4,351 research outputs found
Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems
This is the accepted version of the following article: [Moreno, V., Santiago del RĂo, P. M., Ramos, J., Muelas, D., GarcĂa-Dorado, J. L., Gomez-Arribas, F. J. and Aracil, J. (2014), Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems. Int. J. Network Mgmt., 24: 221â234. doi: 10.1002/nem.1861, which has been published in final form at http://onlinelibrary.wiley.com/doi/10.1002/nem.1861/abstractAs an attempt to make network managersâ life easier, we present M3Omon, a system architecture that helps
to develop monitoring applications and perform network diagnosis. M3Omon behaves as an intermediate
layer between the traffic and monitoring applications that provides advanced features, high performance and
low cost. Such advanced features leverage a multi-granular and multi-purpose approach to the monitoring
problem. Multi-granular monitoring gives answer to tasks that use traffic aggregates to identify an event,
and requires either flow records or packet data or even both to understand it and, eventually, take the
convenient countermeasures. M3Omon provides a simple API to access traffic simultaneously at several different
granularitiesâi.e., packet-level, flow-level and aggregate statistics. The multi-purposed design of M3Omon
allows not only performing tasks in parallel that are specifically targeted to different traffic-related purposes
(e.g., traffic classification and intrusion detection) but also sharing granularities between applicationsâe.g.,
several concurrent applications fed from flow records that are provided by M3Omon. Finally, the low-cost
characteristic is brought by off-the-shelf systems (the combination of open-source software and commodity
hardware) and the high performance is achieved thanks to modifications in the standard NIC driver, low-level
hardware interaction, efficient memory management and programming optimization
Internet traffic classification for high-performance and off-the-shelf systems
Tesis doctoral inĂ©dita, leĂda en la Universidad AutĂłnoma de Madrid, Escuela PolitĂ©cnica Superior, Departamento de TecnologĂa ElectrĂłnica y de las Comunicaciones, 2013
Detecting and Locating Man-in-the-Middle Attacks in Fixed Wireless Networks
We propose a novel method to detect and locate a Man-in-the-Middle attack in a fixed wireless network by analyzing round-trip time and measured received signal strength from fixed access points. The proposed method was implemented as a client-side application that establishes a baseline for measured round trip time (RTTs) and received signal strength (RSS) under no-threat scenarios and applies statistical measures on the measured RTT and RSS to detect and locate Man-in-the-Middle attacks.We show empirically that the presence of a Man-in-the-Middle attack incurs a significantly longer delay and larger standard deviation in measured RTT compared to that measured without a Man-in-the-Middle attack.We evaluated three machine learning algorithms on the measured RSS dataset to estimate the location of a Man-in-the-Middle attacker.Experimental results show that the proposed method can effectively detect and locate a Man-in-the-Middle attack and achieves a mean location estimation error of 0.8 meters in an indoor densely populated metropolitanenvironment.</p
BPFabric: Data Plane Programmability for Software Defined Networks
In its current form, OpenFlow, the de facto implementation
of SDN, separates the networkâs control and data
planes allowing a central controller to alter the matchaction
pipeline using a limited set of fields and actions.
To support new protocols, forwarding logic, telemetry,
monitoring or even middlebox-like functions the currently
available programmability in SDN is insufficient.
In this paper, we introduce BPFabric, a platform, protocol,
and language-independent architecture to centrally
program and monitor the data plane. BPFabric leverages
eBPF, a platform and protocol independent instruction
set to define the packet processing and forwarding functionality
of the data plane. We introduce a control plane
API that allows data plane functions to be deployed onthe-fly,
reporting events of interest and exposing network
internal state.
We present a raw socket and DPDK implementation
of the design, the former for large-scale experimentation
using environment such as Mininet and the latter for
high-performance low-latency deployments. We show
through examples that functions unrealisable in OpenFlow
can leverage this flexibility while achieving similar
or better performance to todayâs static design
Online detection of pathological TCP flows with retransmissions in high-speed networks
Online Quality of Service (QoS) assessment in high speed networks is one of the key concerns for service providers, namely to detect QoS degradation on-the-fly as soon as possible and avoid customersâ complaints. In this regard, a Key Performance Indicator (KPI) is the number of TCP retransmissions per flow, which is related to packet losses or increased network and/or client/server latency. However, to accurately detect TCP retransmissions the whole sequence number list should be tracked which is a challenging task in multi-Gb/s networks.
