Software Defined Networking relies on logically centralized control systems that collect information and events from the network. Unfortunately, the static nature of the forwarding abstraction on which SDN data plane nodes are based, necessarily requires the intervention of a controller for any forwarding rule change, even for those that are related to changes of local states (i.e. confined within a single data plane device) representing the current networking conditions.
Three fundamental drawbacks emerge. The most obvious regards performance and scalability limitations related to (i) the unnecessary delay required to update the forwarding rules and (ii) the single computational bottleneck introduced by a centralized controller.
Second, such approach brings about security and reliability implications, as the communication channel between a remote control entity and the switch can be severely impaired by targeted denial of service attacks or link physical failures.
Finally, the “dumb nature” of traditional SDN switches results in dramatic functional limitations that impede the deployment of real time, self-adapting monitoring and mitigation applications directly in the fast path.
BEBA aims at providing the unprecedented ability to program, in a platform-agnostic manner, not only “just” plain forwarding rules, but also dynamic (custom) states determining which forwarding rules should be applied at a given time, and the relevant policies formalizing how states should evolve.
By introducing intelligence directly into the data plane nodes, BEBA will free SDN programmers from having to necessarily rely on the centralized controller intervention to implement more complex forwarding strategies.
Moreover BEBA will therefore permit organizations and network operators to deploy part of their stateful flow processing operations directly on the fast data path and inside the switch. This will dramatically improve the ability to instantly (i.e. at real-time, packet-level, temporal time-scale) modify the forwarding data plane in reaction to specific packet-level events, and in front of sudden changes or anomalies in the traffic behaviour, including attacks.
BEBA will start from defining novel use case application scenarios and requirements, which will inspire the extension of the basic SDN match/action forwarding behavior into more complex approaches based on eXtended Finite State Machines.
In a second phase, the project has focused on something much more ambitious. BEBA will aim at transforming a switch into a sort of network/flow processor programmed through a platform-independent abstraction. Our belief is that this can be accomplished by further introducing the ability to store temporary data into “memory registries” associated to flow entries, and provide the ability to enforce state transitions only if conditions on such registries are satisfied, as well as support registry updates upon the occurrence of events and/or state transitions.
According to such novel abstraction, BEBA will extend the data plane and control plane mechanisms, data structures and protocols and on top of these will allow the deployment of novel monitoring security and innovative forwarding applications.
