Optimal Provisioning and Pricing of Differentiated Services Using QoS Class Promotion

This paper introduces a new method for optimally provisioning and pricing di#erentiated services, that maximizes profit and maintains a small blocking probability. Resources are provisioned per Quality of Service (QoS) class over the long-term (service level agreement duration), then priced based on user demand over the short-term. Unique to this method is the ability to dynamically promote tra#c from one QoS class to a higher QoS class, based on estimated demand statistics. This additional flexibility encourages better short-term utilization of the classes, resulting in higher profits while maintaining a low blocking probability. Experimental results will demonstrate QoS class promotion can obtain higher profits, as compared to other provisioning and allocation methods

Middleware-based connection management for QoS-enabled networks

Many applications require network performance bounds, or Quality of Service (QoS), for their proper operation. This is achieved through the appropriate allocation of network resources; however, providing end-to-end QoS is becoming more complex, due to the increasing heterogeneity of networks. For example, end-to-end QoS can be provided through the concatenation of services across multiple networks (domains), but each domain may employ different network technologies as well as different QoS methodologies. As a result, management strategies are needed to provide QoS across multiple domains in a scalable and economically feasible manner. This paper describes a microeconomic-based middleware architecture that allows the specification and acquisition of QoS and resource policies. The architecture consists of users, bandwidth brokers, and network domains. Executing applications, users require network QoS obtained via middleware from a bandwidth broker. Bandwidth brokers then interact with one another to provide end-to-end QoS connections across multiple domains. This is done in a BGP manner which recursively provides end-to-end services in a scalable fashion. Using this framework, this paper describes management strategies to optimally provision and allocate end-to-end connections. The methods maintain a low blocking probability, and maximize utility and profit, which are increasingly important as network connectivity evolves as an industry

Optimization of network firewall policies using directed acyclic graphs

This paper introduces a new method to improve the performance of list oriented firewall systems. Specifically, the paper addresses reordering a firewall rule set to minimize the average number of comparisons to determine the action, while maintaining the integrity of the original policy. Integrity is preserved if the reordered and original rules always arrive at the same result given a packet. To maintain integrity, this paper will model the rule set as a Directed Acyclical Graph (DAG), where vertices are firewall rules and edges indicate precedence relationships. Given this representation, any linear arrangement of the policy DAG (which is a list of rules) is shown to maintain the original policy integrity. Unfortunately, determining the optimal rule order from all the possible linear arrangements is shown to be ÆÈ-hard, since it is equivalent to sequencing jobs with precedence constraints for a single machine. Although determining the optimal order is ÆÈ-hard, this paper will introduce a simple heuristic to order firewall rules that reduces the average number of comparisons while maintaining integrity. Simulation results show the proposed reordering method yields rule orders that are comparable to optimal (11 % difference); thus, provides a simple means to significantly improve firewall performance and lower packet delay

Towards Optimal Firewall Rule Ordering Utilizing Directed Acyclical Graphs," icccn

Abstract—Firewalls enforce a security policy by inspecting packets arriving or departing a network. This is often accomplished by sequentially comparing the policy rules with the header of an arriving packet until the first match is found. This process becomes time consuming as policies become larger and more complex. Therefore determining the appropriate action for arriving packets must be done as quickly as possible. The process of packet header matching can be improved if more popular rules appear earlier in the policy. Unfortunately, a simple sorting algorithm is not possible since the relative order of certain rules must be maintained in order to preserve the original policy intent. Utilizing Directed Acyclical Graphs (DAGs) to represent firewall policy, this paper will introduce a novel rule sorting technique. The technique is capable of considering sub-graphs of rules (inter-related by precedence constraints) and compare the advantage of placing and merging the rules that comprise them. Experimental results using a variety of policies will show that the proposed algorithm is able to find the optimal order in 98 % of the example policies, which is substantially higher than other methods. Index Terms—Security, network firewall, security policy, rule ordering I

The Economic Impact of Network Pricing Intervals

Interval pricing can provide an effective means of congestion control as well as revenue generation. Using this method, prices are fixed over intervals of time, providing adaptibility and predictability. An important issue is the interval duration associated with price updates

ABR Rate Control for Multimedia Traffic Using Microeconomics

Multimedia applications are expected to play a more prevalent role in integrated service networks. One method of efficiently transmitting such traffic uses the ABR service class. However, rate control for this class becomes more difficult due to the bursty and somewhat unpredictable behavior of multimedia traffic. This paper presents a microeconomic-based ABR rate control technique that models the network as competitive markets. Prices are affixed to ABR bandwidth based upon supply and demand, and users purchase bandwidth to maximize their individual QoS. This yields a state-less rate control method that provides Pareto-optimal and QoS-fair bandwidth distributions, as well as high utilization. Simulation results using actual MPEG-compressed video traffic show utilization over 95 % and better QoS control than max-min or demand-based weighted max-min

Trie-Based Policy Representations for Network Firewalls

Abstrac