Change search
Refine search result
1 - 11 of 11
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1. Antichi, Gianni
    et al.
    Castro, Ignacio
    Chiesa, Marco
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). Université catholique de Louvain.
    Fernandes, Eder L.
    Lapeyrade, Remy
    Kopp, Daniel
    Han, Jong Hun
    Bruyere, Marc
    Dietzel, Christoph
    Gusat, Mitchell
    Moore, Andrew W.
    Owezarski, Philippe
    Uhlig, Steve
    Canini, Marco
    ENDEAVOUR: A Scalable SDN Architecture For Real-World IXPs2017In: IEEE Journal on Selected Areas in Communications, ISSN 0733-8716, E-ISSN 1558-0008, Vol. 35, no 11, p. 2553-2562Article in journal (Refereed)
    Abstract [en]

    Innovation in interdomain routing has remained stagnant for over a decade. Recently, Internet eXchange Points (IXPs) have emerged as economically-advantageous interconnection points for reducing path latencies and exchanging ever increasing traffic volumes among, possibly, hundreds of networks. Given their far-reaching implications on interdomain routing, IXPs are the ideal place to foster network innovation and extend the benefits of software defined networking (SDN) to the interdomain level. In this paper, we present, evaluate, and demonstrate ENDEAVOUR, an SDN platform for IXPs. ENDEAVOUR can be deployed on a multi-hop IXP fabric, supports a large number of use cases, and is highly scalable, while avoiding broadcast storms. Our evaluation with real data from one of the largest IXPs, demonstrates the benefits and scalability of our solution: ENDEAVOUR requires around 70% fewer rules than alternative SDN solutions thanks to our rule partitioning mechanism. In addition, by providing an open source solution, we invite everyone from the community to experiment (and improve) our implementation as well as adapt it to new use cases.

  • 2.
    Bogdanov, Kirill
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Enabling Fast and Accurate Run-Time Decisions in Geo-Distributed Systems: Better Achieving Service Level Objectives2018Doctoral thesis, monograph (Other academic)
    Abstract [en]

    Computing services are highly integrated into modern society and used  by millions of people daily. To meet these high demands, many popular  services are implemented and deployed as geo-distributed applications on  top of third-party virtualized cloud providers. However, the nature of  such a deployment leads to variable performance. To deliver high quality  of service, these systems strive to adapt to ever-changing conditions by  monitoring changes in state and making informed run-time decisions, such  as choosing server peering, replica placement, and redirection of requests. In  this dissertation, we seek to improve the quality of run-time decisions made  by geo-distributed systems. We attempt to achieve this through: (1) a better  understanding of the underlying deployment conditions, (2) systematic and  thorough testing of the decision logic implemented in these systems, and (3)  by providing a clear view of the network and system states allowing services  to make better-informed decisions.  First, we validate an application’s decision logic used in popular  storage systems by examining replica selection algorithms. We do this by  introducing GeoPerf, a tool that uses symbolic execution and modeling to  perform systematic testing of replica selection algorithms. GeoPerf was used  to test two popular storage systems and found one bug in each.  Then, using measurements across EC2, we observed persistent correlation  between network paths and network latency. Based on these observations,  we introduce EdgeVar, a tool that decouples routing and congestion based  changes in network latency. This additional information improves estimation  of latency, as well as increases the stability of network path selection.  Next, we introduce Tectonic, a tool that tracks an application’s requests  and responses both at the user and kernel levels. In combination with  EdgeVar, it decouples end-to-end request completion time into three  components of network routing, network congestion, and service time.  Finally, we demonstrate how this decoupling of request completion  time components can be leveraged in practice by developing Kurma, a  fast and accurate load balancer for geo-distributed storage systems. At  runtime, Kurma integrates network latency and service time distributions to  accurately estimate the rate of Service Level Objective (SLO) violations, for  requests redirected between geo-distributed datacenters. Using real-world  data, we demonstrate Kurma’s ability to effectively share load among  datacenters while reducing SLO violations by a factor of up to 3 in high  load settings or reducing the cost of running the service by up to 17%. The  techniques described in this dissertation are important for current and future  geo-distributed services that strive to provide the best quality of service to  customers while minimizing the cost of operating the service.  

