ArticlePDF Available

XORP: An Open Platform for Network Research

Authors:
Mark Handley at University College London
Mark Handley
Orion Hodson
Orion Hodson
Orion Hodson
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Eddie Kohler
Eddie Kohler
Eddie Kohler
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDF
Read full-text
Download citation

Abstract

Network researchers face a significant problem when deploying software in routers, either for experimentation or for pilot deployment. Router platforms are generally not open systems, in either the open-source or the open-API sense. In this paper we discuss the problems this poses, and present an eXtensible Open Router Platform (XORP) that we are developing to address these issues. Key goals are extensibility, performance and robustness. We show that different parts of a router need to prioritize these differently, and examine techniques by which we can satisfy these often conflicting goals. We aim for XORP to be both a research tool and a stable deployment platform, thus easing the transition of new ideas from the lab to the real world.
Content uploaded by Mark Handley
Author content
All content in this area was uploaded by Mark Handley on Dec 25, 2014
Content may be subject to copyright.
XORP: An Open Platform for Network Research
Mark Handley Orion Hodson Eddie Kohler
ICSI Center for Internet Research, Berkeley, California
{mjh, hodson, kohler}@icir.org
ABSTRACT
Network researchers face a significant problem when deploying
software in routers, either for experimentation or for pilot deploy-
ment. Router platforms are generally not open systems, in either
the open-source or the open-API sense. In this paper we discuss the
problems this poses, and present an eXtensible Open Router Plat-
form (XORP) that we are developing to address these issues. Key
goals are extensibility, performance and robustness. We show that
different parts of a router need to prioritize these differently, and
examine techniques by which we can satisfy these often conflicting
goals. We aim for XORP to be both a research tool and a stable
deployment platform, thus easing the transition of new ideas from
the lab to the real world.
1 VALIDATING INTERNET RESEARCH
A yawning gap exists between research and practice concerning
Internet routing and forwarding disciplines. The savvy researcher
has the tools of theory and simulation at hand, but validating results
in the real world is hard. Why should this be so?
For network applications research, we have access to languages,
APIs, and systems that make development and deployment easy.
For end-to-end protocol research, we have access to open source
operating systems, such as Linux and FreeBSD. End-to-end proto-
cols can be simulated and implemented in these systems. And since
these operating systems are used in both research and production
environments, migration from the research to the production envi-
ronment is feasible. TCP SACK provides an excellent example [8].
Unfortunately the same cannot be said of router software. Router
vendors do not provide API’s that allow third party applications
to run on their hardware. Thus, even conducting a pilot study in
a production network requires the router vendor to implement the
protocol. Unless the router vendor perceives a reward in return for
the effort, they are unlikely to invest resources in the protocol im-
plementation. Similarly, customers are unlikely to request a feature
unless they have faith in existing research results or can experi-
ment in their own environment. A catch-22 situation exists of not
being able to prototype and deploy new experimental protocols in
any kind of realistic environment. Even when vendors can be con-
vinced to implement, it is not uncommon for initial implementa-
tions of a protocol to be found wanting, and the path to improving
the protocols is often difficult and slow. Finally, network operators
are almost always reluctant to deploy experimental services in pro-
duction networks for fear of destabilizing their existing (hopefully
money-making) services.
Thus, we believe the difficulty in validating Internet research is
largely attributable to the absence of open Internet routers for re-
First Workshop on Hot Topics in Networks, Princeton, New Jersey, October
28–29, 2002
Permission to make digital or hard copies of all or part of this work for any
purpose is granted without fee provided that copies bear this notice and the
full citation on the first page.
Copyright
c
2002 International Computer Science Institute
searchers to experiment with and deploy new work on. Routing
toolkits exist, but typically they implement a subset of IP rout-
ing functionality and are rarely used in production environments—
routing and forwarding research requires access to real production
traffic and routing information to be validated. Similarly, open-
source-based testbed networks such as CAIRN [1] provide valu-
able tools for the researcher, but they rarely provide a realistic test
environment and are usually limited to a small number of sites due
to cost. A recent spate of research in open, extensible forwarding
paths is moving in the right direction [6, 11], but a truly extensible,
production-quality router would need routing daemons, forwarding
information bases, management interfaces, and so on in addition to
a forwarding path.
How then can we enable a pathway that permits research and ex-
perimentation to be performed in production environments whilst
minimally impacting existing network services? In part, this is the
same problem that Active Networks attempted to solve, but we be-
lieve that a much more conservative approach is more likely to see
real-world usage.
We envision an integrated open-source software router platform,
running on commodity hardware, that is viable as a research and
as a production platform. The software architecture should be de-
signed with extensibility as a primary goal and should permit ex-
perimental protocol deployment with minimal risk to existing ser-
vices using that router. Internet researchers needing access torouter
software could then share a common platform for experimentation
deployed in places where real traffic conditions exist. Researchers
working on novel router hardware could also use the mature soft-
ware from this platform to test their hardware in real networks. In
these ways, the loop between research and realistic real-world ex-
perimentation can be closed, and innovation can take place much
more freely.
1.1 Alternatives
Having motivated the need for an open router on which net-
work research can be deployed, we discuss the alternatives in more
detail—simulations and network testbeds.
First, we note that it has not always been so difficult to deploy
experimental work on the Internet. Prior to the advent of the World
Wide Web, the Net was predominantly non-commercial. Most of its
users came from universities and other research labs. Whilst there
was a tension between conducting research and providing a net-
working service, researchers could have access to the network to
run experiments, develop and test new protocols, and so forth. With
the advent of the Web, the network grew rapidly and commercial
ISPs emerged. Even the academic parts of the network became re-
luctant to perform networking experiments for fear of disrupting
regular traffic. In the commercial parts of the network, where inter-
esting scaling phenomena started to emerge, it was nearly impos-
sible to do any form of experimentation. Growth was so rapid that
it was all ISPs could do to keep up with provisioning. These prob-
lems were recognised, and two main solutions emerged: network
testbeds and network simulators.
