Improving Pan-African research and education networks through traffic engineering: A LISP/SDN approach

The UbuntuNet Alliance, a consortium of National Research and Education Networks (NRENs) runs an exclusive data network for education and research in east and southern Africa. Despite a high degree of route redundancy in the Alliance's topology, a large portion of Internet traffic between the NRENs is circuitously routed through Europe. This thesis proposes a performance-based strategy for dynamic ranking of inter-NREN paths to reduce latencies. The thesis makes two contributions: firstly, mapping Africa's inter-NREN topology and quantifying the extent and impact of circuitous routing; and, secondly, a dynamic traffic engineering scheme based on Software Defined Networking (SDN), Locator/Identifier Separation Protocol (LISP) and Reinforcement Learning. To quantify the extent and impact of circuitous routing among Africa's NRENs, active topology discovery was conducted. Traceroute results showed that up to 75% of traffic from African sources to African NRENs went through inter-continental routes and experienced much higher latencies than that of traffic routed within Africa. An efficient mechanism for topology discovery was implemented by incorporating prior knowledge of overlapping paths to minimize redundancy during measurements. Evaluation of the network probing mechanism showed a 47% reduction in packets required to complete measurements. An interactive geospatial topology visualization tool was designed to evaluate how NREN stakeholders could identify routes between NRENs. Usability evaluation showed that users were able to identify routes with an accuracy level of 68%. NRENs are faced with at least three problems to optimize traffic engineering, namely: how to discover alternate end-to-end paths; how to measure and monitor performance of different paths; and how to reconfigure alternate end-to-end paths. This work designed and evaluated a traffic engineering mechanism for dynamic discovery and configuration of alternate inter-NREN paths using SDN, LISP and Reinforcement Learning. A LISP/SDN based traffic engineering mechanism was designed to enable NRENs to dynamically rank alternate gateways. Emulation-based evaluation of the mechanism showed that dynamic path ranking was able to achieve 20% lower latencies compared to the default static path selection. SDN and Reinforcement Learning were used to enable dynamic packet forwarding in a multipath environment, through hop-by-hop ranking of alternate links based on latency and available bandwidth. The solution achieved minimum latencies with significant increases in aggregate throughput compared to static single path packet forwarding. Overall, this thesis provides evidence that integration of LISP, SDN and Reinforcement Learning, as well as ranking and dynamic configuration of paths could help Africa's NRENs to minimise latencies and to achieve better throughputs

Evaluating Performance of Content Cache Placement in a Wireless Community Network

Community networks are often associated with bandwidth constraints. The limited bandwidth capacity in community networks results in higher content delivery time (latency) and reduces quality of service. Unplanned cache placement in the community networks has the potential to result in higher delays and increased network traffic. This study evaluates cache placement and content distribution in a community network using a distributed caching strategy. Latency, throughput and video performance measurements were carried out for geography, delay and hop count cache placement. In this study, hop count cache placement resulted in the lowest average latency, highest average throughput and best video performance. Overall, the study shows lower average latency, higher average throughput and better video performance at the caches compared to the main server. This reinforces the effectiveness of con- tent caching in improving network performance in wireless community networks

Topology-Aware Measurement Scheduling Strategies in Low Resource Networks

Community networks have been proposed by many networking experts and researchers as a way to bridge the connectivity gaps in rural and remote areas of the world. Many community networks are built with low-capacity computing devices and low-capacity links. Such community networks are examples of low resource networks. The design and implementation of computer networks using limited hardware and software resources has been studied extensively in the past, but scheduling strategies for conducting measurements on these networks remains an important area to be explored. In this study, the design of a Quality of Service monitoring system is proposed, focusing on performance of scheduling of network measurement jobs in different topologies of a low-resource network. Our results show that a graph colouring algorithm (AOSD) that arranges network measurement jobs in ascending order of their number of conflicts performs better than other scheduling algorithms like Round Robin (RR) and Earliest Deadline First (EDF)

Measuring SANReN Performance: An Internal and External View

Internet systems in developing regions experience various performance challenges due to inadequate infrastructure and resources. In this study, we conduct measurements using Speedchecker and perfSONAR to determine network performance when accessing the South African Research and Education Network (SANReN) from within the network and from outside the network. Our analysis finds that SANReN has performance challenge in and around Port Elizabeth (PE), as universities in these cities experienced the highest delays and page load times. We find that PE uses circuitous routes for traffic flows to Johannesburg and Pretoria, causing high delays and high page load times

Community Network Traffic Classification using Two-Dimensional Convolutional Neural Networks

Network traffic classification plays an important role in quality of service engineering. In recent years, it has become apparent that deep learning techniques are effective for this classification task, especially since classical approaches struggle to deal with encrypted traffic. However, deep learning models often tend to be computationally expensive, which weakens their suitability in low-resource community networks. This paper explores the computational efficiency and accuracy of two-dimensional convolutional neural networks (2D-CNNs) deep learning models for packet-based classification of traffic in a community net- work. We find that 2D-CNNs models attain higher out-of-sample accuracy than traditional support vector machines classifiers and the simpler multi-layer perceptron neural networks, given the same computational resource constraints. The improvement in accuracy offered by the 2D-CNNs has a tradeoff of slower prediction speed, which weakens their relative suitability for use in real-time applications. However, we observe that by reducing the size of the input supplied to the 2D-CNNs, we can improve their prediction speed whilst maintaining higher accuracy than other simpler models

