Scalable agent platforms with friendly interaction for modeling practical problems

Trabajo presentado al EGI Community Forum, celebrado en Bari (Italia) del 10 al 13 de noviembre de 2015.Many problems can be addressed in a realistic way with the help of Agent Based Model tools. However, these tools are sometimes not easy to use for a final user, or are not able to scale up to use the computing resources required by the problem. We propose to develop a general platform supporting different ABM solutions, and deployed as a service in HPC Cloud resources. We analyze a first possible pilot, through the discussion of a simple but real use case: the anthropogenic impact in the water quality in a lake.Peer Reviewe

Decentralized trust in the inter-domain routing infrastructure

Inter-domain routing security is of critical importance to the Internet since it prevents unwanted traffic redirections. The current system is based on a Public Key Infrastructure (PKI), a centralized repository of digital certificates. However, the inherent centralization of such design creates tensions between its participants and hinders its deployment. In addition, some technical drawbacks of PKIs delay widespread adoption. In this paper we present IPchain, a blockchain to store the allocations and delegations of IP addresses. IPchain leverages blockchains' properties to decentralize trust among its participants, with the final goal of providing flexible trust models that adapt better to the ever-changing geopolitical landscape. Moreover, we argue that Proof of Stake is a suitable consensus algorithm for IPchain due to the unique incentive structure of this use-case, and that blockchains offer relevant technical advantages when compared to existing systems, such as simplified management. In order to show its feasibility and suitability, we have implemented and evaluated IPchain's performance and scalability storing around 350k IP prefixes in a 2.5 GB chain.Peer ReviewedPostprint (published version

Global state, local decisions: Decentralized NFV for ISPs via enhanced SDN

The network functions virtualization paradigm is rapidly gaining interest among Internet service providers. However, the transition to this paradigm on ISP networks comes with a unique set of challenges: legacy equipment already in place, heterogeneous traffic from multiple clients, and very large scalability requirements. In this article we thoroughly analyze such challenges and discuss NFV design guidelines that address them efficiently. Particularly, we show that a decentralization of NFV control while maintaining global state improves scalability, offers better per-flow decisions and simplifies the implementation of virtual network functions. Building on top of such principles, we propose a partially decentralized NFV architecture enabled via an enhanced software-defined networking infrastructure. We also perform a qualitative analysis of the architecture to identify advantages and challenges. Finally, we determine the bottleneck component, based on the qualitative analysis, which we implement and benchmark in order to assess the feasibility of the architecture.Peer ReviewedPostprint (author's final draft

Subinspectores de Empleo y Seguridad Social (caso práctico)

This case study, referred to inspecting activities involving employment and social security, reproduces the wording of the one proposed as third part of the test in the 2015 call for public examinations to join the Civil Service body of mid-ranking employment and social security inspectors –the Cuerpo de Subinspectores Laborales, escala de Empleo y Seguridad Social–, as laid out in the Order ESS/1458/2016 of 7 September 2016. An analysis of the questions arising from the proposed case is made jointly with a law-based solution.El presente caso práctico reproduce el enunciado del supuesto referido a la actividad de la Inspección de Trabajo y Seguridad Social planteado como tercer ejercicio en la convocatoria de la oposición para el ingreso en el Cuerpo de Subinspectores Laborales, escala de Empleo y Seguridad Social, correspondiente a 2015 –Orden ESS/1458/2016, de 7 de septiembre (BOE de 13 de septiembre)–. En él se efectúa un análisis de las cuestiones derivadas del planteamiento, incorporando la fundamentación jurídica de la respuesta

Scalable ABM platforms with friendly interaction to address practical problems

Trabajo presentado a la primera reunion promovida por la Asociación para el estudio de Sistemas Complejos Sociotecnológicos, COMSOTEC (http://www.comsotec.org), celebrada en Santander del 9 al 11 de Septiembre de 2015.ABM platforms are introduced, and an example of practical application is described.Peer Reviewe

A control plane for WireGuard

WireGuard is a VPN protocol that has gained significant interest recently. Its main advantages are: (i) simple configuration (via pre-shared SSH-like public keys), (ii) mobility support, (iii) reduced codebase to ease auditing, and (iv) Linux kernel implementation that yields high performance. However, WireGuard (intentionally) lacks a control plane. This means that each peer in a WireGuard network has to be manually configured with the other peers’ public key and IP addresses, or by other means. In this paper we present an architecture based on a centralized server to automatically distribute this information. In a nutshell, first we manually establish a WireGuard tunnel to the centralized server, and ask all the peers to store their public keys and IP addresses in it. Then, WireGuard peers use this secure channel to retrieve on-demand the information for the peers they want to communicate to. Our design strives to: (i) offer a key distribution scheme simpler than PKI-based ones, (ii) limit the number of public keys sent to the peers, and (iii) reduce tunnel establishment latency by means of an UDP-based protocol. We argue that such automation can help the deployment in enterprise or ISP scenarios. We also describe in detail our implementation and analyze several performance metrics. Finally, we discuss possible improvements regarding several shortcomings we found during implementation.This work was partially supported by the Spanish MINECO under contract TEC2017-90034-C2-1-R (ALLIANCE) and the Catalan Institution for Research and Advanced Studies (ICREA).Peer ReviewedPostprint (author's final draft

