Change search
Refine search result
1 - 24 of 24
Cite
Citation style
• apa
• harvard1
• ieee
• modern-language-association-8th-edition
• vancouver
• Other style
More styles
Language
• de-DE
• en-GB
• en-US
• fi-FI
• nn-NO
• nn-NB
• sv-SE
• Other locale
More languages
Output format
• html
• text
• asciidoc
• rtf
Rows per page
• 5
• 10
• 20
• 50
• 100
• 250
Sort
• Standard (Relevance)
• Author A-Ö
• Author Ö-A
• Title A-Ö
• Title Ö-A
• Publication type A-Ö
• Publication type Ö-A
• Issued (Oldest first)
• Created (Oldest first)
• Last updated (Oldest first)
• Disputation date (earliest first)
• Disputation date (latest first)
• Standard (Relevance)
• Author A-Ö
• Author Ö-A
• Title A-Ö
• Title Ö-A
• Publication type A-Ö
• Publication type Ö-A
• Issued (Oldest first)
• Created (Oldest first)
• Last updated (Oldest first)
• Disputation date (earliest first)
• Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
• 1. Antichi, Gianni
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). Université catholique de Louvain.
ENDEAVOUR: A Scalable SDN Architecture For Real-World IXPs2017In: IEEE Journal on Selected Areas in Communications, ISSN 0733-8716, E-ISSN 1558-0008, Vol. 35, no 11, p. 2553-2562Article in journal (Refereed)

Innovation in interdomain routing has remained stagnant for over a decade. Recently, Internet eXchange Points (IXPs) have emerged as economically-advantageous interconnection points for reducing path latencies and exchanging ever increasing traffic volumes among, possibly, hundreds of networks. Given their far-reaching implications on interdomain routing, IXPs are the ideal place to foster network innovation and extend the benefits of software defined networking (SDN) to the interdomain level. In this paper, we present, evaluate, and demonstrate ENDEAVOUR, an SDN platform for IXPs. ENDEAVOUR can be deployed on a multi-hop IXP fabric, supports a large number of use cases, and is highly scalable, while avoiding broadcast storms. Our evaluation with real data from one of the largest IXPs, demonstrates the benefits and scalability of our solution: ENDEAVOUR requires around 70% fewer rules than alternative SDN solutions thanks to our rule partitioning mechanism. In addition, by providing an open source solution, we invite everyone from the community to experiment (and improve) our implementation as well as adapt it to new use cases.

• 2.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Network Systems Laboratory (NS Lab).
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Network Systems Laboratory (NS Lab). KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Radio Systems Laboratory (RS Lab). KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS.
RSS++: load and state-aware receive side scaling2019In: Proceedings of the 15th International Conference on emerging Networking EXperiments and Technologies / [ed] ACM, Orlando, FL, USA: Association for Computing Machinery (ACM), 2019Conference paper (Refereed)

• 3.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Enabling Fast and Accurate Run-Time Decisions in Geo-Distributed Systems: Better Achieving Service Level Objectives2018Doctoral thesis, monograph (Other academic)

