Dezhang Kong,Zhengyan Zhou,Yi Shen,Xiang Chen,Qiumei Cheng,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/IWQoS57198.2023.10188809

2023-01-01

Abstract:In-band Network Telemetry (INT) is a widely used monitoring framework in modern large-scale networks that provides fine-grained visibility into network conditions by inserting telemetry data into packets. However, this mechanism also introduces new vulnerabilities that malicious attackers can exploit. In this paper, we present four In-band Network Telemetry Manipulation Attacks that take advantage of INT's weakness, demonstrating that attackers can cause severe damage with little effort by manipulating INT packets. To address this issue, we design SecureINT, a novel INT prototype that ensures confidentiality and integrity for INT packets. To meet the stringent computational requirements of programmable switches, we comprehensively analyze possible attacks on the deployed encryption/hash algorithms and modify them accordingly without compromising their security. According to the experiments, SecureINT can be deployed on programmable switches using a single pipeline, providing encryption and integrity verification for INT packets with minimal overhead.

Jiayi Cai,Hang Lin,Tingxin Sun,Zhengyan Zhou,Longlong Zhu,Haodong Chen,Jiajia Zhou,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/infocom52122.2024.10621221

2024-01-01

Abstract:The normal operation of data center network management tasks relies on accurate measurement of the network status. In-band Network Telemetry (INT) leverages programmable data planes to provide fine-grained and accurate network status. However, existing INT-related works have not considered the telemetry data required for dynamic adjustments of INT under uninterrupted conditions, including additions, deletions, and modifications. To address this issue, this paper proposes OpenINT, a lightweight and flexible In-band Network Telemetry system. The key innovation of OpenINT lies in decoupling telemetry operations in the data plane, using three generic sub-modules to achieve lightweight telemetry. Meanwhile, the control plane utilizes heuristic algorithms for dynamic planning to achieve near-optimal telemetry paths. Additionally, OpenINT provides primitives for defining network measurement tasks, which abstract the underlying telemetry architecture’s details, enabling network operator to conveniently access network status. A prototype of OpenINT is implemented on a programmable switch equipped with the Tofino chip. Experimental results demonstrate that OpenINT achieves highly flexible dynamic telemetry and significantly reduces network overhead.

Xinyue Jiang,Risheng Deng,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics53846.2021.00035

2021-01-01

Abstract:The large-scale distributed network has exposed increasing attack surfaces to cyber attackers. In this paper, we present a refined network measurement mechanism, called DDoS Collaborative Mitigation Mechanism (DDoSCCM). Based on former achievements in the programmable network, our work aims at capturing the characters of abnormal traffic and presenting an antedating reaction, constrained by limited resources of the switching ASIC. In-band Network Telemetry (INT) technique achieves real-time monitoring of the network by utilizing the device data acquisition on the data plane. Our work helps the network operator not only to learn the status of the network but also to issue an appropriate mitigation strategy faster and more accurately. DDoSCCM aims at delegating both detection and mitigation processes to the programmable switch. Consequently, the theoretical analysis and experimental results show that DDoSCCM can meet practical requirements and have a certain application value.

Hongyan Liu,Xiang Chen,Yi Shen,Qun Huang,Zhengyan Zhou,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iwqos57198.2023.10188714

2023-01-01

Abstract:In programmable networks, some networking systems coordinate data plane switches to realize in-network functions (e.g., in-band network telemetry). However, the vulnerabilities of inter-device coordination are still largely unknown and neglected, which is highly concerning given the increasing popularity of this paradigm. In this paper, we identify three attack scenarios built upon such vulnerabilities, where attackers mislead the behaviors of networking systems that exploit inter-device coordination to execute in-network functions. We implement 20 existing networking systems on Tofino-based switches and a simulator, and attack these systems with the identified attacks. The experimental results indicate that our attacks significantly interfere with the normal operations of the selected networking systems, e.g., the cache hit rate of NetCache drops 38%. Our analysis also demonstrates that none of existing methods can fully mitigate our attacks since they fail to verify the packets for inter-device coordination.

