Showing papers on "Overlay network published in 2023"

SOLA: A Decentralized Communication Middleware Developed with ns-3

Abstract: The transformation from static production facilities into a flexible and decentralized cyber-physical production system (CPPS) is part of the current ongoing Industry 4.0. A CPPS will enable and support communication between people, machines and virtual objects, e.g., as material flow or products, alike. However, communication in CPPS relies often on centralized approaches using a message broker or is not considered at all. We present in this paper the decentralized communication middleware called SOLA with an emphasis on, but not limited to, CPPS. SOLA uses the inherent given capability to communicate of participating nodes and eliminates the need for a central instance. A structured overlay network is created and managed, which appears to its users as a single coherent system. The main building blocks of SOLA are the management overlay and the event dissemination. Within this building blocks, no single peer has a global view and all operations are based on each peer’s local view. The local view represents some selected links to a subset of all peers in the network. In addition to this, we also present how SOLA was developed with the help of the discrete-event simulator ns-3. Finally, we also show how we have used ns-3 to simulate a self-organizing material flow where participants use SOLA to communicate.

XRP-NDN overlay: Improving the Communication Efficiency of Consensus-Validation based Blockchains with an NDN Overlay

Abstract: With growing adoption of Distributed Ledger Technologies, their networks must scale while maintaining efficient communication for the underlying consensus and replication mechanisms. New content distribution concepts like Named Data Networking create opportunities to achieve this. We present and evaluate XRP-NDN overlay, a solution to increase communication efficiency for consensus-validation blockchains like XRP Ledger. We send consensus messages over different communication models and show that the chosen model lowers the number of messages at node level to minimum, while maintaining or improving performance by leveraging overlay advantages.

Extending Kubernetes Networking to make use of Segment Routing over IPv6 (SRv6)

Abstract: Kubernetes is the leading platform for orchestrating containerized applications. In this paper, we extend Kubernetes networking to make use of SRv6, a feature-rich overlay networking mechanism. Integration with SRv6 can be very beneficial when Kubernetes is used in large-scale and distributed multi-datacenter scenarios. We have focused on the Calico CNI plugin, one of the most used Kubernetes networking plugins. In particular, we consider Calico-VPP, a version of the Calico plugin based on the VPP (Vector Packet Processing) data plane, which provides support for SRv6 operations with very high performance. The proposed SRv6 overlay networking solution for Kubernetes offers several advantages compared to a traditional overlay (e.g. IP in IP), in particular the possibility to use Traffic Engineering for the overlay tunnels. In the paper, we provide the architecture and the detailed design of the SRv6 based overlay and describe our open source implementation. We consider the research and technological question on how to extend Kubernetes networking to support large-scale and distributed multi-datacenter scenarios, which is an important goal for Cloud and Network providers. In this respect, we compare two different solutions for the control plane architecture of the SRv6 capable Kubernetes networking plugin, one based on the BGP routing protocol and another one based on extending the Kubernetes control plane. Finally, we report a performance evaluation of the data plane of the proposed SRv6 overlay networking, showing that it has comparable performance to existing overlay solutions (e.g. IP in IP), while offering a richer set of features.

Broadcast with Tree Selection from Multiple Spanning Trees on an Overlay Network

Abstract: SUMMARY On an overlay network where a number of nodes work autonomously in a decentralized way, the efficiency of broadcasts has a significant impact on the performance of distributed systems built on the network. While a broadcast method using a spanning tree produces a small

Container network architecture and performance analysis of Macvlan and IPvlan

Abstract: Macvlan and IPvlan modes allow the host physical Network Interface Card (NIC) to create several virtual sub interfaces, which can meet the containers communication requirements across different network segment in complex application scenarios. The paper describes the architecture characteristics of these two modes in depth and builds container overlay network in single machine and multi machine environments. Around the key network indicators such as round-trip time (RTT), bandwidth and jitter, Ping and Iperf tools are used to test and analyse the end-to-end container communication performance. The experimental results show that IPvlan mode has better network performance and provides a comprehensive and rich application scenario for the container overlay network.

