Enabling Work-conserving Bandwidth Guarantees for Multi-tenant Datacenters via Dynamic Tenant-Queue Binding

Today's cloud networks are shared among many tenants. Bandwidth guarantees and work conservation are two key properties to ensure predictable performance for tenant applications and high network utilization for providers. Despite significant efforts, very little prior work can really achieve both properties simultaneously even some of them claimed so. In this paper, we present QShare, an in-network based solution to achieve bandwidth guarantees and work conservation simultaneously. QShare leverages weighted fair queuing on commodity switches to slice network bandwidth for tenants, and solves the challenge of queue scarcity through balanced tenant placement and dynamic tenant-queue binding. QShare is readily implementable with existing switching chips. We have implemented a QShare prototype and evaluated it via both testbed experiments and simulations. Our results show that QShare ensures bandwidth guarantees while driving network utilization to over 91% even under unpredictable traffic demands.Comment: The initial work is published in IEEE INFOCOM 201

Reducing Internet Latency : A Survey of Techniques and their Merit

Bob Briscoe, Anna Brunstrom, Andreas Petlund, David Hayes, David Ros, Ing-Jyh Tsang, Stein Gjessing, Gorry Fairhurst, Carsten Griwodz, Michael WelzlPeer reviewedPreprin

Enhancing Networks via Virtualized Network Functions

University of Minnesota Ph.D. dissertation. May 2019. Major: Computer Science. Advisor: Zhi-Li Zhang. 1 computer file (PDF); xii, 116 pages.In an era of ubiquitous connectivity, various new applications, network protocols, and online services (e.g., cloud services, distributed machine learning, cryptocurrency) have been constantly creating, underpinning many of our daily activities. Emerging demands for networks have led to growing traffic volume and complexity of modern networks, which heavily rely on a wide spectrum of specialized network functions (e.g., Firewall, Load Balancer) for performance, security, etc. Although (virtual) network functions (VNFs) are widely deployed in networks, they are instantiated in an uncoordinated manner failing to meet growing demands of evolving networks. In this dissertation, we argue that networks equipped with VNFs can be designed in a fashion similar to how computer software is today programmed. By following the blueprint of joint design over VNFs, networks can be made more effective and efficient. We begin by presenting Durga, a system fusing wide area network (WAN) virtualization on gateway with local area network (LAN) virtualization technology. It seamlessly aggregates multiple WAN links into a (virtual) big pipe for better utilizing WAN links and also provides fast fail-over thus minimizing application performance degradation under WAN link failures. Without the support from LAN virtualization technology, existing solutions fail to provide high reliability and performance required by today’s enterprise applications. We then study a newly standardized protocol, Multipath TCP (MPTCP), adopted in Durga, showing the challenge of associating MPTCP subflows in network for the purpose of boosting throughput and enhancing security. Instead of designing a customized solution in every VNF to conquer this common challenge (making VNFs aware of MPTCP), we implement an online service named SAMPO to be readily integrated into VNFs. Following the same principle, we make an attempt to take consensus as a service in software-defined networks. We illustrate new network failure scenarios that are not explicitly handled by existing consensus algorithms such as Raft, thereby severely affecting their correct or efficient operations. Finally, we re-consider VNFs deployed in a network from the perspective of network administrators. A global view of deployed VNFs brings new opportunities for performance optimization over the network, and thus we explore parallelism in service function chains composing a sequence of VNFs that are typically traversed in-order by data flows

Journal of Telecommunications and Information Technology, nr 3

kwartalni

Contributions to Securing Software Updates in IoT

The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate

Flexible cross layer optimization for fixed and mobile broadband telecommunication networks and beyond