Shaofei Tang,Deyun Li,Bin Niu,Jianquan Peng,Zuqing Zhu

DOI: https://doi.org/10.1109/tnsm.2019.2953327

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:It is known that by leveraging programmable data plane, in-band network telemetry (INT) can be realized to provide a powerful and promising method to collect realtime network statistics for monitoring and troubleshooting. However, existing INT implementations still exhibit a few drawbacks such as lack of runtime-programmability and relatively high overheads due to per-packet operation. In this work, we propose and design a runtime-programmable selective INT system, namely, Sel-INT, to resolve these issues. Specifically, we first design a runtime-programmable selective INT scheme based on protocol oblivious forwarding (POF), and then prototype our design by extending the famous OpenvSwitch (OVS) platform to obtain a software switch that supports Sel-INT and implementing a Data Analyzer to parse, extract and analyze the INT data. Our implementation of Sel-INT is verified and evaluated in a real network testbed that consists of a few stand-alone software switches. The experimental results demonstrate that Sel-INT can not only adjust the sampling rate of INT in runtime but also program the corresponding data types dynamically, and they also confirm that our proposal can ensure proper accuracy and timeliness for network monitoring while greatly reducing the overheads of INT.

Ruihao Wang,Yunsenxiao Lin,Andong Chen,Yangyang Wang,Mingwei Xu,Pingping Chen,Bowen Liu,Yongfeng Ni,Shaowen Zheng,Kehan Yao

DOI: https://doi.org/10.1109/icnp59255.2023.10355635

2023-01-01

Abstract:The In-band Network Telemetry (INT) provides unprecedented network visibility by encapsulating fine-grained device-internal status into packet headers. Existing efforts proposed to reduce the telemetry cost can either monitor a small part of flows and links, or require complex calculation supported by programmable switches. In this paper, we propose SD-INT (Self-Driving INT), a lightweight network-wide passive INT system, which can be readily deployed based on commodity switches. The key idea of SD-INT is to reduce two dimensions of redundancy in the INT data which we have observed. Furthermore, the optimized INT is conducted in a self-driving system, adjusting the INT strategy according to the feedback of INT result history. In addition to the mechanism, we design the latency-hiding technology and a suite of efficient algorithms for flow selection and sampling ratio adaptation. These designs enable us to keep the monitoring overhead under a reasonable level, while still collecting network-wide fine-grained telemetry data. Further, we prototype and evaluate SD-INT with both large-scale simulations and testbed deployment. Experiments for both TCP(Transmission Control Protocol) and RDMA(Remote Direct Memory Access) flows show that SD-INT reduces orders of magnitude data volume while achieves similar link coverage compared with INT. Besides, compared with the relevant technologies based on programmable switches, SD-INT is competitive in reducing the data volume.

Tian Pan,Enge Song,Chenhao Jia,Wendi Cao,Tao Huang,Bin Liu

DOI: https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162684

2020-01-01

Abstract:In-band Network Telemetry (INT) enables hop-by hop device-internal state exposure for reliably maintaining and troubleshooting networks. For achieving network-wide telemetry, high-level orchestration over the INT primitive is further needed. Existing solutions either incur significant bandwidth overhead or fail to promptly handle link failures. In this work, we propose INT-label, a lightweight network-wide telemetry architecture without introducing probe packets. INT-label periodically labels device states onto sampled packets, which is cost-effective with minuscule bandwidth overhead and seamlessly adapts to topology changes. Preliminary evaluation on software P4 switches BMv2 suggests that INT-label can achieve 98.54% network-wide visibility coverage under a label frequency of 100 times per second.

Yongning Tang,Yangxuan Wu,Guang Cheng,Zhiwei Xu

DOI: https://doi.org/10.1109/hpsr.2019.8808121

2019-01-01

Abstract:Intelligent Fault localization for SDN becomes one of the most critical but difficult tasks. This paper proposes a new approach called Policy-Aware In-band Network Telemetry (PAINT) to tackle SDN fault localization. In the PAINT system, network operators define and deploy network services using a high-level Service Provisioning Language (SPL). Then, PAINT automatically parses the service policy to infer the causal relationship between service related network components and (end-to-end) service-level observable symptoms. Based on the causality model, PAINT deploys monitoring instruments for the symptoms. PAINT utilizes a dynamically created Symptom-Fault-Telemetry model to incorporate In-band Network Telemetry (INT) actions systematically into the fault reasoning process to improve the efficiency and accuracy of fault localization for SDN. PAINT has been extensively evaluated in a simulation environment for its accuracy and scalability with very positive results.

Siyuan Sheng,Qun Huang,Patrick P. C. Lee

DOI: https://doi.org/10.1109/icnp52444.2021.9651963

2021-11-01

Abstract:In-band network telemetry (INT) enriches network management at scale through the embedding of complete device-internal states into each packet along its forwarding path, yet such embedding of INT information also incurs significant band-width overhead in the data plane. We propose DeltaINT, a general INT framework that achieves extremely low bandwidth overhead and supports various packet-level and flow-level applications in network management. DeltaINT builds on the insight that state changes are often negligible at most time, so it embeds a state into a packet only when the state change is deemed significant. We theoretically derive the time/space complexities and the bounds of bandwidth mitigation for DeltaINT. We implement DeltaINT in both software and P4. Our evaluation shows that DeltaINT reduces up to 93% of INT bandwidth, and its deployment in a Barefoot Tofino switch incurs limited hardware resource usage.

