Jacobus E. van der Merwe

Virtual routers on the move: live router migration as a network-management primitive

The complexity of network management is widely recognized as one of the biggest challenges facing the Internet today. Point solutions for individual problems further increase system complexity while not addressing the underlying causes. In this paper, we argue that many network-management problems stem from the same root cause---the need to maintain consistency between the physical and logical configuration of the routers. Hence, we propose VROOM (Virtual ROuters On the Move), a new network-management primitive that avoids unnecessary changes to the logical topology by allowing (virtual) routers to freely move from one physical node to another. In addition to simplifying existing network-management tasks like planned maintenance and service deployment, VROOM can also help tackle emerging challenges such as reducing energy consumption. We present the design, implementation, and evaluation of novel migration techniques for virtual routers with either hardware or software data planes. Our evaluation shows that VROOM is transparent to routing protocols and results in no performance impact on the data traffic when a hardware-based data plane is used.

The case for separating routing from routers

Over the past decade, the complexity of the Internets routing infrastructure has increased dramatically. This complexity and the problems it causes stem not just from various new demands made of the routing infrastructure, but also from fundamental limitations in the ability of todays distributed infrastructure to scalably cope with new requirements.The limitations in todays routing system arise in large part from the fully distributed path-selection computation that the IP routers in an autonomous system (AS) must perform. To overcome this weakness, interdomain routing should be separated from todays IP routers, which should simply forward packets (for the most part). Instead, a separate Routing Control Platform (RCP) should select routes on behalf of the IP routers in each AS and exchange reachability information with other domains.Our position is that an approach like RCP is a good way of coping with complexity while being responsive to new demands and can lead to a routing system that is substantially easier to manage than today. We present a design overview of RCP based on three architectural principles path computation based on a consistent view of network state, controlled interactions between routing protocol layers, and expressive specification of routing policies and discuss the architectural strengths and weaknesses of our proposal.

Resource management with hoses: point-to-cloud services for virtual private networks

As IP technologies providing both tremendous capacity and the ability to establish dynamic security associations between endpoints emerge, virtual private networks (VPNs) are going through dramatic growth. The number of endpoints per VPN is growing and the communication pattern between endpoints is becoming increasingly hard to predict. Consequently, users are demanding dependable, dynamic connectivity between endpoints, with the network expected to accommodate any traffic matrix, as long as the traffic to the endpoints does not overwhelm the capacity of the respective ingress and egress links. We propose a new service interface, termed a hose, to provide the appropriate performance abstraction. A hose is characterized by the aggregate traffic to and from one endpoint in the VPN to a set of other endpoints in the VPN, and by an associated performance guarantee.Hoses provide important advantages to a VPN customer: 1) flexibility to send traffic to a set of endpoints without having to specify the detailed traffic matrix, and 2) reduction in the size of access links through multiplexing gains obtained from the natural aggregation of the flows between endpoints. As compared with the conventional point-to-point (or customer pipe) model for managing quality of service (QoS), hoses provide reduction in the state information a customer must maintain. On the other hand, hoses would appear to increase the complexity of the already difficult problem of resource management to support QoS. To manage network resources in the face of this increased uncertainty, we consider both conventional statistical multiplexing techniques, and a new resizing technique based on online measurements.To study these performance issues, we run trace-driven simulations, using traffic derived from AT&Ts voice network and from a large corporate data network. From the customers perspective, we find that aggregation of traffic at the hose level provides significant multiplexing gains. From the providers perspective, we find that the statistical multiplexing and resizing techniques deal effectively with uncertainties about the traffic, providing significant gains over the conventional alternative of a mesh of statically sized customer pipes between endpoints.

A Network Based Replay Portal

A network based video replay service utilizing broadband technologies on the internet. A replacement for current analog or digital TV offerings that offer the same quality and user experience. The capacity used by current offerings (e.g. on a cable access network) will be freed up for use by the new service. The current schedule based broadcast paradigm users are accustomed to is emulated while at the same time offering on-demand viewing based on personal preference or subscription profile. This hybrid offering can lead to bandwidth savings in the access network with interaction of this service with other services on a common packet based infrastructure.

mmdump: a tool for monitoring internet multimedia traffic

Internet multimedia traffic is increasing as applications like streaming media and packet telephony grow in popularity. It is important to monitor the volume and characteristics of this traffic, particularly because its behavior in the face of network congestion differs from that of the currently dominant TCP traffic. To monitor traffic on a high-speed link for extended periods, it is not practical to blindly capture all packets that traverse the link. We present mmdump, a tool that parses messages from RTSP, H.323 and similar multimedia session control protocols to set up and tear down packet filters as needed to gather traces of multimedia sessions. Unlike tcpdump, dynamic packet filters are necessary because these protocols dynamically negotiate TCP and UDP port numbers to carry the media content. Our tool captures only packets of interest for optional storage and further analysis, thus greatly reducing resource requirements. This paper presents the design and implementation of mmdump and demonstrates its utility in monitoring live RTSP and H.323 traffic on a commercial IP network. The preliminary results obtained from these measurements are presented.