  • 3.
    Chiesa, Marco
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). Université Catholique de Louvain, Belgium.
    Demmler, D.
    Canini, M.
    Schapira, M.
    Schneider, T.
    SIXPACK: Securing internet eXchange points against curious onlookers2017In: CoNEXT 2017 - Proceedings of the 2017 13th International Conference on emerging Networking EXperiments and Technologies, Association for Computing Machinery (ACM), 2017, p. 120-133Conference paper (Refereed)
    Abstract [en]

    Internet eXchange Points (IXPs) play an ever-growing role in Internet inter-connection. To facilitate the exchange of routes amongst their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's peering policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This poses fundamental questions regarding the privacy guarantees of route-computation on confidential business information. Indeed, as evidenced by interaction with IXP administrators and a survey of network operators, this state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design sixpack1, an RS service that leverages Secure Multi-Party Computation (SMPC) to keep peering policies confidential, while extending, the functionalities of today's RSes. As SMPC is notoriously heavy in terms of communication and computation, our design and implementation of sixpack aims at moving computation outside of the SMPC without compromising the privacy guarantees. We assess the effectiveness and scalability of our system by evaluating a prototype implementation using traces of data from one of the largest IXPs in the world. Our evaluation results indicate that sixpack can scale to support privacy-preserving route-computation, even at IXPs with many hundreds of member networks.

  • 4.
    Chiesa, Marco
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Retvari, Gabor
    MTA BME Informat Syst Res Grp, H-1521 Budapest, Hungary..
    Schapira, Michael
    Hebrew Univ Jerusalem, IL-9190401 Jerusalem, Israel..
    Oblivious Routing in IP Networks2018In: IEEE/ACM Transactions on Networking, ISSN 1063-6692, E-ISSN 1558-2566, Vol. 26, no 3, p. 1292-1305Article in journal (Refereed)
    Abstract [en]

    To optimize the flow of traffic in IP networks, operators do traffic engineering (TE), i.e., tune routing-protocol parameters in response to traffic demands. TE in IP networks typically involves configuring static link weights and splitting traffic between the resulting shortest-paths via the equal-cost-multipath (ECMP) mechanism. Unfortunately, ECMP is a notoriously cumbersome and indirect means for optimizing traffic flow, often leading to poor network performance. Also, obtaining accurate knowledge of traffic demands as the input to TE is a non-trivial task that may require additional monitoring infrastructure, and traffic conditions can be highly variable, further complicating TE. We leverage recently proposed schemes for increasing ECMP's expressiveness via carefully disseminated bogus information (lies) to design COYOTE, a readily deployable TE scheme for robust and efficient network utilization. COYOTE leverages new algorithmic ideas to configure (static) traffic splitting ratios that are optimized with respect to all (even adversarial) traffic scenarios within the operator's "uncertainty bounds". Our experimental analyses show that COYOTE significantly outperforms today's prevalent TE schemes in a manner that is robust to traffic uncertainty and variation. We discuss experiments with a prototype implementation of COYOTE.

  • 5.
    Katsikas, Georgios P.
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). RISE SICS.
    NFV Service Chains at the Speed of the Underlying Commodity Hardware2018Doctoral thesis, monograph (Other academic)
    Abstract [en]

    Link speeds in networks will in the near-future reach and exceed 100 Gbps. While available specialized hardware can accommodate these speeds, modern networks have adopted a new networking paradigm, also known as Network Functions Virtualization (NFV), that replaces expensive specialized hardware with open-source software running on commodity hardware. However, achieving high performance using commodity hardware is a hard problem mainly because of the processor-memory gap. This gap suggests that only the fastest memories of today’s commodity servers can achieve the desirable access latencies for high speed networks. Existing NFV systems realize chained network functions (also known as service chains) mostly using slower memories; this implies a need for multiple additional CPU cores or even multiple servers to achieve high speed packet processing. In contrast, this thesis combines four contributions to realize NFV service chains with dramatically higher performance and better efficiency than the state of the art.