1
Network testbeds rarely resulted in good network research. One
notable exception was DARTnet [3], which used programmable
routers that network researchers had access to. Among its achieve-
ments, DARTnet demonstrated IP multicast and audio and video
conferencing over IP. It worked well because the network users
were also the network researchers and so there was less tension
involved in running experiments.
Over recent years, the majority of network research that involved
testing protocols has taken place in network simulators such as ns.
Among the desirable properties of simulators is the complete con-
trol they provide over all the parameters of a system, and so a large
range of scenarios can be examined. Within the research commu-
nity the ns simulator has been particularly successful
1
. Many re-
searchers have contributed to improve ns itself, but an even greater
number have used it in their research. Many published results are
supported by publicly available simulation code and scripts. This
has allowed for the direct comparison of contemporary networking
algorithms and allowed for independent verification of results. It
could therefore be argued that ns has increased the rigor of network
research.
Conversely, it could equally well be argued that simulators make
it too easy to run experiments and are responsible for numerous
papers that bear little, or no, relationship to real networks. Accord-
ingly there is understandable doubt about any claims until they’ve
been demonstrated in the real world.
Even in skilled hands, simulators have limits. When work re-
quires access to real traffic patterns, or needs to interact with real
routing protocols, or relates to deployed implementations warts-
and-all, there is no substitute for real-world experimentation.
2 ARCHITECTURE AND REQUIREMENTS
We’ve hopefully convinced you that Internet research would be
better offif changes and extensions could beprovisionally deployed.
No simulation or testing environment can provide similarly useful
lessons—or convince conservative router vendors that extensions
work well enough to deserve real-world deployment. We want a
routing infrastructure that is at least partially open to research ex-
tensions. The infrastructure must, further, meet Internet robustness
standards to merit deployment even on research networks like Abi-
lene. But how can we make this happen? There are several possi-
bilities:
Individual researchers could convince big router vendors to
implement their extensions. To put it succinctly, this seems
unlikely.
Vendors could open their internal APIs for experimental use.
This also seems unlikely—vendors probably consider their
APIs to be trade secrets, and don’t want to facilitate an open
market in routing software. Furthermore, legacy code inside
most routers isn’t particularly easy to extend.
Researchers could deploy currently available routing dae-
mons such as Zebra [14], MRTd [13] or GateD [10], on a
conventional PC running an operating system such as Linux
or FreeBSD. The principle problems here are extensibility,
performance, and robustness. The forwarding paths on these
operating systems are not optimally designed forperformance
under heavy load, or for extensibility. The routing daemons
are not as robust as we would like, and not generally de-
signed with extensibility as a high priority. Finally, they don’t
1
One could criticize the details of the ns architecture and some of
the default settings, but that would miss the point.
present an integrated router user interface to the network op-
erator, which reduces the likelihood of acceptance.
Researchers could develop a new open-source router, designed
from the ground up for extensibility, robustness, and perfor-
mance. It would take time to build such a router, and then to
convince the network operator community that it met strin-
gent robustness standards, but the resulting router would make
a more useful research platform than any of the other choices.
We have chosen this last path, which we call the Extensible Open
Router Platform, or XORP. Our design addresses the four major
challenges in building an open-source router: traditional router fea-
tures, extensibility, performance, and robustness.
Features. Real-world routers must support a long feature list, in-
cluding routing protocols, management interfaces, queue man-
agement, and multicast.
Extensibility. Everyaspect of the router should be extensible, from
routing protocols down to details of packet forwarding. The
router must support multiple simulatenous extensions as long
as those extensions don’t conflict. APIs between router com-
ponents should be both open and easy to use.
Performance. XORP isn’t designed for core routers, at least not
initially. However, forwarding performance is still important:
that is the purpose of a router. Scalability in the face of rout-
ing table size or number of peers is also critical.
Robustness. Real-world routers must not crash or misroute pack-
ets. A fragile router faces an extremely difficult deployment
path. Extensibility makes robustness even more difficult to
achieve: extensions are inherently experimental, yet their use
should not compromise the router’s robustness (except per-
haps for a subset of packets intended for the extension).
The next sections present XORP in general and describe how
we’re achieving each of these goals.
3 XORP OVERVIEW
XORP divides into two subsystems. The higher-level (so-called
“user-level”) subsystem consistsof the routing protocols themselves,
along with routing information bases and support processes. The
lower-level subsystem, which initially runs inside an OS kernel,
manages the forwarding path—anything that needs to touch every
packet—and provides APIs for the higher level to access. The goal
is for almost all of the higher-level code to be agnostic as to the
details of the forwarding path.
For user-level XORP, we’ve developed a multi-process architec-
ture with one process per routing protocol, plus extra processes for
management, configuration, and coordination. To enable extensi-
bility we designed a novel inter-process communication mecha-
nism for communication between these modules. This mechanism
is called XORP Resource Locators (XRLs), and is conceptually
similar to URLs. URL mechanisms such as redirection aid reliabil-
ity and extensibility, and their human-readable nature makes them
easy to understand and embed in scripting languages.
The lower level uses the Click modular router [6], a modular,
extensible toolkit for packet processing on conventional PCs. Fur-
ther work will help this architecture span a large range of hardware
forwarding platforms, from commodity PChardware, through mid-
range PC-based platforms enhanced with intelligent network inter-
faces (such as Intel’s IXP1200 [5, 12]), to high-end hardware-based
forwarding engines. We may also support alternative forwarding
2
paths, such as the FreeBSD forwarding path with AltQ queuing
extensions [2] or an alternative extensible forwarding path such
as Scout [11]. Some forwarding path choices may influence the
functionality available for end users to extend or change. But for
many aspects of research, such as routing protocol experiments
that don’t require access to the forwarding path, a conventional
FreeBSD lower level would suffice.
