KyoungSoo Park

CoMon: a mostly-scalable monitoring system for PlanetLab

CoMon is an evolving, mostly-scalable monitoring system for PlanetLab that has the goal of presenting environment-tailored information for both the administrators and users of the PlanetLab global testbed. In addition to passively reporting metrics provided by the operating system, CoMon also actively gathers a number of metrics useful for developers of networked systems. Using CoMon, PlanetLab administrators and users can easily spot problematic machines, where the problem may arise from the machine itself, local configuration/environment problems, or the workload running on the machine. Furthermore, users can easily observe many properties of all of the experiments running across multiple PlanetLab nodes, facilitating not only their own experiment monitoring and debugging, but also helping scale the task of finding PlanetLab problems.In this paper we describe CoMons design and operation, including what kinds of data are gathered, the scale of the processing involved, and the approaches we have taken to keep CoMon running. Our goal is not only to illustrate the kinds of problems faced in this environment, but also to invite others to participate, either by experimenting with the data generated by CoMon, or by building on the CoMon system itself.

Comparison of caching strategies in modern cellular backhaul networks

Recent popularity of smartphones drives rapid growth in the demand for cellular network bandwidth. Unfortunately, due to the centralized architecture of cellular networks, increasing the physical backhaul bandwidth is challenging. While content caching in the cellular network could be beneficial, relatively few characteristics of the cellular traffic is known to come up with a highly-effetive caching strategy. In this work, we provide insight into flow and content-level characteristics of modern 3G traffic at a large cellular ISP in South Korea. We first develop a scalable deep flow inspection (DFI) system that can manage hundreds of thousands of concurrent TCP flows on a commodity multicore server. Our DFI system collects various HTTP/TCP-level statistics and produces logs for analyzing the effectiveness of conventional Web caching, prefix-based Web caching, and TCP-level redundancy elimination (RE) without a single packet drop at a 10~Gbps link. Our week-long measurements of over 370 TBs of the 3G traffic reveal that standard Web caching can reduce download bandwidth consumption up to 27.1% while simple TCP-level RE can save the bandwidth consumption up to 42.0% with a cache of 512~GB of RAM. We also find that applying TCP-level RE on the largest 9.4% flows eliminates 68.4% of the total redundancy. Most of the redundancy (52.1%~58.9%) comes from serving the same HTTP objects while the contribution by aliased URLs is up to 38.9%.

Kargus: a highly-scalable software-based intrusion detection system

As high-speed networks are becoming commonplace, it is increasingly challenging to prevent the attack attempts at the edge of the Internet. While many high-performance intrusion detection systems (IDSes) employ dedicated network processors or special memory to meet the demanding performance requirements, it often increases the cost and limits functional flexibility. In contrast, existing software-based IDS stacks fail to achieve a high throughput despite modern hardware innovations such as multicore CPUs, manycore GPUs, and 10 Gbps network cards that support multiple hardware queues. We present Kargus, a highly-scalable software-based IDS that exploits the full potential of commodity computing hardware. First, Kargus batch processes incoming packets at network cards and achieves up to 40 Gbps input rate even for minimum-sized packets. Second, it exploits high processing parallelism by balancing the pattern matching workloads with multicore CPUs and heterogeneous GPUs, and benefits from extensive batch processing of multiple packets per each IDS function call. Third, Kargus adapts its resource usage depending on the input rate, significantly saving the power in a normal situation. Our evaluation shows that Kargus on a 12-core machine with two GPUs handles up to 33 Gbps of normal traffic and achieves 9 to 10 Gbps even when all packets contain attack signatures, a factor of 1.9 to 4.3 performance improvements over the existing state-of-the-art software IDS. We design Kargus to be compatible with the most popular software IDS, Snort.

The power of batching in the Click modular router

The Click modular router has been one of the most popular software router platforms for rapid prototyping and new protocol development. Unfortunately, its internal architecture has not caught up with recent hardware advancements, and the performance remains sub-optimal in high-speed networks despite its benefit of flexible module composition. In this work, we identify the performance bottlenecks of the existing Click router and extend it to scale with modern computer systems. Our improvements focus on both I/O and computation batching, and include various optimizations for multi-core systems and multi-queue network cards. We find that these techniques improve the performance by almost a factor of 10, and the maximum throughput reaches 28 Gbps of minimum-sized IPv4 packet forwarding speed on a single machine.

A disruption-tolerant transmission protocol for practical mobile data offloading

The explosive popularity of smartphones and mobile devices drives massive growth in the wide-area mobile data communication. Unfortunately, the current or near-future 3G/4G networks are deemed insufficient to meet the increasing data transfer demand. While opportunistic offloading of mobile data through Wi-Fi is an attractive option, the existing transport layer would experience frequent disconnections due to mobility, making it hard to support seamlessly reliable data delivery. As a result, many mobile applications either depend on ad-hoc downloading resumption mechanisms or redundantly re-transfer the same content when disruptions happen. In this paper, we present DTP, a disruption-tolerant, reliable transport layer protocol that masks the failures of the preferred network. Unlike previous disruption/delay-tolerant protocols, DTP provides the same semantics as TCP on an IP packet level when the mobile device is connected to a network while providing the illusion of continued connection even if the underlying physical network becomes unavailable. This would help the mobile application developers to focus on the application core rather than addressing the frequent network disruptions. It would also greatly reduce the phone network costs both to ISPs and end users. Our current implementation in UDP shows a comparable performance to that of TCP in network, and it greatly reduces the delay and power consumption when the mobile devices frequently switch from one network to another.

