Atomic Transfer for Distributed Systems

Building applications and information systems increasingly means dealing with concurrency and faults stemming from distribution of system components. Atomic transactions are a well-known method for transferring the responsibility for handling concurrency and faults from developers to the software\u27s execution environment, but incur considerable execution overhead. This dissertation investigates methods that shift some of the burden of concurrency control into the network layer, to reduce response times and increase throughput. It anticipates future programmable network devices, enabling customized high-performance network protocols. We propose Atomic Transfer (AT), a distributed algorithm to prevent race conditions due to messages crossing on a path of network switches. Switches check request messages for conflicts with response messages traveling in the opposite direction. Conflicting requests are dropped, obviating the request\u27s receiving host from detecting and handling the conflict. AT is designed to perform well under high data contention, as concurrency control effort is balanced across a network instead of being handled by the contended endpoint hosts themselves. We use AT as the basis for a new optimistic transactional cache consistency algorithm, supporting execution of atomic applications caching shared data. We then present a scalable refinement, allowing hierarchical consistent caches with predictable performance despite high data update rates. We give detailed I/O Automata models of our algorithms along with correctness proofs. We begin with a simplified model, assuming static network paths and no message loss, and then refine it to support dynamic network paths and safe handling of message loss. We present a trie-based data structure for accelerating conflict-checking on switches, with benchmarks suggesting the feasibility of our approach from a performance stand-point

Tiered Based Addressing in Internetwork Routing Protocols for the Future Internet

The current Internet has exhibited a remarkable sustenance to evolution and growth; however, it is facing unprecedented challenges and may not be able to continue to sustain this evolution and growth in the future because it is based on design decisions made in the 1970s when the TCP/IP concepts were developed. The research thus has provided incremental solutions to the evolving Internet to address every new vulnerabilities. As a result, the Internet has increased in complexity, which makes it hard to manage, more vulnerable to emerging threats, and more fragile in the face of new requirements. With a goal towards overcoming this situation, a clean-slate future Internet architecture design paradigm has been suggested by the research communities. This research is focused on addressing and routing for a clean-slate future Internet architecture, called the Floating Cloud Tiered (FCT) internetworking model. The major goals of this study are: (i) to address the two related problems of routing scalability and addressing, through an approach which would leverage the existing structures in the current Internet architecture, (ii) to propose a solution that is acceptable to the ISP community that supports the Internet, and lastly (iii) to provide a transition platform and mechanism which is very essential to the successful deployment of the proposed design

MergedTrie: Efficient textual indexing

The accessing and processing of textual information (i.e. the storing and querying of a set of strings) is especially important for many current applications (e.g. information retrieval and social networks), especially when working in the fields of Big Data or IoT, which require the handling of very large string dictionaries. Typical data structures for textual indexing are Hash Tables and some variants of Tries such as the Double Trie (DT). In this paper, we propose an extension of the DT that we have called MergedTrie. It improves the DT compression by merging both Tries into a single and by segmenting the indexed term into two fixed length parts in order to balance the new Trie. Thus, a higher overlapping of both prefixes and suffixes is obtained. Moreover, we propose a new implementation of Tries that achieves better compression rates than the Double-Array representation usually chosen for implementing Tries. Our proposal also overcomes the limitation of static implementations that does not allow insertions and updates in their compact representations. Finally, our MergedTrie implementation experimentally improves the efficiency of the Hash Tables, the DTs, the Double-Array, the Crit-bit, the Directed Acyclic Word Graphs (DAWG), and the Acyclic Deterministic Finite Automata (ADFA) data structures, requiring less space than the original text to be indexed.This study has been partially funded by the SEQUOIA-UA (TIN2015-63502-C3-3-R) and the RESCATA (TIN2015-65100-R) projects of the Spanish Ministry of Economy and Competitiveness (MINECO)

Addressing TCAM limitations in an SDN-based pub/sub system

Content-based publish/subscribe is a popular paradigm that enables asynchronous exchange of events between decoupled applications that is practiced in a wide range of domains. Hence, extensive research has been conducted in the area of efficient large-scale pub/sub system. A more recent development are content-based pub/sub systems that utilize software-defined networking (SDN) in order to implement event-filtering in the network layer. By installing content-filters in the ternary content-addressable memory (TCAM) of switches, these systems are able to achieve event filtering and forwarding at line-rate performance. While offering great performance, TCAM is also expensive, power hunger and limited in size. However, current SDN-based pub/sub systems don't address these limitations, thus using TCAM excessively. Therefore, this thesis provides techniques for constraining TCAM usage in such systems. The proposed methods enforce concrete flow limits without dropping any events by selectively merging content-filters into more coarse granular filters. The proposed algorithms leverage information about filter properties, traffic statistics, event distribution and global filter state in order to minimize the increase of unnecessary traffic introduced through merges. The proposed approach is twofold. A local enforcement algorithm ensures that the flow limit of a particular switch is never violated. This local approach is complemented by a periodically executed global optimization algorithm that tries to find a flow configuration on all switches, which minimized to increase in unnecessary traffic, given the current set of advertisements and subscriptions. For both classes, two algorithms with different properties are outlined. The proposed algorithms are integrated into the PLEROMA middleware and evaluated thoroughly in a real SDN testbed as well as in a large-scale network emulation. The evaluations demonstrate the effectiveness of the approaches under diverse and realistic workloads. In some cases, reducing the number of flows by more than 70% while increasing the false positive rate by less than 1% is possible