PIM−SM
RIP
FEA
Forwarding Engine
IGMP/MLD
CLI
SNMP
IPC
finder
OSPF
IS−IS
router
manager
BGP4+
RIB
Management Processes
Unicast Routing
Multicast Routing
RIB = routing information base
FEA = forwarding engine abstraction
Click Elements
FIGURE 1—XORP High-level Processes
Figure 1 shows how a XORP router’s user-level processes and
Click forwarding path fit together. The shared user-level processes
are the XORP architecture’s most innovative feature. Four core pro-
cesses are particularly worthy of comment: the router manager, the
finder, the routing information base, and the forwarding engine ab-
straction.
The router manager process manages the router as a whole. It
maintains configuration information; starts other processes, such
as routing protocols, as required by the configuration; and restarts
failed processes as necessary.
The finder process stores mappings between abstracted appli-
cation requests, such as “How many interfaces does this router
have?”, and the particular IPC calls necessary to answer those re-
quests. Think of it as an IPC redirector: when an application wishes
to make an IPC call, it consults the finder to discover how to do
it. The application typically caches this information so future calls
circumvent the finder. Furthermore, the finder can instruct appli-
cations to update contact information. Thus it is easy to change
how application requests are handled at run-time. We can trace
XORP’s communication pattern by asking the finder to map ab-
stract requests to sequences of IPCs, some for tracing and some for
doing the work. XORP processes can communicate without boot-
strapping using the finder, but since XRLs are relatively low cost
we have not found this necessary to date.
The routing information base process (RIB) receives routes from
the routing processes, and arbitrates which routes should be propa-
gated into the forwarding path, or redistributedto other routing pro-
cesses. The forwarding path is managed by the forwarding engine
abstraction process (FEA). The FEA abstracts the details of how
the forwarding path of the router is implemented and as a result, the
routing processes are agnostic to whether the forwarding plane is
Click based, a conventional UNIX kernel, or an alternative method.
The FEA manages the networking interfaces and forwarding table
in the router, and provides information to routing processes about
the interface properties and events occurring on interfaces, such as
an interface being taken down. As with the finder, XORP processes
can bypass the FEA when required.
4 SOLVING DESIGN CHALLENGES
This section shows how we address the four design challenges
of traditional router features, extensibility, robustness, and perfor-
mance. Space constraints prevent inclusion of much detail, but we
do describe our IPC mechanism, XORPResource Locators (XRLs),
at length.
4.1 Features
To be successful, a router platform needs to be have good sup-
port for the routing and management protocols that are in wide-
spread use today. The minimal list of routing and routing-support
protocols is:
BGP4+ inter-domain routing.
OSPF intra-domain routing.
RIPv2/RIPng intra-domain routing.
Integrated IS-IS intra-domain routing.
PIM-SM/SSM multicast routing.
IGMPv3/MLD local multicast membership.
PPP for point-to-point links (as per RFC 1812).
Withthe exception of IS-IS, all of these are currently being worked
upon within XORP. The aim is for both IPv4 and IPv6 support.
MPLS is deliberately omitted at this stage. The multi-process ar-
chitecture helps us to leverage existing code where appropriate;
our OSPF and RIP implementations are derived from John Moy’s
OSPFd [9] and BSD’s routed respectively.
For management interfaces, we are pursuing a command line in-
terface resembling that of Juniper and intend to support SNMP.
4.2 Extensibility
Open interfaces are the key to extensibility. Interfaces must ex-
ist at any point where an extension might plug in, and those in-
terfaces must be relatively easy to use. XORP’s design encourages
the construction of useful interfaces through multi-process design.
A routing protocol process, for example, must communicate with
other processes to install routes and discover information about the
router itself. Open inter-process interfaces, built in to the system
from the beginning, form the basic source of user-level XORP’s
extensibility.
4.2.1 XRLs
Most inter-process communication within XORP takes place via
XORP Resource Locators, or XRLs. XRLs resemble the Web’s
URLs. They specify in human-readable form the type of IPC trans-
port desired (the “protocol”), the abstract name for the entity being
communicated with, the method being invoked, and a list of named
arguments. Unlike URLs, they can also specify the nature of the
response expected.
As an example, the general form of one of the XRLs for the
forwarding engine abstraction (FEA) process might be rendered in
human readable form as:
IPC mechanism
Abstract module name
Interface name
Inteface version
Method
Parameters
finder://fea/fea/1.0/add_address?vif:txt=fxp0&address:ipv4=10.0.0.1
3
The initial finder: portion specifies the protocol; in this case the
actual protocol has not yet been resolved. The first time this XRL
is called, the client XRL library contacts the finder, which responds
with a redirection to a new XRL containing the actual protocol to be
used, together with all the parameters needed to contact the current
FEA. Subsequent communication then goes directly between the
client and the FEA process. If the FEA restarts, the client’s XRL
calls to the old FEA will fail, and it can consult the finder to update
the redirection.
The XRL library, which allof our processes link against, takes an
XRL and performs argument marshaling, then it invokes the spec-
ified transport mechanism, and handles the response or any failure
that might occur. Unlike many RPC or remote method invocation
mechanisms, XRLs don’t try and hide from the programmer that
off-process communication is taking place. While this makes the
programmer’s job harder at first, it is essential for robustness that
the programmer is made aware that the failure modes of IPC are
different from those of a local procedure call. To help the program-
mer and improve performance, an IDL and a stub generator exist,
so most XRL clients never need to parse the human readable form.
The original motivation for XRLs was to encapsulate existing
protocols within our consistent IPC framework. For example, we
might wish to run third-party software that uses SNMPv3 for con-
figuration. To integrate this software into our XRL-based manage-
ment framework, we might write an SNMP ‘protocol family’ for
the XRL client library. Then XORP processes could transparently
interoperate with the third-party software via XRLs that start with
snmp:’. XRLs are general enough to encompass simple communi-
cation with the kernel via ioctls, and even signaling via kill().