Computing services are highly integrated into modern society and used  by millions of people daily. To meet these high demands, many popular  services are implemented and deployed as geo-distributed applications on  top of third-party virtualized cloud providers. However, the nature of  such a deployment leads to variable performance. To deliver high quality  of service, these systems strive to adapt to ever-changing conditions by  monitoring changes in state and making informed run-time decisions, such  as choosing server peering, replica placement, and redirection of requests. In  this dissertation, we seek to improve the quality of run-time decisions made  by geo-distributed systems. We attempt to achieve this through: (1) a better  understanding of the underlying deployment conditions, (2) systematic and  thorough testing of the decision logic implemented in these systems, and (3)  by providing a clear view of the network and system states allowing services  to make better-informed decisions.  First, we validate an application’s decision logic used in popular  storage systems by examining replica selection algorithms. We do this by  introducing GeoPerf, a tool that uses symbolic execution and modeling to  perform systematic testing of replica selection algorithms. GeoPerf was used  to test two popular storage systems and found one bug in each.  Then, using measurements across EC2, we observed persistent correlation  between network paths and network latency. Based on these observations,  we introduce EdgeVar, a tool that decouples routing and congestion based  changes in network latency. This additional information improves estimation  of latency, as well as increases the stability of network path selection.  Next, we introduce Tectonic, a tool that tracks an application’s requests  and responses both at the user and kernel levels. In combination with  EdgeVar, it decouples end-to-end request completion time into three  components of network routing, network congestion, and service time.  Finally, we demonstrate how this decoupling of request completion  time components can be leveraged in practice by developing Kurma, a  fast and accurate load balancer for geo-distributed storage systems. At  runtime, Kurma integrates network latency and service time distributions to  accurately estimate the rate of Service Level Objective (SLO) violations, for  requests redirected between geo-distributed datacenters. Using real-world  data, we demonstrate Kurma’s ability to effectively share load among  datacenters while reducing SLO violations by a factor of up to 3 in high  load settings or reducing the cost of running the service by up to 17%. The  techniques described in this dissertation are important for current and future  geo-distributed services that strive to provide the best quality of service to  customers while minimizing the cost of operating the service.

• 4.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). Université Catholique de Louvain, Belgium.
SIXPACK: Securing internet eXchange points against curious onlookers2017In: CoNEXT 2017 - Proceedings of the 2017 13th International Conference on emerging Networking EXperiments and Technologies, Association for Computing Machinery (ACM), 2017, p. 120-133Conference paper (Refereed)

Internet eXchange Points (IXPs) play an ever-growing role in Internet inter-connection. To facilitate the exchange of routes amongst their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's peering policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This poses fundamental questions regarding the privacy guarantees of route-computation on confidential business information. Indeed, as evidenced by interaction with IXP administrators and a survey of network operators, this state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design sixpack1, an RS service that leverages Secure Multi-Party Computation (SMPC) to keep peering policies confidential, while extending, the functionalities of today's RSes. As SMPC is notoriously heavy in terms of communication and computation, our design and implementation of sixpack aims at moving computation outside of the SMPC without compromising the privacy guarantees. We assess the effectiveness and scalability of our system by evaluating a prototype implementation using traces of data from one of the largest IXPs in the world. Our evaluation results indicate that sixpack can scale to support privacy-preserving route-computation, even at IXPs with many hundreds of member networks.

• 5.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
MTA BME Informat Syst Res Grp, H-1521 Budapest, Hungary.. Hebrew Univ Jerusalem, IL-9190401 Jerusalem, Israel..
Oblivious Routing in IP Networks2018In: IEEE/ACM Transactions on Networking, ISSN 1063-6692, E-ISSN 1558-2566, Vol. 26, no 3, p. 1292-1305Article in journal (Refereed)

To optimize the flow of traffic in IP networks, operators do traffic engineering (TE), i.e., tune routing-protocol parameters in response to traffic demands. TE in IP networks typically involves configuring static link weights and splitting traffic between the resulting shortest-paths via the equal-cost-multipath (ECMP) mechanism. Unfortunately, ECMP is a notoriously cumbersome and indirect means for optimizing traffic flow, often leading to poor network performance. Also, obtaining accurate knowledge of traffic demands as the input to TE is a non-trivial task that may require additional monitoring infrastructure, and traffic conditions can be highly variable, further complicating TE. We leverage recently proposed schemes for increasing ECMP's expressiveness via carefully disseminated bogus information (lies) to design COYOTE, a readily deployable TE scheme for robust and efficient network utilization. COYOTE leverages new algorithmic ideas to configure (static) traffic splitting ratios that are optimized with respect to all (even adversarial) traffic scenarios within the operator's "uncertainty bounds". Our experimental analyses show that COYOTE significantly outperforms today's prevalent TE schemes in a manner that is robust to traffic uncertainty and variation. We discuss experiments with a prototype implementation of COYOTE.