Wide area network autoscaling for cloud applications

Modern cloud orchestrators like Kubernetes provide a versatile and robust way to host applications at scale. One of their key features is autoscaling, which automatically adjusts cloud resources (compute, memory, storage) in order to adapt to the demands of applications. However, the scope of cloud autoscaling is limited to the datacenter hosting the cloud and it doesn't apply uniformly to the allocation of network resources. In I/O-constrained or data-in-motion use cases this can lead to severe performance degradation for the application. For example, when the load on a cloud service increases and the Wide Area Network (WAN) connecting the datacenter to the Internet becomes saturated, the application flows experience an increase in delay and loss. In many cases this is dealt with overprovisioning network capacity, which introduces additional costs and inefficiencies. On the other hand, thanks to the concept of "Network as Code", the WAN exposes a set of APIs that can be used to dynamically allocate and de-allocate capacity on-demand. In this paper we propose extending the concept of cloud autoscaling into the network to address this limitation. This way, applications running in the cloud can communicate their networking requirements, like bandwidth or traffic profile, to a Software-Defined Networking (SDN) controller or Network as a Service (NaaS) platform. Moreover, we aim to define the concepts of vertical and horizontal autoscaling applied to networking. We present a prototype that automatically allocates bandwidth to the underlay network, according to the requirements of the applications hosted in Kubernetes. Finally, we discuss open research challenges.This work was supported by the Spanish MINECO under contract TEC2017-90034-C2-1-R (ALLIANCE), the Catalan Institution for Research and Advanced Studies (ICREA).Peer ReviewedPostprint (author's final draft

Educación de alumnos con necesidades educativas especiales en pandemia. Perspectivas de las madres y padres

Objetivo: identificar cuáles fueron, desde el punto de vista de las madres y padres, las condiciones de estudio, los aprendizajes y las reacciones emocionales antes y durante la pandemia de sus hijas/os con necesidades educativas especiales, además de conocer algunas condiciones emocionales de ellas/os mismas/os. Método: Se realizó un estudio exploratorio, en el cual se aplicaron cuestionarios digitales a madres y padres de alumnas/os con y sin necesidades educativas especiales, seleccionados mediante un muestreo no probabilístico, intencional. Participaron 2.634 madres y padres (entre 35 y 38 años de edad en promedio, 90 % mujeres). Resultados: Se encontró que los alumnos estudiaron en condiciones precarias, y se vieron afectados seriamente en sus aprendizajes y mostraron reacciones emocionales negativas durante la pandemia. Los alumnos con necesidades educativas especiales resultaron muy afectados, pero no mucho más que los alumnos sin estas necesidades, lo cual probablemente se debió al trabajo de las USAER. Las madres y padres, particularmente de los alumnos con NEE, presentaron cansancio y frustración. Conclusiones: Se concluye que el confinamiento produjo serias afectaciones en todos los estudiantes, incluyendo a quienes presentan necesidades educativas especiales, pero estos no resultaron mucho más afectados gracias al apoyo brindado por las USAER. Discusión: Estos resultados obligan a tomar medidas emergentes durante el regreso a clases presenciales para compensar las pérdidas de aprendizaje

Programmable overlays via OpenOverlayRouter

Among the different options to instantiate overlays, the Locator/ID Separation Protocol (LISP) [7] has gained significant traction among industry and academia [5], [6], [8]–[11], [14], [15]. Interestingly, LISP offers a standard, inter-domain, and dynamic overlay that enables low capital expenditure (CAPEX) innovation at the network layer [8]. LISP follows a map-and-encap approach where overlay identifiers are mapped to underlay locators. Overlay traffic is encapsulated into locator-based packets and routed through the underlay. LISP leverages a public database to store overlay-to-underlay mappings and on a pull mechanism to retrieve those mappings on demand from the data plane. Therefore, LISP effectively decouples the control and data planes, since control plane policies are pushed to the database rather than to the data plane. Forwarding elements reflect control policies on the data plane by pulling them from the database. In that sense, LISP can be used as an SDN southbound protocol to enable programmable overlay networks [5].Peer ReviewedPostprint (published version

Knowledge-defined networking

The research community has considered in the past the application of Artificial Intelligence (AI) techniques to control and operate networks. A notable example is the Knowledge Plane proposed by D.Clark et al. However, such techniques have not been extensively prototyped or deployed in the field yet. In this paper, we explore the reasons for the lack of adoption and posit that the rise of two recent paradigms: Software-Defined Networking (SDN) and Network Analytics (NA), will facilitate the adoption of AI techniques in the context of network operation and control. We describe a new paradigm that accommodates and exploits SDN, NA and AI, and provide use-cases that illustrate its applicability and benefits. We also present simple experimental results that support, for some relevant use-cases, its feasibility. We refer to this new paradigm as Knowledge-Defined Networking (KDN).Peer ReviewedPostprint (author's final draft