Tree-structured Overlays with Minimal Height: Construction, Maintenance and Operation

Abstract: Distributed systems, potentially growing large and consisting of heterogeneous nodes, are advised to be constructed following the Peer-to-Peer (P2P) networking paradigm. It becomes imperative that a Peer-to-Peer (P2P) network is paired with efficient protocols for each phase of its life cycle: construction as well as maintenance and operation. Three operations are fundamental for a Peer-to-Peer (P2P) network: nodes must be able to a) join, b) be located, c) leave. The main challenge for efficient protocols is that a single node will only possess limited information about the network, also known as the local view. In this paper, we present the minimal height tree overlay network (MINHTON), a Peer-to-Peer (P2P) overlay architecture featuring several beneficial structural properties added over existing tree-structured networks. The minimal height guarantees a global tree balance, yet, it must be retained at all times, even though the Peer-to-Peer (P2P) network may change dynamically. MINHTON provides efficient protocols for node Join and Departure, both retaining a minimal height tree. We show that the operations achieve performance in logarithmic order, comparable to tree overlays with less strict structural guarantees.

Examining Lower Latency Routing with Overlay Networks

Abstract: In today's rapidly expanding digital landscape, where access to timely online content is paramount to users, the underlying network infrastructure and latency performance significantly influence the user experience. We present an empirical study of the current Internet's connectivity and the achievable latencies to propose better routing paths if available. Understanding the severity of the non-optimal internet topology with RIPE Atlas stats, we conduct practical experiments to demonstrate that local traffic from the San Diego area to the University of California, San Diego reaches up to Los Angeles before serving responses. We examine the traceroutes and build an experimental overlay network to constrain the San Diego traffic within the city to get better round-trip time latencies.

A Method for DDOS Attacks Prevention Using SDN and NFV

Abstract: Abstract One of the most widespread forms of security attacks in enterprise networks is Distributed Denial-of-Service (DDOS) attacks. The purpose of DDOS attacks is to intentionally disrupt a network by sending a large amount of false requests. A new path for network design and management has been created with the introduction of Network Functions Virtualization (NFV). NFV architectures allow network functions to be defined quite dynamically. Dynamic definitions of network functions provide the best support for organizational environments. The aim of this research is to prevent DDOS attacks using NFV and SDN platforms. The research method uses the Moving Target Defense (MTD) idea to change the network routes and services location for specific detection packets. The MTD prevents attackers from performing DDOS attacks on real network topologies. A major innovation presented in this research is the selection of moving target defense types based on the processing resources of the overlay networks. The results indicates that the proposed method will save these resources and reduce the time required to check packets in networks.

An Adaptive Virtual Node Management Method for Overlay Networks Based on Multiple Time Intervals

Abstract: IoT, where the low cost of sensor devices is a background for widespread use, handles much information closely related to location and time. To handle large amounts of sensor data efficiently, the authors have proposed a method to treat queries efficiently, mainly focusing on time ties. In the previous study, we proposed a method to improve efficiency by virtualization and changing the routing algorithm, but the effect was limited. Moreover, it did not consider differences in device performance, which is a characteristic of existing P2P networks. In this paper, we propose a method for adaptively allocating virtual nodes (computers). In the proposed, each physical node independently determines the number of virtual nodes based on its performance and the target size for the entire network. Experiments demonstrate that it can allocate nodes according to the processing capacity of nodes.

deController: A Web3 Native Cyberspace Infrastructure Perspective

Abstract: Web3 brings an emerging outlook for the value of decentralization, boosting the decentralized infrastructure. People can benefit from Web3, facilitated by the advances in distributed ledger technology, to read, write and own web content, services and applications more freely without revealing their real identities. Although the features and merits of Web3 have been widely discussed, the network architecture of Web3 and how to achieve complete decentralization considering law compliance in Web3 are still unclear. Here, we propose a perspective of Web3 architecture, deController, consisting of underlay and overlay network as Web3 infrastructures to underpin services and applications. The functions of underlay and overlay and their interactions are illustrated. Meanwhile, the security and privacy of Web3 are analyzed based on a novel design of threetier identities cooperating with deController. Furthermore, the impacts of laws on privacy and cyber sovereignty to achieve Web3 are discussed.