• 6.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Universitat Politècnica de Catalunya. Queen Mary, University of London. Independent Researcher. AGH University of Science and Technology in Kraków. Barefoot Networks. University of Vienna.
PURR: A Primitive for Reconfigurable Fast Reroute: (hope for the best and program for the worst)2019In: In International Conference on emerging Networking EXperiments and Technologies, , 2019 / [ed] ACM, 2019Conference paper (Refereed)

Highly dependable communication networks usually rely on some kind of Fast Re-Route (FRR) mechanism which allows to quickly re-route traffic upon failures, entirely in the data plane. This paper studies the design of FRR mechanisms for emerging reconfigurable switches.

Our main contribution is an FRR primitive for programmable data planes, PURR, which provides low failover latency and high switch throughput, by avoiding packet recirculation. PURR tolerates multiple concurrent failures and comes with minimal memory requirements, ensuring compact forwarding tables, by unveiling an intriguing connection to classic string theory'' (\textit{i.e.}, stringology), and in particular, the shortest common supersequence problem. PURR is well-suited for high-speed match\slash action forwarding architectures (e.g., PISA) and supports the implementation of arbitrary network-wide FRR mechanisms. Our simulations and prototype implementation (on an FPGA and Tofino) show that PURR~improves TCAM memory occupancy by a factor of 1.51.5x---10.810.8x compared to a na\"ive encoding when implementing state-of-the-art FRR mechanisms. PURR also improves the latency and throughput of datacenter traffic up to a factor of \mbox{2.82.8x---5.55.5x} and 1.21.2x---22x, respectively, compared to approaches based on recirculating packets.

• 7.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Realizing Low-Latency Internet Services via Low-Level Optimization of NFV Service Chains: Every nanosecond counts!2019Licentiate thesis, monograph (Other academic)

By virtue of the recent technological developments in cloud computing, more applications are deployed in a cloud. Among these modern cloud-based applications, some require bounded and predictable low-latency responses. However, the current cloud infrastructure is unsuitable as it cannot satisfy these requirements, due to many limitations in both hardware and software.

This licentiate thesis describes attempts to reduce the latency of Internet services by carefully studying the currently available infrastructure, optimizing it, and improving its performance. The focus is to optimize the performance of network functions deployed on commodity hardware, known as network function virtualization (NFV). The performance of NFV is one of the major sources of latency for Internet services.

The first contribution is related to optimizing the software. This project began by investigating the possibility of superoptimizing virtualized network functions(VNFs). This began with a literature review of available superoptimization techniques, then one of the state-of-the-art superoptimization tools was selected to analyze the crucial metrics affecting application performance. The result of our analysis demonstrated that having better cache metrics could potentially improve the performance of all applications.

The second contribution of this thesis employs the results of the first part by taking a step toward optimizing cache performance of time-critical NFV service chains. By doing so, we reduced the tail latencies of such systems running at 100Gbps. This is an important achievement as it increases the probability of realizing bounded and predictable latency for Internet services.

• 8.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Ericsson Research. KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS. KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS.
Make the Most out of Last Level Cache in Intel Processors2019In: Proceedings of the Fourteenth EuroSys Conference (EuroSys'19), Dresden, Germany, 25-28 March 2019., ACM Digital Library, 2019Conference paper (Refereed)

In modern (Intel) processors, Last Level Cache (LLC) is divided into multiple slices and an undocumented hashing algorithm (aka Complex Addressing) maps different parts of memory address space among these slices to increase the effective memory bandwidth. After a careful study of Intel’s Complex Addressing, we introduce a slice-aware memory management scheme, wherein frequently used data can be accessed faster via the LLC. Using our proposed scheme, we show that a key-value store can potentially improve its average performance ∼12.2% and ∼11.4% for 100% & 95% GET workloads, respectively. Furthermore, we propose CacheDirector, a network I/O solution which extends Direct Data I/O (DDIO) and places the packet’s header in the slice of the LLC that is closest to the relevant processing core. We implemented CacheDirector as an extension to DPDK and evaluated our proposed solution for latency-critical applications in Network Function Virtualization (NFV) systems. Evaluation results show that CacheDirector makes packet processing faster by reducing tail latencies (90-99th percentiles) by up to 119 µs (∼21.5%) for optimized NFV service chains that are running at 100 Gbps. Finally, we analyze the effectiveness of slice-aware memory management to realize cache isolation