Parallelization of a software based intrusion detection system - Snort

Computer networks are already ubiquitous in people’s lives and work and network security is becoming a critical part. A simple firewall, which can only scan the bottom four OSI layers, cannot satisfy all security requirements. An intrusion detection system (IDS) with deep packet inspection, which can filter all seven OSI layers, is becoming necessary for more and more networks. However, the processing throughputs of the IDSs are far behind the current network speed. People have begun to improve the performance of the IDSs by implementing them on different hardware platforms, such as Field-Programmable Gate Array (FPGA) or some special network processors. Nevertheless, all of these options are either less flexible or more expensive to deploy. This research focuses on some possibilities of implementing a parallelized IDS on a general computer environment based on Snort, which is the most popular open-source IDS at the moment. In this thesis, some possible methods have been analyzed for the parallelization of the pattern-matching engine based on a multicore computer. However, owing to the small granularity of the network packets, the pattern-matching engine of Snort is unsuitable for parallelization. In addition, a pipelined structure of Snort has been implemented and analyzed. The universal packet capture API - LibPCAP has been modified for a new feature, which can capture a packet directly to an external buffer. Then, the performance of the pipelined Snort can have an improvement up to 60% on an Intel i7 multicore computer for jumbo frames. A primary limitation is on the memory bandwidth. With a higher bandwidth, the performance of the parallelization can be further improved

TCAM-based IP Address Lookup Using Longest Suffix Split

Ternary content addressable memory (TCAM) is a fast and popular hardware device for IP address lookup. However, TCAM has several drawbacks, including high cost, high power consumption and limited space. In this paper, we present a trie-based algorithm, Longest Suffix Split, for reducing the number of TCAM entries that are stored in the TCAM for IP address lookup. Our scheme consist of two parts: level compression and longest suffix split algorithm. First we perform level compression to deal with the subtries, in which the fill factor exceeds a predefined threshold. Level compression can remove the subtries with too much braches, in which the longest suffix split algorithm is inefficient. Then, we employ the longest suffix split algorithm to divide the remaining prefix trie into different suffixes, which can be stored using one TCAM entry and SRAM word. The experimental results show that by varying the value of the fill factor, our scheme can reduce the TCAM entries for the original routing tables from 50% to 95%. Because the drawbacks of TCAM are related to the required entries, our scheme significantly improves the feasibility of TCAM-based IP address lookup.在查找IP 位址，TCAM 是一個快速並且普遍的硬體。然而，TCAM有幾個缺點，包括高成本，高功耗和有限的空間。在本文中，我們提出了一個基於樹的演算法，最長後綴分割，降低了在查找IP地址時儲存在TCAM的條目數。我們的方法由兩部分組成：層數壓縮和最長後綴分割算法。首先我們對所有填充係數大於我們所預定的閾值的子樹進行層數壓縮。層數壓縮可移除有太多支路的子樹，在那樣的情況下，最長後綴分割算法的效能是比較低的。然後，我們使用最長後綴分割算法將剩餘的樹分割成多個可以使用一個TCAM條目和SRAM來儲存的後綴。實驗的結果表明相對於原始的路由表，通過改變預定的閾值，我們的方法可以降低50％到95％的TCAM條目。由於TCAM的缺點都跟所需要使用的條目數量有關，我們的方式顯著的提高了使用TCAM來執行IP位址查找的可行性。摘要 i Abstract ii Table of Contents iii Chapter 1 Introductions 1 Chapter 2 Related Works 4 Chapter 3 Longest Suffix Split 8 3.1 Longest Suffix Split Algorithm 8 3.2 Level Compression 11 3.3 Data Structures 14 3.4 Search Procedure 16 Chapter 4 Incremental Updates 20 Chapter 5 Experimental Results 22 5.1 Algorithm Analysis 22 5.2 Reduction Performance 29 5.3 Update Performance 31 Chapter 6 Conclusions 33 References 3