The Dynamics of Internet Traffic: Self-Similarity, Self-Organization, and Complex Phenomena

The Internet is the most complex system ever created in human history. Therefore, its dynamics and traffic unsurprisingly take on a rich variety of complex dynamics, self-organization, and other phenomena that have been researched for years. This paper is a review of the complex dynamics of Internet traffic. Departing from normal treatises, we will take a view from both the network engineering and physics perspectives showing the strengths and weaknesses as well as insights of both. In addition, many less covered phenomena such as traffic oscillations, large-scale effects of worm traffic, and comparisons of the Internet and biological models will be covered.Comment: 63 pages, 7 figures, 7 tables, submitted to Advances in Complex System

Contributions based on cross-layer design for quality-of-service provisioning over DVB-S2/RCS broadband satellite system

Contributions based on cross-layer design for Quality-of-Service provisioning over DVB-S2/RCS Broadband Satellite Systems Nowadays, geostationary (GEO) satellite infrastructure plays a crucial role for the provisioning of IP services. Such infrastructure can provide ubiquity and broadband access, being feasible to reach disperse populations located worldwide within remote areas where terrestrial infrastructure can not be deployed. Nevertheless, due to the expansion of the World Wide Web (WWW), new IP applications such as Voice over IP (VoIP) and multimedia services requires considering different levels of individual packet treatment through the satellite network. This differentiation must include not only the Quality of Service (QoS) parameters to specify packet transmission priorities across the network nodes, but also the required amount of bandwidth assignment to guarantee its transport. In this context, the provisioning of QoS guarantees over GEO satellite systems becomes one of the main research areas of organizations such as the European Space Agency (ESA). Mainly because, their current infrastructures require continuous exploitation, as launching a new communication satellite is associated with excessive costs. Therefore, the support of IP services with QoS guarantees must be developed on the terrestrial segment to enable using the current assets. In this PhD thesis several contributions to improve the QoS provisioning over DVB-S2/RCS Broadband Satellite Systems have been developed. The contributions are based on cross-layer design, following the layered model standardized in the ETSI TR 102 157 and 462. The proposals take into account the drawbacks posed by GEO satellite systems such as delay, losses and bandwidth variations. The first contribution proposes QoSatArt, an architecture defined to improve QoS provisioning among services classes considering the physical layer variations due to the presence of rain events. The design is developed inside the gateway, including the specification of the main functional blocks to provide QoS guarantees and mechanisms to minimize de delay and jitter values experienced at the application layer. Here, a cross-layer design between the physical and the network layer has been proposed, to enforce the QoS specifications based on the available bandwidth. The proposed QoSatArt architecture is evaluated using the NS-2 simulation tool. In addition, the performance analysis of several standard Transmission Control Protocol (TCP) variants is also performed. This is carry out to find the most suitable TCP variant that enhances TCP transmission over a QoS architecture such as the QoSatArt. The second contribution proposes XPLIT, an architecture developed to enhance TCP transmission with QoS for DVB-S2/RCS satellite systems. Complementary to QoSatArt, XPLIT introduces Performance Enhanced Proxies (PEPs), which breaks the end-to-end semantic of TCP connections. However, it considers a cross-layer design between the network layer and the transport layer to enhance TCP transmission while providing them with QoS guarantees. Here, a modified TCP variant called XPLIT-TCP is proposed to send data through the forward and the return channel. XPLIT-TCP uses two control loops (the buffer occupancy and the service rate to provide optimized congestion control functions. The proposed XPLIT architecture is evaluated using the NS-2 simulation tool. Finally, the third contribution of this thesis consists on the development of a unified architecture to provide QoS guarantees based on cross-layer design over broadband satellite systems. It adopts the enhancements proposed by the QoSatArt architecture working at the network layer, in combination with the enhancements proposed by the XPLIT architecture working at the transport layer.Actualmente, los satélites Geoestacionarios (GEO) juegan un papel muy importante en la provisión de servicios IP. Esta infraestructura permite proveer ubicuidad y acceso de banda ancha, haciendo posible alcanzar poblaciones dispersas en zonas remotas donde la infraestructura terrestre es inexistente. Sin embargo, en la provisión de aplicaciones como Voz sobre IP (VoIP) y servicios multimedia, es importante considerar el tratamiento diferenciado de paquetes a través de la red satelital. Esta diferenciación debe considerar no solo los requerimientos de Calidad de Servicio (QoS) que especifican las prioridades de los paquetes a través de los nodos de red, si no también el ancho de banda asignado para garantizar su transporte. En este contexto, la provisión de garantías de QoS sobre satélites GEO es una de las Principales áreas de investigación de organizaciones como la Agencia Espacial Europea (ESA) persiguen. Esto se debe principalmente ya que dichas organizaciones requieren la explotación continua de sus activos, dado que lanzar un nuevo satélite al espacio representa costos excesivos. Como resultado, el soporte de servicios IP con calidad de servicio sobre la infraestructura satelital actual es de vital importancia. En esta tesis doctoral se presentan varias contribuciones para el soporte a la Calidad de Servicio en redes DVB-S2/RCS satelitales de banda ancha. Las contribuciones propuestas se basan principalmente en el diseño ”cross-layer” siguiendo el modelo de capas definido y estandarizado en las especificaciones ETSI TR 102 157 [ETS03] y 462 [10205]. Las contribuciones propuestas consideran las limitaciones presentes de los sistemas satelitales GEO como lo son el retardo de propagación, la perdida de paquetes y las variaciones de ancho de banda causados por eventos atmosféricos. La primera contribución propone QoSatArt, una arquitectura definida para mejorar el soporte a la QoS. Esta arquitectura considera las variaciones en la capa física debido a la presencia de eventos de lluvia para priorizar los niveles de QoS. El diseño se desarrolla en el gateway e incluye las especificaciones de los principales elementos funcionales y mecanismos para garantizar la QoS y minimizar el retardo presente en la capa de aplicación. Aquí, se propone un diseño ”cross-layer” entre la capa física y la capa de red, con el objetivo de reforzar las especificaciones de QoS considerando el ancho de banda disponible. La arquitectura QoSatArt es simulada y evaluada empleando la herramienta de simulación NS-2. Adicionalmente, un análisis de desempeño de diversas variantes de TCP (Transmission Control Protocol) es realizado con el objetivo de encontrar la variante de TCP más adecuada para trabajar en un ambiente con QoS como QoSatArt. La segunda contribución propone XPLIT, una arquitectura desarrollada para mejorar las transmisiones TCP con QoS en un sistema satelital DVB-S2/RCS. Complementario a QoSatArt, XPLIT emplea PEPs (Performance Enhanced Proxies), afectando la semántica end-to-end de las conexiones TCP. Sin embargo, XPLIT considera un diseño ”cross-layer” entre la capa de red y la capa de transporte con el objetivo de mejorar las transmisiones TCP considerando los parámetros de QoS como la ocupación de la cola y la tasa de transmisión (_i, _i). Aquí, se propone el uso de una nueva variante de TCP es propuesta llamada XPLIT-TCP, que usa dos bucles para proveer funciones mejoradas en el control de congestión. La arquitectura XPLIT es simulada y evaluada empleando la herramienta de simulación NS-2. Finalmente, la tercera contribución de esta tesis consiste en el desarrollo de un arquitectura unificada para el soporte a la QoS en redes satelitales de banda ancha basada en técnicas ”cross-layer”. Esta arquitectura adopta las mejoras propuestas por QoSatArt en la capa de red en combinación con las mejoras propuestas por XPLIT en la capa de transporte