• 9. Foerster, K. -T
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
TI-MFA: Keep calm and reroute segments fast2018In: INFOCOM 2018 - IEEE Conference on Computer Communications Workshops, Institute of Electrical and Electronics Engineers Inc. , 2018, p. 415-420Conference paper (Refereed)

Segment Routing (SR) promises to provide scalable and fine-grained traffic engineering. However, little is known today on how to implement resilient routing in SR, i.e., routes which tolerate one or even multiple failures. This paper initiates the theoretical study of static fast failover mechanisms which do not depend on reconvergence and hence support a very fast reaction to failures. We introduce formal models and identify fundamental tradeoffs on what can and cannot be achieved in terms of static resilient routing. In particular, we identify an inherent price in terms of performance if routing paths need to be resilient, even in the absence of failures. Our main contribution is a first algorithm which is resilient even to multiple failures and which comes with provable resiliency and performance guarantees. We complement our formal analysis with simulations on real topologies, which show the benefits of our approach over existing algorithms. © 2018 IEEE.

• 10.
Univ Vienna, Vienna, Austria..
Univ Vienna, Vienna, Austria.. KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). Univ Vienna, Vienna, Austria..
TI-MFA: Keep Calm and Reroute Segments Fast2018In: IEEE INFOCOM 2018 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (INFOCOM WKSHPS), IEEE , 2018, p. 415-420Conference paper (Refereed)

Segment Routing (SR) promises to provide scalable and fine-grained traffic engineering. However, little is known today on how to implement resilient routing in SR, i.e., routes which tolerate one or even multiple failures. This paper initiates the theoretical study of static fast failover mechanisms which do not depend on reconvergence and hence support a very fast reaction to failures. We introduce formal models and identify fundamental tradeoffs on what can and cannot be achieved in terms of static resilient routing. In particular, we identify an inherent price in terms of performance if routing paths need to be resilient, even in the absence of failures. Our main contribution is a first algorithm which is resilient even to multiple failures and which comes with provable resiliency and performance guarantees. We complement our formal analysis with simulations on real topologies, which show the benefits of our approach over existing algorithms.

• 11.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). RISE SICS.
NFV Service Chains at the Speed of the Underlying Commodity Hardware2018Doctoral thesis, monograph (Other academic)

Link speeds in networks will in the near-future reach and exceed 100 Gbps. While available specialized hardware can accommodate these speeds, modern networks have adopted a new networking paradigm, also known as Network Functions Virtualization (NFV), that replaces expensive specialized hardware with open-source software running on commodity hardware. However, achieving high performance using commodity hardware is a hard problem mainly because of the processor-memory gap. This gap suggests that only the fastest memories of today’s commodity servers can achieve the desirable access latencies for high speed networks. Existing NFV systems realize chained network functions (also known as service chains) mostly using slower memories; this implies a need for multiple additional CPU cores or even multiple servers to achieve high speed packet processing. In contrast, this thesis combines four contributions to realize NFV service chains with dramatically higher performance and better efficiency than the state of the art.