At the present time, we have not had a need to add this functional-
ity, but should the need arise, our architecture would support it. The
current XRL library supports XORP-specific protocols for remote
procedure call, one layered over TCP and the other over UDP, and
a local procedure call mechanism for intra-process communication.
4.2.2 XRL Example: Command-line Interface
One of the biggest issues faced by an extensible router is the
integration of separately maintained components into a coherent
system. Consider the interaction between management mechanisms
such as a command-line interface (CLI) and a new routing protocol.
The author of each of the management processes has no knowledge
of future routing protocols. At the same time, the author of each
routing protocol has no knowledge of future management mecha-
nisms. Our solution is for all management, including initial con-
figuration, to take place using XRLs. To add support for a specific
management mechanism, such as SNMP or a command-line in-
terface, the protocol implementor writes simple text files that map
management requests to XRL calls. These thin mapping files are
easy enough to write that third parties might add them as new man-
agement interfaces become available.
To get more concrete, our configuration manager has a strict hi-
erarchy of configuration parameters, which is directly reflected in
our default CLI. A fragment of a router configuration file might
look like:
protocols ospf {
router-id: 128.16.64.1
area 128.16.0.1 {
interface xl0 {
hello-interval: 30
}
}
}
The configuration manager takes a directory of template files,
which define the possible configurable parameters for each XORP
routing protocol, and generates mappings of configuration parame-
ters to XRL dispatches. The designer of a new routing protocol can
simply add a template file specifying the new functionality pro-
vided. Thus, the template entry for OSPF might contain the frag-
ment:
hello-interval: uint {
%set: xrl “ospf/ospf/1.0/set
hello interval?
if:txt=$(IFNAME)&interval:i32=$(VALUE)”;
%get: xrl “ospf/ospf/1.0/hello interval?if:txt
-> interval:i32”;
}
The configuration manager can read the template file, discover
the new functionality, and know how to communicate with the pro-
cess to use it. The new functionality is then immediately available
through the CLI.
4.3 Performance
Simultaneouly satisfying the three goals of extensibility, perfor-
mance, and robustness without compromise is probably not possi-
ble. Different parts of XORP have different priorities. User-level
XORP does not need particularly performance-conscious design.
Route updates can arrive at high rates, but nowhere near the rates
of packet arrival. It is well within the capabilities of a desktop PC
to handle the volume of data and computation required for unicast
routing. (The main issues here are of the computational complexity
of the protocol implementations.) At user-level, our priorities are
extensibility and robustness.
The forwarding path, however, must touch every packet and per-
formance is paramount. Initially we have focused on a PC-based
hardware platform as this allows for easy testing and early deploy-
ment, but great care is being taken to design a modular forwarding
path architecture which can support some or all of the forwarding
functions happening in hardware. For our own work, the preferred
forwarding path is based on the Click modular router [6]. Click
provides a high-performance forwarding path in the kernel, run-
ning on commodity hardware, and allows for run-time extensions
and reconfiguration. Click’s modularity allows for many divisions
of work between software and hardware. If researchers or develop-
ers decide they want to augment XORP with network processors
2
or special-purpose hardware [7], this will be an advantage.
Click forwarding paths are extensible in two key ways:
Existing defined elements can by interposed into a forward-
ing path to add new functionality.
New Click elements can be created, loaded as kernel mod-
ules, and then plumbed in to the forwarding path.
In the context of XORP, this extensibility can aid performance. For
example, a network administrator can ensure that only a small sub-
set of traffic goes through a possibly-slow extension, by defining
a new special-purpose classifier that matches extension traffic and
inserting it into the relevant place in the forwarding path.
4.4 Robustness
The routing and coordination processes in XORP run in user
space on a traditional UNIX operating system. Routing processes
2
Network processors [5] are interface cards containing a number
of high-speed network interfaces, typically together with a proces-
sor and some specialized programmable hardware for performing
forwarding. Typically the network processor can perform simple
forwarding very well, but more complex functionality needs to be
off-loaded to be handled by software running on the host proces-
sor [12].
4
are protected from each other and can have their resources con-
strained according to administrative preference. Furthermore, rout-
ing processes can crash without affecting the kernel, forwarding
plane, or each other. And if a routing protocol does crash, the RIB
will remove its routes from the forwarding engine, and optionally
inform the re-starting routing process of the routes it previously
held.
Multiple processes are used in Zebra [14] and Cisco’s proposed
ENA router operating system, but not by some of the larger com-
mercial vendors today.
A significant aspect of robustness is security. One benefit of be-
ing forwarding-path agnostic is that we can abstract privileged op-
erations, such as sending on a raw socket, into the FEA via XRLs.
This allows us to run many routing protocols in a sandbox. They
have no interaction with the outside world except through XRLs
and packets, and so an exploitable vulnerability in a routing proto-
col is far more difficult to escalate into full control of the router.
Robustness in the forwarding path is also important, but solu-
tions such as memory protection that work well in user-space are
not acceptable. In the Click forwarding path robustness comes from
the granularity and simplicity of Click’s components. Each element
is small enough to be well understood and tested in isolation. And
since many of Click’s components can be run and debugged in user-
space, confidence about their robustness can be attained before be-
ing used in the kernel.
5 SUMMARY
We believe that much good Internet research is being frustrated
by an inability to deploy experimental router software at points in
the network where it makes most sense. These problems affect a
wide range of research, including routing protocols themselves, ac-
tive queue management schemes, and so-called “middlebox” func-
tionality such as ourown trafficnormalizer [4].Many of these prob-
lems would not exist if the router software market more closely re-
sembled the end-system software market, which has well defined
APIs for application software, and high performance reliable open-
source operating systems that permit kernel protocol experimenta-
tion. Our vision for XORP is to provide just such an open platform;
one that is stable and fully featured enough for serious production
use (initially on edge-routers), but designed from the very outset to
support extensibility and experimentation without compromising
the stability of the core platform.
