FAST NETWORK ADDRESS TRANSLATION TRAVERSAL FOR CONNECTION MIGRATION

Conventional mechanisms for traversing a network address translation (NAT) device can be slow and, as such, may limit dynamic traffic management of traffic flows through network edge devices. Presented herein are techniques that provide a mechanism to support connection migration (e.g., from the cloud to the edge) with fast NAT traversal

On multi-exit routings and AS relationships

International audienc

Latency-Based Anycast Geolocation: Algorithms, Software, and Datasets

International audienceUse of IP-layer anycast has increased in the last few years beyond the DNS realm. Yet, existing measurement techniques to identify and enumerate anycast replicas exploit specifics of the DNS protocol, which limits their applicability to this particular service. With this paper, we not only propose and thoroughly validate a protocol-agnostic technique for anycast replicas discovery and geolocation, but also provide the community with open source software and datasets to replicate our experimental results, as well as facilitating the development of new techniques such as ours. In particular, our proposed method achieves thorough enumer-ation and city-level geolocalization of anycast instances from a set of known vantage points. The algorithm features an iterative workflow, pipelining enumeration (an optimization problem using latency as input) and geolocalization (a classification problem using side channel information such as city population) of anycast replicas. Results of a thorough validation campaign show our algorithm to be robust to measurement noise, and very lightweight as it requires only a handful of latency measurements

Control plane extension - Status of the SFA deployment

FP7 OpenLab project deliverable D1.2This document describes the progress made within Work Package 1 "Control Plane Extensions" over the second year of the OpenLab project

Mycorrhizal fungi suppress aggressive Agricultural weeds.

Plant growth responses to arbuscular mycorrhizal fungi (AMF) are highly variable, ranging from mutualism in a wide range of plants, to antagonism in some non-mycorrhizal plant species and plants characteristic of disturbed environments. Many agricultural weeds are non mycorrhizal or originate from ruderal environments where AMF are rare or absent. This led us to hypothesize that AMF may suppress weed growth, a mycorrhizal attribute which has hardly been considered. We investigated the impact of AMF and AMF diversity (three versus one AMF taxon) on weed growth in experimental microcosms where a crop (sunflower) was grown together with six widespread weed species. The presence of AMF reduced total weed biomass with 47% in microcosms where weeds were grown together with sunflower and with 25% in microcosms where weeds were grown alone. The biomass of two out of six weed species was significantly reduced by AMF (-66% & -59%) while the biomass of the four remaining weed species was only slightly reduced (-20% to -37%). Sunflower productivity was not influenced by AMF or AMF diversity. However, sunflower benefitted from AMF via enhanced phosphorus nutrition. The results indicate that the stimulation of arbuscular mycorrhizal fungi in agro-ecosystems may suppress some aggressive weeds

The Open Slice-based Facility Architecture (Open SFA)

This document is intended as a step towards creating a globally-agreed upon standard for the Slice-based Facility Architecture, or SFA. At the time of writing, there exist some written SFA specifications, but as best we can tell they do not entirely correspond with written, currently functioning code. There also exist a number of functioning implementations, but these are not entirely documented.We take as our starting point SFA as it is implemented by SFAWrap (http://sfawrap.info), which is a generic SFA wrapper for testbeds. SFAWrap is used by, among others, the PlanetLab, SensLAB, and FEDERICA testbeds, as well as by the FITeagle tool. As such , it is deployed both in the FIRE initiative in Europe and in the GENI initiative in the United States.We dub this version the Open SFA specification, as we open it for discussion and contribution to stakeholders worldwide. This draft can be found on the OpenSFA website (http://opensfa.info), and those who wish to participate are invited to join the mailing list [email protected] [mailto:[email protected]]

Measurement-based admission control for flow-aware implicit service differentiation

International audienceIt has previously been shown that the combined use of fair queuing and admission control would allow the Internet to provide satisfactory quality of service for both streaming and elastic flows without explicitly identifying traffic classes. In this paper we discuss the design of the required measurement based admission control (MBAC) scheme. The context is different to that of previous work on MBAC in that there is no prior knowledge of flow characteristics and there is a twofold objective: to maintain adequate throughput for elastic flows and to ensure low packet latency for any flow whose peak rate is less than a given threshold. In the paper we consider the second objective assuming realistically that most elastic and streaming flows are rate limited. We propose a MBAC algorithm and evaluate its performance by simulation under different stationary traffic mixes and in a flash crowd scenario. The algorithm is shown to offer a satisfactory compromise between flow performance and link utilization

Secure Producer Mobility in Information-Centric Network

International audienceOne of the fundamental requirements of the next generation 5G networks is to support seamless mobility over an heterogeneous access network by design. The shift from host-based to content-based location-independent communication makes Information-Centric Networking (ICN) an appealing technology to provide not only mobility, but also security and storage as native properties of the network architecture. Previous work in ICN literature focused on name-based mobility management solutions and particularly on the challenges of producer mobility, which involves an interaction between forwarding and control plane. In this paper, we consider the security implications of producer mobility in ICN and we highlight the importance of securing producer to network interactions. We focus on the problem of prefix hijacking: a class of attacks that can be exploited to threaten both the security of the ICN networks and the privacy of its users. To prevent this class of attacks, we propose a fully distributed and very low-overhead protocol for name prefix attestation based on hash-chaining. First results show order of magnitudes improvement in verification latency with respect to signature verification, the leading alternative approach to thwart prefix hijacking attacks. CCS CONCEPTS • Security and privacy → Security protocols; Mobile and wireless security; • Networks → Mobile networks

MAP-Me: Managing Anchor-less Producer Mobility in Content-Centric Networks

Mobility has become a basic premise of network communications, thereby requiring a native integration into 5G networks. Despite numerous efforts to propose and standardize effective mobility-management models for IP, the result is a complex, poorly flexible set of mechanisms. The natural support for mobility offered by ICN (Information Centric Networking) makes it a good candidate to define a radically new solution relieving limitations of the traditional approaches. If consumer mobility is supported in ICN by design, in virtue of its connectionless pull-based communication model, producer mobility is still an open challenge. In this work, we look at two prominent ICN architectures, CCN (Content Centric Networking) and NDN (Named Data Networking) and we propose MAP-Me, an anchor-less solution to manage micro-mobility of content producers via a name-based CCN/NDN data plane, with support for latency-sensitive streaming applications. We analyze MAP-Me performance and provide guarantees of correctness, stability, and bounded stretch, which we verify on real ISP topologies. Finally, we set up a comprehensive simulation environment in NDNSim 2.1 for MAP-Me evaluation and comparison against the existing classes of solutions, including a realistic trace-driven car-mobility pattern under a 802.11n radio access. The results are encouraging and highlight the superiority of MAP-Me in terms of user performance and network cost metrics. All the code is available as open-source

Violation of interdomain routing assumptions

International audienceWe challenge a set of assumptions that are frequently used to model interdomain routing in the Internet by confronting them with routing decisions that are actually taken by ASes, as revealed through publicly available BGP feeds. Our results quantify for the first time the extent to which such assumptions are too simple to model real-world Internet routing policies. This should introduce a note of caution into future work that makes these assumptions and should prompt attempts to find more accurate models