In der heutigen Zeit, in der das Internet im Allgemeinen und Telekommunikationsnetze im Speziellen kritische Infrastrukturen erreicht haben, entstehen hohe Anforderungen und neue Herausforderungen an den Datentransport in Hinsicht auf Effizienz und Flexibilität. Heutige Telekommunikationsnetze sind jedoch rigide und statisch konzipiert, was nur ein geringes Maß an Flexibilität und Anpassungsfähigkeit der Netze ermöglicht und darüber hinaus nur im begrenzten Maße die Wichtigkeit von Datenflüssen im wiederspiegelt. Diverse Lösungsansätze zum kompletten Neuentwurf als auch zum evolutionären Konzept des Internet wurden ausgearbeitet und spezifiziert, um diese neuartigen Anforderungen und Herausforderungen adäquat zu adressieren. Einer dieser Ansätze ist das Cross Layer Optimierungs-Paradigma, welches eine bisher nicht mögliche direkte Kommunikation zwischen verteilten Funktionalitäten unterschiedlichen Typs ermöglicht, um ein höheres Maß an Dienstgüte zu erlangen. Ein wesentlicher Indikator, welcher die Relevanz dieses Ansatzes unterstreicht, zeichnet sich durch die Programmierbarkeit von Netzwerkfunktionalitäten aus, welche sich aus der Evolution von heutigen hin zu zukünftigen Netzen erkennen lässt. Dieses Konzept wird als ein vielversprechender Lösungsansatz für Kontrollmechanismen von Diensten in zukünftigen Kernnetzwerken erachtet. Dennoch existiert zur Zeit der Entstehung dieser Doktorarbeit kein Ansatz zur Cross Layer Optimierung in Festnetz-und Mobilfunknetze, welcher der geforderten Effizienz und Flexibilität gerecht wird. Die übergeordnete Zielsetzung dieser Arbeit adressiert die Konzeptionierung, Entwicklung und Evaluierung eines Cross Layer Optimierungsansatzes für Telekommunikationsnetze. Einen wesentlichen Schwerpunkt dieser Arbeit stellt die Definition einer theoretischen Konzeptionierung und deren praktischer Realisierung eines Systems zur Cross Layer Optimierung für Telekommunikationsnetze dar. Die durch diese Doktorarbeit analysierten wissenschaftlichen Fragestellungen betreffen u.a. die Anwendbarkeit von Cross Layer Optimierungsansätzen auf Telekommunikationsnetzwerke; die Betrachtung neuartiger Anforderungen; existierende Konzepte, Ansätze und Lösungen; die Abdeckung neuer Funktionalitäten durch bereits existierende Lösungen; und letztendlich den erkennbaren Mehrwert des neu vorgeschlagenen Konzepts gegenüber den bestehenden Lösungen. Die wissenschaftlichen Beiträge dieser Doktorarbeit lassen sich grob durch vier Säulen skizzieren: Erstens werden der Stand der Wissenschaft und Technik analysiert und bewertet, Anforderungen erhoben und eine Lückenanalyse vorgenommen. Zweitens werden Herausforderungen, Möglichkeiten, Limitierungen und Konzeptionierungsaspekte eines Modells zur Cross Layer Optimierung analysiert und evaluiert. Drittens wird ein konzeptionelles Modell - Generic Adaptive Resource Control (GARC) - spezifiziert, als Prototyp realisiert und ausgiebig validiert. Viertens werden theoretische und praktische Beiträge dieser Doktorarbeit vertiefend analysiert und bewertet.As the telecommunication world moves towards a data-only network environment, signaling, voice and other data are similarly transported as Internet Protocol packets. New requirements, challenges and opportunities are bound to this transition and influence telecommunication architectures accordingly. In this time in which the Internet in general, and telecommunication networks in particular, have entered critical infrastructures and systems, it is of high importance to guarantee efficient and flexible data transport. A certain level of Quality-of-Service (QoS) for critical services is crucial even during overload situations in the access and core network, as these two are the bottlenecks in the network. However, the current telecommunication architecture is rigid and static, which offers very limited flexibility and adaptability. Several concepts on clean slate as well as evolutionary approaches have been proposed and defined in order to cope with these new challenges and requirements. One of these approaches is the Cross Layer Optimization paradigm. This concept omits the strict separation and isolation of the Application-, Control- and Network-Layers as it enables interaction and fosters Cross Layer Optimization among them. One indicator underlying this trend is the programmability of network functions, which emerges clearly during the telecommunication network evolution towards the Future Internet. The concept is regarded as one solution for service control in future mobile core networks. However, no standardized approach for Cross Layer signaling nor optimizations in between the individual layers have been standardized at the time this thesis was written. The main objective of this thesis is the design, implementation and evaluation of a Cross Layer Optimization concept on telecommunication networks. A major emphasis is given to the definition of a theoretical model and its practical realization through the implementation of a Cross Layer network resource optimization system for telecommunication systems. The key questions answered through this thesis are: in which way can the Cross Layer Optimization paradigm be applied on telecommunication networks; which new requirements arise; which of the required functionalities cannot be covered through existing solutions, what other conceptual approaches already exist and finally whether such a new concept is viable. The work presented in this thesis and its contributions can be summarized in four parts: First, a review of related work, a requirement analysis and a gap analysis were performed. Second, challenges, limitations, opportunities and design aspects for specifying an optimization model between application and network layer were formulated. Third, a conceptual model - Generic Adaptive Resource Control (GARC) - was specified and its prototypical implementation was realized. Fourth, the theoretical and practical thesis contributions was validated and evaluated