There are many unanswered questions that we still have to re-
solve. For example, network managers simply wish to say what a
router should do; they don’t typically care about how this is imple-
mented. Click starts from the point where you tell it precisely how
to plumb together the forwarding path. Thus we need a forwarding
path configuration manager that,given the network manager’s high-
level configuration, determines the combination of click elements
and their plumbing needed to implement the configuration. The
simplest solution is a set of static profiles, but we believe that an
optimizing configuration manager might be able to do significantly
better, especially when it comes to reasoning about the placement
and interaction of elements such as filters.
Thus, while XORP is primarily intended to enable research, we
also believe that it will also further knowledge about how to con-
struct robust extensible networking systems.
Finally, while we do not expect to change the whole way the
router software market functions, it is not impossible that the wide-
spread use of an open software platform for routers might have
this effect. The ultimate measure of our success would be if com-
mercial router vendors either adopted XORP directly, or opened
up their software platforms in such a way that a market for router
application software is enabled.
ACKNOWLEDGMENTS
The XORP project is funded by grants from Intel and the Na-
tional Science Foundation (Award ANI-0129541). Atanu Ghosh,
Adam Greenhalgh, Mark Handley, Orion Hodson, Eddie Kohler,
Pavlin Radoslavov and Luigi Rizzo have contributed significantly
to XORP.
REFERENCES
[1] CAIRN. Collaborative Advanced Interagency Research
Network (Web site). http://www.cairn.net/.
[2] K. Cho. A framework for alternate queueing: towards traffic
management by PC-UNIX based routers. In Proc. USENIX
1998 Annual Technical Conference, pages 247–258, June
1998.
[3] D. D. Clark, S. Shenker, and L. Zhang. Supporting real-time
applications in an integrated services packet network:
Architecture and mechanism. ACM Computer
Communication Review, 22(3):14–26, Oct. 1992.
[4] M. Handley, C. Kreibich, and V. Paxson. Network intrusion
detection: Evasion, traffic normalization, and end-to-end
protocol semantics. In Proc. Usenix Security Symposium,
Aug. 2001.
[5] Intel Corporation. Intel IXP1200 network processor (Web
site). http://developer.intel.com/design/network/
ixp1200.htm.
[6] E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F.
Kaashoek. The Click modular router. ACM Trans. on
Computer Systems, 18(3):263–297, Aug. 2000.
[7] J. W. Lockwood, N. Naufel, J. S. Turner, and D. E. Taylor.
Reprogrammable network packet processing on the field
programmable port extender (fpx). In Proc. ACM
International Symposium on Field Programmable Gate
Arrays (FPGA 2001), pages 87–93, Feb. 2001.
[8] M. Mathis, J. Mahdavi, S. Floyd, and A. Romanow. TCP
selective acknowledgment options. RFC 2018, Internet
Engineering Task Force, Apr. 1996.
ftp://ftp.ietf.org/rfc/rfc2018.txt.
[9] J. Moy. OSPF Complete Implementation. Addison-Wesley,
Dec. 2000.
[10] NextHop Technologies. GateD releases (Web site).
http://www.gated.org/.
[11] L. L. Peterson, S. C. Karlin, and K. Li. OS support for
general-purpose routers. In Proc. 7th Workshop on Hot
Topics in Operating Systems (HotOS-VII), pages 38–43.
IEEE Computer Society Technical Committee on Operating
Systems, Mar. 1999.
[12] T. Spalink, S. Karlin, L. Peterson, and Y. Gottlieb. Building a
robust software-based router using network processors. In
Proc. 18th ACM Symposium on Operating Systems
Principles (SOSP), pages 216–229, Oct. 2001.
[13] University of Michigan and Merit Network. MRT:
Multi-threaded Routing Toolkit (Web site).
http://www.merit.edu/mrt/.
[14] Zebra project. GNU Zebra routing software (Web site).
http://www.zebra.org/.
5
... With the advanced features of SDN, it is expected and one might guess easily that SDN must be a well understood concept and it has been easily accepted by the IT companies and they are using it for their own benefit and for giving better services to the user. But the reality is completely different, in the survey result of 2012, which was managed by Information Week 2012, it was shown that only 4% of the IT companies have begun to use SDN and only 5% of the companies are testing it [15]. This is also the case in 2016 too. ...
... This concept controls a network in a real-time manner using software. Similarly, Click [14], XORP [15], Quagga [16], and other software that are used in routing suites on conventional PC hardware have also attempted to establish programmable network devices to make extensible software routers. ...
... The main benefits of SDN are in the key areas of security and agility. The presented business use case is generic and so far, provides the safest method to secure the data center and achieve more reliability [14,15]. ...
Software Defined Netconomics
Article
Full-text available
  • Feb 2024
This paper is based on the fair analysis on the economic benefits of software defined networking. The paper will explain vividly the concept of software defined networking and its applications together with the economic advantage(s) with respect to both the client perspective and server perspective. In general, SDN provides lower hardware and operational cost in an excessive traffic load of nowadays users. It has tighter security and faster response time with improved management and planning of server controller. SDN when deployed provides better service(s) with respect to lowering cost and of course with better efficiency. Software Defined Network (SDN) is a great revolutionary idea to change IT Industry of which includes cloud computing and many others. The beauty of its architecture is the decoupling of the essential control and data planes from the application layer, thus the underlying infrastructure is abstracted but the network intelligence is logically centralized with state. This architecture gives access to the enterprise to control, program, automate, scale and secure the network according to the business needs, together with securing a safe benefit in competiveness that has risen due to fast advancement in technology. This architecture is even more important to fulfilling the demands of various clients in the current model of networking. The concept of SDN has the potential to change the current networking model. With SDN, for network services, the underlying network infrastructure can be abstracted by the administrators for many applications. In theory, it can be shown that SDN has many benefits over current IT systems but in practical systems, IT companies are reluctant to work with, tend to oppose nor are they ready to deploy SDN. In this paper, the economic benefits are explored and discussed without bias, and it will be shown that new protocol of SDN provides many economic benefits and guidance to IT companies to establish more secure and efficient network.
