquan Peng,Zuqing Zhu

DOI: https://doi.org/10.1109/tnsm.2019.2953327

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:It is known that by leveraging programmable data plane, in-band network telemetry (INT) can be realized to provide a powerful and promising method to collect realtime network statistics for monitoring and troubleshooting. However, existing INT implementations still exhibit a few drawbacks such as lack of runtime-programmability and relatively high overheads due to per-packet operation. In this work, we propose and design a runtime-programmable selective INT system, namely, Sel-INT, to resolve these issues. Specifically, we first design a runtime-programmable selective INT scheme based on protocol oblivious forwarding (POF), and then prototype our design by extending the famous OpenvSwitch (OVS) platform to obtain a software switch that supports Sel-INT and implementing a Data Analyzer to parse, extract and analyze the INT data. Our implementation of Sel-INT is verified and evaluated in a real network testbed that consists of a few stand-alone software switches. The experimental results demonstrate that Sel-INT can not only adjust the sampling rate of INT in runtime but also program the corresponding data types dynamically, and they also confirm that our proposal can ensure proper accuracy and timeliness for network monitoring while greatly reducing the overheads of INT.

Jonathan Vestin,Andreas Kassler,Deval Bhamare,Karl-Johan Grinnemo,Jan-Olof Andersson,Gergely Pongracz

DOI: https://doi.org/10.1109/cloudnet47604.2019.9064137

2019-11-01

Abstract:In-Band Network Telemetry (INT) is a novel framework for collecting telemetry items and switch internal state information from the data plane at line rate. With the support of programmable data planes and programming language P4, switches parse telemetry instruction headers and determine which telemetry items to attach using custom metadata. At the network edge, telemetry information is removed and the original packets are forwarded while telemetry reports are sent to a distributed stream processor for further processing by a network monitoring platform. In order to avoid excessive load on the stream processor, telemetry items should not be sent for each individual packet but rather when certain events are triggered. In this paper, we develop a programmable INT event detection mechanism in P4 that allows customization of which events to report to the monitoring system, on a per-flow basis, from the control plane. At the stream processor, we implement a fast INT report collector using the kernel bypass technique AF_XDP, which parses telemetry reports and streams them to a distributed Kafka cluster, which can apply machine learning, visualization and further monitoring tasks. In our evaluation, we use real-world traces from different data center workloads and show that our approach is highly scalable and significantly reduces the network overhead and stream processor load due to effective event pre-filtering inside the switch data plane. While the INT report collector can process around 3 Mpps telemetry reports per core, using event pre-filtering increases the capacity by 10-15x.

Siyuan Sheng,Qun Huang,Patrick P. C. Lee

DOI: https://doi.org/10.1109/icnp52444.2021.9651963

2021-11-01

Abstract:In-band network telemetry (INT) enriches network management at scale through the embedding of complete device-internal states into each packet along its forwarding path, yet such embedding of INT information also incurs significant band-width overhead in the data plane. We propose DeltaINT, a general INT framework that achieves extremely low bandwidth overhead and supports various packet-level and flow-level applications in network management. DeltaINT builds on the insight that state changes are often negligible at most time, so it embeds a state into a packet only when the state change is deemed significant. We theoretically derive the time/space complexities and the bounds of bandwidth mitigation for DeltaINT. We implement DeltaINT in both software and P4. Our evaluation shows that DeltaINT reduces up to 93% of INT bandwidth, and its deployment in a Barefoot Tofino switch incurs limited hardware resource usage.

Mingtao Ji,Chenwei Su,Yuting Yan,Zhuzhong Qian,Sheng Zhang,Yu Chen,Tuo Cao,Xiaohang Shi,Luis Vasquez,Baoliu Ye

DOI: https://doi.org/10.1109/iwqos57198.2023.10188738

2023-01-01

Abstract:In-band Network Telemetry (INT) is proposed to detect networks via injecting specific probes to collect the hop-by-hop metadata within programmable switches. But there exist multiple challenges to conducting INT at Computing Power Network, such as control decisions of different INT frequencies, and the unforeseeable INT query workloads. In this study, we formulate an online non-linear time-varying integer programming problem that aims to maximize the overall quality of service through both frequency selection and INT query workload distribution. To achieve this, we propose an online learning, INTService, which utilizes a primal-dual mechanism to make fractional decisions. At last, extensive evaluations show that our proposed INTService exhibits up-lift performance 40% on average over other state-of-the-art algorithms.

