www.deepness-lab.org

www.deepness-lab.org

OpenBox Controller Northbound API Dan Shmidt | January 2017 Project Goal Design and Implementation

of OpenBoxs Northbound API Agenda Network Function (AKA the Problem) OpenBox (AKA Solution)

Zoom-In OpenBox Controller Workflows Architecture Network Functions (NF)

What are Network Functions Appliances deployed on a networks data plane (Physical or Virtual) Usually perform some sort of Packet Processing

Examples: Firewall, IDS, IPS, Load Balancer Typical Firewall (Example) Typical IPS (Example)

The Downside of NFs Managed Separately Hardware Management Interface Redundant Processing Header inspection

OpenBox OpenBox Introduction Framework: Hardware, Software, SDK, API Decouple NF control plane from data plane

Merge data plane activity for multiple NFs Allow network administrators to experiment with NFs Merged Firewall + IPS

OpenBox Architecture OpenBox Components Northbound API

SDK for NF developers that allows NF creation with a small set of generic pieces. Application loading and management API for applications to interact with the data plane

OpenBox Application (OBA) User defined logic that aims to perform packet processing Defined in terms of the Northbound API (SDK)

Formally a Tuple: OpenBox Controller (OBC) Centralized control of the OpenBox Framework

Facing the user (Northbound API) Facing the data plane (Soutbound API) OpenBox Instance (OBI) A single unit in OpenBoxs data plane Executes the user defined logic

Single Requirement: Implement OpenBox protocol Virtual / Physical / Software / Hardware Southbound API Communication protocol between OBI and

OBC Control plane messages e.g: Set Processing Graph Data plane messages e.g: Read Handle (count of dropped packets)

OpenBox Controller Responsibilities (South) Manage the Data plane by controlling OBIs Communication layer between Applications and data plane

Load Custom modules Responsibilities (North) Create applications Load applications Query applications

Network Overview Expose OpenBox functionality Architecture Challenges

Asynchronous System How much of the raw data is exposed to the application Application Isolation OpenBox Abstraction Layer (OBAL)

SDK for application developers Building blocks for every possible NF Header Matching Payload Matching Alerts

OBAL Implementation Events Manager Responsible for triggering events Registers application to requested events Holds a hook to access applications when

needed Available Events Mandatory events: Application Started Application Stopped

Error Non-Mandatory: Alert Read / Write Handles Access to the application configuration and

statistics Access to specific processing block of a specific application Topology Manager The knowledge of how the network is built

Topology information is needed across the board Users OBC internal use Application Registry

Entry point for application creators Ability to register new applications to the controller Plugin like behavior Application Aggregator

Merge mutual processing blocks of several applications. Caution to not disrupt application isolation OBA

Topology Manager OBAL Registry

Handle Clients Event Handlers

Events Manager Aggregator To Data plane

Via Southbound API Workflows

Application Loading How to install a new OpenBox Application Implement logic with OpenBox SDK Supply Topology Information Use ApplicationRegistry to load application

Application Loading OBA Registry

Event Manager Aggregation Load Application

Aggregate Perform Aggregation Application Loaded Application

Started Read / Write Handles Workflow Once application has started, the administrator would like to query the application from the data plane.

How many packets were processed? How many packets were dropped? Read / Write Handles Workflow Handle Client

OBA Southboun d API

Read Handle Read Handle Read Handle Read Result Read Result

OBI Application Isolation Aggregator keeps a mapping of original block id -> new block id

A query for a read handle checks the mapping and queries the new block that actually resides in the data plane Event / Alert Workflow Applications way to actively notify about

its lifetime and about its process. Instance Down Packet Dropped Threat Detected Event/Alert Workflow

OBA Event Manager Southboun

d API OBI Alert Handle Alert

handler.Handle Application Isolation Alert Blocks carry their identifier Application aggregator keeps original blocks -> Application mapping

Aggregation takes care of keeping the original identifier on the aggregated graph Example (Simple IPS)

Processing Graph Code Snippets (Create Blocks) Code Snippets (Connect)

Benefits ~270 lines of code Code is readable and self explanatory Easy Configurable Easily Changeable

Experimental Results Experimental Environment Hardware (sheldon): Intel Xeon E3-1270 V3 CPU

32GB Ram Experiment Goal How well does the OBC handles messages from the Data plane?

Resource Utilization Latency Experimental Scenario Controller

Single OBI Single Application which sends alerts in a configurable rate (MPM). Memory Utilization

CPU Utilization Latency Futuristic

Future Work Smart / Automatic NF Placement OpenFlow Integration Create NFs with graphical tool Native Northbound API Dashboard Reloading applications while controller is

running Questions ?

Recently Viewed Presentations

  • Versatile werden werden Lizz Caplan-Carbin, Ph.D. werden present

    Versatile werden werden Lizz Caplan-Carbin, Ph.D. werden present

    You (all) are becoming intelligent. werden future tense + infinitive werde wirst wird werden werdet ich du er/sie/es wir/Sie/sie ihr sein wissen kommen gehen lernen werden werden future tense + infinitive werde wirst wird werden werdet ich du er/sie/es wir/Sie/sie...
  • Nonholonomic variational systems - physics.muni.cz

    Nonholonomic variational systems - physics.muni.cz

    Abstrakt. Ze zkušeností s výukou matematiky na různých úrovních vzdělávání a jejím užíváním v praktických situacích vyplývá, že některé pojmy se mohou jevit jako nepřekonatelná mez v matematickém myšlení.
  • Identifying the Elements of A Plot Diagram - PC\|MAC

    Identifying the Elements of A Plot Diagram - PC\|MAC

    Identifying the Elements of A Plot Diagram Plot Diagram 2 1 3 4 5 Plot (definition) Plot is the organized pattern or sequence of events that make up a story. Every plot is made up of a series of incidents...
  • Ionic Nomenclature Recap - PC\|MAC

    Ionic Nomenclature Recap - PC\|MAC

    Indicates strength of a bond and is directly related to bond length. ... Example—HCl = hydrochloric acid. Oxyacids—contain H, O, and a third element (mostly H paired with a polyatomic ion). 1.) Identify anion. 2.) if the anion suffix is...
  • Global View of Operations - The University of Tennessee at ...

    Global View of Operations - The University of Tennessee at ...

    Inputs to the business strategy are Assessment of global business conditions - social, economic, political, technological, competitive Distinctive competencies or weaknesses - workers, sales force, R&D, technology, management Strategy - how you are going to get there; an action plan...
  • Pauline Walker - WordPress.com

    Pauline Walker - WordPress.com

    Dounans. Anti - Bullying . Safe and fair . Building resilience in our young . people. Active bystander approach. REPORT IT. All incidents are positively investigated and taken seriously by staff . Communication with pupils and parents/guardians. Expressive Arts.
  • Worms Notes - Murrieta Valley Unified School District

    Worms Notes - Murrieta Valley Unified School District

    Roundworms infecting a foot Guinea worm Leeches Segmented worms Class Hirudinea Parasites of the blood. Saliva contains an Anticoagulant. Section 27.2 Summary - pages 728-733 Food is taken in by the mouth, an opening in the anterior end of the...
  • Response to Carbon Monoxide Incidents Firefighter III Scott

    Response to Carbon Monoxide Incidents Firefighter III Scott

    Response to Carbon Monoxide Incidents Firefighter III Scott Sanders Overview Introduction Carbon Monoxide (CO) Properties Possible sources of CO CO Health Hazards CO levels - what they mean Initial response procedures Atmospheric monitoring equipment Carbon Monoxide Detectors Introduction Purpose: Familiarize...