View
... It is interesting to know that some of these projects are supported by well-known companies such as Microsoft, Intel and AT&T. For instance, XORP is supported by Intel Corporation and the National Science Foundation institute [1]. Closeness and lack of the ability to develop a product by anyone other than the manufacturer is a major reason for the formation and emersion of software routers, in addition to the high cost of hardware routers. ...
... Low level subsystems which initially runs in the OS kernel and manages the forwarding path in fact, anything that deals with packets and it provides the APIs for accessing the high level. The goal is for almost all of the high level codes to be agnostic as to the details of the forwarding path [50], [1]. A multi process architecture is developed with one process for routing protocols plus additional process to manage, configure and coordinate. ...
... 4. Forwarding Engine Abstraction (FEA) process that manages the forwarding path. The FEA also manages network interfaces and forwarding table in the router, and provides the information for routing processes about the interface properties and events [1]. ...
Open Source Routers: A Survey
Preprint
Full-text available
  • Mar 2022
Variety, size and complexity of data types, services and applications in Internet is continuously growing up. This increasing of complexity needs more powerful and sophisticated equipment's. One group of these devices that has essential role are routers. Some of vendors produce some elaborate and complex products but the commercial solutions are too closed and inflexible. The term "Open Source Routers" covers a lot of implementations of free software routers. Open Source Routers are solutions to overcome commercial solutions with closed platforms. In this article, we survey the existing implementations and a wide array of past and state-of-the-art projects on open software routers followed by a discussion of major challenges in this area.
View
... Mengdong et al. [19] proposes a high-throughput routing emulation solution based on the "qrouter," but due to the lack of routing protocol design, its application scenarios are limited. Another is to integrate virtualization technologies, such as Kernel-based Virtual Machine (KVM) [20] and Docker [21], with routing software technologies, such as Quagga [22], XORP [23], and Click [24], to realize the routing emulation. e solution adopts a closed router architecture closely coupled with physical resources, operating systems, and network applications. ...
... (20) Compute the RM according to A and total_nodes based on formula (6); (21) B ← addresses_num[con]; (22) //Get the number of IP addresses managed by the controller con from addresses_num. (23) Compute the AM according to B and total_addresses based on the formula (7); (24) C ← southbound_flow[con]; (25) //Get the size of the southbound traffic of the controller con from southbound_flow. (26) Compute the SF according to C based on the formulas (8) and (9); (27) Use formula (10) to obtain busyness according to RM, AM, and SF; (28) end for (29) ...
High-Performance Routing Emulation Technologies Based on a Cloud Platform
Article
Full-text available
  • Oct 2020
Currently, the emergence of edge computing provides low-latency and high-efficiency computing for the Internet of Things (IoT). However, new architectures, protocols, and security technologies of edge computing need to be verified and evaluated before use. Since network emulation based on a cloud platform has advantages in scalability and fidelity, it can provide an effective network environment for verifying and evaluating new edge computing technologies. Therefore, we propose a high-performance emulation technology supporting the routing protocol based on a cloud platform. First, we take OpenStack as a basic network environment. To improve the performance and scalability of routing emulation, we then design the routing emulation architecture according to the software-defined network (SDN) and design the cluster scheduling mechanism. Finally, the design of the Open Shortest Path First (OSPF) protocol can support communication with physical routers. Through extensive experiments, we demonstrate that this technology not only can provide a realistic OSPF protocol but also has obvious advantages in the overhead and performance of routing nodes compared with those of other network emulation technologies. Furthermore, the realization of the controller cluster improves the scalability in the emulation scale.
View
... Active networking, for instance, endeavors to manage networks using software methods [8]. Additionally, routers have been manipulated via software to enhance the programmability of network devices [9,10]. These network devices' functionalities can be adjusted by either installing new routing software or modifying existing software configurations. ...
DDoS classification to SDN using Grammatical Evolution
Preprint
Full-text available
  • Nov 2023
Software-Defined Networking (SDN) is a network implementation paradigm of great importance, as it has a profound impact on the pace of technological progress. While SDN doesn’t directly address the technical complexities of routing, congestion control, traffic engineering, security, mobility, reliability, or real-time communication, it paves the way for innovative solutions to emerge for these and similar challenges. Security is of utmost importance in SDN with Distributed Denial of Service (DDoS) being an attack which creates large scale problems. DDoS creates malicious traffic that resembles normal traffic in order to create service problems. As such, mechanisms that distinguish between benign and malicious traffic is essential, since this is the first step to mitigate the problem of DDoS. In this paper, we take a dataset onboard which exhibits benign and malicious traffic in SDN. There are 23 features that are used for classification purposes. Here we utilise classification procedure based on three methods based Grammatical Evolution applied on the aforementioned data. We provide results that show the efficiency of our approach and show that all three methods exhibits satisfactory results.
View
... SwitchWare [21], [22] is an active network-functioning solution that permits packets to flow through a network and dynamically change network operations. Similarly, software routing suites on traditional PC hardware, such as Click [23], XORP [24], Quagga [25], and BIRD [26], are the basis for extensible software routers utilising programmable network devices. By loading new or changing existing routing software, the behaviour of certain network devices can be changed dynamically. ...
Multi-Domain Federation Utilizing Software Defined Networking—A Review
Article
Full-text available
  • Jan 2023
The global growth of the Internet continues with an increase in accessibility, connected users and new applications in emerging fields like egames, augmented and virtual reality. Technologies that improve reliability whilst reducing cost and latency are being developed. However, before the Internet can sustain the growth in utilisation and new applications there are challenges to overcome. One of the key challenges remaining is to develop new mechanisms for intra and inter-domain federation that facilitate fast, reliable, and secure sharing of reachability and routing information. Software Defined Networking (SDN) is being introduced to address control and management challenges at domain boundaries. This paper reviews the current state of domain federation and discusses the potential approaches that utilise SDN for a next-generation solution.