Ruihao Wang,Yunsenxiao Lin,Andong Chen,Yangyang Wang,Mingwei Xu,Pingping Chen,Bowen Liu,Yongfeng Ni,Shaowen Zheng,Kehan Yao

DOI: https://doi.org/10.1109/icnp59255.2023.10355635

2023-01-01

Abstract:The In-band Network Telemetry (INT) provides unprecedented network visibility by encapsulating fine-grained device-internal status into packet headers. Existing efforts proposed to reduce the telemetry cost can either monitor a small part of flows and links, or require complex calculation supported by programmable switches. In this paper, we propose SD-INT (Self-Driving INT), a lightweight network-wide passive INT system, which can be readily deployed based on commodity switches. The key idea of SD-INT is to reduce two dimensions of redundancy in the INT data which we have observed. Furthermore, the optimized INT is conducted in a self-driving system, adjusting the INT strategy according to the feedback of INT result history. In addition to the mechanism, we design the latency-hiding technology and a suite of efficient algorithms for flow selection and sampling ratio adaptation. These designs enable us to keep the monitoring overhead under a reasonable level, while still collecting network-wide fine-grained telemetry data. Further, we prototype and evaluate SD-INT with both large-scale simulations and testbed deployment. Experiments for both TCP(Transmission Control Protocol) and RDMA(Remote Direct Memory Access) flows show that SD-INT reduces orders of magnitude data volume while achieves similar link coverage compared with INT. Besides, compared with the relevant technologies based on programmable switches, SD-INT is competitive in reducing the data volume.

Yongning Tang,Yangxuan Wu,Guang Cheng,Zhiwei Xu

DOI: https://doi.org/10.1109/hpsr.2019.8808121

2019-01-01

Abstract:Intelligent Fault localization for SDN becomes one of the most critical but difficult tasks. This paper proposes a new approach called Policy-Aware In-band Network Telemetry (PAINT) to tackle SDN fault localization. In the PAINT system, network operators define and deploy network services using a high-level Service Provisioning Language (SPL). Then, PAINT automatically parses the service policy to infer the causal relationship between service related network components and (end-to-end) service-level observable symptoms. Based on the causality model, PAINT deploys monitoring instruments for the symptoms. PAINT utilizes a dynamically created Symptom-Fault-Telemetry model to incorporate In-band Network Telemetry (INT) actions systematically into the fault reasoning process to improve the efficiency and accuracy of fault localization for SDN. PAINT has been extensively evaluated in a simulation environment for its accuracy and scalability with very positive results.

Dongeun Suh,Seokwon Jang,Sol Han,Sangheon Pack,Xiaofei Wang

DOI: https://doi.org/10.1016/j.icte.2019.08.005

IF: 4.754

2020-03-01

ICT Express

Abstract:<p>In-band network telemetry (INT) is an emerging network monitoring framework based on a protocol-independent packet processor (P4). Network devices can be programmed with a domain-specific language to embed switch- internal states into data packets as they traverse through networks. However, the current P4-based INT does not support a sampling; thus, INT headers should be augmented for all incoming packets, which will incur high overhead in a large-scale network. In this paper, we propose a flexible sampling-based INT (FS-INT) scheme to address the aforementioned issues. Simulation results show that FS-INT can reduce the protocol overhead in a controlled manner while providing sufficiently high accuracy.</p>