Analysis of communities of interest in data networks

Communities of interest (COI) have been applied in a variety of environments ranging from characterizing the online buying behavior of individuals to detecting fraud in telephone networks. The common thread among these applications is that the historical COI of an individual can be used to predict future behavior as well as the behavior of other members of the COI. It would clearly be beneficial if COIs can be used in the same manner to characterize and predict the behavior of hosts within a data network. In this paper, we introduce a methodology for evaluating various aspects of COIs of hosts within an IP network. In the context of this study, we broadly define a COI as a collection of interacting hosts. We apply our methodology using data collected from a large enterprise network over a eleven week period. First, we study the distributions and stability of the size of COIs. Second, we evaluate multiple heuristics to determine a stable core set of COIs and determine the stability of these sets over time. Third, we evaluate how much of the communication is not captured by these core COI sets.

Live data center migration across WANs: a robust cooperative context aware approach

A significant concern for Internet-based service providers is the continued operation and availability of services in the face of outages, whether planned or unplanned. In this paper we advocate a cooperative, context-aware approach to data center migration across WANs to deal with outages in a non-disruptive manner. We specifically seek to achieve high availability of data center services in the face of both planned and unanticipated outages of data center facilities. We make use of server virtualization technologies to enable the replication and migration of server functions. We propose new network functions to enable server migration and replication across wide area networks (e.g., the Internet), and finally show the utility of intelligent and dynamic storage replication technology to ensure applications have access to data in the face of outages with very tight recovery point objectives.

Analyzing large DDoS attacks using multiple data sources

We present a measurement study analyzing DDoS attacks from multiple data sources, relying on both direct measurements of flow-level information, and more traditional indirect measurements using backscatter analysis. Understanding the nature of DDoS attacks is critically important to the development of effective counter measures to this pressing problem. While much of the communitys current understanding of DDoS attacks result from indirect measurements, our analysis suggests that such studies do not give a comprehensive view of DDoS attacks witnessed in todays Internet. Specifically, our results suggest little use of address spoofing by attackers, which imply that such attacks will be invisible to indirect backscatter measurement techniques. Further, at the detailed packet-level characterization (e.g., attack destination ports), there are significant differences between direct and indirect measurements. Thus, there is tremendous value in moving towards direct observations to better understand DDoS attacks. Direct measurements additionally provide information inaccessible to indirect measurements, enabling us to better understand how to defend against attacks. We find that for 70% of the attacks fewer than 50 source ASes are involved and a relatively small number of ASes produce nearly 72% of the total attack volume. This suggests that network providers can reduce a substantial volume of malicious traffic with targeted deployment of DDoS defenses.

Declarative configuration management for complex and dynamic networks

Network management and operations are complicated, tedious, and error-prone, requiring signifcant human involvement and domain knowledge. As the complexity involved inevitably grows due to larger scale networks and more complex protocol features, human operators are increasingly short-handed, despite the best effort from existing support systems to make it otherwise. This paper presents coolaid, a system under which the domain knowledge of device vendors and service providers is formally captured by a declarative language. Through effcient and powerful rule-based reasoning on top of a database-like abstraction over a network of devices, coolaid enables new management primitives to perform network-wide reasoning, prevent misconfguration, and automate network confguration, while requiring minimum operator effort. We describe the design and prototype implementation of coolaid, and demonstrate its effectiveness and scalability through various realistic network management tasks.

Darkstar: Using exploratory data mining to raise the bar on network reliability and performance

Networks have become a critical infrastructure, and performance requirements for network-based applications are becoming increasingly stringent. This trend challenges service providers to raise the bar on the performance and reliability of network services. To achieve this, new network and service management systems are needed that enable providers to continually improve performance, identify issues that are flying under the radar of network operations, and troubleshoot complex issues. This paper presents the Darkstar system, which allows analysts to address these challenges using exploratory data mining and sophisticated correlation tools. We present an overview of key applications that are built on top of the Darkstar system to illustrate the power of the approach.