Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406274
M. Maswood, D. Medhi
Allocation of resources in data centers (DCs) needs to be done in a dynamic fashion for cloud enterprise customers who require virtualized reservation-oriented services on demand. Due to the spatial diversity of data centers, the cost of using different DCs also varies. In this paper, we propose an allocation scheme to balance the load among these DCs with different cost to minimize the total provisioning cost in a dynamic environment while ensuring that the service level agreements (SLAs) are met. Compared to a benchmark scheme (where all requests are first sent to the cheapest data center), our scheme can decrease the proportional utilization from 24% (for heavy load) to 30% (for normal load) and achieve a significant balance in the cost incurred by individual DCs. Our scheme can also achieve 7.5% reduction in total provisioning cost under certain service level agreement (SLA) in exchange of low increment in blocking. Finally, we tested our heuristic on 5 DCs to show that our allocation scheme follows the weighted cost proportionally.
{"title":"An adaptive allocation scheme for load balancing and SLA maintenance in multi-location data center networks","authors":"M. Maswood, D. Medhi","doi":"10.1109/NOMS.2018.8406274","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406274","url":null,"abstract":"Allocation of resources in data centers (DCs) needs to be done in a dynamic fashion for cloud enterprise customers who require virtualized reservation-oriented services on demand. Due to the spatial diversity of data centers, the cost of using different DCs also varies. In this paper, we propose an allocation scheme to balance the load among these DCs with different cost to minimize the total provisioning cost in a dynamic environment while ensuring that the service level agreements (SLAs) are met. Compared to a benchmark scheme (where all requests are first sent to the cheapest data center), our scheme can decrease the proportional utilization from 24% (for heavy load) to 30% (for normal load) and achieve a significant balance in the cost incurred by individual DCs. Our scheme can also achieve 7.5% reduction in total provisioning cost under certain service level agreement (SLA) in exchange of low increment in blocking. Finally, we tested our heuristic on 5 DCs to show that our allocation scheme follows the weighted cost proportionally.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"718 1","pages":"1-9"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77024010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406134
Shuai Zhao, D. Medhi
The traditional IP network has its inherent limitations that could cause application runs in a non-optimized manner. The common methods to improve applications' performance requires a great effort from both network administrators and application designers. In this work, we propose a Software- Defined Network (SDN) approach in an Application-Aware Network (AAN) platform. We first present an architecture for our approach and then show how this architecture can be applied to two real-world applications: Hadoop MapReduce (M/R) framework and MPEG-DASH. Our approach provides both underlying network functions and application-level forwarding logic for MapReduce and video streaming. Based on our experiments, we observed that our AAN platform for Hadoop MapReduce job optimization offers a significant improvement compared to a static, traditional IP network environment by reducing job run time by 16% to 300% for various MapReduce benchmark jobs. As for MPEG-DASH based video streaming, we can increase user perceived video bitrate by 100%.
{"title":"Application performance optimization using application-aware networking","authors":"Shuai Zhao, D. Medhi","doi":"10.1109/NOMS.2018.8406134","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406134","url":null,"abstract":"The traditional IP network has its inherent limitations that could cause application runs in a non-optimized manner. The common methods to improve applications' performance requires a great effort from both network administrators and application designers. In this work, we propose a Software- Defined Network (SDN) approach in an Application-Aware Network (AAN) platform. We first present an architecture for our approach and then show how this architecture can be applied to two real-world applications: Hadoop MapReduce (M/R) framework and MPEG-DASH. Our approach provides both underlying network functions and application-level forwarding logic for MapReduce and video streaming. Based on our experiments, we observed that our AAN platform for Hadoop MapReduce job optimization offers a significant improvement compared to a static, traditional IP network environment by reducing job run time by 16% to 300% for various MapReduce benchmark jobs. As for MPEG-DASH based video streaming, we can increase user perceived video bitrate by 100%.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"31 1","pages":"1-6"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74962471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406185
S. Meer, J. Keeney, Liam Fallon
5G networks will be the first real converged networks supporting a plethora of different services, each with their own requirements. A static best-effort approach is no longer sufficient. Extreme flexibility and dynamicity is required, yet costs must be drastically reduced. The only way that these conflicting goals can be achieved is with vastly increased automation in the provision and operation of our future 5G networks. In this paper we briefly discuss the facilitators, goals and challenges for 5G networks. We identify some of the places where automation is not just helpful, but is in fact required for 5G to become a reality. We go on to present a conceptual approach for modeling and achieving autonomic operations and management in 5G networks positioning modern policy-based management as a key enabler for autonomic 5G network management.
