Arun Ayyagari

Comparison and analysis of measurement and parameter based admission control methods for Quality of Service (QoS) provisioning

Admission control methods are important tools for ensuring the Quality of Service (QoS) of flows within a network by allowing additional flows only if their addition does not disrupt current flows. Two common admission control methods are Parameter-Based Admission Control (PBAC) and Measurement-Based Admission Control (MBAC). We have implemented versions of both methods in our Network QoS Management framework, which provides a QoS API for QoS-aware application to request network resources. We have made evaluations within our testbed environment of our MBAC implementation against the more traditional PBAC method in order to compare the efficiency of network utilization between the two methods.

Bandwidth Estimation for Network Quality of Service Management

Estimation of Available Bandwidth (AB) for an end-to-end network path allows traffic sources to judiciously regulate the volume of application traffic injected into the network. Bandwidth estimation between two red-black network boundary nodes can enable efficient admission control of new sessions and congestion control of existing sessions through the black network. In this paper we have modified two bandwidth efficient AB estimation mechanisms - ProbeGap and Resource Friendly Bandwidth Estimation (RFBE), and evaluated their performance over a crypto-partitioned red-black network. ProbeGap has been augmented with skew compensation and bunching of probe packets to yield better estimation results. RFBE has been completely modified and the fast packet classification is based on inter-arrival times of probe packets at sender and receiver, since the results using the originally proposed method were affected by clock-skew between sender and receiver.

Integrated Services Provisioning Across Cryptographic Boundaries

IntServ resource reservation protocol (RSVP) is based on end-to-end signaling and the current HAIPE specification does not allow for RSVP signaling to be bypassed across cryptographic boundaries. Since end-to-end RVSP signaling traffic is not bypassed across HAIPE boundaries, it does not seamlessly allow for IntServ based QoS provisioning within the core Black network. This leads us to the challenge of defining a mechanism by which IntServ/RSVP can be supported within the core Black network. We built upon our prior work on a dynamic diffserv network QoS management framework developing an IntServ implementation that operates across HAIPE boundary. The objective of our effort was to allow for individual IntServ/RSVP sessions in the red security enclave to be aggregated into a finite set of dynamically instantiated IntServ/RSVP sessions between ingress and egress nodes within the black security enclave. We used simple policy based management whereby the RSVP daemon on the ingress black node monitors the DSCP values on its outbound ports to initiate the creation or deletion of aggregated IntServ/RSVP sessions to the appropriate egress black node. These egress black node sessions are dynamically resized based on traffic demand and network state. This approach allowed for end-to-end IntServ across HAIPE boundaries

Providing Precedence and Preemption capability for Integrated Services flows across cryptographic boundaries

In cryptographically-partitioned networks, data within a packet can be used by routers in the plain-text enclaves to make Quality of Service (QoS) and Precedence and Preemption (P&P) decisions in regards to forwarding the packet and allocating resources for flows. However, while in a cipher-text shared transit network, the packet is encrypted and is opaque to routers in the transit network and cannot be used for QoS and P&P decisions. One piece of information that is available in an IPv4 network is the Type of Service (ToS) byte in the IPv4 packet header, which includes the 6-bit DiffServ Code Point (DSCP) and the 2-bit Explicit Congestion Notification (ECN) and may be bypassed across the cryptographic boundary. We describe a method to allow routers in a transit network to make QoS and P&P decisions for Integrated Service (IntServ) flows using ReSerVation Protocol (RSVP) signaling based on the DSCP. In our prior work, we described a technique of aggregating resources for IntServ flows between two Edge Networks within the cipher-text network, by using a predetermined DiffServ Assured Forwarding (AF) class for all IntServ flows. The reserved resources were dynamically adjusted based on the amount of traffic with the appropriate DSCP traveling between the two Edge Networks. However, the technique would aggregate the resources for all RSVP flows between the two Edge Networks without regard to Precedence. In Global Information Grid Net-Centric Implementation Document: Quality of Service (T300), Table 2–4, “Long Term DoD DSCP Allocation” describes a mechanism of specifying the military precedence of a packet by using the dropping levels of the AF classes within DiffServ. Using this mechanism, we extend our previous work by aggregating the resources for each dropping level within the AF class reserved for IntServ flows. Thus, a router in the transit network can identify the precedence of all aggregated IntServ flows with allocated resources and can preempt the resources for the aggregation of lower precedence flows, if necessary, in order to allocate those resources to an aggregation of higher precedence flows. It then sets the ECN bits to Congestion Encountered (CE) in all packets of the aggregation of the lower precedence flows in order to indicate that the resources for those flows have been preempted within the cipher-text network. The ECN is bypassed across the cryptographic boundary and is visible in the plain-text enclaves. We also describe how we apply this technique to the other DiffServ AF classes.

QoS provisioning via disseminated information on Differentiated Services class utilization

In a red/black dynamic network environment, differentiated services (DiffServ) classes are used to satisfy quality of service (QoS) requirements for the flows from the edge networks that are traversing the black core domain. In order to progress from using only local information to using domain-wide information in making QoS decisions such as admission control and preemption, hosts in an edge network need more information than they have locally. We describe a technique to determine the capacity and load of differentiated services classes along a path within a black core domain. The technique uses the same mechanism that RSVP uses to send a PATH message hop-by-hop along a route from a source to a destination. The information within the message is updated with local information at each node along the route until it reaches its destination. The results are returned to the source and sent through a one-way guard to the ingress router of the edge network, where they are placed in a hierarchy of information that is used for admission control. The hierarchy also includes local information and bandwidth and capacity estimates that we have described in our prior published work. We also describe an extension of the technique to the inter-domain case. Finally we describe the implementation of the technique in our QoS testbed and discuss plans for future work.