Peer‐to‐Peer Systems

Abstract: The main focus of peer-to-peer (P2P) applications is to embed regularity in selecting the next hop in routing between peers. Though overlay networks instill regularity, an overlay link may consist of several physical links. Many interconnection networks, such as de Bruijn graphs or hypercube networks, may qualify as P2P overlays. However, a P2P overlay must have unique properties helpful in exploiting logical connectivity to map topological connectivity with constant or low dilation. We need a distributed hash-oriented structure that can map the elements quickly into a large address space consisting of shared files and nodes of a distributed network. It should also support fast search, insert and delete operations. Chord, Pastry, content addressable P2P network (CAN), and Kademlia are well known among the overlays proposed for implementing distributed hash tables.

deController: A Web3 Native Cyberspace Infrastructure Perspective

Abstract: Web3 brings an emerging outlook for the value of decentralization, boosting the decentralized infrastructure. People can benefit from Web3, facilitated by the advances in distributed ledger technology, to read, write and own web content, services and applications more freely without revealing their real identities. Although the features and merits of Web3 have been widely discussed, the network architecture of Web3 and how to achieve complete decentralization considering law compliance in Web3 are still unclear. Here, we propose a perspective of Web3 architecture, deController, consisting of underlay and overlay network as Web3 infrastructures to underpin services and applications. The functions of underlay and overlay and their interactions are illustrated. Meanwhile, the security and privacy of Web3 are analyzed based on a novel design of three-tier identities cooperating with deController. Furthermore, the impacts of laws on privacy and cyber sovereignty to achieve Web3 are discussed.

An Intent-Based Networking mechanism: A study case for efficient path selection using Graph Neural Networks

Abstract: The recent advancements in network systems, including Software-Defined Networking (SDN), Network Functions Virtualization (NFV), and cloud networking, have revolutionized network management by increasing efficiency and reducing manual effort. This has led to improved agility in deploying new network services, enabling scaling of network resources, making it easier to handle sudden increases in demand, and efficiently accessing new solutions. However, the heterogeneous network infrastructure and the physical links’ capability still impact the performance of interconnected nodes. This work provides a solution to this problem which centers on the use of Intent-Based Networking (IBN) for a high-level definition of service requirements (QoS) tailored to the specifications of each particular node. Additionally, Graph Neural Network (GNN) is integrated into the proposed system to model the overlay topology and understand the behavior of nodes and links. This allows the defined intents to be translated into optimal paths between end-to-end nodes. The network QoS is constantly monitored, and the GNN model regularly updates the path selection to meet the QoS specified by intents. The solution has been implemented as an IBN system design consisting of a manager for intent definition, a GNN model for optimal path selection, an Off-Platform Application (OPA) for policy creation, and a real-time monitoring system for network state assurance.

XRP-NDN Overlay: Improving the Communication Efficiency of Consensus-Validation based Blockchains with an NDN Overlay

Abstract: With the growing adoption of Distributed Ledger Technologies and the subsequent scaling of these networks, there is an inherent need for efficient and resilient communication used by the underlying consensus and replication mechanisms. While resilient and efficient communication is one of the main pillars of an efficient blockchain network as a whole, the Distributed Ledger Technology is still relatively new and the task of scaling these networks has come with its own challenges towards ensuring these goals. New content distribution concepts like Information Centric Networking, of which Named Data Networking is a worthy example, create new possibilities towards achieving this goal, through in-network caching or built-in native multicasting, for example. We present and evaluate XRP-NDN Overlay, a solution for increasing the communication efficiency for consensus-validation based blockchains like the XRP Ledger. We experiment by sending the XRP Ledger consensus messages over different Named Data Networking communication models and prove that our chosen model lowers the number of messages at node level to minimum necessary, while maintaining or improving blockchain performance by leveraging the possibilities offered by an overlay such as specific communication mechanisms.

SRv6-based Differentiated Service Framework for IP Networks

Abstract: With the development of 5G new services, the IP network layer needs to provide the service layer with deterministic carrying and forwarding capabilities characterized by differentiation and quality assurance. To effectively manage and utilize differentiated forwarding resources at the IP network layer, an open framework for IP network differentiated services based on SRv6 is proposed. The framework combines SRv6 BSID to abstract the end-to-end network forwarding path. A unified service resource pool with differentiated characteristics has been formed, and the service layer can schedule differentiated services on demand. We set up a typical operator backbone network environment in the laboratory, and verified that switching differentiated service resources on demand can make the video services own a better forwarding path. This framework can reduce the coupling between the service layer and the network layer, and provides differentiated services with guaranteed network quality through overlay and underlay collaboration.

Design and implementation of an advanced MQTT broker for distributed pub/sub scenarios

Abstract: MQTT is one of the most popular communication protocols for Internet of Things applications. Based on a publish/subscribe pattern, it relies on a single broker to exchange messages among clients according to topics of interest. However, such a centralized approach does not scale well and is prone to single point of failure risks, calling for solutions where multiple brokers cooperate together in a distributed fashion. In this paper, we present a complete solution for a distributed MQTT broker systems. We target several functional primitives which are key in such a scenario: broker discovery and failure recovery, overlay tree network creation and message routing. Moreover, we also focus on the case where multiple topics are present in the system. In such a scenario, a single tree-based overlay network connecting the different brokers may not be the most efficient solution. To cope with this issue, we propose a topic-based routing scheme for MQTT distributed brokers. The proposed solution creates multiple overlay networks in the distributed system, each one linking together only the brokers whose connected clients have interest in the same topics. We implement the complete system as an extension of the popular HiveMQ MQTT broker and perform several experiments to test its performance in scenarios characterized by a different publishers/subscribers configurations as well as number of topics existing in the system.

KuberneTSN: a Deterministic Overlay Network for Time-Sensitive Containerized Environments

Abstract: The emerging paradigm of resource disaggregation enables the deployment of cloud-like services across a pool of physical and virtualized resources, interconnected using a network fabric. This design embodies several benefits in terms of resource efficiency and cost-effectiveness, service elasticity and adaptability, etc. Application domains benefiting from such a trend include cyber-physical systems (CPS), tactile internet, 5G networks and beyond, or mixed reality applications, all generally embodying heterogeneous Quality of Service (QoS) requirements. In this context, a key enabling factor to fully support those mixed-criticality scenarios will be the network and the system-level support for time-sensitive communication. Although a lot of work has been conducted on devising efficient orchestration and CPU scheduling strategies, the networking aspects of performance-critical components remain largely unstudied. Bridging this gap, we propose KuberneTSN, an original solution built on the Kubernetes platform, providing support for time-sensitive traffic to unmodified application binaries. We define an architecture for an accelerated and deterministic overlay network, which includes kernel-bypassing networking features as well as a novel userspace packet scheduler compliant with the Time-Sensitive Networking (TSN) standard. The solution is implemented as tsn-cni, a Kubernetes network plugin that can coexist alongside popular alternatives. To assess the validity of the approach, we conduct an experimental analysis on a real distributed testbed, demonstrating that KuberneTSN enables applications to easily meet deterministic deadlines, provides the same guarantees of bare-metal deployments, and outperforms overlay networks built using the Flannel plugin.

Blockchain Nodes are Heterogeneous and Your P2P Overlay Should be Too: PODS

Abstract: At the core of each blockchain system, parties communicate through a peer-to-peer (P2P) overlay. Unfortunately, recent evidence suggests these P2P overlays represent a significant bottleneck for transaction throughput and scalability. Furthermore, they enable a number of attacks. We argue that these performance and security problems arise because current P2P overlays cannot fully capture the complexity of a blockchain system as they do not offer flexibility to accommodate node heterogeneity. We propose a novel approach to address these issues: P2P Overlay Domains with Sovereignty (PODS), which allows nodes in a single overlay to belong to multiple heterogeneous groups, called domains. Each domain features its own set of protocols, tailored to the characteristics and needs of its nodes. To demonstrate the effectiveness of PODS, we design and implement two novel node discovery protocols: FedKad and SovKad. Using a custom simulator, we show that node discovery using PODS (SovKad) architecture outperforms both single overlay (Kademlia) and multi-overlay (FedKad) architectures in terms of hop count and success rate, though FedKad requires slightly less bandwidth.