DIP: Disruption-Tolerance for IP

Disruption Tolerant Networks (DTN) have been a popular subject of recent research and development. These networks are characterized by frequent, lengthy outages and a lack of contemporaneous end-to-end paths. In this work we discuss techniques for extending IP to operate more effectively in DTN scenarios. Our scheme, Disruption Tolerant IP (DIP) uses existing IP packet headers, uses the existing socket API for applications, is compatible with IPsec, and uses familiar Policy-Based Routing techniques for network management

Raising the Datagram API to Support Transport Protocol Evolution

Some application developers can wield huge resources to build new transport protocols, for these developers the present UDP Socket API is perfectly fine. They have access to large test beds and sophisticated tools. Many developers do not have these resources. This paper presents a new high-level Datagram API that is for everyone else, this has an advantage of offering a clear evolutionary path to support new requirements. This new API is needed to move forward the base of the system, allowing developers with limited resources to evolve their applications while accessing new network services

Internet QoS for DiffServ-Enabled Routers

Differentiated Service Model (DiffServ) is currently a popular research topic as a low-cost method to bring QoS to today's Internet backbone network. In this paper, the author introduces the techniques and methodologies that used to design and implement DiffServ-enabled (DS-enabled) routers. The adaptations of DS-enabled routers are designed to cater to the low Internet connectivity within Universiti Teknologi PETRONAS LAN. The author has implemented basic DiffServ setting using three CISC03725 routers. Based on these DiffServ-enabled routers, the author set up a small scale lab network to study DiffServ QoS features: priority dropping (discrimination among different service classes), QoS guarantees and measuring QoS using various formal metrics (delay and throughput). Furthermore, the author present problems encountered during study, and the proposed solutions

Policy Conflict Management in Distributed SDN Environments

abstract: The ease of programmability in Software-Defined Networking (SDN) makes it a great platform for implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers. In this dissertation, a formalism for flow rule conflicts in SDN environments is introduced. This formalism is realized in Brew, a security policy analysis framework implemented on an OpenDaylight SDN controller. Brew has comprehensive conflict detection and resolution modules to ensure that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free security policy implementation and preventing information leakage. Techniques for global prioritization of flow rules in a decentralized environment are presented, using which all SDN flow rule conflicts are recognized and classified. Strategies for unassisted resolution of these conflicts are also detailed. Alternately, if administrator input is desired to resolve conflicts, a novel visualization scheme is implemented to help the administrators view the conflicts in an aesthetic manner. The correctness, feasibility and scalability of the Brew proof-of-concept prototype is demonstrated. Flow rule conflict avoidance using a buddy address space management technique is studied as an alternate to conflict detection and resolution in highly dynamic cloud systems attempting to implement an SDN-based Moving Target Defense (MTD) countermeasures.Dissertation/ThesisDoctoral Dissertation Computer Science 201

An investigation into buffer management mechanisms for the Diffserv assured forwarding traffic class

Includes bibliographical references.One of the service classes offered by Diffserv is the Assured Forwarding (AF) class. Because of scalability concerns, IETF specifications recommend that microflow and aggregate-unaware active buffer management mechanisms such as RIO (Random early detecLion with ln/Out-ofprofile) be used in the core of Diffserv networks implementing AF. Such mechanisms have, however, been shown to provide poor performance with regard to fairness, stability and network controL Furthermore, recent advances in router technology now allow routers to implement more advanced scheduling and buffer management mechanisms on high-speed ports. This thesis evaluates the performance improvements that may be realized when implementing the Diffserv AF core using a hierarchical microflow and aggregate aware buffer management mechanism instead of RIO. The author motivates, proposes and specifies such a mechanism. The mechanism. referred to as H-MAQ or Hierarchical multi drop-precedence queue state Microflow-Aware Quelling, is evaluated on a testbed that compares the performance of a RIO network core with an H-MAQ network core

Investigating Basic Quality of Service Design Possibilities for Regis University Academic Research Network Edge Routers

The Regis University Academic Research Network (ARNe) had network resources, such as VoIP, that required preservation their ability to receive near real-time forwarding treatment across the network. Quality of Service (QoS) design ideas were examined from four actual implementations described in research cases. Additionally, research involving surveys from Cisco certified professionals was examined, and Cisco technical literature was examined. Case study methodology, involving the study of multiple cases, was the primary tactic utilized in this research. Examination and triangulation of data from the research indicated that ARNe would benefit from moving forward with a basic QoS design and implementation, integrating concepts identified in the data. Additionally, data supported that a basic QoS design and implementation on ARNe would provide Computer Science and Information Science students an opportunity to more fully appreciate QoS through further research and hands-on experience

Going beyond diffServ in IP traffic classification

Quality of Service (QoS) management in IP networks today relies on static configuration of classes of service definitions and related forwarding priorities. Packets are actually classified according to the DiffServ architecture based on the RFC 4594, typically thanks to static configuration or filters matching packet features, at network access equipment. In this paper, we propose a dynamic classification procedure, referred to as Learning-powered DiffServ (L-DiffServ), able to detect the distinctive characteristics of traffic and to dynamically assign service classes to IP packets. The idea is to apply semi-unsupervised Machine Learning techniques, such as Linear Discriminant Analysis (LDA) and K-Means, with a proper customization to take into account the issues related to packet-level analysis, i.e. unbalanced distribution of traffic among classes and selection of proper IP header related features. The performance evaluation highlights that L-DiffServ is able to change dynamically the classification outcome, providing an higher number of classes than DiffServ. This last result represents the first step toward a more granular differentiation of IP traffic

Automated Generating of Processing Elements for FPGA

Některé aplikace zpracovávající informace, jako je například monitorování počítačových sítí, vyžadují nepřetržité zpracovávání dat přicházejících vysokou rychlostí. S tím, jak tato rychlost vývojem stále stoupá, je žádoucí, aby bylo zpracovávání dat prováděno pomocí hardwarové implementace. Tato práce navrhuje konfigurační systém transformující uživatelem poskytnutou definici procesních funkcí na VHDL definici hardwarové implementace těchto funkcí. Systém je zaměřen na monitorování síťového provozu ve vysokorychlostních sítích.Some information processing applications, such as computer networks monitoring, need to continuously perform processing of rapidly incoming data. As the speed of the incoming data increases, it is desirable to perform the processing in the hardware. This work proposes a configuration system that generates a VHDL specification of a hardware data processing circuit based on a user-provided definition of data and computation operations. The system focuses on network traffic monitoring in multi-gigabit computer networks.