{"title":"5G networks must be autonomic!","authors":"S. Meer, J. Keeney, Liam Fallon","doi":"10.1109/NOMS.2018.8406185","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406185","url":null,"abstract":"5G networks will be the first real converged networks supporting a plethora of different services, each with their own requirements. A static best-effort approach is no longer sufficient. Extreme flexibility and dynamicity is required, yet costs must be drastically reduced. The only way that these conflicting goals can be achieved is with vastly increased automation in the provision and operation of our future 5G networks. In this paper we briefly discuss the facilitators, goals and challenges for 5G networks. We identify some of the places where automation is not just helpful, but is in fact required for 5G to become a reality. We go on to present a conceptual approach for modeling and achieving autonomic operations and management in 5G networks positioning modern policy-based management as a key enabler for autonomic 5G network management.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"35 1","pages":"1-5"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72968211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406173
Tony Daher, S. B. Jemaa, L. Decreusefond
Self-Organizing Networks (SON) functions have already proven to be useful for network operations. However, a higher automation level is required to make a network enabled with SON capabilities respond as a whole to the operator's objectives. For this purpose, a Policy Based SON Management (PBSM) layer has been proposed to manage the deployed SON functions. In this paper, we propose to empower the PBSM with cognition capability in order to manage efficiently SON enabled networks. We focus particularly on the implementation of such a Cognitive PBSM (C- PBSM) on a large scale network and propose a scalable approach based on distributed Reinforcement Learning (RL): RL agents are deployed on different clusters of the network. These clusters should be defined in such a way that the RL agents can learn independently. As the interaction between these clusters may evolve in time due for instance to traffic dynamics, we propose a flexible implementation of this C-PBSM framework with dynamic clustering to adapt to network's evolutions. We show how this flexible implementation is rendered possible under Software Defined Networks (SDN) framework. We also assess the performance of the proposed distributed learning approach on an LTE- A simulator.
{"title":"Softwarized and distributed learning for SON management systems","authors":"Tony Daher, S. B. Jemaa, L. Decreusefond","doi":"10.1109/NOMS.2018.8406173","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406173","url":null,"abstract":"Self-Organizing Networks (SON) functions have already proven to be useful for network operations. However, a higher automation level is required to make a network enabled with SON capabilities respond as a whole to the operator's objectives. For this purpose, a Policy Based SON Management (PBSM) layer has been proposed to manage the deployed SON functions. In this paper, we propose to empower the PBSM with cognition capability in order to manage efficiently SON enabled networks. We focus particularly on the implementation of such a Cognitive PBSM (C- PBSM) on a large scale network and propose a scalable approach based on distributed Reinforcement Learning (RL): RL agents are deployed on different clusters of the network. These clusters should be defined in such a way that the RL agents can learn independently. As the interaction between these clusters may evolve in time due for instance to traffic dynamics, we propose a flexible implementation of this C-PBSM framework with dynamic clustering to adapt to network's evolutions. We show how this flexible implementation is rendered possible under Software Defined Networks (SDN) framework. We also assess the performance of the proposed distributed learning approach on an LTE- A simulator.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"19 1","pages":"1-7"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73723626","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406260
A. Bairagi, Nguyen H. Tran, W. Saad, C. Hong
LTE over unlicensed band (LTE-U) has emerged as an effective technique to overcome the challenge of spectrum scarcity. Using LTE-U along with advanced techniques such as carrier aggregation (CA), one can boost the performance of existing cellular networks. However, if not properly managed, the use of LTE-U can potentially degrade the performance of coexisting Wi-Fi access points which operate over the unlicensed frequency bands. Moreover, most of the existing works consider a macro base station (MBS) or a small cell base station (SBS) for their proposals. In this paper, an effective coexistence mechanism between LTE-U and Wi-Fi systems is studied. The goal is to enable the cellular network to use LTE-U with CA to meet the quality-of-service (QoS) of the users while protecting Wi-Fi access points (WAPs), considering multiple SBSs from different operators in a dense deployment scenario. Specifically, an LTE-U sum-rate maximization problem is formulated under a user QoS and WAP-LTE-U co-existence constraints. To solve this problem, a cooperative Nash bargaining game is proposed. This game allows LTE-U and WAPs to share time resource while protecting Wi-Fi system. For allocating unlicensed resource among LTE-U users, a heuristic algorithm is proposed. Simulation results show that the proposed method is better than the comparing methods regarding per user achieved rate, percentage of unsatisfied users and fairness. The result also shows that the proposed method protects Wi-Fi user far better way than basic listen-before-talk (LBT) does.