View
... SwitchWare [9], [10] provides networking solutions dynamically through software. There are other examples like Click [11], Quagga [12], XOPR [13], and BIRD [14] giving the solutions for programmable routers for routing through the software. These programs are developed in such a way as to modify routing behavior at any time. ...
Energy Efficient End Device Aware Solution through SDN in Edge-Cloud Platform
Article
Full-text available
  • Jan 2022
Recently, the networking industries have gone through tremendous changes. It demands high-speed operations and complex problem-solving abilities. To manage these evolutions Internet-of-Things (IoT) is a proposed solution from several technical corners. Numerous researchers and government organizations showing their interest to provide solutions with IoT implementation. Handling a huge amount of network data, its privacy and security, Quality of Service (QoS) requirements and heterogeneity of underlying networking components are the various challenges in IoT implementations. To provide the solution, Software Defined Networking (SDN) is becoming a bliss in managing such complex networking problems. The allocation of the Virtual Machines (VMs) into the end device is an NP-Hard combinatorial optimization problem. We formulate the problem by using simple Additive Weighing (SAW) or Weighted Sum Method (WSM) to allocate the VMs asymmetrically based on CPU Utilization and Memory usage to optimize the energy. The proposed algorithm ServerCons minimizes the number of live migrations and the number of nodes used as well as the energy usage is at par with the state of art algorithms such as First-Fit-Decreasing(FFD), Best-Fit-Decreasing (BFD), and Modified-Best-Fit-Decreasing (MBFD).
View
... Among these models, the latter became popular as it significantly impacts the management of network paths by installing a new functionality in the data plane. An example of active networking to create the software routers are SwitchWare, 37,38 Click, 39 XORP, 40 Quagga, 41 and Bird. 42 • Network control point (NCP): In the mid-1990s, when the Internet was becoming popular, an initiative was taken by AT&T telecommunication company with the inception of a project named NCP. ...
A comprehensive survey on software‐defined networking for smart communities
Article
Full-text available
The need to provide services closer to the end‐user proximity leads to the exchange of a large volume of data generated from the smart devices deployed at different geo‐distributed sites. The massive amount of data generated from the smart devices need to be transmitted, analyzed, and processed. This requires seamless data exchanges among geo‐separated nodes, which results in a considerable burden on the underlying network infrastructure and can degrade the performance of any implemented solution. Therefore, a dynamic, agile, and programmable network management paradigm is required. To handle the challenges mentioned above, software‐defined networking (SDN) gained much attention from academia, researchers, and industrial sectors. Shifting the computational load from forwarding devices to a logically centralized controller is a dream of every network operator who wants to have complete control and global visibility of the network. Also, the concept of network functions virtualization (NFV) in SDN controller is required to increase resource utilization efficiency. Thus, in this paper, a comprehensive survey on SDN for various smart applications is presented. This survey covers the infrastructural details of SDN hardware and OpenFlow switches, controllers, simulation tools, programming languages, open issues, and challenges in SDN implementation with advanced technologies such as 5G and microservices. In addition, the challenges on the control plane and data plane are highlighted in detail, such as fault tolerance, routing, scheduling of flows, and energy consumption on OpenFlow switches. Finally, various open issues and challenges future scope of SDN are discussed and analyzed in the proposal.
View
... The fault of Bloom filters is the small probability of an error that occurs when checking the membership of the query element, which is called a false positive. In this case, the query element that is not a member of the set stored in Bloom Filter is unlikely to be recognized as a set member [18,19]. Fig 1 shows the steps for making a bloom filter. ...
Improvement of DBR routing protocol in underwater wireless sensor networks using fuzzy logic and bloom filter
Article
Full-text available
Routing protocols for underwater wireless sensor networks (UWSN) and underwater Internet of Things (IoT_UWSN) networks have expanded significantly. DBR routing protocol is one of the most critical routing protocols in UWSNs. In this routing protocol, the energy consumption of the nodes, the rate of loss of sent packets, and the rate of drop of routing packets due to node shutdown have created significant challenges. For this purpose, in a new scenario called FB-DBR, clustering is performed, and fuzzy logic and bloom filter are used in each cluster’s new routing protocol in underwater wireless sensor networks. Due to the fuzzy nature of the parameters used in DBR, better results are obtained and bloom filters are used in routing tables to compensate for the deceleration. as the average number of accesses to routing table entries, dead nodes, Number of Packets Sent to Base Station (BS), Number of Packets Received at BS, Packet Dropped, and Remaining Energy has improved significantly.
View
... Há apenas algumas opções de roteadores baseados em PC, com código aberto, derivados do esquema de encaminhamento por kernel do Berkeley Software Distribution (BSD). Os mais completos no quesito de protocolos de roteamento são o XORP[3] e o Quagga ...
View
View
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics
Conference Paper
Full-text available
  • Jan 2001
Abstract A fundamental,problem,for network,intrusion detection systems is the ability of a skilled attacker to evade detection by exploiting ambiguities in the traffic stream as seen by the mo,nitor. We discuss the viability of addressing this problem,by introducing a new network forwarding element called a traffi c normalizer. The normalizer sits directly in the path of traffic into a site and patches up the packet stream to eliminate potential ambiguities before the traffic is seen by the monitor, removing evasion opportunities. We examine a number of tradeoffs in designing a normalizer, emphasizing the important question of the degree to which normalizations undermine end-to-end protocol semantics. We discuss the key practical issues of “cold start” and attacks on the normalizer, and develop a methodology,for systematically examining,the ambiguities present in a protocol based on walking the protocol’ s header. We then present norm, a publicly available user-level implementation,of a normalizer that can normalize a TCP traffic stream at 100,000 pkts/sec in memory-to-memory copies, suggesting that a kernel implementation,using PC hardware could keep pace with a bidirectional 100 Mbps link with sufficient headroom,to weather a high-speed flooding attack of small packets.