The first contribution is a framework that profiles NFV service chains to uncover reasons for performance degradation, while the second contribution leverages the profiler’s data to accelerate these service chains by combining multiplexing of system calls with scheduling strategies. The third contribution synthesizes input/output and processing service chain operations to increase the spatial locality of network traffic with respect to a system’s caches. The fourth contribution combines the profiler’s insights from the first contribution and the synthesis approach of the third contribution to realize NFV service chains at the speed of the underlying commodity hardware. To do so, stateless traffic classification operations are offloaded into available hardware (i.e., programmable switches and/or network cards) and a tag is associated with each traffic class. At the server side, input traffic classes are classified by the hardware based upon the values of these tags, which indicate the CPU core that should undertake their stateful processing, while ensuring zero inter-core communication.

With commodity hardware, this thesis realizes Internet Service Provider-level service chains and deep packet inspection at a line-rate 40 Gbps and stateful service chains at the speed of a 100 GbE network card on a 16 core single server. This results in up to (i) 4.7x lower latency, (ii) 8.5x higher throughput, and (iii) 6.5x better efficiency than the state of the art. The techniques described in this thesis are crucial for realizing future high speed NFV deployments.

• 12.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). RISE SICS.
University of Liege. KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). RISE SICS. KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Radio Systems Laboratory (RS Lab).
Metron: NFV Service Chains at the True Speed of the Underlying Hardware2018Conference paper (Refereed)

In this paper we present Metron, a Network Functions Virtualization (NFV) platform that achieves high resource utilization by jointly exploiting the underlying network and commodity servers’ resources. This synergy allows Metron to: (i) offload part of the packet processing logic to the network, (ii) use smart tagging to setup and exploit the affinity of traffic classes, and (iii) use tag-based hardware dispatching to carry out the remaining packet processing at the speed of the servers’ fastest cache(s), with zero inter-core communication. Metron also introduces a novel resource allocation scheme that minimizes the resource allocation overhead for large-scale NFV deployments. With commodity hardware assistance, Metron deeply inspects traffic at 40 Gbps and realizes stateful network functions at the speed of a 100 GbE network card on a single server. Metron has 2.75-6.5x better efficiency than OpenBox, a state of the art NFV system, while ensuring key requirements such as elasticity, fine-grained load balancing, and flexible traffic steering.

• 13.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems2018In: IEEE transactions on intelligent transportation systems (Print), ISSN 1524-9050, E-ISSN 1558-0016, Vol. 19, no 5, p. 1430-1444Article in journal (Refereed)

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming vehicular communication (VC) systems. There is a growing consensus toward deploying a special-purpose identity and credential management infrastructure, i.e., a vehicular public-key infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts toward that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts [Car2Car Communication Consortium (C2C-CC)], significant questions remain unanswered toward deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions and two large-scale mobility trace data sets, based on which we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very few delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.

• 14.
KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems engineering.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Poster: Mix-Zones Everywhere: A Dynamic Cooperative Location Privacy Protection Scheme2018In: 2018 IEEE Vehicular Networking Conference, (VNC) / [ed] Altintas, O Tsai, HM Lin, K Boban, M Wang, CY Sahin, T, IEEE, 2018, article id 8628340Conference paper (Refereed)

Inter-vehicle communications disclose rich information about vehicle whereabouts. Pseudonymous authentication secures communication while enhancing user privacy. To enhance location privacy, cryptographic mix-zones are proposed where vehicles can covertly update their credentials. But, the resilience of such schemes against linking attacks highly depends on the geometry of the mix-zones, mobility patterns, vehicle density, and arrival rates. In this poster, we propose "mix-zones everywhere",a cooperative location privacy protection scheme to mitigate linking attacks during pseudonym transition. Time-aligned pseudonyms are issued for all vehicles to facilitate synchronous pseudonym updates. Our scheme thwarts Sybil-based misbehavior, strongly maintains user privacy in the presence of honest-but-curious system entities, and is resilient against misbehaving insiders.

