Overview of Pre-Congestion Notification Encoding

The objective of Pre-Congestion Notification (PCN) is to protect the quality of service (QoS) of inelastic flows within a Diffserv domain. On every link in the PCN-domain, the overall rate of PCN-traffic is metered, and PCN-packets are appropriately marked when certain configured rates are exceeded. Egress nodes provide decision points with information about the PCN-marks of PCN-packets that allows them to take decisions about whether to admit or block a new flow request, and to terminate some already admitted flows during serious pre-congestion. The PCN working group explored a number of approaches for encoding this pre-congestion information into the IP header. This document provides details of those approaches along with an explanation of the constraints that apply to any solution

Pre-Congestion Notification (PCN) Architecture

This document describes a general architecture for flow admission and termination based on pre-congestion information in order to protect the quality of service of established, inelastic flows within a single Diffserv domain.\u

Data flow control in ISP network

Práce se zaměřuje na řízení datového toku v sítích poskytovatelů připojení k Internetu. Zobrazen je problém agregace a s tím související přetížení síťových prvků. V teoretické části jsou popsány standardizované metody pro řízení datového toku. U vybraných zařízení jsou diskutovány mechanismy na ochranu proti přetížení. Práce zobrazuje měření, do jaké míry se vyskytuje ECN algoritmus v praxi. V práci je teoreticky popsán program HTB, který je doplněn nově popsaným algoritmem. Nový algoritmus je následně implementován do programu a testován na reálné síti ISP.The thesis focuses on the control of data flow in networks of Internet service providers. The problem of aggregation and related overload network elements are shown. Theoretical section describes the standardized methods for managing data flow. The parameters associated with managing data flow are described for devices selected devices. The thesis displays measurements depicting to which extent the ECN algorithm occurs in practice. In the thesis is theoretically described HTB program, which is complemented by a newly described algorithm. The new algorithm is implemented into the program and tested on a real network ISP.

A Survey of PCN-Based Admission Control and Flow Termination

Pre-congestion notification (PCN) provides feedback\ud about load conditions in a network to its boundary nodes. The PCN working group of the IETF discusses the use of PCN to implement admission control (AC) and flow termination (FT) for prioritized realtime traffic in a DiffServ domain. Admission control (AC) is a well-known flow control function that blocks admission requests of new flows when they need to be carried over a link whose admitted PCN rate already exceeds an admissible rate. Flow termination (FT) is a new flow control function that terminates some already admitted flows when they are carried over a link whose admitted PCN rate exceeds a supportable rate. The latter condition can occur in spite of AC, e.g., when traffic is rerouted due to network failures.\ud This survey gives an introduction to PCN and is a primer for\ud this new technology. It presents and discusses the multitude of architectural design options in an early stage of the standardization process in a comprehensive and streamlined way before only a subset of them is standardized by the IETF. It brings PCN from the IETF to the research community and serves as historical record

System Design for Software Packet Processing

The role of software in computer networks has never been more crucial than today, with the advent of Internet-scale services and cloud computing. The trend toward software-based network dataplane—as in network function virtualization—requires software packet processing to meet challenging perfomance requirements, such as supporting exponentially increasing link bandwidth and microsecond-order latency. Many architectural aspects of existing software systems for packet processing, however, are decades old and ill-suited totoday’s network I/O workloads.In this dissertation, we explore the design space of high-performance software packet processing systems in the context of two application domains, . First, we start by discussingthe limitations of BSD Socket, which is a de-facto standard in network I/O for server applications. We quantify its performance limitations and propose a clean-slate API, called MegaPipe, as an alternative to BSD Socket. In the second part of this dissertation, we switch our focus to in-network software systems for network functions, such as network switches and middleboxes. We present Berkeley Extensible Software Switch (BESS), a modular framework for building extensible network functions. BESS introduces various novel techniques to achieve high-performance software packet processing, without compromising on either programmability or flexibility

Nouveaux paradigmes de contrôle de congestion dans un réseau d'opérateur

La congestion dans les réseaux est un phénomène qui peut influer sur la qualité de service ressentie par les utilisateurs. L’augmentation continue du trafic sur l’internet rend le phénomène de congestion un problème auquel l’opérateur doit répondre pour satisfaire ses clients. Les solutions historiques à la congestion pour un opérateur, comme le surdimensionnement des liens de son infrastructure, ne sont plus aujourd’hui viables. Avec l’évolution de l’architecture des réseaux et l’arrivée de nouvelles applications sur l’internet, de nouveaux paradigmes de contrôle de congestion sont à envisager pour répondre aux attentes des utilisateurs du réseau de l’opérateur. Dans cette thèse, nous examinons les nouvelles approches proposées pour le contrôle de congestion dans le réseau d’un opérateur. Nous proposons une évaluation de ces approches à travers des simulations, ce qui nous permet d’estimer leur efficacité et leur potentiel à être déployés et opérationnels dans le contexte d’internet, ainsi que de se rendre compte des défis qu’il faut relever pour atteindre cet objectif. Nous proposons également des solutions de contrôle de congestion dans des environnements nouveaux tels que les architectures Software Defined Networking et le cloud déployé sur un ou plusieurs data centers, où la congestion est à surveiller pour maintenir la qualité des services cloud offerts aux clients. Pour appuyer nos propositions d’architectures de contrôle de congestion, nous présentons des plateformes expérimentales qui démontrent le fonctionnement et le potentiel de nos solutions