Optimisation de bout-en-bout du démarrage des connexions TCP

Dans cette thèse, nous proposons un mécanisme appelé Initial Spreading qui permet une optimisation remarquable des performances de TCP pour les connexions de petites tailles, représentant plus de 90% des connexions échangées dans l’Internet. Cette solution est d’autant plus intéressante que pour certaines technologies telles qu’un lien satellite, le temps d’aller-retour particulièrement long est très pénalisant, et des solutions spécifiques ont dû être implantées qui empêchent l’intégration du satellite dans un système de communication plus large. Nous montrons que l’Initial Spreading est non seulement plus performant, mais surtout plus général car pertinent dans toutes les situations. De plus, peu intrusif, il ne compromet aucune des évolutions de TCP passées ou à venir. ABSTRACT : In this Ph.D. Thesis, we propose a mechanism called Initial Spreading that significantly improves the TCP short-lived connexions performance, and so more than 90% of the Internet connections. Indeed, if regular TCP without our mechanism can be considered as efficient for terrestrial networks, its behavior is strongly damaged by the long delay of a satellite communication. Satellite community developed then some satellite specific solutions that provide good performance, but prevent the joint use of satellite and other technologies. We show therefore that Initial Spreading is not only more efficient than regular solutions but enables also the use of an unique protocol whatever the context. Moreover, being non-intrusive, it is suitable for past and future TCP evolutions