• 15. Liu, S.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Control under Intermittent Network Partitions2018In: 2018 IEEE International Conference on Communications (ICC), Institute of Electrical and Electronics Engineers (IEEE), 2018, article id 8422615Conference paper (Refereed)

We propose a novel distributed leader election algorithm to deal with the controller and control service availability issues in programmable networks, such as Software Defined Networks (SDN) or programmable Radio Access Network (RAN). Our approach can deal with a wide range of network failures, especially intermittent network partitions, where splitting and merging of a network repeatedly occur. In contrast to traditional leader election algorithms that mainly focus on the (eventual) consensus on one leader, the proposed algorithm aims at optimizing control service availability, stability and reducing the controller state synchronization effort during intermittent network partitioning situations. To this end, we design a new framework that enables dynamic leader election based on real-time estimates acquired from statistical monitoring. With this framework, the proposed leader election algorithm has the capability of being flexibly configured to achieve different optimization objectives, while adapting to various failure patterns. Compared with two existing algorithms, our approach can significantly reduce the synchronization overhead (up to 12x) due to controller state updates, and maintain up to twice more nodes under a controller.

• 16. Liu, Shaoteng
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Flexible distributed control plane deployment2018In: IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018, Institute of Electrical and Electronics Engineers Inc. , 2018, p. 1-7Conference paper (Refereed)

For large-scale programmable networks, flexible deployment of distributed control planes is essential for service availability and performance. However, existing approaches only focus on placing controllers whereas the consequent control traffic is often ignored. In this paper, we propose a black-box optimization framework offering the additional steps for quanti-fying the effect of the consequent control traffic when deploying a distributed control plane. Evaluating different implementations of the framework over real-world topologies shows that close to optimal solutions can be achieved. Moreover, experiments indicate that running a method for controller placement without considering the control traffic, cause excessive bandwidth usage (worst cases varying between 20.1%-50.1% more) and congestion, compared to our approach. © 2018 IEEE.

• 17.
UFRGS and FURG.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Network Systems Laboratory (NS Lab). DE-CIX/MPI for Informatics. KAUST. UFRGS.
A Survey on the Current Internet Interconnection Practices2020In: Computer communication review, ISSN 0146-4833, E-ISSN 1943-5819Article in journal (Refereed)

The Internet topology has significantly changed in the past years. Today, it is richly connected and flattened. Such a change has been driven mostly by the fast growth of peering infrastructures and the expansion of Content Delivery Networks as alternatives to reduce interconnection costs and improve traffic delivery performance. While the topology evolution is perceptible, it is unclear whether or not the interconnection process has evolved or if it continues to be an ad-hoc and lengthy process. To shed light on the current practices of the Internet interconnection ecosystem and how these could impact the Internet, we surveyed more than 100 network operators and peering coordinators. We divide our results into two parts: (i)(i) the current interconnection practices, including the steps of the process and the reasons to establish new interconnection agreements or to renegotiate existing ones, and the parameters discussed by network operators. In part (ii)(ii), we report the existing limitations and how the interconnection ecosystem can evolve in the future. We show that despite the changes in the topology, interconnecting continues to be a cumbersome process that usually takes days, weeks, or even months to complete, which is in stark contrast with the desire of most operators in reducing the interconnection setup time. We also identify that even being primary candidates to evolve the interconnection process, emerging on-demand connectivity companies are only fulfilling part of the existing gap between the current interconnection practices and the network operators' desires.

• 18.
Univ Fed Rio Grande do Sul, Porto Alegre, RS, Brazil.;Fundacao Univ Fed Rio Grande, Rio Grande, Brazil..
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). Univ Fed Rio Grande do Sul, Porto Alegre, RS, Brazil.. INESC ID, Lisbon, Portugal.;UCLouvain, Ottignies, Belgium.. TU Berlin, Berlin, Germany.;DE CIX, Cologne, Germany.. KAUST, Thuwal, Saudi Arabia.. Univ Fed Rio Grande do Sul, Porto Alegre, RS, Brazil..
Dynam-IX: a Dynamic Interconnection eXchange2018In: PROCEEDINGS OF THE 2018 APPLIED NETWORKING RESEARCH WORKSHOP (ANRW '18), Association for Computing Machinery (ACM), 2018, p. 94-94Conference paper (Refereed)
• 19.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS.
VPKIaaS: Towards Scaling Pseudonymous Authentication for Large Mobile Systems2019Report (Other academic)
• 20.
MTA-BME Network Softwarization Research Group.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Network Systems Laboratory (NS Lab). MTA-BME Information Systems Research Group.
Normal Forms for Match-Action Programs2019In: International Conference on emerging Networking EXperiments and Technologies / [ed] ACM, Orlando, FL, USA: ACM Digital Library, 2019Conference paper (Refereed)