Quality of Service in Converged Systems with Elements Controlled by Neural Network

Kvalita služby (QoS) je v konvergovaných systémech důležitým parametrem. Disertační práce se zabývá výzkumem její implementace do navrženého nového síťového prvku. Byl navržen a implementován nový protokol inspirovaný IP protokolem. V rámci řešení disertační práce byl navržen nový síťový prvek – přepínač vybavený řízením založeným na neuronové síti. V rámci naplňování cílů disertační práce byly zkoumány současné metody řízení přepínačů, několik přepínačů napříč výkonnostním spektrem bylo proměřeno. Na základě získaných poznatků byl navržen čtyřportový přepínač se spojovacím polem založeným na křížovém spínači s externím řízením. Přepínač byl navržen tak, aby v maximální možné míře podporoval QoS. Spojovací pole je řízeno neuronovou sítí typu „feedforward backpropagation“. Navržený přepínač byl modelován v MATLABu a především v Simulinku. Provedené simulace prokázaly funkčnost navrženého řešení.The Quality of Service (QoS) is in converged systems an important parameter. The dissertation thesis deals with research of QoS implementation into a newly developed network element. There was designed and implemented new protocol, based on the IP. The dissertation thesis deals with proposal of a new network element – the switch controlled by a neural network. During the research have been measured switches cross a performance classes. On the base of the measurement was designed the new four-port switch with switch fabric build on crossbar switch with an external control. The switch was designed with maximum QoS support. The switch fabric is controlled by the feedforward backpropagation neural network. The designed switch was modeled in the MATLAB and Simulink. The simulations prove that developed solution is functional.

Moving toward the intra-protocol de-ossification of TCP in mobile networks: Start-up and mobility

182 p.El uso de las redes móviles de banda ancha ha aumentado significativamente los últimos años y se espera un crecimiento aún mayor con la inclusión de las futuras capacidades 5G. 5G proporcionará unas velocidades de transmisión y reducidos retardos nunca antes vistos. Sin embargo, la posibilidad de alcanzar las mencionadas cuotas está limitada por la gestión y rendimiento de los protocolos de transporte. A este respecto, TCP sigue siendo el protocolo de transporte imperante y sus diferentes algoritmos de control de congestión (CCA) los responsables finales del rendimiento obtenido. Mientras que originalmente los distintos CCAs han sido implementados para hacer frente a diferentes casos de uso en redes fijas, ninguno de los CCAs ha sido diseñado para poder gestionar la variabilidad de throughput y retardos de diferentes condiciones de red redes móviles de una manera fácilmente implantable. Dado que el análisis de TCP sobre redes móviles es complejo debido a los múltiples factores de impacto, nuestro trabajo se centra en dos casos de uso generalizados que resultan significativos en cuanto a afección del rendimiento: movimiento de los usuarios como representación de la característica principal de las redes móviles frente a las redes fijas y el rendimiento de la fase de Start-up de TCP debido a la presencia mayoritaria de flujos cortos en Internet. Diferentes trabajos han sugerido la importancia de una mayor flexibilidad en la capa de transporte, creando servicios de transporte sobre TCP o UDP. Sin embargo, estas propuestas han encontrado limitaciones relativas a las dependencias arquitecturales de los protocolos utilizados como sustrato (p.ej. imposibilidad de cambiar la configuración de la capa de transporte una vez la transmisión a comenzado), experimentando una capa de transporte "osificada". Esta tesis surge como respuesta a fin de abordar la citada limitación y demostrando que existen posibilidades de mejora dentro de la familia de TCP (intra-protocolar), proponiendo un marco para solventar parcialmente la restricción a través de la selección dinámica del CCA más apropiado. Para ello, se evalúan y seleccionan los mayores puntos de impacto en el rendimiento de los casos de uso seleccionados en despliegues de red 4G y en despliegues de baja latencia que emulan las potenciales latencias en las futuras capacidades 5G. Estos puntos de impacto sirven como heurísticas para decidir el CCA más apropiado en el propuesto marco. Por último, se valida la propuesta en entornos de movilidad con dos posibilidades de selección: al comienzo de la transmisión (limitada flexibilidad de la capa de transporte) y dinámicamente durante la transmisión (con una capa de transporte flexible). Se concluye que la propuesta puede acarrear importantes mejoras de rendimiento al seleccionar el CCA más apropiado teniendo en cuenta la situación de red y los requerimientos de la capa de aplicación

Efficient Security Protocols for Constrained Devices

During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it