View
Reprogrammable network packet processing on the field programmable port extender (FPX)
Conference Paper
Full-text available
  • Feb 2001
A prototype platform has been developed that allows processing of packets at the edge of a multi-gigabit-per-second network switch. This system, the Field Programmable Port Extender (FPX), enables packet processing functions to be implemented as modular components in reprogrammable hardware. All logic on the on the FPX is implemented in two Field Programmable Gate Arrays (FPGAs). Packet processing functions in the system are implemented as dynamicallyloadable modules. Core functionality of the FPX is implemented on an FPGA called the Networking Interface Device (NID). The NID contains the logic to transmit and receive packets over a network, dynamically reprogram hardware modules, and route individual tra#c flows. A full, non-blocking, switch is implemented on the NID to route packets between the networking interfaces and the modular components. Modular components of the FPX are implemented on a second FPGA called the Reprogrammable Application Device (RAD). Modules are loaded onto t...
View
Supporting Real-Time Applications in an Integrated Services Packet Network: Architecture and Mechanism
Conference Paper
Full-text available
  • Oct 1992
  • COMPUT COMMUN REV
This paper considers the support of real-time applications in an Integrated Services Packet Network (ISPN). We first review the characteristics of real-time applications. We observe that, contrary to the popular view that real-time applications necessarily require a fixed delay bound, some real-time applications are more flexible and can adapt to current network conditions. We then propose an ISPN architecture that supports two distinct kinds of real-time service: guaranteed service, which is the traditional form of real-time service discussed in most of the literature and involves pre-computed worst-case delay bounds, and predicted service, which uses the measured performance of the network in computing delay bounds. We then propose a packet scheduling mechanism that can support both of these real-time services as well as accommodate datagram traffic. We also discuss two other aspects of an overall ISPN architecture: the service interface and the admission control criteria.
View
TCP Selective Acknowledgment Options
Article
Full-text available
  • Oct 1996
TCP may experience poor performance when multiple packets are lost from one window of data. With the limited information available from cumulative acknowledgments, a TCP sender can only learn about a single lost packet per round trip time. An aggressive sender could choose to retransmit packets early, but such retransmitted segments may have already been successfully received. A Selective Acknowledgment (SACK) mechanism, combined with a selective repeat retransmission policy, can help to overcome these limitations. The receiving TCP sends back SACK packets to the sender informing the sender of data that has been received. The sender can then retransmit only the missing data segments. This memo proposes an implementation of SACK and discusses its performance and related issues. Acknowledgements Much of the text in this document is taken directly from RFC1072 "TCP Extensions for Long-Delay Paths" by Bob Braden and Van Jacobson. The authors would like to thank Kevin Fall (LBNL), Christian...
View
View
A framework for alternate queueing: towards traffic management by PC-UNIX based routers
Article
  • Jan 1998
Queueing is an essential element of traffic management, but the only queueing discipline used in traditional UNIX systems is simple FIFO queueing. This paper describes ALTQ, a queueing framework that allows the use of a set of queueing disciplines. We investigate the issues involved in designing a generic queueing framework as well as the issues involved in implementing various queueing disciplines. ALTQ is implemented as simple extension to the FreeBSD kernel including minor fixes to the device drivers. Several queueing disciplines including CBQ, RED, and WFQ are implemented onto the framework to demonstrate the design of ALTQ. The traffic management performance of a PC is presented to show the feasibility of traffic management by PC-UNIX based routers.
View
OS support for general-purpose routers
Conference Paper
  • Feb 1999
This paper argues that there is a need for routers to move from being closed, special-purpose network devices to being open, general-purpose computing/communication systems. The central challenge in making this shift is to simultaneously support increasing complex forwarding logic and high performance, while using commercial hardware components and open operating systems. This paper introduces the hardware and software architecture for such a general-purpose router. The architecture includes two key innovations. First, it better integrates the router's switching capacity and compute cycles. We expect this to result in significantly better scaling properties, and an order of magnitude improvement in performance for packets that require only minimum processing cycles. Second, the architecture supports a hierarchy of forwarding paths, ranging from fast/fixed paths implemented entirely in hardware to slow/programmable paths implemented entirely in software, but also including intermediate paths that exploit the improved integration of cycles and switching
View
The Click Modular Router
Article
  • Jan 2001
2> elements. Individual elements implement simple router functions like packet classification, queueing, scheduling, and interfacing with network devices. A router configuration is a directed graph with elements at the vertices
View
The Click modular router
Article
  • Feb 2000
Click is a new software architecture for building flexible and configurable routers. A Click router is assembled from packet processing modules called elements. Individual elements implement simple router functions like packet classification, queueing, scheduling, and interfacing with network devices. Complete configurations are built by connecting elements into a graph; packets flow along the graph's edges. Several features make individual elements more powerful and complex configurations easier to write, including pull processing, which models packet flow driven by transmitting interfaces, and flow-based router context, which helps an element locate other interesting elements. We demonstrate several working configurations, including an IP router and an Ethernet bridge. These configurations are modular---the IP router has 16 elements on the forwarding path---and easy to extend by adding additional elements, which we demonstrate with augmented configurations. On commodity PC hardware ...
View
The Click Modular Router
Article
  • May 2001
This paper presents Click, a flexible, modular software architecture for creating routers. Click routers are built from fine-grained components; this supports fine-grained extensions throughout the forwarding path. The components are packet processing modules called elements. The basic element interface is narrow, consisting mostly of functions for initialization and packet handoff, but elements can extend it to support other functions (such as reporting queue lengths). To build a router configuration, the user chooses a collection of elements and connects them into a directed graph. The graph's edges, which are called connections, represent possible paths for packet handoff. To extend a configuration, the user can write new elements or compose existing elements in new ways, much as UNIX allows one to build complex applications directly or by composing simpler ones using pipes
View