t F IT S Experimentation with Future Internet Testbed with ... · M Partners Funding Brazilian...
1
Funding Partners Brazilian program MCT/CNPq n° 066/2010 (Programa de Cooperação Brasil-União Europeia) - European Union's Seventh Framework Programme ([FP7/2007-2013]) ICT-288349 Experimentation with Future Internet Testbed with Security Automatic Migration to Save Energy Scalable Intrusion Detection and Prevention System Migration Manager Physical Node Virtual Nodes VMs Migration Command PM Shutdown Command Content Centric Network Experimentation Migrated Nodes Physical Network Isolation of Virtual Network Resources Virtual Networks Isolation of Virtual Network Communication Data in CS? CS Entry in PIT? PIT FIB Add Iface to PIT entry Add iface to PIT Interest Interest Forwarding Content Content forwarding Interest in PIT? Forward to iface Content Cache Remove PIT entry Drop Yes No Path of Interest in CCN routing Path of Content in CCN routing Prefix in FIB? CCN Routing Architecture 0 20 40 60 80 100 120 0 2 4 6 8 Time (s) Throughtput (Mb/s) Virtual Network Isolation 0 10 20 30 40 50 20 40 60 80 100 Time (s) CPU Usage (%) Machine 1 Machine 2 Overload CPU Balancing Detection 0 10 20 30 40 50 0 50k 100k 150k Time (s) Rate (Bytes/s) 0 20 40 60 0 20 40 60 80 100 Throughput (Mb/s) Time (s) Minimum VN 2 (40 Mb/s) Minimum VN 1 (20 Mb/s) OVS VN 2 OVS VN 1 FITS VN 2 FITS VN 1 Starting Controller (30s) 0 20 40 60 80 100 120 0 20 40 60 80 100 Time (s) Cumulative Traffic (MB) CCN TCP/IP 0 10 20 30 40 50 60 70 80 0 2 4 6 8 10 Unload Time (s) Data Traffic (Mb) 3.9s 4.9s Mobile Client Reconnection times of the mobile client Wireless Netwok 2 W ireless Network 1 Network Controller - Profiler - VM Orchestrator - POX Controller Mirror Traffic to new IDPS VM 3 Physical Node Virtual Nodes Start new IDPS VM 2 Detect IDPS VM Overload 1 New IDPS VM Overloaded IDPS VM Physical Node CPU Before Migrations Physical Node CPU After Migrations Beginning of VM migrations Processing increase due to migration } End of VM migrations VM Migration Resource Isolation Malicious Flow Blocking CPU Balancing CCN Mobility TCP/IP vs. CCN
Transcript of t F IT S Experimentation with Future Internet Testbed with ... · M Partners Funding Brazilian...
M
FundingPartners
Brazilian program MCT/CNPq n° 066/2010 (Programa de Cooperação Brasil-União Europeia) - European Union's Seventh Framework Programme ([FP7/2007-2013]) ICT-288349
Experimentation with Future Internet Testbed with Security
Automatic Migration to Save Energy
Scalable Intrusion Detection and Prevention System
MigrationManager Physical
Node
VirtualNodes
VMs
Migration
Command
PM ShutdownCommand
Content Centric Network Experimentation
MigratedNodes
Physical Network
Isolation of Virtual Network
ResourcesVirtu
al Networks
Isolation of Virtual NetworkCommunication
Datain CS?
CS
Entryin PIT?
PIT
FIB
AddIface to
PIT entry
Add iface to PIT
InterestInterest Forwarding
ContentContent
forwarding Interestin PIT?Forward to
iface
ContentCache
Remove PIT entry
Drop
Yes
No
Path of Interest in CCN routing
Path of Content in CCN routing
Prefixin FIB?
CCN Routing Architecture
0 2 0 4 0 6 0 8 0 1 0 0 1 2 00
2
4
6
8
T im e ( s )
Th
ro
ug
htp
ut
(Mb
/s)
F IT S
k e e p s
f o r w a r d in g
X e n s to p s
fo r w a d in g
( ~ 5 0 s )
M ig r a t io n
( 3 0 s )
Virtual Network Isolation
0 1 0 2 0 3 0 4 0 5 0
2 0
4 0
6 0
8 0
1 0 0
T im e ( s )
CP
U U
sa
ge
(%
)
M a c h in e 1
M a c h in e 2
O v e r lo a d
C P U
B a la n c in g
D e te c t io n
0 10 20 30 40 500
50k
100k
150k
Time (s)
Ra
te (
By
tes
/s)
Malicious Flow
Legitimate Flow Block
0 2 0 4 0 6 00
2 0
4 0
6 0
8 0
1 0 0
Th
ro
ug
hp
ut
(Mb
/s)
T im e ( s )
M in im u m V N 2
( 4 0 M b /s )
M in im u m V N 1
( 2 0 M b /s )
O V S V N 2
O V S V N 1
F IT S V N 2
F IT S V N 1
S ta r t in g
C o n t r o l le r
( 3 0 s )
0 2 0 4 0 6 0 8 0 1 0 0 1 2 00
2 0
4 0
6 0
8 0
1 0 0
T im e ( s )
Cu
mu
lati
ve
Tra
ffic
(M
B)
C C N
T C P / IP
0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 00
2
4
6
8
1 0
U n lo a d T im e ( s )
Da
ta T
ra
ffic
(M
b)
3 .9 s
4 . 9 s
M o b i le C l ie n t
R e c o n n e c t io n t im e s
o f th e m o b i le c l ie n t
W ir e le s s N e tw o k 2
W ir e le s s
N e tw o r k 1
Network Controller
- Profiler- VM Orchestrator- POX Controller
Mirror Traffic to new IDPS VM3
Physical Node
Virtual NodesStart new
IDPS VM2
Detect IDPS VM Overload1
New IDPS VM
Overloaded IDPS VM
Physical Node CPUBefore Migrations
Physical Node CPUAfter Migrations
Beginning of VM migrations
Processing increase due to migration}
End of VM migrations
VM MigrationResource Isolation
Malicious Flow BlockingCPU Balancing
CCN MobilityTCP/IP vs. CCN