Zichen Xu,Ziye Lu,Zuqing Zhu

DOI: https://doi.org/10.1109/tnet.2024.3448244

2024-01-01

Abstract:With the development of programmable data plane (PDP), in-band network telemetry (INT) has become a promising network monitoring technique to visualize network operations in a fine-grained and real-time way. In this work, to better balance the tradeoff between INT overheads and monitoring accuracy, we design and optimize an information-sensitive INT system (namely, P4InfoSen-INT), which makes each PDP switch decide locally whether and what type(s) of telemetry data should be inserted in a packet based on the “information content” of the data, and implement it in P4-based PDP switches. We first realize the basic principle of P4InfoSen-INT with P4 programs. Then, we propose algorithms to estimate the information content of telemetry data accurately in a dynamic network and optimize the tradeoff between INT overheads and monitoring accuracy. Finally, we further optimize the implementation of P4InfoSen-INT by proposing table merging to reduce stage occupation in each switch. Experimental results verify that our proposed P4InfoSen-INT can balance the tradeoff between INT overheads and monitoring accuracy better than existing benchmarks.

Jonathan Vestin,Andreas Kassler,Deval Bhamare,Karl-Johan Grinnemo,Jan-Olof Andersson,Gergely Pongracz

DOI: https://doi.org/10.1109/cloudnet47604.2019.9064137

2019-11-01

Abstract:In-Band Network Telemetry (INT) is a novel framework for collecting telemetry items and switch internal state information from the data plane at line rate. With the support of programmable data planes and programming language P4, switches parse telemetry instruction headers and determine which telemetry items to attach using custom metadata. At the network edge, telemetry information is removed and the original packets are forwarded while telemetry reports are sent to a distributed stream processor for further processing by a network monitoring platform. In order to avoid excessive load on the stream processor, telemetry items should not be sent for each individual packet but rather when certain events are triggered. In this paper, we develop a programmable INT event detection mechanism in P4 that allows customization of which events to report to the monitoring system, on a per-flow basis, from the control plane. At the stream processor, we implement a fast INT report collector using the kernel bypass technique AF_XDP, which parses telemetry reports and streams them to a distributed Kafka cluster, which can apply machine learning, visualization and further monitoring tasks. In our evaluation, we use real-world traces from different data center workloads and show that our approach is highly scalable and significantly reduces the network overhead and stream processor load due to effective event pre-filtering inside the switch data plane. While the INT report collector can process around 3 Mpps telemetry reports per core, using event pre-filtering increases the capacity by 10-15x.

Dongeun Suh,Seokwon Jang,Sol Han,Sangheon Pack,Xiaofei Wang

DOI: https://doi.org/10.1016/j.icte.2019.08.005

IF: 4.754

2020-03-01

ICT Express

Abstract:<p>In-band network telemetry (INT) is an emerging network monitoring framework based on a protocol-independent packet processor (P4). Network devices can be programmed with a domain-specific language to embed switch- internal states into data packets as they traverse through networks. However, the current P4-based INT does not support a sampling; thus, INT headers should be augmented for all incoming packets, which will incur high overhead in a large-scale network. In this paper, we propose a flexible sampling-based INT (FS-INT) scheme to address the aforementioned issues. Simulation results show that FS-INT can reduce the protocol overhead in a controlled manner while providing sufficiently high accuracy.</p>

computer science, information systems,telecommunications

Goksel Simsek,Doğanalp Ergenç,Ertan Onur

DOI: https://doi.org/10.48550/arXiv.2212.14876

2022-12-31

Abstract:Traditional network monitoring solutions usually lack of scalability due to their centralized nature collecting heartbeats from all network components via a single controller. As a solution, In-Band Network Telemetry (INT) framework has been recently proposed to collect network telemetry information more autonomously and distributedly by employing programmable switches. However, it imposes further challenges to (i) find suitable INT paths to optimize the control overhead and information freshness and (ii) ensure reliable delivery of control information over multi-hop INT paths. In this work, we propose a monitoring scheme, reliable Graph Partitioned INT (GPINT), by extending our previous work and integrating shared queue ring (SQR) as a reliability feature against potential failures in network telemetry collection due to network congestion and link degradation that may cause loss of the visibility of the network. We implement our proposal in a recent data plane programming language P4, and compare it with traditional Simple Network Management Protocol (SNMP) and also another state-of-the-art study employing Euler's method for INT path generation. Our analysis first shows the importance of having a data recovery mechanism against packet losses under different network conditions. Then, our emulation results indicate that GPINT with reliability extension performs much better than its opponent in terms of telemetry collection latency and overhead monitoring scheme even under a high amount of packet losses.

