Lambda functions for network control and monitoring

Abstract

Monitoring a network in a precise manner is becoming more interesting in light of the volume of traffic that new infrastructures can accommodate. With the advent of programmable switches and routers, monitoring systems are turning to solutions that benefit from this new capability. There is also the establishment of a new back-end approach known as serverless computing, which consists in uploading lambda functions to the cloud. These functions offer backend services on an as-needed basis.

The goal of this work is to develop a monitoring system capable of detecting network attacks and specific events of interest to a network operator. To accomplish this, the two previously introduced notions are used, namely a backend architecture based on serverless computing and the assumption that the network is made up of programmable devices.

In terms of packet processing technology, we used XDP, which allows us to create a hook at the switch's network interface and execute a program. The program's goal is to save the headers of IP packets locally. These data are then formatted as custom events and transferred to an intermediate server. In order to do this, we have designed a protocol on top of UDP. The server will then trigger the execution of the lambda functions associated to the events. For their execution, we decided to choose Kubeless, a Kubernetes-native serverless framework. A Proof of Concept was created to see if our solution was scalable and possible. We then evaluate the amount of network traffic generated by our approach and discuss protocol limitations.

We conclude by suggesting several sorts of prospective improvements ranging from security to better benchmarking and other architectural options.