In this paper we show that the simplest approach of counting as a retransmission a packet whose sequence number is smaller than the previous one is enough to detect pathological flows with severe retransmissions. Such a lightweight approach eliminates the need of tracking the whole TCP flow history, which severely restricts traffic analysis throughput. Our findings show that low False Positive Rates (FPR) and False Negative Rates (FNR) can be achieved in the detection of such pathological flows with severe retransmissions, which are of paramount importance for QoS monitoring. Most importantly, we show that live detection of such pathological flows at 10 Gb/s rate per processing core is feasibleThis work has been partially funded by the Spanish Ministry of Economy and Competitiveness and the European Regional Development Fund under the projects TRĂFICA (MINECO/ FEDER TEC2015-69417-C2-1-R), Preproceso Inteligente de TrĂĄfico (MINECO / FEDER TEC2015-69417-C2-2-R) and RACING DRONES (MINECO / FEDER RTC-2016-4744-7
Datacenter Traffic Control: Understanding Techniques and Trade-offs
Datacenters provide cost-effective and flexible access to scalable compute
and storage resources necessary for today's cloud computing needs. A typical
datacenter is made up of thousands of servers connected with a large network
and usually managed by one operator. To provide quality access to the variety
of applications and services hosted on datacenters and maximize performance, it
deems necessary to use datacenter networks effectively and efficiently.
Datacenter traffic is often a mix of several classes with different priorities
and requirements. This includes user-generated interactive traffic, traffic
with deadlines, and long-running traffic. To this end, custom transport
protocols and traffic management techniques have been developed to improve
datacenter network performance.
In this tutorial paper, we review the general architecture of datacenter
networks, various topologies proposed for them, their traffic properties,
general traffic control challenges in datacenters and general traffic control
objectives. The purpose of this paper is to bring out the important
characteristics of traffic control in datacenters and not to survey all
existing solutions (as it is virtually impossible due to massive body of
existing research). We hope to provide readers with a wide range of options and
factors while considering a variety of traffic control mechanisms. We discuss
various characteristics of datacenter traffic control including management
schemes, transmission control, traffic shaping, prioritization, load balancing,
multipathing, and traffic scheduling. Next, we point to several open challenges
as well as new and interesting networking paradigms. At the end of this paper,
we briefly review inter-datacenter networks that connect geographically
dispersed datacenters which have been receiving increasing attention recently
and pose interesting and novel research problems.Comment: Accepted for Publication in IEEE Communications Surveys and Tutorial
Accuracy-Aware Adaptive Traffic Monitoring for Software Dataplanes
Network operators have recently been developing multi-Gbps traffic monitoring tools on commodity hardware, as part of the packet-processing pipelines realizing software dataplanes. These solutions allow the execution of sophisticated per-packet monitoring using the processing power available on servers. Although advances in packet capture have enabled the interception of packets at high rates, bottlenecks can still arise in the monitoring process as a result of concurrent access to shared processor resources, variations of the traffic skew, and unbalanced packet-rate spikes. In this paper we present an adaptive monitoring framework, âol, which is resilient to bottlenecks while maintaining the accuracy of monitoring reports above a user-specified threshold. âol dynamically reduces the measurement task sets under adverse conditions, and reconfigures them to recover potential accuracy degradations. To quantify the monitoring accuracy at run time, âol adopts a novel task-independent technique that generates accuracy estimates according to recently observed traffic characteristics. With a prototype implementation based on a generic packet-processing pipeline, and using well-known measurements tasks, we show that âol achieves lossless traffic monitoring for a wide range of conditions, significantly enhances the level of monitoring accuracy, and performs adaptations at the time scale of milliseconds with limited overhead
- âŠ