LTE over unlicensed band (LTE- u)已成为克服频谱稀缺挑战的有效技术。使用LTE-U和载波聚合(CA)等先进技术,可以提高现有蜂窝网络的性能。然而,如果管理不当,LTE-U的使用可能会降低共存的Wi-Fi接入点的性能,这些接入点在未经许可的频段上运行。此外,现有的大多数工作都考虑了宏基站(MBS)或小蜂窝基站(SBS)的方案。本文研究了LTE-U与Wi-Fi系统的有效共存机制。目标是使蜂窝网络能够使用LTE-U和CA来满足用户的服务质量(QoS),同时保护Wi-Fi接入点(wap),在密集部署场景中考虑来自不同运营商的多个SBSs。具体而言,在用户QoS和WAP-LTE-U共存约束下,提出了LTE-U和速率最大化问题。为了解决这一问题,提出了一种合作纳什议价对策。这个游戏允许LTE-U和wap共享时间资源,同时保护Wi-Fi系统。针对LTE-U用户间的非授权资源分配问题,提出了一种启发式算法。仿真结果表明,该方法在用户均达率、不满意用户百分比和公平性方面均优于比较方法。结果还表明,该方法对Wi-Fi用户的保护效果远远优于基本的先听后讲(LBT)。
{"title":"Bargaining game for effective coexistence between LTE-U and Wi-Fi systems","authors":"A. Bairagi, Nguyen H. Tran, W. Saad, C. Hong","doi":"10.1109/NOMS.2018.8406260","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406260","url":null,"abstract":"LTE over unlicensed band (LTE-U) has emerged as an effective technique to overcome the challenge of spectrum scarcity. Using LTE-U along with advanced techniques such as carrier aggregation (CA), one can boost the performance of existing cellular networks. However, if not properly managed, the use of LTE-U can potentially degrade the performance of coexisting Wi-Fi access points which operate over the unlicensed frequency bands. Moreover, most of the existing works consider a macro base station (MBS) or a small cell base station (SBS) for their proposals. In this paper, an effective coexistence mechanism between LTE-U and Wi-Fi systems is studied. The goal is to enable the cellular network to use LTE-U with CA to meet the quality-of-service (QoS) of the users while protecting Wi-Fi access points (WAPs), considering multiple SBSs from different operators in a dense deployment scenario. Specifically, an LTE-U sum-rate maximization problem is formulated under a user QoS and WAP-LTE-U co-existence constraints. To solve this problem, a cooperative Nash bargaining game is proposed. This game allows LTE-U and WAPs to share time resource while protecting Wi-Fi system. For allocating unlicensed resource among LTE-U users, a heuristic algorithm is proposed. Simulation results show that the proposed method is better than the comparing methods regarding per user achieved rate, percentage of unsatisfied users and fairness. The result also shows that the proposed method protects Wi-Fi user far better way than basic listen-before-talk (LBT) does.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"57 1","pages":"1-8"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84863775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406122
Nicolas Schnepf, Rémi Badonnel, Abdelkader Lahmadi, Stephan Merz
Software-defined networking offers new opportunities for protecting end users by designing dynamic security policies. In particular, security chains can be built by combining security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. The configuration of these security functions and their associated policies is based on behavioural models of end-user applications when accessing the network. In this demo, we present our tool Synaptic, a SDN-based framework intended for the formal verification of security policies as well as for automatically generating such policies based on automata learning methods applied on NetFlow records of end-user applications collected at the device level.