computer science, information systems,telecommunications

Goksel Simsek,Doğanalp Ergenç,Ertan Onur

DOI: https://doi.org/10.48550/arXiv.2212.14876

2022-12-31

Abstract:Traditional network monitoring solutions usually lack of scalability due to their centralized nature collecting heartbeats from all network components via a single controller. As a solution, In-Band Network Telemetry (INT) framework has been recently proposed to collect network telemetry information more autonomously and distributedly by employing programmable switches. However, it imposes further challenges to (i) find suitable INT paths to optimize the control overhead and information freshness and (ii) ensure reliable delivery of control information over multi-hop INT paths. In this work, we propose a monitoring scheme, reliable Graph Partitioned INT (GPINT), by extending our previous work and integrating shared queue ring (SQR) as a reliability feature against potential failures in network telemetry collection due to network congestion and link degradation that may cause loss of the visibility of the network. We implement our proposal in a recent data plane programming language P4, and compare it with traditional Simple Network Management Protocol (SNMP) and also another state-of-the-art study employing Euler's method for INT path generation. Our analysis first shows the importance of having a data recovery mechanism against packet losses under different network conditions. Then, our emulation results indicate that GPINT with reliability extension performs much better than its opponent in terms of telemetry collection latency and overhead monitoring scheme even under a high amount of packet losses.

Networking and Internet Architecture

Tian Pan,Enge Song,Zizheng Bian,Xingchen Lin,Xiaoyu Peng,Jiao Zhang,Tao Huang,Bin Liu,Yunjie Liu

DOI: https://doi.org/10.1109/infocom.2019.8737529

2019-04-01

Abstract:With the ever-increasing complexity of networks, fine-grained network monitoring enables better network reliability and timely feedback control. The In-band Network Telemetry (INT) allows cost-effective network monitoring by encapsulating device-internal states into probe packets. However, INT only specifies an underlying device-level primitive while how to achieve network-wide traffic monitoring remains undefined. In this work, we propose INT-path, a network-wide telemetry framework, by decoupling the system into a routing mechanism and a routing path generation policy. Specifically, we embed source routing into INT probes to allow specifying the route the probe packet takes through the network. Above the mechanism, we develop an Euler trail-based path planning policy to generate non-overlapped INT paths that cover the entire network with a minimum path number. Besides, an exhaustive analysis of algorithm’s run-time complexity is also provided. INT-path can “encode” the network-wide traffic status into a series of “bitmap images”, transforming network troubleshooting into pattern recognition problems. INT-path is very suitable for deployment in data center networks thanks to their symmetric network topologies.

Dezhang Kong,Yi Shen,Xiang Chen,Qiumei Cheng,Hongyan Liu,Dong Zhang,Xuan Liu,Shuangxi Chen,Chunming Wu

DOI: https://doi.org/10.1109/tnet.2022.3203561

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The topology discovery service in Software-Defined Networking (SDN) provides the controller with a global view of the substrate network topology, allowing for central management of the entire network. Unfortunately, emerging topology attacks can poison the network topology and result in unforeseeable disasters. Although researchers have made great efforts to mitigate this problem, security hazards still exist. In this paper, we propose Invisible Assailant Attack (IAA), the first combination topology attack capable of injecting and maintaining fake links even when 12 existing defense strategies are deployed simultaneously. IAA consists of 14 attack phases that apply multiple attack strategies. Attackers skillfully disguise the attack traffic in each phase so that it looks like normal network traffic, and perform these phases in a well-planned sequence, thereby bypassing existing defenses step by step. To mitigate this attack, we propose a Route Path Verification (RPV) mechanism that orchestrates multiple defense strategies to identify fake links. According to the experiments, RPV can successfully detect IAA with low overhead: its detection completes within 1 ms while its per-flow storage consumption is only a few KB.

Zhixin Xie,Chen Yan,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1145/3607199.3607249

2023-01-01

Abstract:Wired serial communication protocols such as UART are widely used in today’s IoT systems for their simple connection and good industry ecology. However, due to the simplicity of these protocols, they are vulnerable to attacks that falsify the communication. In this work, we propose the BitDance attack that can arbitrarily flip the bits of serial communication without any physical contact utilizing intentional electromagnetic interference (IEMI). We describe the physical process of how electromagnetic interference influences the voltage, build up a model to demonstrate the bit-level control principle of our work, and implement the attack on 6 different sensors with UART, a widely used serial communication protocol. The result shows we can inject bit-level information and disable legitimate communication from the system with a maximum success rate of 45.4 and 100. Finally, we propose countermeasures to mitigate the impact of this attack.