    The first contribution is a framework that profiles NFV service chains to uncover reasons for performance degradation, while the second contribution leverages the profiler’s data to accelerate these service chains by combining multiplexing of system calls with scheduling strategies. The third contribution synthesizes input/output and processing service chain operations to increase the spatial locality of network traffic with respect to a system’s caches. The fourth contribution combines the profiler’s insights from the first contribution and the synthesis approach of the third contribution to realize NFV service chains at the speed of the underlying commodity hardware. To do so, stateless traffic classification operations are offloaded into available hardware (i.e., programmable switches and/or network cards) and a tag is associated with each traffic class. At the server side, input traffic classes are classified by the hardware based upon the values of these tags, which indicate the CPU core that should undertake their stateful processing, while ensuring zero inter-core communication.

    With commodity hardware, this thesis realizes Internet Service Provider-level service chains and deep packet inspection at a line-rate 40 Gbps and stateful service chains at the speed of a 100 GbE network card on a 16 core single server. This results in up to (i) 4.7x lower latency, (ii) 8.5x higher throughput, and (iii) 6.5x better efficiency than the state of the art. The techniques described in this thesis are crucial for realizing future high speed NFV deployments.

  • 6.
    Katsikas, Georgios P.
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). RISE SICS.
    Barbette, Tom
    University of Liege.
    Kostic, Dejan
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Steinert, Rebecca
    RISE SICS.
    Maguire Jr., Gerald Q.
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Radio Systems Laboratory (RS Lab).
    Metron: NFV Service Chains at the True Speed of the Underlying Hardware2018Conference paper (Refereed)
    Abstract [en]

    In this paper we present Metron, a Network Functions Virtualization (NFV) platform that achieves high resource utilization by jointly exploiting the underlying network and commodity servers’ resources. This synergy allows Metron to: (i) offload part of the packet processing logic to the network, (ii) use smart tagging to setup and exploit the affinity of traffic classes, and (iii) use tag-based hardware dispatching to carry out the remaining packet processing at the speed of the servers’ fastest cache(s), with zero inter-core communication. Metron also introduces a novel resource allocation scheme that minimizes the resource allocation overhead for large-scale NFV deployments. With commodity hardware assistance, Metron deeply inspects traffic at 40 Gbps and realizes stateful network functions at the speed of a 100 GbE network card on a single server. Metron has 2.75-6.5x better efficiency than OpenBox, a state of the art NFV system, while ensuring key requirements such as elasticity, fine-grained load balancing, and flexible traffic steering.

  • 7.
    Khodaei, Mohammad
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Jin, Hongyu
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems2018In: IEEE transactions on intelligent transportation systems (Print), ISSN 1524-9050, E-ISSN 1558-0016, Vol. 19, no 5, p. 1430-1444Article in journal (Refereed)
    Abstract [en]

    Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming vehicular communication (VC) systems. There is a growing consensus toward deploying a special-purpose identity and credential management infrastructure, i.e., a vehicular public-key infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts toward that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts [Car2Car Communication Consortium (C2C-CC)], significant questions remain unanswered toward deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions and two large-scale mobility trace data sets, based on which we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very few delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.

  • 8. Liu, S.
    et al.
    Steinert, R.
    Kostic, Dejan
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Control under Intermittent Network Partitions2018In: 2018 IEEE International Conference on Communications (ICC), Institute of Electrical and Electronics Engineers (IEEE), 2018, article id 8422615Conference paper (Refereed)
    Abstract [en]

    We propose a novel distributed leader election algorithm to deal with the controller and control service availability issues in programmable networks, such as Software Defined Networks (SDN) or programmable Radio Access Network (RAN). Our approach can deal with a wide range of network failures, especially intermittent network partitions, where splitting and merging of a network repeatedly occur. In contrast to traditional leader election algorithms that mainly focus on the (eventual) consensus on one leader, the proposed algorithm aims at optimizing control service availability, stability and reducing the controller state synchronization effort during intermittent network partitioning situations. To this end, we design a new framework that enables dynamic leader election based on real-time estimates acquired from statistical monitoring. With this framework, the proposed leader election algorithm has the capability of being flexibly configured to achieve different optimization objectives, while adapting to various failure patterns. Compared with two existing algorithms, our approach can significantly reduce the synchronization overhead (up to 12x) due to controller state updates, and maintain up to twice more nodes under a controller.