{"title":"Synaptic: A formal checker for SDN-based security policies","authors":"Nicolas Schnepf, Rémi Badonnel, Abdelkader Lahmadi, Stephan Merz","doi":"10.1109/NOMS.2018.8406122","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406122","url":null,"abstract":"Software-defined networking offers new opportunities for protecting end users by designing dynamic security policies. In particular, security chains can be built by combining security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. The configuration of these security functions and their associated policies is based on behavioural models of end-user applications when accessing the network. In this demo, we present our tool Synaptic, a SDN-based framework intended for the formal verification of security policies as well as for automatically generating such policies based on automata learning methods applied on NetFlow records of end-user applications collected at the device level.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"3 1","pages":"1-2"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85418052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406115
Lukás Kekely, Martin Spinler, Stepán Friedl, Jiri Sikora, J. Korenek
CESNET (Czech NREN) is ready to demonstrate a new NFB-200G2QL accelerator with Virtex UltraScale+ FPGA specifically designed to push the achievable traffic processing throughput to 200 Gbps in a single card. Unique high-speed DMA engines in the FPGA together with highly optimized Linux drivers enable to achieve 200 Gbps data transfer through two PCIe Gen3 χ 16 interfaces with minimal CPU overhead. Captured network traffic can be independently distributed among individual cores of two physical CPUs (NUMA nodes) without utilization of QPI. As a result, wire-speed packet capture to the host memory from two fully saturated 100 Gbps Ethernet interfaces (QSFP28+) is achieved and various network monitoring applications can utilize the power of the latest FPGAs and CPUs for data processing. This is especially useful when traffic of both directions of a single 100GbE link needs to be processed. The proposed demonstration will show how the packets can be received from two 100 Gbps Ethernet links at full speed and captured to the host memory at 200 Gbps without any loss. The opposite direction of communication will also be shown, i.e. how the packets can be transmitted from the host memory towards the two 100GbE network interfaces. Achieved speeds will be demonstrated by counters and graphs showing generated, received/transmitted and captured packets. We will also show detailed statistics of CPU load during the packet capture/transmission for different packet lengths.
{"title":"Live demonstration of FPGA based networking accelerator for 200 Gbps data transfers","authors":"Lukás Kekely, Martin Spinler, Stepán Friedl, Jiri Sikora, J. Korenek","doi":"10.1109/NOMS.2018.8406115","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406115","url":null,"abstract":"CESNET (Czech NREN) is ready to demonstrate a new NFB-200G2QL accelerator with Virtex UltraScale+ FPGA specifically designed to push the achievable traffic processing throughput to 200 Gbps in a single card. Unique high-speed DMA engines in the FPGA together with highly optimized Linux drivers enable to achieve 200 Gbps data transfer through two PCIe Gen3 χ 16 interfaces with minimal CPU overhead. Captured network traffic can be independently distributed among individual cores of two physical CPUs (NUMA nodes) without utilization of QPI. As a result, wire-speed packet capture to the host memory from two fully saturated 100 Gbps Ethernet interfaces (QSFP28+) is achieved and various network monitoring applications can utilize the power of the latest FPGAs and CPUs for data processing. This is especially useful when traffic of both directions of a single 100GbE link needs to be processed. The proposed demonstration will show how the packets can be received from two 100 Gbps Ethernet links at full speed and captured to the host memory at 200 Gbps without any loss. The opposite direction of communication will also be shown, i.e. how the packets can be transmitted from the host memory towards the two 100GbE network interfaces. Achieved speeds will be demonstrated by counters and graphs showing generated, received/transmitted and captured packets. We will also show detailed statistics of CPU load during the packet capture/transmission for different packet lengths.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"116 1","pages":"1-3"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79784375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406254
David de la Bastida, F. Lin
In this research, we have extended our initial effort in cloud-based IoT/M2M system scalability and developed a more robust solution by considering diverse QoS requirements from various IoT/M2M traffic patterns. Though our initial effort created a highly scalable architecture for IoT/M2M platforms based on OpenStack, it treated all IoT/M2M traffic without any discrepancy in the same underlying network (i.e. in the same network slice). Now, by leveraging software-defined networking in OpenStack and by using our traffic-slice optimal matching algorithm, we can direct different types of IoT traffic to feasible network slices in terms of QoS. Our experiments show that when compared with a system without network slicing, our scalability system performs better in terms of response time, power consumption, and computational cost.
