The rapid evolution of the Internet and its technologies necessitates innovative educational methodologies to prepare the next generation of network engineers and operators. This talk presents an overview of the Mini Internet Project, a hands-on educational platform that offers a practical approach to understanding complex internet and networking concepts. The project’s core lies in its ability to mimic real-world internet functionality, teaching students a wide variety of skills, from simple host configuration up to “mini” Internet-wide connectivity. We explore how we integrate this into the APIE program, aiming to enhance the practical skills of students in the Asia-Pacific region. We further discuss adapting the project for workshops and training at NOG events and networking bootcamps.
2024-03-19The Auckland Internet Satellite Simulator Facility
The Auckland Internet Satellite Simulator Facility
The Auckland Internet Satellite Simulator Facility had its genesis in around 2015 when we started looking at the strong TCP queue oscillations on narrowband satellite links into small island ISPs. ISPs on satellite - all GEO or MEO at the time - faced the choice between either extreme bufferbloating with its well-known effects on RTT, or link underutilisation with deadly effect on long TCP flows beset by packet losses. We looked at using network codes as erasure correcting codes - not in the "old" sense of correcting bit errors within packets but in the sense of being able to recover a certain amount of queue dropped packets without having to bufferbloat. This seemed to work quite well for individual flows, but we needed a way to investigate whether it would work for an ISP's entire satellite backhaul. Two problems with that: Firstly, we would have had to disconnect the locals in the islands we worked with, perhaps for days at a time, while we were trying to get the network coding going for their links. Secondly, trying to get access to the world side end of a satellite link is not trivial. So simulation was an obvious alternative. But trying to simulate realistic traffic in software quickly proved challenging, too. So we set about to build a simulator that could mimic, with real network components, a GEO or MEO satellite link with up to several hundred Mbps in both directions, being used by hundreds or thousands of simultaneously active client sockets, all doing different things. This talk discusses what we learned along the way, and what we are now doing to move the simulator into the low earth orbit (LEO) age - a vastly more complex environment.
Domain lists are a key ingredient for representative censuses of the Web. Unfortunately, such censuses typically lack a view on domains under country-code top-level domains (ccTLDs). This introduces unwanted bias: many countries have a rich local Web that remains hidden if their ccTLDs are not considered. The reason ccTLDs are rarely considered is that gaining access – if possible at all – is often laborious. To tackle this, we ask: what can we learn about ccTLDs from public sources? We extract domain names under ccTLDs from 6 years of public data from Certificate Transparency logs and Common Crawl. We compare this against ground truth for 19 ccTLDs for which we have the full DNS zone. We find that public data covers 43%-80% of these ccTLDs, and that coverage grows over time. By also comparing port scan data we then show that these public sources reveal a significant part of the Web presence under a ccTLD. We conclude that in the absence of full access to ccTLDs, domain names learned from public sources can be a good proxy when performing Web censuses.
This talk will review why software-defined networking was a paradigm shift and how it was born from an academic project at the end of the 2000s. But how did these concepts evolve in the industry and the academic fields? From Ethane, Openflow(s), and P4 lang and today's concern. I will also introduce a couple of IIJ lab projects.
Cloud providers colocate multiple virtual machines (VMs) or containers on the same physical machine to increase resource efficiency. Unfortunately this can lead to memory stranding, where some memory is not allocated to any VM or container. Recent studies show that 50% of the memory at major cloud providers (Google, Microsoft, Alibaba or Facebook) is stranded. In this talk, we will explore solutions to reduce memory stranding: memory disaggregation, RDMA, and the upcoming Compute-Express Link (CXL) cache-coherent interconnect.
With the rise in public cloud adoption, multi-tenancy becomes vital for efficient resource sharing. While virtualization and overlay technologies (e.g., VxLAN) provide logical isolation, they bring challenges in maintaining predictable and fair performance. In response to the challenges posed by multi-tenancy in the cloud, we introduce PerfIsol, a research initiative that integrates a theoretical-based management plane with a programmable data plane. Furthermore, we'll explore the latest advancements in cloud performance isolation research, including foundational studies on network sharing in the cloud that underpin our work.
Decision-making processes are generally either prescriptive (Optimization) or predictive (Machine Learning). Both approaches, sometimes combined, apply efficiently to different sets of problems. This talk will highlight the typical cases to use one or the other. We will present our optimization framework to model-as-you-speak and solve problems through general and industrial problems such as (scheduling, Sudoku, etc.).
In this talk, network engineers will be introduced to a range of commonly used tools for automating the many tedious tasks involved in the day-to-day operation of a network. These tools include Docker, Ansible, and IIJ lab's own tools being developed for network automation, as well as ChatGPT, which can be used to streamline everyday tasks.
BGP data can provide insight into the potential paths of internet traffic but it has no notion of what traffic follows any given path. As a result, we cannot definitively know anything of what internet traffic, if any, was impacted during a BGP incident (e.g. a leak or hijack). In some cases, one could reasonably ask, did a single packet get impacted by this leaked route? This talk discusses how the use of a very large corpus of NetFlow data helps to better understand the operational impact of BGP incidents by examining the NetFlow of the traffic misdirected during these events.