Investigating Measurement Scheduling Strategies in Low Resource Networks

Community networks have been proposed by many networking experts and researchers as a way to bridge connectivity gaps in rural and remote areas of the world. Many community networks are built with low-capacity computing devices and low-capacity links. Such community networks are examples of low resource networks. The design and implementation of computer networks using limited hardware and software resources has been studied extensively in the past, but scheduling strategies for conducting measurements on these networks remains an important area to be explored. In this study, the design of a Quality of Service monitoring system is proposed, focusing on performance of scheduling of network measurement jobs in a low-resource network. In this paper, we present a testbed for conducting performance evaluation of two measurement scheduling algorithms and present an analysis of trends in their performance with varying experiment profiles

On Performance Impact of DoH and DoT in Africa: Why a User’s DNS choice matters

Internet security and Quality of Experience (QoE) are two antagonistic concepts that the research community has been attempting to reconcile. Internet security has of late received attention due to users' online privacy and security concerns. One example is the introduction of encrypted Domain Name System (DNS) protocols. These protocols, combined with suboptimal routing paths and offshore hosting, have the potential to negatively impact the quality of web browsing experience for users in Africa. This is particularly the case in edge access networks that are far away from essential infrastructures such as DNS and content servers. In this paper, we analyse the QoE impact of using open public DoH and DoT resolvers when resolving websites that are hosted in Africa versus those hosted offshore. The study further compares the performance of DoT and DoH under different network conditions (mobile, community network, Eduroam and Campus wired network). Our results show that high latency and circuitous DNS resolution paths amplify the performance impact of secure DNS protocols on DNS resolution time and page load time. The study further shows that users' DNS resolver preferences hugely determine the level of QoE. This study proposes wider adoption of Transport Layer Security version 1.3 (TLSv1.3) to leverage its latency-reduction features such as false start and Zero or One Round Trip Time (0/1-RTT). The study further proposes the localisation of content and secure DNS infrastructure. This, coupled with peering and cache sharing recommended by other works, will further minimise the impact of secure DNS protocols on Quality of Experience

Deep Learning Traffic Classification in Resource-Constrained Community Networks

Community networks are infrastructures that are run by the citizens for the citizens. These networks are often run with limited resources compared to traditional Internet Service Providers. For such networks, careful traffic classification can play an important role in improving quality of service. Deep learning techniques have been shown to be effective for this classification task, especially since classical approaches struggle to deal with encrypted traffic. However, deep learning models often tend to be computationally expensive, which limits their suitability for low-resource community networks. This paper explores the computational efficiency and accuracy of Long Short-Term Memory (LSTM) and Multi-Layer Perceptron (MLP) deep learning models for packet-based classification of traffic in a community network. We find that LSTM models attain higher out-of-sample accuracy than traditional support vector machines classifiers and the simpler multi-layer perceptron neural networks, given the same computational resource constraints. The improvement in accuracy offered by the LSTM has a tradeoff of slower prediction speed, which weakens their relative suitability for use in real-time applications. However, we observe that by reducing the size of the input supplied to the LSTMs, we can improve their prediction speed whilst maintaining higher accuracy than other simpler models

Resource-constrained Real-time Network Traffic Classification using One-Dimensional Convolutional Neural Networks

Real-time network traffic classification is vital for networks to implement Quality of Service (QoS) traffic engineering. Deep learning techniques have proven to be effective for classification tasks, even when the traffic is encrypted. The pursuit for higher accuracy has incentivized implementations of deep learning models that are larger and slower, and require higher computational resources. This poses a problem for real-time online classification, particularly in low resource environments. This paper considers the trade-off between prediction speed and accuracy for the packet-based network traffic classification tasks when computing resources are limited. We build and compare 1D Convolutional Neural Network (1D-CNN) and the Multilayer Perceptron (MLP) models of various sizes with varying packet payload lengths used as in- put. These deep learning models are further compared to Support Vector Machine (SVM) models across the same metrics. The models are evaluated on six different sets of hardware constraints that are likely to be found in low-resource community networks. The study finds a clear trade-off between prediction rate and attainable accuracy. Our results suggest that MLP can achieve sufficiently fast prediction in community networks with middle-range CPUs, and for the most powerful of CPUs, a 1D-CNN should be the preferred model

Security Mental Models and Personal Security Practices of Internet Users in Africa

Recent trends show an increase in risks for personal cyberattacks, in part due to an increase in remote work that has been imposed by worldwide Covid-19 lockdowns. These attacks have further exposed the inefficiencies of the "paternalistic" design of Internet security systems and security configuration frameworks. Prior research has shown that users often have inadequate Internet security and privacy mental models. However, little is known about the causes of flawed mental models. Using mixed methods over a period of nine months, we investigate Internet security mental models of users in Africa and the implications of these mental models on personal security practice. Consistent with prior research, we find inadequate Internet security mental models in self-reported expert and non-expert Internet users. In addition, our mental modelling and task analysis reveal that the flawed security practice does not only result from users' negligence, but also from lack of sufficient Internet security knowledge. Our findings motivate for reinforcing users' Internet security mental models through personalised security configuration frameworks to allow users, especially those with limited technical skills, to easily configure their desired security levels