EARL: sdn EnAbled MeasuRement for alL

Internet eXchange Points (IXPs) have become a critical element of the Internet, as they provide the physical locations where networks interconnect and exchange traffic. IXPs carry huge traffic volumes, reduce interconnection costs, and hence make national Internet access affordable. Despite the growth of these infrastructures, the rapid evolution of the Internet poses new challenges.

Reacting as soon as possible to the highly dynamic Internet environment has always been the first priority for Network Operators. Unfortunately, state-of-the-art techniques are extremely limited. Networks use the Border Gateway Protocol (BGP) to inform each other of which destinations are reachable. Accordingly, network operators (ab)use BGP Traffic Engineering (TE) to tweak traffic paths. TE is a network-management tool allowing a network to adapt events ranging from a change in customer location to mitigating dramatically large traffic outbursts of a malicious Distributed Denial of Service (DDoS) attack. However, BGP-TE lacks programmability and dynamism: once BGP preferences are set up, they cannot react in real-time to network events.

With a high-fidelity measurement-focused approach, a network could implement more sophisticated traffic management techniques. For example, any network connected through an IXP must implement ingress traffic filtering to avoid receiving undesirable traffic (e.g., DDoS attacks or resulting from misconfigurations). However, correctly controlling ingress filters is complex. Thus, most IXP customers unrealistically expect the organisations originating the traffic to manage any problem. TE limitations result from the inability of current Internet monitoring techniques to cope with the wide range of granularities of network events. While control plane related events (those concerned with the selection of paths/routes, such as BGP updates) happen at a time scale of minutes, data plane events (packet processing) occur at time-scales of micro-seconds. While control plane monitoring is relatively easy, data plane observability is poor, relies on expensive equipment, and does not scale.

EARL addresses this imbalance between the ability to observe control and data plane, and the consequent limits on the detection and reaction to network events. EARL is a novel integration of monitoring mechanisms and reactive network management. EARL enables a prompt reaction to network events with its Software Defined Networking (SDN) approach. Because of the IXP's central role on the Internet and the critical nature at the national level, we believe that they are the ideal place to explore EARL's ideas. We will demonstrate how measurement-assisted network management permits new Internet-wide services and, enables the provision of services hitherto considered impossible or too costly to deploy. Our goal for the EARL project is to pioneer SDN enabled measurement-based network management to enhance the Internet infrastructure. This will lead to relevant tools and data for the larger researcher and practitioner communities. To this aim, we will create a new research instrument, EARLnet: an operational, research-centered, Autonomous System (AS) directly connected to our partners, providing a new and unique real-world environment for the real-time monitoring of network status and SDN-oriented research. EARLnet will serve also as a test-bed to develop and evaluate novel reactive network management solutions.

The EARL project has the potential to revolutionise current Internet network management through new fine-grained and reactive TE policies. EARL will not only create new mechanisms, but also translate the blind, legacy BGP-based, TE into measurement-assisted SDN techniques. Furthermore, through our partner institution, the Cambridge Cloud Cybercrime Centre (CCCC), EARLnet will provide valuable data to a large community of researchers and practitioners.

EARL will reach and influence at least three main constituencies: (1) industry, (2) standardization bodies, and (3) the research community.

(1) Impact on industry. EARL will have a clear and positive impact on Internet eXchange Points (IXPs) as well as the networks there connected, which will ultimately benefit the national Internet access. With the UK housing some of the largest and most globally important IXPs, the direct impact through them and the networks connected there will be magnified. The letters of support accompanying this proposal indicate the serious and deep interest in the EARL project from a broad array of companies: LINX is a London based IXP and one of the largest worldwide, providing interconnection to over 700 Autonomous Systems (ASes). ESnet is a high-speed computer network serving the United States Department of Energy (DOE) scientists and their collaborators worldwide. GEANT is the pan-European research and education backbone network, a critical infrastructure interconnecting National Research and Education Networks (NRENs) across Europe. Google is one of the largest content service providers worldwide. As EARL impact will span beyond the providers of the Internet infrastructure, we will also work together with those companies providing the key elements to their operations. In particular, we will work with some of the main industrial providers of network equipment. Corsa is an SDN networking company focused on delivering programmable switches, routers and Layer4-7 capabilities for SDN and Network Function Virtualization (NFV). Cisco Systems is a leading networking company which designs, manufactures, and sells network equipment. These companies, which represent the key elements for SDN-enabled monitoring-assisted innovation, are eager to provide support and benefit from the outputs of our research.

(2) Impact on open standards. The EARL project will significantly contribute to open standards for programmable networking and monitoring. Standardisation efforts in SDN is currently thriving with a broad commercial and academic support. We will take part in standardisation activities and working groups such as the Open Networking Foundation (ONF) and Internet Research Task Force (IRTF) to emphasise the importance of measurement assisted network management in the fabrics of the future. The clear support from the ONF for this project opens the door for a fruitful collaboration towards new open standards.

(3) Impact on research community. Through our partner institution, the Cambridge Cloud Cybercrime Centre (CCCC), EARLnet will provide valuable data to a large community of researchers and practitioners. CCCC provides the ideal vehicle for data distribution with in-place legal frameworks and extensive relevant experience. This collaboration will amplify EARL's impact: the EARL project will provide to the CCCC essential technical data for CCCC to infer malicious security threats and CCCC will utilise its existing frameworks to make the data available to the wider community of researchers and practitioners.

The novelty, timeliness, and relevance of the EARL project will ensure a widespread interest in its results from the international community (i.e., RIPE, NANOG, MENOG). There will also be abundant opportunities for the technology to be exploited by the industrial supporters. Through those supporters, the EARL project will provide significant benefits to the UK software industry, increasing its competitiveness in the growing global Internet marketplace. For the academic partners, the project will lead to high-profile publications and to exciting opportunities for future research. This will further the UK's aspirations for the development and use of SDN-enabled technologies.