Home‎ > ‎

Proposed projects (fall semester, 2017/18)

Juju

Juju is an application and service modelling tool that enables you to quickly model, configure, deploy and manage applications in the cloud with only a few commands. It can be used it to deploy hundreds of preconfigured services, OpenStack, or your own code to any public or private cloud. However, currently it is unclear how Juju is appropriate for deploying service chains, i.e., services that require different components (e.g., virtual machines) to be chained in the proper way in order to deliver the expected output. For example, we can imagine a firewall VM with two vNICs, one to be attached to the internal network, the other to be attached to the Internet, which need to be properly connected to the right target in order to obtain the expected service. In addition, it is unclear how to create a traffic splitting connection with Juju, which is needed to create complex service graphs instead of simple chains.

This project aims at investigating the characteristics of the above project, in particular:

  • what is Juju, what it does
  • architecture and 
    • interaction among the Juju components
    • interaction with external components
  • how can be used to create complex network services (service chains, service graphs)
  • how does it compares with the minimal GUI developed by the Computer Network group and used to control the Universal Node orchestrator.

The project will require to present the findings with a public talk (45 mins + 15 questions), plus a live demo, which should also be recorded and left for future use.

Assignee:


Storage virtualization with IOVisor

IOvisor is a novel technology that exploits the eBPF virtual machine included in the LInux kernel. Currently, it has been used mainly for monitoring (tracing), and virtualized network services. However, in principle this technology can do much more than the above tasks, since it can be used to intercept any system call that is issued in the Linux kernel.

Among the possible system calls, this project focuses on storage (e.g., disk write/reads) and it aims at investigating the possibility to intercept the above calls and their potential modification.

This can be useful in particular for the world of containers (e.g., Docker), as a possible eBPF program can intercept any "write on disk" request and turn this into a "write on remote disk" command, with complete and transparent storage virtualization.

The project will require to present the findings with a public talk (45 mins + 15 questions), plus a live demo, which should also be recorded and left for future use.

Assignee: Raffaele Sommese


P4 integration in IOVisor

P4 (http://p4.org) is a domain-specific programming language used for specifying the dataplane behavior of network-forwarding elements. The language is designed to make it easy for developers to write custom data planes, with arbitrary matching and processing, without knowing the details of the target platform in which the program will be executed.

The project aims at exploring the possibility to execute P4 programs in the IOVisor environment, and to compare their speed with IOVisor-native software. In particular, this project aims at investigating:

  • P4 abstract model.
  • P4 programming paradigm.
  • How to compile and run P4 programs, which requires the creation of a minimal example that can be used to demonstrate the main features of the language.
  • Test and possibly improve the compiler that translates programs written in P4 into eBPF programs.
  • Compare the performance of a simple program (e.g., a learning bridge) written in P4 and in IOVisor.

The project will require to present the findings with a public talk (45 mins + 15 questions), plus a live demo, which should also be recorded and left for future use.

Assignee: Federico Rizzo


DDoS attack prevention in IOVisor

Distributed Denial of Service attacks are nowadays very common on the Internet and are able to generate a huge amount of traffic that overloads the server capacity. Current prevention techniques are based on a fast packet filtering mechanism that identifies the ongoing DDoS and discards the above packets, leaving the rest of the traffic to go through the network and reach the target server. The main problem of the above approach is the necessity of a very fast filtering mechanism, possibly done in software (and as early as possible in the operating system), as the current hardware appliances may not be flexible enough to respond with the proper filtering algorithm once the attack has been identified.

This project aims at implementing and validating one of the current DDoS technique in the IOVisor/XDP environment, and possibly compare its performance with competitor approaches such as dedicated software on the Linux operating system.

The project may require to present the findings with a public talk (45 mins + 15 questions), plus a live demo, which should also be recorded and left for future use.

Assignee:


Comments