Ontological interpretation of network monitoring data

Interpreting measurement and monitoring data from networks in general and the Internet in particular is a challenge. The motivation for this work has been to in- vestigate new ways to bridge the gap between the kind of data which are available and the more developed information which is needed by network stakeholders to support decision making and network management. Specific problems of syntax, semantics, conflicting data and modeling domain-specific knowledge have been identified. The methods developed and tested have used the Resource Descrip- tion Framework (rdf) and the ontology languages of the Semantic Web to bring together data from disparate sources into unified knowledgebases in two discrete case studies, both using real network data. Those knowledgebases have then been demonstrated to be usable and valuable sources of information about the networks concerned. Some success has been achieved in overcoming each of the identified problems using these techniques, proving the thesis that taking an ontological ap- proach to the processing of network monitoring data can be a very useful technique for overcoming problems of interpretation and for making information available to those who need it

Modeling the IPv6 Internet AS-level Topology

To measure the IPv6 internet AS-level topology, a network topology discovery system, called Dolphin, was developed. By comparing the measurement result of Dolphin with that of CAIDA's Scamper, it was found that the IPv6 Internet at AS level, similar to other complex networks, is also scale-free but the exponent of its degree distribution is 1.2, which is much smaller than that of the IPv4 Internet and most other scale-free networks. In order to explain this feature of IPv6 Internet we argue that the degree exponent is a measure of uniformity of the degree distribution. Then, for the purpose on modeling the networks, we propose a new model based on the two major factors affecting the exponent of the EBA model. It breaks the lower bound of degree exponent which is 2 for most models. To verify the validity of this model, both theoretical and experimental analyses have been carried out. Finally, we demonstrate how this model can be successfully used to reproduce the topology of the IPv6 Internet.Comment: 15 pages, 5 figure

Tracking Middleboxes in the Mobile World with TraceboxAndroid

peer reviewedMiddleboxes are largely deployed over cellular networks. It is known that they might disrupt network performance, expose users to security issues, and harm protocols deployability. Further, hardly any network measurements tools for smartphones are able to infer middlebox behaviors, specially if one cannot control both ends of a path. In this paper, we present TraceboxAndroid a proof-of-concept measurement application for Android mobile devices implementing the tracebox algorithm. It aims at diagnosing middlebox-impaired paths by detecting and locating rewriting middleboxes. We analyze a dataset sample to highlight the range of opportunities offered by TraceboxAndroid. We show that TraceboxAndroid can be useful for mobile users as well as for the research community

Building a Standard Measurement Platform

Network management is achieved through a large number of disparate solutions for different technologies and parts of the end-to-end network. Gaining an overall view, and especially predicting the impact on a service user, is difficult. Recently, a number of proprietary platforms have emerged to conduct end-to-end testing from user premises; however, these are limited in scale, interoperability, and the ability to compare like-for-like results. In this article we show that these platforms share similar architectures and can benefit from the standardization of key interfaces, test definitions, information model, and protocols. We take the SamKnows platform as a use case and propose an evolution from its current proprietary protocols to standardized protocols and tests. In particular, we propose to use extensions of the IETF's IPFIX and NETCONF/YANG in the platform. Standardization will allow measurement capabilities to be included on many more network elements and user devices, providing a much more comprehensive view of user experience and enabling problems and performance bottlenecks to be identified and addressed.Publicad

Internet Measurement

Nowadays, TCP channel estimation is a matter of great importance, being communication network metrology the core of network performance analysis field, since it allows to interpret and understand the network behaviour through the gathered metrics. In the context of this dissertation, an open source software project, available on GitHub, was developed. It uses a client-server architecture to estimate the Bulk Transfer Capacity (BTC) and provides portability due to Java and Android clients, being able to run on computers, tablets and mobile phones. Two algorithms to measure the BTC were deployed. Their measuring capacity was analysed and optimized, supported on studies about the influence of the TCP windows. The packet train dispersion algorithm was also implemented and analysed, but it did not allow measuring significant BTC results. The performance of the tool was tested for wired and cellular wireless networks, considering all the major Portuguese network operators. The results were compared to the ones measured by the iPerf3 reference tool, considering a stop criteria based on Jain’s Fairness Index [1] in order to inject the less possible traffic into the network. The measurement results are in line with the methodology proposed by ETSI and Ofcom to monitor the bandwidth, considering fixed time transmissions, and can contribute to reduce the transmission durations required to analyse each network

Survey of End-to-End Mobile Network Measurement Testbeds, Tools, and Services

Mobile (cellular) networks enable innovation, but can also stifle it and lead to user frustration when network performance falls below expectations. As mobile networks become the predominant method of Internet access, developer, research, network operator, and regulatory communities have taken an increased interest in measuring end-to-end mobile network performance to, among other goals, minimize negative impact on application responsiveness. In this survey we examine current approaches to end-to-end mobile network performance measurement, diagnosis, and application prototyping. We compare available tools and their shortcomings with respect to the needs of researchers, developers, regulators, and the public. We intend for this survey to provide a comprehensive view of currently active efforts and some auspicious directions for future work in mobile network measurement and mobile application performance evaluation.Comment: Submitted to IEEE Communications Surveys and Tutorials. arXiv does not format the URL references correctly. For a correctly formatted version of this paper go to http://www.cs.montana.edu/mwittie/publications/Goel14Survey.pd

ROVER: a DNS-based method to detect and prevent IP hijacks

2013 Fall.Includes bibliographical references.The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 16 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in February 2012, and an event that partially crippled Google in November 2012. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the Internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic. In this dissertation we propose ROVER (Route Origin VERification System), a novel and practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER exploits the reverse DNS for storing route origin data and provides a fail-safe, best effort approach to authentication. This approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. Our thesis is that ROVER systems can be deployed by a small number of institutions in an incremental fashion and still effectively thwart origin and sub-prefix IP hijacking despite non-participation by the majority of Autonomous System owners. We then present research results supporting this statement. We evaluate the effectiveness of ROVER using simulations on an Internet scale topology as well as with tests on real operational systems. Analyses include a study of IP hijack propagation patterns, effectiveness of various deployment models, critical mass requirements, and an examination of ROVER resilience and scalability

Integrated monitoring of multi-domain backbone connections -- Operational experience in the LHC optical private network

Novel large scale research projects often require cooperation between various different project partners that are spread among the entire world. They do not only need huge computing resources, but also a reliable network to operate on. The Large Hadron Collider (LHC) at CERN is a representative example for such a project. Its experiments result in a vast amount of data, which is interesting for researchers around the world. For transporting the data from CERN to 11 data processing and storage sites, an optical private network (OPN) has been constructed. As the experiment data is highly valuable, LHC defines very high requirements to the underlying network infrastructure. In order to fulfil those requirements, the connections have to be managed and monitored permanently. In this paper, we present the integrated monitoring solution developed for the LHCOPN. We first outline the requirements and show how they are met on the single network layers. After that, we describe, how those single measurements can be combined into an integrated view. We cover design concepts as well as tool implementation highlights.Comment: International Journal of Computer Networks & Communications (IJCNC