21 research outputs found
Multitenant Containers as a Service (CaaS) for Clouds and Edge Clouds
Cloud computing, offering on-demand access to computing resources through the
Internet and the pay-as-you-go model, has marked the last decade with its three
main service models; Infrastructure as a Service (IaaS), Platform as a Service
(PaaS), and Software as a Service (SaaS). The lightweight nature of containers
compared to virtual machines has led to the rapid uptake of another in recent
years, called Containers as a Service (CaaS), which falls between IaaS and PaaS
regarding control abstraction. However, when CaaS is offered to multiple
independent users, or tenants, a multi-instance approach is used, in which each
tenant receives its own separate cluster, which reimposes significant overhead
due to employing virtual machines for isolation. If CaaS is to be offered not
just at the cloud, but also at the edge cloud, where resources are limited,
another solution is required. We introduce a native CaaS multitenancy
framework, meaning that tenants share a cluster, which is more efficient than
the one tenant per cluster model. Whenever there are shared resources,
isolation of multitenant workloads is an issue. Such workloads can be isolated
by Kata Containers today. Besides, our framework esteems the application
requirements that compel complete isolation and a fully customized environment.
Node-level slicing empowers tenants to programmatically reserve isolated
subclusters where they can choose the container runtime that suits application
needs. The framework is publicly available as liberally-licensed, free,
open-source software that extends Kubernetes, the de facto standard container
orchestration system. It is in production use within the EdgeNet testbed for
researchers
EdgeNet: A Multi-Tenant and Multi-Provider Edge Cloud
International audienceEdgeNet is a public Kubernetes cluster dedicated to network and distributed systems research, supporting experiments that are deployed concurrently by independent groups. Its nodes are hosted by multiple institutions around the world. It represents a departure from the classic Kubernetes model, where the nodes that are available to a single tenant reside in a small number of well-interconnected data centers. The free open-source EdgeNet code extends Kubernetes to the edge, making three key contributions: multi-tenancy, geographical deployments, and single-command node installation. We show that establishing a public Kubernetes cluster over the internet, with multiple tenants and multiple hosting providers is viable. Preliminary results also indicate that the EdgeNet testbed that we run provides a satisfactory environment to run a variety of experiments with minimal network overhead
Multilevel MDA-Lite Paris Traceroute
Since its introduction in 2006-2007, Paris Traceroute and its Multipath
Detection Algorithm (MDA) have been used to conduct well over a billion IP
level multipath route traces from platforms such as M-Lab. Unfortunately, the
MDA requires a large number of packets in order to trace an entire topology of
load balanced paths between a source and a destination, which makes it
undesirable for platforms that otherwise deploy Paris Traceroute, such as RIPE
Atlas. In this paper we present a major update to the Paris Traceroute tool.
Our contributions are: (1) MDA-Lite, an alternative to the MDA that
significantly cuts overhead while maintaining a low failure probability; (2)
Fakeroute, a simulator that enables validation of a multipath route tracing
tool's adherence to its claimed failure probability bounds; (3) multilevel
multipath route tracing, with, for the first time, a Traceroute tool that
provides a router-level view of multipath routes; and (4) surveys at both the
IP and router levels of multipath routing in the Internet, showing, among other
things, that load balancing topologies have increased in size well beyond what
has been previously reported as recently as 2016. The data and the software
underlying these results are publicly available.Comment: Preprint. To appear in Proc. ACM Internet Measurement Conference 201
Travelling Without Moving: Discovering Neighborhood Adjacencies
peer reviewedSince the early 2000's, the research community has explored many approaches to discover and study the Internet topology, designing both data collection mechanisms and models.
In this paper, we introduce SAGE (Subnet AggrEgation), a new topology discovery tool that infers the hop-level graph of a target network from a single vantage point. SAGE relies on subnet-level data to build a directed acyclic graph of a network modeling how its (meshes of) routers, a.k.a. neighborhoods, are linked together. Using two groundtruth networks and measurements in the wild, we show SAGE accurately discovers links and is consistent with itself upon a change of vantage point.
By mapping subnets to the discovered links, the directed acyclic graphs discovered by SAGE can be re-interpreted as bipartite graphs. Using data collected in the wild from both the PlanetLab testbed and the EdgeNet cluster, we demonstrate that such a model is a credible tool for studying computer networks
In Search of netUnicorn: A Data-Collection Platform to Develop Generalizable ML Models for Network Security Problems
The remarkable success of the use of machine learning-based solutions for
network security problems has been impeded by the developed ML models'
inability to maintain efficacy when used in different network environments
exhibiting different network behaviors. This issue is commonly referred to as
the generalizability problem of ML models. The community has recognized the
critical role that training datasets play in this context and has developed
various techniques to improve dataset curation to overcome this problem.
Unfortunately, these methods are generally ill-suited or even counterproductive
in the network security domain, where they often result in unrealistic or
poor-quality datasets.
To address this issue, we propose an augmented ML pipeline that leverages
explainable ML tools to guide the network data collection in an iterative
fashion. To ensure the data's realism and quality, we require that the new
datasets should be endogenously collected in this iterative process, thus
advocating for a gradual removal of data-related problems to improve model
generalizability. To realize this capability, we develop a data-collection
platform, netUnicorn, that takes inspiration from the classic "hourglass" model
and is implemented as its "thin waist" to simplify data collection for
different learning problems from diverse network environments. The proposed
system decouples data-collection intents from the deployment mechanisms and
disaggregates these high-level intents into smaller reusable, self-contained
tasks.
We demonstrate how netUnicorn simplifies collecting data for different
learning problems from multiple network environments and how the proposed
iterative data collection improves a model's generalizability
ISP Probing Reduction with Anaximander
peer reviewedSince the early 2000's, Internet topology discovery has been an active research topic, providing data for various studies such as Internet modeling, network management, or to assist and support network protocol design. Within this research area, ISP mapping at the router level has attracted little interest despite its utility to perform intra-domain routing evaluation. Since Rocketfuel (and, to a smaller extent, mrinfo), no new tool or method has emerged for systematically mapping intra-domain topologies.
In this paper, we introduce Anaximander, a new efficient approach for probing and discovering a targeted ISP in particular. Considering a given set of vantage points, we implement and combine several predictive strategies to mitigate the number of probes to be sent without sacrificing the ISP coverage. To assess the ability of our method to efficiently retrieve an ISP map, we rely on a large dataset of ISPs having distinct nature and demonstrate how Anaximander can be tuned with a simple parameter to control the trade-off between coverage and probing budget
Recommended from our members
Analysis of the genetic basis of height in large Jewish nuclear families.
Despite intensive study, most of the specific genetic factors that contribute to variation in human height remain undiscovered. We conducted a family-based linkage study of height in a unique cohort of very large nuclear families from a founder (Jewish) population. This design allowed for increased power to detect linkage, compared to previous family-based studies. Loci we identified in discovery families could explain an estimated lower bound of 6% of the variance in height in validation families. We showed that these loci are not tagging known common variants associated with height. Rather, we suggest that the observed signals arise from variants with large effects that are rare globally but elevated in frequency in the Jewish population