Packet processing programs may have multiple semantically equivalent representations in terms of the match-action abstraction exposed by the underlying data plane. Some representations may encode the entire packet processing program into one large table allowing packets to be matched in a single lookup, while others may encode the same functionality decomposed into a pipeline of smaller match-action tables, maximizing modularity at the cost of increased lookup latency. In this paper, we provide the first systematic study of match-action program representations in order to assist network programmers in navigating this vast design space. Borrowing from relational database and formal language theory, we define a framework for the equivalent transformation of match-action programs to obtain certain irredundant representations that we call normal forms''. We find that normalization generally improves the capacity of the control plane to program the data-plane and to observe its state, at the same time having negligible, or positive, performance impact.

• 21.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Network Latency Estimation Leveraging Network Path Classification2018Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis

With the development of the Internet, new network services with strict network latency requirements have been made possible. These services are implemented as distributed systems deployed across multiple geographical locations. To provide low response time, these services require knowledge about the current network latency. Unfortunately, network latency among geo-distributed sites often change, thus distributed services rely on continuous network latency measurements. One goal of such measurements is to differentiate between momentary latency spikes from relatively long-term latency changes. The differentiation is achieved through statistical processing of the collected samples. This approach of high-frequency network latency measurements has high overhead, slow to identify network latency changes and lacks accuracy.

We propose a novel approach for network latency estimation by correlating network paths to network latency. We demonstrate that network latency can be accurately estimated by first measuring and identifying the network path used and then fetching the expected latency for that network path based on previous set of measurements. Based on these principles, we introduce Sudan traceroute, a network latency estimation tool. Sudan traceroute can be used to both reduce the latency estimation time as well as to reduce the overhead of network path measurements. Sudan traceroute uses an improved path detection mechanism that sends only a few carefully selected probes in order to identify the current network path.

We have developed and evaluated Sudan traceroute in a test environment and evaluated the feasibility of Sudan traceroute on real-world networks using Amazon EC2. Using Sudan traceroute we have shortened the time it takes for hosts to identify network latency level changes compared to existing approaches.

• 22. Peresini, Peter
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Dynamic, Fine-Grained Data Plane Monitoring with Monocle2018In: IEEE/ACM Transactions on Networking, ISSN 1063-6692, E-ISSN 1558-2566, Vol. 26, no 1, p. 534-547Article in journal (Refereed)

Ensuring network reliability is important for satisfying service-level objectives. However, diagnosing network anomalies in a timely fashion is difficult due to the complex nature of network configurations. We present Monocle — a system that uncovers forwarding problems due to hardware or software failures in switches, by verifying that the data plane corresponds to the view that an SDN controller installs via the control plane. Monocle works by systematically probing the switch data plane; the probes are constructed by formulating the switch forwarding table logic as a Boolean satisfiability (SAT) problem. Our SAT formulation quickly generates probe packets targeting a particular rule considering both existing and new rules. Monocle can monitor not only static flow tables (as is currently typically the case), but also dynamic networks with frequent flow table changes. Our evaluation shows that Monocle is capable of fine-grained monitoring for the majority of rules, and it can identify a rule suddenly missing from the data plane or misbehaving in a matter of seconds. In fact, during our evaluation Monocle uncovered problems with two hardware switches that we were using in our evaluation. Finally, during network updates Monocle helps controllers cope with switches that exhibit transient inconsistencies between their control and data plane states.