Networking and Internet Architecture

Jiayi Cai,Zhengyan Zhou,Tingxin Sun,Jiashuo Yu,Longlong Zhu,Zizhao Wang,Chengze Li,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/icc45041.2023.10279279

2023-01-01

Abstract:Network management tasks rely on precise and fine-grained network information to make correct and appropriate decisions. These tasks (e.g., DDoS detection) require network information with multiple flow definitions to better manage the network. However, the existing works mainly focus on the query of multiple flow definitions on a single switch, without a thoughtful solution for this query in network-wide measurement. In this paper, to address this problem, we overcome several challenges and propose MINT, a system that enables the query for multiple flow definitions in network-wide measurement. The key insights of MINT are: deploying MFSketch to measure multiple flow definitions information on the switch, cutting MFSketch into fixed-size slices, and using in-band telemetry (INT) to carry the slice to the analyzer. Therefore, after the analyzer collects and reorganizes the slices, network operators can query multiple flow definitions information of the whole network for various network management tasks. We implemented a prototype of MINT on a Barefoot Tofino switch. Experimental results show that MINT provides reliable transmission and consistency guarantees while only using switch resources comparable to state-of-the-art works, with less than 1% additional network overhead. Additionally, MFSketch provides accurate measurements for multiple flow definitions query, outperforming other solutions in both accuracy and F1 score.

Mingtao Ji,Chenwei Su,Yuting Yan,Zhuzhong Qian,Sheng Zhang,Yu Chen,Tuo Cao,Xiaohang Shi,Luis Vasquez,Baoliu Ye

DOI: https://doi.org/10.1109/iwqos57198.2023.10188738

2023-01-01

Abstract:In-band Network Telemetry (INT) is proposed to detect networks via injecting specific probes to collect the hop-by-hop metadata within programmable switches. But there exist multiple challenges to conducting INT at Computing Power Network, such as control decisions of different INT frequencies, and the unforeseeable INT query workloads. In this study, we formulate an online non-linear time-varying integer programming problem that aims to maximize the overall quality of service through both frequency selection and INT query workload distribution. To achieve this, we propose an online learning, INTService, which utilizes a primal-dual mechanism to make fractional decisions. At last, extensive evaluations show that our proposed INTService exhibits up-lift performance 40% on average over other state-of-the-art algorithms.

Tian Pan,Enge Song,Zizheng Bian,Xingchen Lin,Xiaoyu Peng,Jiao Zhang,Tao Huang,Bin Liu,Yunjie Liu

DOI: https://doi.org/10.1109/infocom.2019.8737529

2019-04-01

Abstract:With the ever-increasing complexity of networks, fine-grained network monitoring enables better network reliability and timely feedback control. The In-band Network Telemetry (INT) allows cost-effective network monitoring by encapsulating device-internal states into probe packets. However, INT only specifies an underlying device-level primitive while how to achieve network-wide traffic monitoring remains undefined. In this work, we propose INT-path, a network-wide telemetry framework, by decoupling the system into a routing mechanism and a routing path generation policy. Specifically, we embed source routing into INT probes to allow specifying the route the probe packet takes through the network. Above the mechanism, we develop an Euler trail-based path planning policy to generate non-overlapped INT paths that cover the entire network with a minimum path number. Besides, an exhaustive analysis of algorithm’s run-time complexity is also provided. INT-path can “encode” the network-wide traffic status into a series of “bitmap images”, transforming network troubleshooting into pattern recognition problems. INT-path is very suitable for deployment in data center networks thanks to their symmetric network topologies.

