Between Dec 19, 2024 and Jan 2, 2025, datasets can be submitted to DRUM but will not be processed until after the break. Staff will not be available to answer email during this period, and will not be able to provide DOIs until after Jan 2. If you are in need of a DOI during this period, consider Dryad or OpenICPSR. Submission responses to the UDC may also be delayed during this time.

Browsing by Author "Jin, Cheng"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Exerting Fine-Grained Path Control over Legacy Switches in Hybrid Networks
    (2016-09-14) Jin, Cheng; Lumezanu, Cristian; Xu, Qiang; Mekky, Hesham; Zhang, Zhi-Li; Jiang, Guofei
    Software-defined networking (SDN) provides fine-grained network control and monitoring that simplifies network management. Unfortunately, upgrading existing enterprise networks, comprised of numerous “legacy” switches, to SDN is often cost-prohibitive. We argue that it is possible to achieve most of the benefits of a fully deployed SDN at a fraction of the cost by strategically replacing only few legacy switches with – or introducing a few – new SDN-capable switches in a legacy network, thus creating a hybrid network. We present Magneto, a unified network controller that exerts SDN-like, fine-grained path control over both OpenFlow and legacy switches in hybrid networks. Magneto i) introduces magnet MAC addresses and dynamically updates IP-to-magnet MAC mappings at hosts via gratuitous ARP messages for visibility and routing control; and ii) uses the ability of SDN switches to send “custom” packets into the data plane to manipulate legacy switches into updating forwarding entries with magnet MAC addresses for enhanced routing flexibility. Our evaluations on a lab testbed and through extensive simulations on large enterprise network topologies show that Magneto is able to achieve full control over routing when only 20% of network switches are programmable, with negligible computation and latency overhead.
  • Thumbnail Image
    Item
    Towards More Manageable and Secure Enterprise and Data-Center Networks
    (2018-03) Jin, Cheng
    Past decades have seen ever more devices connected to the Internet and new networked services created. Demands for networks -- whether campus or enterprise networks that support most of our daily work activities or data center networks that power today's cloud services such as web, email, social media, music or video streaming services -- have seen rapid growth. Managing and securing these networks with growing size and complexity have become a daunting task, as today's networks are primarily "manually" managed by network operators. This task is further compounded by lack of effective tools for network configurations and monitoring systems to provide visibility as to what is going on inside a network. This thesis studies existing network management approaches and identifies their limitations. We develop new network management frameworks -- in particular, leveraging emerging networking technologies -- to assist network operators and users in better managing and securing networks. We specifically focus on three key management tasks: diagnosing security policy misconfigurations, enhancing routing flexibility, and gaining on-demand flow visibility for better network control. First, we study security group (i.e., the primary means for cloud customers to configure security policies to protect their virtual machine instances from attacks) configurations and usage by customers in a public cloud platform based on real-world datasets. Motivated by the results and insights obtained from this measurement study, we develop a cloud security group analysis system which helps cloud customers diagnose potential misconfigurations and provides suggestions to refine security group configurations. Second, we propose a novel framework for incremental and graceful transition from legacy networks to Software-Defined Networking (SDN) networks in stages by gradually replacing legacy devices with SDN-enabled devices as needed and as budgets allow. Hence, network operators can gracefully experiment with SDN networks to gain experience and build confidence while minimizing service disruption. More importantly, operators can enjoy the benefits as fully deployed SDN networks. We design and build a novel unified network management controller that exerts SDN-like, fine-grained routing control over both SDN-enabled and legacy switches in hybrid networks. Third, with the goal of obtaining on-demand visibility as to monitor "who is talking to whom", we propose clairvoyant networks to provide visibility for any network flow at any time with low cost. Clairvoyant networks are partially programmable -- they require as few as one SDN switch -- and rely on a specialized network controller that controls paths through both the SDN and legacy networks. Our proposed clairvoyant controller allows operators to define what to see, where to see, and how to see; then enables/disables the specified flows' visibility in a task scheduler, within milliseconds. In summary, this thesis studies the management of enterprise and data center networks. Our developed systems are capable of: i) helping operators and users understand and diagnose security policy configurations; ii) providing unified routing control to enable incremental and graceful transition from legacy networks to SDN networks; and iii) gaining on-demand flow visibility for better network control.