• 23.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
Mitigation of inter-domain Policy Violations at Internet eXchange Points2019Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis

Economic incentives and the need to efficiently deliver Internet have led to the growth of Internet eXchange Points (IXPs), i.e., the interconnection networks through which a multitude of possibly competing network entities connect to each other with the goal of exchanging traffic. At IXPs, the exchange of traffic between two or more member networks is dictated by the Border gateway Protocol (BGP), i.e., the inter-domain routing protocol used by network operators to exchange reachability information about IP prefix destinations. There is a common “honest-closed-world” assumption at IXPs that two IXP members exchange data traffic only if they have exchanged the corresponding reachability information via BGP. This state of affairs severely hinders security as any IXP member can send traffic to another member without having received a route from that member. Filtering traffic according to BGP routes would solve the problem. However, IXP members can install filters but the number of filtering rules required at a large IXP can easily exceed the capacity of the network devices. In addition, an IXP cannot filter this type of traffic as the exchanged BGP routes between two members are not visible to the IXP itself.

In this thesis, we evaluated the design space between reactive and proactive approaches for guaranteeing consistency between the BGP control-plane and the data-plane. In a reactive approach, an IXP member operator monitors, collects, and analyzes the incoming traffic to detect if any illegitimate traffic exists whereas, in a proactive approach, an operator configures its network devices to filter any illegitimate traffic without the need to perform any monitoring. We focused on proactive approaches because of the increased security of the IXP network and its inherent simplified network management. We designed and implemented a solution to this problem by leveraging the emerging Software Defined Networking (SDN) paradigm, which enables the programmability of the forwarding tables by separating the control- and data-planes. Our approach only installs rules in the data-plane that allow legitimate traffic to be forwarded, dropping anything else. As hardware switches have high performance but low memory space, we decided to make also use of software switches.  A “heavy-hitter” module detects the forwarding rules carrying most of the traffic and installs them into the hardware switch. The remaining forwarding rules are installed into the software switches.

We evaluated the prototype in an emulated testbed using the Mininet virtual network environment. We analyzed the security of our system with the help of static verification tests, which confirmed compliance with security policies. The results reveal that with even just 10% of the rules installed in the hardware switch, the hardware switch directly filterss 95% of the traffic volume with non-uniform Internet-like traffic distribution workloads. We also evaluated the latency and throughput overheads of the system, though the results are limited by the accuracy of the emulated environment. The scalability experiments show that, with 10K forwarding rules, the system takes around 40 seconds to install and update the data plane. This is due to inherent slowness of the emulated environment and limitations of the POX controller, which is coded in Python.

• 24.
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). KTH, School of Electrical Engineering and Computer Science (EECS), Communication Systems, CoS, Network Systems Laboratory (NS Lab). RISE SICS.
Implementation and Deployment of an Outdoor IoT-based Air Quality Monitoring Testbed2018In: 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings, Institute of Electrical and Electronics Engineers (IEEE), 2018, article id 8647287Conference paper (Refereed)

This paper presents an outdoor IoT-based air quality monitoring testbed deployed in the city of Uppsala, Sweden. Our IoT sensing unit is designed and developed using low-cost hardware components and open source software, which makes it easy to replicate. We demonstrate that it can serve as an affordable solution for real-time measurements and has potentials to complement traditional monitoring to cover larger areas. We use low-power communication based on IEEE 802.15.4, RPL, and MQTT, and achieve high end-to-end delivery ratio (>98%) in an outdoor setting. Moreover, we carry out network analysis of our testbed and provide detailed insights into its characteristics.

1 - 24 of 24
Cite
Citation style
• apa
• harvard1
• ieee
• modern-language-association-8th-edition
• vancouver
• Other style
More styles
Language
• de-DE
• en-GB
• en-US
• fi-FI
• nn-NO
• nn-NB
• sv-SE
• Other locale
More languages
Output format
• html
• text
• asciidoc
• rtf