{"title":"Extending IoT/M2M system scalability by network slicing","authors":"David de la Bastida, F. Lin","doi":"10.1109/NOMS.2018.8406254","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406254","url":null,"abstract":"In this research, we have extended our initial effort in cloud-based IoT/M2M system scalability and developed a more robust solution by considering diverse QoS requirements from various IoT/M2M traffic patterns. Though our initial effort created a highly scalable architecture for IoT/M2M platforms based on OpenStack, it treated all IoT/M2M traffic without any discrepancy in the same underlying network (i.e. in the same network slice). Now, by leveraging software-defined networking in OpenStack and by using our traffic-slice optimal matching algorithm, we can direct different types of IoT traffic to feasible network slices in terms of QoS. Our experiments show that when compared with a system without network slicing, our scalability system performs better in terms of response time, power consumption, and computational cost.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"82 1","pages":"1-8"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84542490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406239
Tao Li, H. Salah, Mu He, T. Strufe, S. Santini
Increasing the traffic visibility, by monitoring network flow packets, provides valuable information for various network management tasks. The mirroring mode of flow packet monitoring requires the switches and routers to duplicate packets of interest, and to send them to flow monitors for in-depth analysis. A common practice to avoid the interference between the original and the mirrored flows is to transmit them separately, in two different planes (data plane and monitoring plane, respectively). In this paper, we aim at reducing the overall cost of transmitting both the original and mirrored flows. Towards that end, we present a generic monitoring framework called REMO. The key idea of REMO is twofold: (i) placing the flow monitors in central locations, and (ii) passing the original flows through the vicinity of the monitors. By doing so, REMO reduces the resources consumed in the monitoring plane, without unworthily increasing the resource consumption in the data plane. The results of extensive numerical simulations show that REMO effectively reduces the overall transmission cost, remarkably outperforming several baseline strategies, particularly when the transmission is more expensive in the monitoring plane.
