The Internet architecture has recently shifted towards a framework characterized by multiple interconnected cloud sites, all linked via an L3 IP network. With this shift, managing networking controls among multiple cloud sites is becoming a significant operational challenge. In particular, ensuring effective networking control necessitates a deeper understanding of flow-level dynamics for comprehensively monitoring interconnection statuses across multiple sites. In this paper, we first propose an IO Visor-enabled tracing solution for Linux-based boxes to efficiently enable the comprehensive collection of network packet flows across interconnected sites. Next, we apply IP prefix-based flow-level analysis at a centralized location to support the intent-based networking control application. This flow-level analysis involves generating policy-based specific action (i.e., redirect) via SDN controllers for specific source IP prefixes, which are causing unknown or potentially vulnerable flows. Furthermore, we employ an open-source ONOS SDN controller to tackle the challenge of managing the hybrid SDN-IP interconnections. By leveraging intent-based networking control, we effectively apply ONOS intents based on IP routing information and generated a set of forwarding action. We evaluate our proposed solution in an experimental SDN-cloud testbed, demonstrating its effectiveness in real-world scenarios. Overall, through the seamless integration of these monitoring and control approaches, we manage to enhance the adaptability and security of the interconnected cloud sites of the testbed.
Read full abstract