  • 9.
    Omer Mahgoub Saied, Khalid
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Network Latency Estimation Leveraging Network Path Classification2018Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
    Abstract [en]

    With the development of the Internet, new network services with strict network latency requirements have been made possible. These services are implemented as distributed systems deployed across multiple geographical locations. To provide low response time, these services require knowledge about the current network latency. Unfortunately, network latency among geo-distributed sites often change, thus distributed services rely on continuous network latency measurements. One goal of such measurements is to differentiate between momentary latency spikes from relatively long-term latency changes. The differentiation is achieved through statistical processing of the collected samples. This approach of high-frequency network latency measurements has high overhead, slow to identify network latency changes and lacks accuracy.

    We propose a novel approach for network latency estimation by correlating network paths to network latency. We demonstrate that network latency can be accurately estimated by first measuring and identifying the network path used and then fetching the expected latency for that network path based on previous set of measurements. Based on these principles, we introduce Sudan traceroute, a network latency estimation tool. Sudan traceroute can be used to both reduce the latency estimation time as well as to reduce the overhead of network path measurements. Sudan traceroute uses an improved path detection mechanism that sends only a few carefully selected probes in order to identify the current network path.

    We have developed and evaluated Sudan traceroute in a test environment and evaluated the feasibility of Sudan traceroute on real-world networks using Amazon EC2. Using Sudan traceroute we have shortened the time it takes for hosts to identify network latency level changes compared to existing approaches.

  • 10. Peresini, Peter
    et al.
    Kuzniar, Maciej
    Kostic, Dejan
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Dynamic, Fine-Grained Data Plane Monitoring with Monocle2018In: IEEE/ACM Transactions on Networking, ISSN 1063-6692, E-ISSN 1558-2566, Vol. 26, no 1, p. 534-547Article in journal (Refereed)
    Abstract [en]

    Ensuring network reliability is important for satisfying service-level objectives. However, diagnosing network anomalies in a timely fashion is difficult due to the complex nature of network configurations. We present Monocle — a system that uncovers forwarding problems due to hardware or software failures in switches, by verifying that the data plane corresponds to the view that an SDN controller installs via the control plane. Monocle works by systematically probing the switch data plane; the probes are constructed by formulating the switch forwarding table logic as a Boolean satisfiability (SAT) problem. Our SAT formulation quickly generates probe packets targeting a particular rule considering both existing and new rules. Monocle can monitor not only static flow tables (as is currently typically the case), but also dynamic networks with frequent flow table changes. Our evaluation shows that Monocle is capable of fine-grained monitoring for the majority of rules, and it can identify a rule suddenly missing from the data plane or misbehaving in a matter of seconds. In fact, during our evaluation Monocle uncovered problems with two hardware switches that we were using in our evaluation. Finally, during network updates Monocle helps controllers cope with switches that exhibit transient inconsistencies between their control and data plane states.

  • 11.
    Tanyingyong, Voravit
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Olsson, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Hidell, Markus
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). KTH, Superseded Departments (pre-2005), Microelectronics and Information Technology, IMIT.
    Sjödin, Peter
    KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). KTH, Superseded Departments (pre-2005), Microelectronics and Information Technology, IMIT.
    Ahlgren, Bengt
    RISE SICS.
    Implementation and Deployment of an Outdoor IoT-based Air Quality Monitoring Testbed2018In: 2018 IEEE Global Communications Conference, 2018Conference paper (Refereed)
    Abstract [en]

    This paper presents an outdoor IoT-based air quality monitoring testbed deployed in the city of Uppsala, Sweden. Our IoT sensing unit is designed and developed using low-cost hardware components and open source software, which makes it easy to replicate. We demonstrate that it can serve as an affordable solution for real-time measurements and has potentials to complement traditional monitoring to cover larger areas. We use low-power communication based on IEEE 802.15.4, RPL, and MQTT, and achieve high end-to-end delivery ratio (>98%) in an outdoor setting. Moreover, we carry out network analysis of our testbed and provide detailed insights into its characteristics.

1 - 11 of 11
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf