Greg O'Shea

Virtual ring routing: network routing inspired by DHTs

This paper presents Virtual Ring Routing (VRR), a new network routing protocol that occupies a unique point in the design space. VRR is inspired by overlay routing algorithms in Distributed Hash Tables (DHTs) but it does not rely on an underlying network routing protocol. It is implemented directly on top of the link layer. VRR provides both raditional point-to-point network routing and DHT routing to the node responsible for a hash table key.VRR can be used with any link layer technology but this paper describes a design and several implementations of VRR that are tuned for wireless networks. We evaluate the performance of VRR using simulations and measurements from a sensor network and an 802.11a testbed. The experimental results show that VRR provides robust performance across a wide range of environments and workloads. It performs comparably to, or better than, the best wireless routing protocol in each experiment. VRR performs well because of its unique features: it does not require network flooding or trans-lation between fixed identifiers and location-dependent addresses.

Symbiotic routing in future data centers

Building distributed applications that run in data centers is hard. The CamCube project explores the design of a shipping container sized data center with the goal of building an easier platform on which to build these applications. CamCube replaces the traditional switch-based network with a 3D torus topology, with each server directly connected to six other servers. As in other proposals, e.g. DCell and BCube, multi-hop routing in CamCube requires servers to participate in packet forwarding. To date, as in existing data centers, these approaches have all provided a single routing protocol for the applications. In this paper we explore if allowing applications to implement their own routing services is advantageous, and if we can support it efficiently. This is based on the observation that, due to the flexibility offered by the CamCube API, many applications implemented their own routing protocol in order to achieve specific application-level characteristics, such as trading off higher-latency for better path convergence. Using large-scale simulations we demonstrate the benefits and network-level impact of running multiple routing protocols. We demonstrate that applications are more efficient and do not generate additional control traffic overhead. This motivates us to design an extended routing service allowing easy implementation of application-specific routing protocols on CamCube. Finally, we demonstrate that the additional performance overhead incurred when using the extended routing service on a prototype CamCube is very low.

Child-proof authentication for MIPv6 (CAM)

We present a unilateral authentication protocol for protecting IPv6 networks against abuse of mobile IPv6 primitives. A mobile node uses a partial hash of its public key for its IPv6 address. Our protocol integrates distribution of public keys and protects against falsification of network addresses. Our protocol is easy to implement, economic to deploy and lightweight in use. It is intended to enable experimentation with (mobile) IPv6 before the transition to a comprehensive IPSEC infrastructure.

An advisor for web services security policies

We identify common security vulnerabilities found during security reviews of web services with policy-driven security. We describe the design of an advisor for web services security configurations, the first tool both to identify such vulnerabilities automatically and to offer redial advice. We report on its implentation as a plugin for Microsoft Web Services Enhancents (WSE).

Feasibility of content dissemination between devices in moving vehicles

We investigate the feasibility of content distribution between devices mounted in moving vehicles using commodity WiFi. We assume that each device stores content in a set of files, and that each file has a version number. When two devices come into wireless range, they attempt to synchronize the latest versions of any files they have in common. This is challenging because connections are often short-lived and have variable link quality. Prior work demonstrates that current protocols perform badly under these conditions. To motivate this work, we use the example of Personal Navigation Devices (PNDs), or SatNavs, where the content to be exchanged includes maps and points-of-interest files. We describe a protocol enabling devices in vehicles to identify and exchange content of shared interest. We evaluate the protocol using a small vehicular testbed in two urban locations and on a highway with a closing speed of 140MPH. We investigate the effects of using 802.11a versus 802.11g, placing the antenna inside or outside the vehicle, and varying the packet size. We transfer up to 70MB in the urban settings and 7MB on the highway.

Why should we integrate services, servers, and networking in a data center?

Since the early days of networks, a basic principle has been that endpoints treat the network as a black box. An endpoint injects a packet with a destination address and the network delivers the packet. This principle has served us well, and allowed us to scale the Internet to billions of devices using networks owned by competing companies and devices owned by billions of individuals. However, this approach might not be optimal for large-scale Internet data centers (DCs), such as those run by Amazon, Google, Microsoft and Yahoo, that employ custom software and customized hardware to increase efficiency and to lower costs. In DCs, all the components are controlled by a single entity, and creating services for the DC that treat the network as a black box will lead to inefficiencies. In DCs, there is the opportunity to rethink the relationship between servers, services and the network. We believe that, in order to enable more efficient intra-DC services, we should close the gap between the network, services and the servers. To this end, we have been building a direct server-to-server network topology, and have been looking at whether this makes common services quicker to implement and more efficient to operate.

Enabling End-Host Network Functions

Many network functions executed in modern datacenters, e.g., load balancing, application-level QoS, and congestion control, exhibit three common properties at the data-plane: they need to access and modify state, to perform computations, and to access application semantics -- this is critical since many network functions are best expressed in terms of application-level messages. In this paper, we argue that the end hosts are a natural enforcement point for these functions and we present Eden, an architecture for implementing network functions at datacenter end hosts with minimal network support. Eden comprises three components, a centralized controller, an enclave at each end host, and Eden-compliant applications called stages. To implement network functions, the controller configures stages to classify their data into messages and the enclaves to apply action functions based on a packets class. Our Eden prototype includes enclaves implemented both in the OS kernel and on programmable NICs. Through case studies, we show how application-level classification and the ability to run actual programs on the data-path allows Eden to efficiently support a broad range of network functions at the networks edge.

Software-defined caching: managing caches in multi-tenant data centers

In data centers, caches work both to provide low IO latencies and to reduce the load on the back-end network and storage. But they are not designed for multi-tenancy; system-level caches today cannot be configured to match tenant or provider objectives. Exacerbating the problem is the increasing number of un-coordinated caches on the IO data plane. The lack of global visibility on the control plane to coordinate this distributed set of caches leads to inefficiencies, increasing cloud provider cost. We present Moirai, a tenant- and workload-aware system that allows data center providers to control their distributed caching infrastructure. Moirai can help ease the management of the cache infrastructure and achieve various objectives, such as improving overall resource utilization or providing tenant isolation and QoS guarantees, as we show through several use cases. A key benefit of Moirai is that it is transparent to applications or VMs deployed in data centers. Our prototype runs unmodified OSes and databases, providing immediate benefit to existing applications.

An empirical study of flooding in mesh networks

Flooding in wireless mesh networks is a fundamental operation to many network-level and application-level protocols. Therefore, efficient flooding is important. Prior work has shown that naive flooding can generate broadcast storms. This has inspired much research on optimized flooding, most of which has been based on analysis and simulation. In this paper, we measure the performance of flooding protocols on a large-scale office 802.11a mesh network of 110 nodes distributed across four floors. We compare three protocols: naive flooding and two optimized flooding protocols. In naive flooding, all nodes rebroadcast received flood messages once. The other two protocols are inspired by the multi-point relay algorithm, which selects subsets of the nodes to rebroadcast. To understand the scalability of each protocol, we examine its performance with and without background traffic. For the flood protocols, we measure the delivery ratios and packet overhead. All perform well without background traffic. However, contrary to common opinion, with background traffic the optimized flooding protocols perform sufficiently poorly to seriously question their viability in 802.11-based mesh networks. Thus, as a different point in the design space, we also compare implementing discovery, often implemented using flooding, using key-based routing which does not rely on flooding.

Measurement-Based Design of Roadside Content Delivery Systems

With todays ubiquity of thin computing devices, mobile users are accustomed to having rich location-aware information at their fingertips, such as restaurant menus, shopping mall maps, movie showtimes, and trailers. However, delivering rich content is challenging, particularly for highly mobile users in vehicles. Technologies such as cellular-3G provide limited bandwidth at significant costs. In contrast, providers can cheaply and easily deploy a small number of WiFi infostations that quickly deliver large content to vehicles passing by for future offline browsing. While several projects have proposed systems for disseminating content via roadside infostations, most use simplified models and simulations to guide their design for scalability. Many suspect that scalability with increasing vehicle density is the major challenge for infostations, but few if any have studied the performance of these systems via real measurements. Intuitively, per-vehicle throughput for unicast infostations degrades with the number of vehicles near the infostation, while broadcast infostations are unreliable, and lack rate adaptation. In this work, we collect over 200 h of detailed highway measurements with a fleet of WiFi-enabled vehicles. We use analysis of these results to explore the design space of WiFi infostations, in order to determine whether unicast or broadcast should be used to build high-throughput infostations that scale with device density. Our measurement results demonstrate the limitations of both approaches. Our insights lead to Starfish, a high-bandwidth and scalable infostation system that incorporates device-to-device data scavenging, where nearby vehicles share data received from the infostation. Data scavenging increases dissemination throughput by a factor of 2-6, allowing both broadcast and unicast throughput to scale with device density.