Reducing Internet Latency : A Survey of Techniques and their Merit

Bob Briscoe, Anna Brunstrom, Andreas Petlund, David Hayes, David Ros, Ing-Jyh Tsang, Stein Gjessing, Gorry Fairhurst, Carsten Griwodz, Michael WelzlPeer reviewedPreprin

Countering DoS Attacks With Stateless Multipath Overlays

Indirection-based overlay networks (IONs) are a promising approach for countering distributed denial of service (DDoS) attacks. Such mechanisms are based on the assumption that attackers will attack a fixed and bounded set of overlay nodes causing service disruption to a small fraction of the users. In addition, attackers cannot eaves-drop on links inside the network or otherwise gain information that can help them focus their attacks on overlay nodes that are critical for specific communication flows. We develop an analytical model and a new class of attacks that considers both simple and advanced adversaries. We show that the impact of these simple attacks on IONs can severely disrupt communications. We propose a stateless spread-spectrum paradigm to create per-packet path diversity between each pair of end-nodes using a modified ION access protocol. Our system protects end-to-end communications from DoS attacks without sacrificing strong client authentication or allowing an attacker with partial connectivity information to repeatedly disrupt communications. Through analysis, we show that an Akamai-sized overlay can withstand attacks involving over 1.3M "zombie" hosts while providing uninterrupted end-to-end connectivity. By using packet replication, the system can resist attacks that render up to 40% of the nodes inoperable. Surprisingly, our experiments on PlanetLab demonstrate that in many cases end-to-end latency decreases when packet replication is used, with a worst-case increase by a factor of 2.5. Similarly, our system imposes less than 15% performance degradation in the end-to-end throughput, even when subjected to a large DDoS attack

Enabling Work-conserving Bandwidth Guarantees for Multi-tenant Datacenters via Dynamic Tenant-Queue Binding

Today's cloud networks are shared among many tenants. Bandwidth guarantees and work conservation are two key properties to ensure predictable performance for tenant applications and high network utilization for providers. Despite significant efforts, very little prior work can really achieve both properties simultaneously even some of them claimed so. In this paper, we present QShare, an in-network based solution to achieve bandwidth guarantees and work conservation simultaneously. QShare leverages weighted fair queuing on commodity switches to slice network bandwidth for tenants, and solves the challenge of queue scarcity through balanced tenant placement and dynamic tenant-queue binding. QShare is readily implementable with existing switching chips. We have implemented a QShare prototype and evaluated it via both testbed experiments and simulations. Our results show that QShare ensures bandwidth guarantees while driving network utilization to over 91% even under unpredictable traffic demands.Comment: The initial work is published in IEEE INFOCOM 201

Moving toward the intra-protocol de-ossification of TCP in mobile networks: Start-up and mobility