Konstantinos Papadopoulos,Panagiotis Papadimitriou

DOI: https://doi.org/10.1109/access.2024.3385674

IF: 3.9

2024-04-16

IEEE Access

Abstract:The increasing need for high-precision monitoring and network-wide observability has spurred significant interest in In-Band Network Telemetry (INT), which empowers the collection of monitoring data directly from the dataplane, thus, alleviating the various shortcomings of passive monitoring techniques. INT, in some of its initial forms (e.g., P4-INT), tends to accumulate per-hop telemetry values within each packet, introducing substantial transmission overhead. Recent efforts to alleviate this shortcoming spread per-hop telemetry values among multiple packets, but eventually cause other implications, such as INT data redundancy or collisions during state lookup, stemming from the probabilistic data structures that they employ. Along these lines, we stress on the need for a lightweight INT approach with deterministic behavior. To this end, we present a new INT approach (Controller-Assisted Lightweight In-Band Network Telemetry – CLINT) that relies on a telemetry controller for the coordination of INT nodes, through the update of telemetry states, which indicate at each instance the telemetry action that should be applied to each incoming packet. We discuss in detail the operation of CLINT, as well as its prototype implementation using P4 BMv2 and the P4Runtime API. Our evaluation results indicate that CLINT outperforms two state-of-the-art lightweight INT techniques (i.e., PINT and DLINT) in terms of monitoring efficiency and network update detection, while maintaining an insignificant control communication overhead.

computer science, information systems,telecommunications,engineering, electrical & electronic

Junchi Xing,Mingliang Yang,Haifeng Zhou,Chunming Wu,Wei Ruan

DOI: https://doi.org/10.1109/IPCCC47392.2019.8958776

2019-01-01

Abstract:Network reconnaissance aims at gathering as much information as possible before an attack is launched. Meanwhile, static host address configuration facilitates network reconnaissance. Currently, more sophisticated network reconnaissance has been emerged with the adaptive and cooperative features. To address this, in this paper, we present Hiding and Trapping (HaT), which is a deceptive approach to disrupt adversarial network reconnaissance with the help of the software-defined networking (SDN) paradigm. HaT is able to hide valuable hosts from attackers and to trap them into decoy nodes through strategic and holistic host address mutation according to characteristic of adversaries. We implement a prototype of HaT, and evaluate its performance by experiments. The experimental results show that HaT is capable to effectively disrupt adversarial network reconnaissance with better deceptive performance than the existing address randomization approach.

Shaofei Tang,Sicheng Zhao,Xiaoqin Pan,Zuqing Zhu

DOI: https://doi.org/10.1109/tnet.2022.3194086

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:As a promising network monitoring technique, in-band network telemetry (INT) helps to visualize networks in a fine-grained and real-time manner. Meanwhile, to address the overheads of INT, people have proposed a few selective INT (Sel-INT) approaches that only select a portion of packets in each flow to insert INT fields and distribute different types of INT fields over the selected packets. In this paper, we study how to use Sel-INT wisely in a network such that the tradeoff between monitoring accuracy/coverage and INT overheads can be balanced well. Specifically, we try to orchestrate the Sel-INT schemes of flows in both network- and flow-levels. For the network-level optimization, we model it as an INT planning problem in which the Sel-INT schemes of flows should be determined to maximize the information gain of INT as well as minimize the bandwidth overheads of INT. We formulate an integer linear programming (ILP) model to tackle the problem, prove its $\mathcal {N} \mathcal {P}$ -hardness, and leverage Lagrangian relaxation to design a polynomial-time approximation algorithm for it. The flow-level optimization considers a dynamic network environment, and we propose to combine deep learning (DL) based traffic prediction with Sel-INT, such that the Sel-INT scheme of each individual flow can be updated timely and adaptively. We implement the proposal in a small but real network testbed and experimentally demonstrate self-adaptive orchestration of Sel-INT with it.