Dezhang Kong,Yi Shen,Xiang Chen,Qiumei Cheng,Hongyan Liu,Dong Zhang,Xuan Liu,Shuangxi Chen,Chunming Wu

DOI: https://doi.org/10.1109/tnet.2022.3203561

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The topology discovery service in Software-Defined Networking (SDN) provides the controller with a global view of the substrate network topology, allowing for central management of the entire network. Unfortunately, emerging topology attacks can poison the network topology and result in unforeseeable disasters. Although researchers have made great efforts to mitigate this problem, security hazards still exist. In this paper, we propose Invisible Assailant Attack (IAA), the first combination topology attack capable of injecting and maintaining fake links even when 12 existing defense strategies are deployed simultaneously. IAA consists of 14 attack phases that apply multiple attack strategies. Attackers skillfully disguise the attack traffic in each phase so that it looks like normal network traffic, and perform these phases in a well-planned sequence, thereby bypassing existing defenses step by step. To mitigate this attack, we propose a Route Path Verification (RPV) mechanism that orchestrates multiple defense strategies to identify fake links. According to the experiments, RPV can successfully detect IAA with low overhead: its detection completes within 1 ms while its per-flow storage consumption is only a few KB.

Siyuan Sheng,Qun Huang,Patrick P. C. Lee

DOI: https://doi.org/10.1016/j.comnet.2023.109573

IF: 5.493

2023-01-01

Computer Networks

Abstract:In-band network telemetry (INT) enriches network management at scale through the embedding of complete device-internal states into each packet along its forwarding path, yet such embedding of INT information also incurs significant bandwidth overhead in the data plane. We propose DeltaINT, a general INT framework that achieves extremely low bandwidth overhead and supports various packet-level and flow-level applications in network management. DeltaINTbuilds on the insight that state changes are often negligible at most time, so it embeds the complete state information into a packet only when the state change is deemed significant. We propose two variants for DeltaINTthat trade between bandwidth usage and measurement accuracy, while both variants achieve significantly lower bandwidth overhead than the original INT framework. We theoretically derive the time/space complexities and the guarantees of bandwidth mitigation for DeltaINT. We implement DeltaINTin both software and P4. Our evaluation shows that DeltaINTsignificantly mitigates the bandwidth overhead, and the deployment in a Tofino switch incurs limited hardware resource usage.

Shaofei Tang,Sicheng Zhao,Xiaoqin Pan,Zuqing Zhu

DOI: https://doi.org/10.1109/tnet.2022.3194086

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:As a promising network monitoring technique, in-band network telemetry (INT) helps to visualize networks in a fine-grained and real-time manner. Meanwhile, to address the overheads of INT, people have proposed a few selective INT (Sel-INT) approaches that only select a portion of packets in each flow to insert INT fields and distribute different types of INT fields over the selected packets. In this paper, we study how to use Sel-INT wisely in a network such that the tradeoff between monitoring accuracy/coverage and INT overheads can be balanced well. Specifically, we try to orchestrate the Sel-INT schemes of flows in both network- and flow-levels. For the network-level optimization, we model it as an INT planning problem in which the Sel-INT schemes of flows should be determined to maximize the information gain of INT as well as minimize the bandwidth overheads of INT. We formulate an integer linear programming (ILP) model to tackle the problem, prove its $\mathcal {N} \mathcal {P}$ -hardness, and leverage Lagrangian relaxation to design a polynomial-time approximation algorithm for it. The flow-level optimization considers a dynamic network environment, and we propose to combine deep learning (DL) based traffic prediction with Sel-INT, such that the Sel-INT scheme of each individual flow can be updated timely and adaptively. We implement the proposal in a small but real network testbed and experimentally demonstrate self-adaptive orchestration of Sel-INT with it.

Qitao Zheng,Shaofei Tang,Bofan Chen,Zuqing Zhu

DOI: https://doi.org/10.1109/tnsm.2021.3069000

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:The rapid development of software-defined networking (SDN) has promoted the idea of programmable data plane (PDP), which opens up unprecedented opportunities for realizing powerful and timely network monitoring. This work explores the advantages of PDP to merge two famous techniques (i.e., the segment routing (SR) and in-band network telemetry (INT)) seamlessly for highly-efficient and adaptive network monitoring. Specifically, by leveraging the protocol-oblivious forwarding (POF), we propose SR-INT, which time-multiplexes the header fields in each packet for INT and SR, and keeps packet length constant end-to-end even though both INT and SR are used. Hence, our proposal can enjoy the benefits of INT and SR, while avoiding the accumulated overheads due to simultaneous usage. We design the packet format of SR-INT, and lay out its packet processing procedure to guarantee that the configuration of SR-INT can be adjusted dynamically to adapt to the requirements of network monitoring. We implement and experimentally demonstrate SR-INT in a POF-based SDN environment. Our results show that SR-INT not only reduces the bandwidth overheads of using SR and INT simultaneously but also simplifies the operations in software-based POF switches.