182 p.El uso de las redes móviles de banda ancha ha aumentado significativamente los últimos años y se espera un crecimiento aún mayor con la inclusión de las futuras capacidades 5G. 5G proporcionará unas velocidades de transmisión y reducidos retardos nunca antes vistos. Sin embargo, la posibilidad de alcanzar las mencionadas cuotas está limitada por la gestión y rendimiento de los protocolos de transporte. A este respecto, TCP sigue siendo el protocolo de transporte imperante y sus diferentes algoritmos de control de congestión (CCA) los responsables finales del rendimiento obtenido. Mientras que originalmente los distintos CCAs han sido implementados para hacer frente a diferentes casos de uso en redes fijas, ninguno de los CCAs ha sido diseñado para poder gestionar la variabilidad de throughput y retardos de diferentes condiciones de red redes móviles de una manera fácilmente implantable. Dado que el análisis de TCP sobre redes móviles es complejo debido a los múltiples factores de impacto, nuestro trabajo se centra en dos casos de uso generalizados que resultan significativos en cuanto a afección del rendimiento: movimiento de los usuarios como representación de la característica principal de las redes móviles frente a las redes fijas y el rendimiento de la fase de Start-up de TCP debido a la presencia mayoritaria de flujos cortos en Internet. Diferentes trabajos han sugerido la importancia de una mayor flexibilidad en la capa de transporte, creando servicios de transporte sobre TCP o UDP. Sin embargo, estas propuestas han encontrado limitaciones relativas a las dependencias arquitecturales de los protocolos utilizados como sustrato (p.ej. imposibilidad de cambiar la configuración de la capa de transporte una vez la transmisión a comenzado), experimentando una capa de transporte "osificada". Esta tesis surge como respuesta a fin de abordar la citada limitación y demostrando que existen posibilidades de mejora dentro de la familia de TCP (intra-protocolar), proponiendo un marco para solventar parcialmente la restricción a través de la selección dinámica del CCA más apropiado. Para ello, se evalúan y seleccionan los mayores puntos de impacto en el rendimiento de los casos de uso seleccionados en despliegues de red 4G y en despliegues de baja latencia que emulan las potenciales latencias en las futuras capacidades 5G. Estos puntos de impacto sirven como heurísticas para decidir el CCA más apropiado en el propuesto marco. Por último, se valida la propuesta en entornos de movilidad con dos posibilidades de selección: al comienzo de la transmisión (limitada flexibilidad de la capa de transporte) y dinámicamente durante la transmisión (con una capa de transporte flexible). Se concluye que la propuesta puede acarrear importantes mejoras de rendimiento al seleccionar el CCA más apropiado teniendo en cuenta la situación de red y los requerimientos de la capa de aplicación

Delivering Consistent Network Performance in Multi-tenant Data Centers

Data centers are growing rapidly in size and have recently begun acquiring a new role as cloud hosting platforms, allowing outside developers to deploy their own applications on large scales. As a result, today\u27s data centers are multi-tenant environments that host an increasingly diverse set of applications, many of which have very demanding networking requirements. This has prompted research into new data center architectures that offer increased capacity by using topologies that introduce multiple paths between servers. To achieve consistent network performance in these networks, traffic must be effectively load balanced among the available paths. In addition, some form of system-wide traffic regulation is necessary to provide performance guarantees to tenants. To address these issues, this thesis introduces several software-based mechanisms that were inspired by techniques used to regulate traffic in the interconnects of scalable Internet routers. In particular, we borrow two key concepts that serve as the basis for our approach. First, we investigate packet-level routing techniques that are similar to those used to balance load effectively in routers. This work is novel in the data center context because most existing approaches route traffic at the level of flows to prevent their packets from arriving out-of-order. We show that routing at the packet-level allows for far more efficient use of the network\u27s resources and we provide a novel resequencing scheme to deal with out-of-order arrivals. Secondly, we introduce distributed scheduling as a means to engineer traffic in data centers. In routers, distributed scheduling controls the rates between ports on different line cards enabling traffic to move efficiently through the interconnect. We apply the same basic idea to schedule rates between servers in the data center. We show that scheduling can prevent congestion from occurring and can be used as a flexible mechanism to support network performance guarantees for tenants. In contrast to previous work, which relied on centralized controllers to schedule traffic, our approach is fully distributed and we provide a novel distributed algorithm to control rates. In addition, we introduce an optimization problem called backlog scheduling to study scheduling strategies that facilitate more efficient application execution

Scalable Wavelet-Based Active Network Stepping Stone Detection

Network intrusions leverage vulnerable hosts as stepping stones to penetrate deeper into a network and mask malicious actions from detection. This research focuses on a novel active watermark technique using Discrete Wavelet Transformations to mark and detect interactive network sessions. This technique is scalable, nearly invisible and resilient to multi-flow attacks. The watermark is simulated using extracted timestamps from the CAIDA 2009 dataset and replicated in a live environment. The simulation results demonstrate that the technique accurately detects the presence of a watermark at a 5% False Positive and False Negative rate for both the extracted timestamps as well as the empirical tcplib distribution. The watermark extraction accuracy is approximately 92%. The live experiment is implemented using the Amazon Elastic Compute Cloud. The client system sends marked and unmarked packets from California to Virginia using stepping stones in Tokyo, Ireland and Oregon. Five trials are conducted using simultaneous watermarked and unmarked samples. The live results are similar to the simulation and provide evidence demonstrating the effectiveness in a live environment to identify stepping stones