FLOATING/PERVASIVE LAYER 3 OUTSIDE TO PEER WITH VIRTUAL ROUTERS IN DATACENTER

Techniques are described herein for a Floating Layer 3 Outside (L3Out) mechanism that enables an Application Centric Infrastructure (ACI) datacenter fabric to peer with Virtual Routers that can move across hypervisors. This may be performed without losing connectivity in protocol sessions, almost zero packet loss, and no extra configuration. These techniques save hardware resources with respect to Internet Protocol (IP) address and policy Content Addressable Memory (CAM) usage with no extra provisioning on the ACI

IDENTIFYING APPLICATION AND TRAFFIC PATTERNS CONTRIBUTING TO MICROBURSTS AND CONGESTION IN DATA CENTER NETWORKS

Microbursts are traffic events that can cause severe performance degradation in a network. With the advent of modern big data applications, microburst events are not uncommon in a data center. Rather than attempting superficial ad-hoc solutions, such as providing large buffer switches/routers, under provisioning bandwidth, etc., this proposal provides a technique to identify an offending application causing a microburst based on queue-level thresholds. Once identified, appropriate remedial action(s) (e.g., Quality of Service (QoS) actions, security actions, etc.) can be performed by a network administrator

ERASER : evasion resistant signature extractor for worms

In this thesis, we describe Evasion-Resistant Automated Signature ExtractoR (ERASER), a novel method for extracting content-based worm signatures in an evasion-resistant fashion. Despite much progress on content-based worm signature extraction, several recent studies show that evasive worms can easily render existing methods ineffective (i.e., cause them to miss almost 100% of worm instances, or raise their false positive ratio to intolerable levels) by polymorphising the worm payloads or by poisoning network traffic with carefully crafted, misleading patterns. The evasive attacks by polymorphisation include: Red herring attacks, Correlated Outlier Attacks and AZ attacks. ERASER achieves evasion resistance by exploiting two novel ideas: (i) domainspecific feature selection, which focuses on "smoking gun" features characteristic of worms, i.e., substrings that are invariant across different worm instances and rarely appear in normal traffic, (ii) adversary-aware signature learning, which forces each "successful" evasion to reveal a significant amount of information about the true invariant signatures. ERASER is provably evasion-resistant even in the presence of multiple colluding worms. We develop a prototype system of ERASER and evaluate its performance using both real and synthetic worm payloads combined with a large amount of real Internet traffic data collected at a tier-1 ISP and an edge network. Our results show that ERASER is highly accurate in the presence of a broad range of evasion attacks.Computer Science