Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
PortLand: a scalable fault-tolerant layer 2 data center network fabric
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
VL2: a scalable and flexible data center network
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Safe and effective fine-grained TCP retransmissions for datacenter communication
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
RouteBricks: exploiting parallelism to scale software routers
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
ElasticTree: saving energy in data center networks
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Hedera: dynamic flow scheduling for data center networks
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Network traffic characteristics of data centers in the wild
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
ServerSwitch: a programmable and high performance platform for data center networks
Proceedings of the 8th USENIX conference on Networked systems design and implementation
DevoFlow: scaling flow management for high-performance networks
Proceedings of the ACM SIGCOMM 2011 conference
Leveraging Zipf's law for traffic offloading
ACM SIGCOMM Computer Communication Review
AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Commodity switches are becoming increasingly important as they are the basic building blocks for the enterprise and data center networks. With the availability of all-in-one switching ASICs, these switches almost universally adopt single switching ASIC design. However, such design also brings two major limitations, i.e, limited forwarding table for flow-based forwarding scheme such as Openflow and shallow buffer for bursty traffic pattern. In this paper, we propose to use CPU in the switches to handle not only control plane but also data plane traffic. We show that this design can provide large forwarding table for flow-based forwarding scheme and deep packet buffer for bursty traffic. We build such a prototype switch on ServerSwitch platform. In our evaluation, we show that our prototype can achieve over 90% traffic offloading ratio, absorb large traffic bursts without a single packet drop, and can be easily programmed to detect and defend low-rate burst attacks.