18 research outputs found
A Simplified Reservation and State Setup Protocol
The last few years have seen the development of a model for Integrated Services Internet, which extends the traditional Internet by adding multiple service classes in addition to the traditional best effort service class, and a signaling protocol called RSVP for applications to reserve resources. While this framework has been standardized in the IETF WGs and the RSVP protocol has been defined, there has been no movement towards a commercial implementation of this framework, principally due to its perceived complexity and lack of scalability. This paper analyzes RSVP, discusses some of the its bottlenecks and shows how they can be eliminated to create a trimmer signaling protocol with enhanced functionality and scalability. We have created such a trimmed down version called SSP (State Setup Protocol). Some of the key improvements that we focus on are - single pass operation, elimination of receiver heterogeneity, single unified style of reservation, generalized filter specification, integrated label switching and third party signaling setup
, Guru Parulkar ¡
Abstract — ¢ Packet filters are rules for classifying packets based on their header fields. Packet classification is essential to routers supporting services such as Quality of Service (QoS), Virtual Private Networks (VPNs), and firewalls. A filter conflict occurs when two or more filters overlap, creating an ambiguity in packet classification. Current techniques for resolving filter conflicts are based on prioritizing conflicting filters, and choosing the higher priority filter. We show that such ordering does not always work. Instead, we propose a new scheme for conflict resolution, which is based on the idea of adding resolve filters. Our main results are algorithms for detecting and resolving conflicts in a filter database. We have tried our algorithm on 3 existing firewall databases, and have found conflicts, which are potential security holes, in each of them. Keywords—Packet Filters, Classification, Security, Firewalls I
Packet Filter Management for Layer 4 Switching
Packet filters are rules for classifying packets based on their header fields. A filter specifies a pattern for each of the key header fields, and an action that is applied to the packet matching this filter. Packet classification is essential to routers supporting services such as Quality of Service (QoS), Virtual Private Networks (VPNs), and firewalls. A filter conflict occurs when two or more filters overlap, creating an ambiguity in packet classification. Current techniques for resolving filter conflicts are based on prioritizing conflicting filters, and choosing the higher priority filter. We show that prioritizing does not always work. Instead, we propose a new scheme for conflict resolution, which is based on the idea of adding resolve filters. Our main results are a geometric framework for studying filters, an algorithm for detecting conflicts in a filter database, and an algorithm for resolving conflicts. In the special case of 2-dimensional (Source-Destination) filt..
A reliable and scalable striping protocol
Link striping algorithms are often used to overcome transmission bottlenecks in computer networks. Traditional striping algorithms suffer from two major disadvantages. They provide inadequateload sharing in the presence of variable length packets, and may result in non-FIFOdelivery of data. We describe a new family of link striping algorithms that solves both problems. Our scheme applies to any layer that can provide multiple FIFO channels. We deal with variable sized packets by showing how fair queuing algorithms can be transformed into load sharing algorithms. Our transformation results in practical load sharing protocols, and shows a theoretical connection between two seemingly different problems. The same transformation can be applied to obtain load sharing protocols for links with different capacities. We deal with the FIFO requirement for two separate cases. If a sequencenumber can be added to each packet, we show how to speed up packet processing by letting the receiver simulate the sender algorithm. If no header can be added, we show how to provide quasi-FIFO delivery. Quasi-FIFO is FIFO except during occasional periods of loss of synchronization. We argue that quasi-FIFOis adequatefor most applications. We also describe a simple technique for speedy restoration of synchronization in the event of loss. We develop an architectural framework for transparently embedding our protocol at the network level by striping IP packetsacross multiple physical interfaces. The resulting strIPe protocol has been implemented within the NetBSD kernel. Our measurementsand simulations showthat the protocol offers scalable throughputeven when striping is done over dissimilar links, and that the protocol synchronizes quickly after packet loss. Measurements show performance improvements over conventional round robin striping schemes and striping schemes that do not resequence packets.
Reliable FIFO Load Balancing over Multiple FIFO Channels
Link striping algorithms are often used to overcome transmission bottlenecks in computer networks. However, traditional striping algorithms suffer from two major disadvantages. They provide inadequate load sharing in the presence of variable length packets, and may result in non-FIFO delivery of data. We describe a new family of link striping algorithms that solve both problems. Our scheme applies to packets at any layer (physical, data link, network, and transport) that work over multiple FIFO channels. We deal with variable sized packets by showing how a class of fair queueing algorithms can be converted into load sharing algorithms. Our transformation results in practical load sharing protocols, and also shows a theoretical connection between two seemingly different problem areas. We deal with the FIFO requirement for two separate cases. If a header (with a sequence number) can be added to each packet, we show how to speed up packet processing by letting the receiver simulate the se..
Energy-Efficient Data Transfer Primitives for Laptops Using Mobile Handhelds
We introduce a novel mechanism for content distribution to large numbers of weakly connected laptops that can be switched off frequently and have intermittent network access. Relying on the user’s data-enabled mobile phone and a gateway added to the data path between the laptop and the Internet, the mechanism builds upon two novel data-transfer primitives that efficiently move files across the network even when the laptop is switched off or sleeping, in a way that is fully transparent to the application layer. One primitive targets network-folder-based applications, while the other works for web-based applications. The primitives have been successfully deployed in the field as part of a solution for remote IT management of mobile-employee laptops