Towards understanding developing world traffic

While many projects aim to provide network access to the developing world or improve existing network access, relatively little data exists regarding the behavior of traffic in these environments, especially in regards to the characteristics of traffic in the developing world. In this paper, we provide a first glimpse into the traffic gathered by a worldwide proxy network, and try to observe differences in first-world and developing-world traffic characteristics. What sets this work apart from similar research is the scope and level of detail -- we capture more than 3TB of content representing one weeks browsing by 348K users across 190 countries. Capturing the content, rather than just access logs, also allows us to perform similarity analysis at the content level.

Building a single-box 100 Gbps software router

Commodity-hardware technology has advanced in great leaps in terms of CPU, memory, and I/O bus speeds. Benefiting from the hardware innovation, recent software routers on commodity PC now report about 10 Gbps in packet routing. In this paper we map out expected hurdles and projected speed-ups to reach 100 Gbps in packet routing on a single commodity PC. With careful measurements, we identify two notable bottlenecks for our goal: CPU cycles and I/O bandwidth. For the former, we propose reducing per-packet processing overhead with software-level optimizations and buying extra computing power with GPUs. To improve the I/O bandwidth, we suggest scaling the performance of I/O hubs that limits packet routing speed to well before 50 Gbps.

Meeting the real-time constraints with standard Ethernet in an in-vehicle network

Vehicular networks have traditionally focused on the real-time delivery of critical control messages for safe car operation. Unfortunately, the real-time requirements often cripple the development of flexible car applications by tying the application network stack to underlying physical networks. While popular real-time vehicular networks guarantee the timely delivery of prioritized messages, they often lack in bandwidth and flexibility, which limits the range of car network applications. In this work, we explore the idea of replacing the current vehicular network with standard switched Ethernet, the most popular LAN technology in computer networks. Ethernet is attractive in providing high bandwidth at a low cost with easy and flexible configuration. The most challenging part is to guarantee the real-time delivery of mission-critical messages. We first show that the soft message delivery latency of 10s to 100s milliseconds can be easily met in 100 Mbps switched Ethernet despite coexistence of high-bandwidth network applications. For meeting the hard delivery latency on the order of 100 microseconds for critical control messages, we propose limiting the path MTU to the destination node with priority queuing from IEEE 802.1Q. Our simulation shows that we can satisfy 100 microseconds of latency even in a rich set of vehicular applications without any modification of the application network stack.

Accelerating SSL with GPUs

SSL/TLS is a standard protocol for secure Internet communication. Despite its great success, todays SSL deployment is largely limited to security-critical domains. The low adoption rate of SSL is mainly due to high computation overhead on the server side. In this paper, we propose Graphics Processing Units (GPUs) as a new source of computing power to reduce the server-side overhead. We have designed and implemented an SSL proxy that opportunistically offloads cryptographic operations to GPUs. The evaluation results show that our GPU implementation of cryptographic operations, RSA, AES, and HMAC-SHA1, achieves high throughput while keeping the latency low. The SSL proxy significantly boosts the throughput of SSL transactions, handling 25.8K SSL transactions per second, and has comparable response time even when overloaded.

Practicalizing Delay-Tolerant Mobile Apps with Cedos

Delay-tolerant Wi-Fi offloading is known to improve overall mobile network bandwidth at low delay and low cost. Yet, in reality, we rarely find mobile apps that fully support opportunistic Wi-Fi access. This is mainly because it is still challenging to develop delay-tolerant mobile apps due to the complexity of handling network disruptions and delays. In this work, we present Cedos, a practical delay-tolerant mobile network access architecture in which one can easily build a mobile app. Cedos consists of three components. First, it provides a familiar socket API whose semantics conforms to TCP while the underlying protocol, D2TP, transparently handles network disruptions and delays in mobility. Second, Cedos allows the developers to explicitly exploit delays in mobile apps. App developers can express maximum user-specified delays in content download or use the API for real-time buffer management at opportunistic Wi-Fi usage. Third, for backward compatibility to existing TCPbased servers, Cedos provides D2Prox, a protocol-translation Web proxy. D2Prox allows intermittent connections on the mobile device side, but correctly translates Web transactions with traditional TCP servers. We demonstrate the practicality of Cedos by porting mobile Firefox and VLC video streaming client to using the API. We also implement delay/disruption-tolerant podcast client and run a field study with 50 people for eight weeks. We find that up to 92.4% of the podcast traffic is offloaded to Wi-Fi, and one can watch a streaming video in a moving train while offloading 48% of the content to Wi-Fi without a single pause.