{"title":"REMO: Resource efficient distributed network monitoring","authors":"Tao Li, H. Salah, Mu He, T. Strufe, S. Santini","doi":"10.1109/NOMS.2018.8406239","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406239","url":null,"abstract":"Increasing the traffic visibility, by monitoring network flow packets, provides valuable information for various network management tasks. The mirroring mode of flow packet monitoring requires the switches and routers to duplicate packets of interest, and to send them to flow monitors for in-depth analysis. A common practice to avoid the interference between the original and the mirrored flows is to transmit them separately, in two different planes (data plane and monitoring plane, respectively). In this paper, we aim at reducing the overall cost of transmitting both the original and mirrored flows. Towards that end, we present a generic monitoring framework called REMO. The key idea of REMO is twofold: (i) placing the flow monitors in central locations, and (ii) passing the original flows through the vicinity of the monitors. By doing so, REMO reduces the resources consumed in the monitoring plane, without unworthily increasing the resource consumption in the data plane. The results of extensive numerical simulations show that REMO effectively reduces the overall transmission cost, remarkably outperforming several baseline strategies, particularly when the transmission is more expensive in the monitoring plane.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"20 1","pages":"1-9"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85279945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406224
M. Anagnostopoulos, G. Kambourakis, S. Gritzalis, David K. Y. Yau
DNS amplification attack is a significant and persistent threat to the Internet. Authoritative name servers (ANSes) of popular domains, especially the DNSSEC-enabled ones, give attractive leverage for attackers in distributed denial-of-service (DDoS) attacks. Particularly, the ANS list of top-level domains (TLD) is publicly accessible, including by would-be attackers, in the form of a root.zone file. In this work, we examine the potential of TLD ANSes to be exploited as unknowing agents in DNS amplification attacks. Specifically, over a period of 12 months that covers two different versions of the root.zone file, we assess the amplification factor (AF) that these servers may provide to attackers when replying to both individual and multiple queries. Also, we measure the degree of actual adoption of the recommended response rate limiting (RRL) countermeasure for the ANSes. Our major findings are that (i) 70% of the distinct ANSes and 47% of the possible DNS queries for the TLDs produce a large AF that exceeds 60, (ii) 10% of the distinct ANSes reflect inbound network traffic and magnify it by a factor that exceeds 50, (iii) the number of most useful ANSes for the attacker, in terms of their role as amplifiers, appears increasing during the monitoring period, and (iv) there still exists a significant number of ANSes that do not implement the RRL or leave it inactive.
DNS放大攻击是互联网面临的一个重大而持久的威胁。流行域的权威域名服务器(ANSes),特别是支持dnssec的域名服务器,在分布式拒绝服务(DDoS)攻击中为攻击者提供了诱人的优势。特别是,顶级域名(TLD)的ANS列表是公开访问的,包括潜在的攻击者,以根的形式。区域文件。在这项工作中,我们研究了TLD ANSes在DNS放大攻击中作为未知代理被利用的潜力。具体来说,在12个月的时间里,它涵盖了两个不同版本的根。区域文件,我们评估这些服务器在回答单个和多个查询时可能向攻击者提供的放大因子(AF)。此外,我们还度量了ANSes实际采用推荐的响应速率限制(RRL)对策的程度。我们的主要发现是:(i) 70%的不同ansse和47%的顶级域名可能的DNS查询产生超过60的大AF, (ii) 10%的不同ansse反映入站网络流量并将其放大超过50倍,(iii)对攻击者最有用的ansse的数量,就其放大器的作用而言,在监测期间似乎在增加。及(iv)仍有相当数量的安防机构没有实施“区域规划规划”或使其处于不运作状态。
{"title":"Never say never: Authoritative TLD nameserver-powered DNS amplification","authors":"M. Anagnostopoulos, G. Kambourakis, S. Gritzalis, David K. Y. Yau","doi":"10.1109/NOMS.2018.8406224","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406224","url":null,"abstract":"DNS amplification attack is a significant and persistent threat to the Internet. Authoritative name servers (ANSes) of popular domains, especially the DNSSEC-enabled ones, give attractive leverage for attackers in distributed denial-of-service (DDoS) attacks. Particularly, the ANS list of top-level domains (TLD) is publicly accessible, including by would-be attackers, in the form of a root.zone file. In this work, we examine the potential of TLD ANSes to be exploited as unknowing agents in DNS amplification attacks. Specifically, over a period of 12 months that covers two different versions of the root.zone file, we assess the amplification factor (AF) that these servers may provide to attackers when replying to both individual and multiple queries. Also, we measure the degree of actual adoption of the recommended response rate limiting (RRL) countermeasure for the ANSes. Our major findings are that (i) 70% of the distinct ANSes and 47% of the possible DNS queries for the TLDs produce a large AF that exceeds 60, (ii) 10% of the distinct ANSes reflect inbound network traffic and magnify it by a factor that exceeds 50, (iii) the number of most useful ANSes for the attacker, in terms of their role as amplifiers, appears increasing during the monitoring period, and (iv) there still exists a significant number of ANSes that do not implement the RRL or leave it inactive.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"3 2 1","pages":"1-9"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83709360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: