Skip to content

1. Components

Jump to bottom
Sanjhana Jayagopal edited this page Dec 4, 2019 · 1 revision

Analytics Engine

The analytics engine (AE) serves as the intelligent core of the programmable data plane. Its purpose is to analyze a stream of packets containing P4.INT data and make inferences relative to generally defined patterns. When a pattern is matched, the AE informs the SDN controller, which is responsible for implementing network changes through the control plane.

The AE’s functions include the following:

  • look at header and INT data,
  • determine when there is an attack,
  • share the attack signature with the controller to mitigate the attack, and
  • notify the controller when the attack has ended.

Controller

When the SDN controller is informed by the AE that a network goal (DDoS attack, QoS, etc.) has been detected, it updates action tables in the P4 devices through the control plane management interface (using protocols such as GRPC or Thrift). Thus, the P4 devices gain additional abilities in the data plane with a minimally intrusive controller activating them before consequences are experienced.

The controller’s functions include the following:

  • manage the network configuration on switches and gateways,
  • push DDoS mitigation to managed devices,
  • remove DDoS mitigation from managed devices, and
  • track which devices are participating in an attack through counters of dropped packets based on DDoS mitigation.

Core Switch

The core switch’s functions include the following:

  • manage the traffic between the access and core networks,
  • send P4.INT data and packet headers to the analytics engine,
  • add P4.INT data (source port, time, queue),
  • remove P4.INT headers before they leave the service provider network, and
  • mitigate DDoS attacks from the core network and the aggregate network.

Aggregate Switch

The aggregate switch’s functions include the following:

  • manage the traffic between the gateways and the core switch,
  • add P4.INT data,
  • forward traffic between gateways to the core switches, and
  • mitigate DDoS attacks from the core switches and gateways.

Gateway

The gateway’s functions include the following:

  • manage the traffic between the customer premises and the access network,
  • add P4.INT data, and
  • mitigate DDoS attacks from individual devices.

Customer Premises Equipment

The customer end devices are the typical end units used by end customers, including IoT devices, phones, laptops, and an ever-increasing variety of devices. Many are connected over Wi-Fi or LTE.

For the proof of concept, we use the following types of devices:

  • NAS—network attached storage,
  • TV—streaming television,
  • Camera—IP video streaming camera, and
  • Game—game console.
Clone this wiki locally