In this talk we will take a brief look on the historic growth of internet exchange points (IXPs) through the lens of PeeringDB data combined with dependencies inferred from traceroute data. We inspect the ups and downs of IXPs throughout the last ten years, before arriving in the present. Then, we take a closer look at the current state of some selected IXPs, investigating their reach, both in terms of direct participants and remote dependents. Finally, we will finish with a discussion of the current role of IXPs in the Internet infrastructure.
In this talk I will motivate the importance of monitoring the Internet topology and explain why it is technically challenging. Then I will give an overview of the Internet Health Report, showing how we use open datasets to study the Internet topology and its constant evolution, whether those changes are due to punctual events (e.g. outages) or long lived restructuring (e.g. geo-political events).
Advances in the domain of software-based and programmable
networks have opened up new opportunities towards
effective management of network resources. When developing
management architectures for these environments, the
design of a monitoring system that can provide frequent,
consistent and accurate updates to heterogeneous
applications is essential. In this talk, I will present
our recent contributions to the development of a novel
framework enabling efficient monitoring in software
dataplane. Our framework guarantees resilience to
bottlenecks while preserving the accuracy of monitoring
reports. Based on a prototype implementation using a
generic packet-processing pipeline and typical traffic
measurements tasks, we show that our solution achieves
lossless and accurate traffic monitoring for a wide range
of conditions at very short timescales while introducing
only very limited overhead.
Biography
Daphne Tuncer is a Research Fellow in the Department of
Computing at Imperial College London, UK. She was the
recipient of an Imperial College Research Fellowship in
2018. She received a Ph.D. degree from University College
London (UK) in 2013 and a Diplome d'ingenieur de Telecom
SudParis (France) in 2009. Her research interests are in
the areas of software-defined and programmable networks,
adaptive network resource management and monitoring, as
well as multimedia content distribution. She is currently
co-leading a multi-disciplinary project investigating the
deployment of scalable public charging network
infrastructures forelectric vehicles in the Greater London
area.
Founded in 1997, the Center for Applied Internet Data
Analysis (CAIDA) conducts network research and builds
research infrastructure to support large-scale data
collection, curation, and data distribution to the
scientific research community. In this presentation I will
overview the research, data, and services produced by
CAIDA in 2019.
Application requirements evolve over time and the underlying protocols need to adapt. Most transport protocols evolve by negotiating protocol extensions during the handshake. Experience with TCP shows that this leads to delays of several years or more to widely deploy standardized extensions. In this paper, we revisit the extensibility paradigm of transport protocols. We base our work on QUIC, a new transport protocol that encrypts most of the header and all the payload of packets, which makes it almost immune to middlebox interference. We propose Pluginized QUIC (PQUIC), a framework that enables QUIC clients and servers to dynamically exchange protocol plugins that extend the protocol on a per-connection basis. These plugins can be transparently reviewed by external verifiers and hosts can refuse non-certified plugins. Furthermore, the protocol plugins run inside an environment that monitors their execution and stops malicious plugins. We demonstrate the modularity of our proposal by implementing and evaluating very different plugins ranging from connection monitoring to multipath or Forward Erasure Correction. Our results show that plugins achieve expected behavior with acceptable overhead. We also show that these plugins can be combined to add their functionalities to a PQUIC connection.
BIND is undoubtedly the most well-known and widely used authoritative DNS server implementation. However, it has much higher performance alternatives. This presentation is about the performance analysis of four authoritative DNS server implementations: BIND, NSD, Knot DNS, and YADIFA. The performance measurement method is taken from RFC 8219. Various performance factors are considered: the number of CPU cores, the size of the zone file, the timeout value and also the architecture of the CPU. Several different issues of BIND are pointed out. Both NSD and Knot DNS are shown to have about one order of magnitude higher performance than BIND or YADIFA.
2019-3-4 The Isolario project: BGP route collecting, real-time services and data analysis
The Isolario project: BGP route collecting, real-time services and data analysis
Location
Internet Initiative Japan, 13F Opera2
Speaker
Alessandro Improta (IIT-CNR), Luca Sani (IIT-CNR), Lorenzo Cogotti (Alpha Cogs)
Title: Isolario: the real-time Internet routing observatory (by Alessandro Improta)
Abstract: The incompleteness of data collected from BGP route collecting projects is a well-known issue. Recent works explained that one of the possible solution is to increase the contribution in terms of routing data collected from ASes located in the Internet periphery, in order to reveal the peering connectivity of their upstream providers. IIT-CNR developed the Isolario project to fill this gap. Isolario is a BGP route collecting project based on the do-ut-des principle which aims to increase the appeal of route collecting by offering services in return, ranging from real-time analyses of the incoming BGP session(s) to historic analyses of routing reachability. This presentation will introduce the basic elements of Isolario and the rationale lying behind the project, with a fast overview about its services, the solutions applied and future works.
Abstract: ICE is a multi-threaded and memory-efficient BGP collecting engine which allows route collectors to efficiently handle real-time queries of the routing table. ICE is designed to allow concurrent read/write operations on the routing table. Memory efficiency has been obtained thanks to the design of a variant of the Liv-Zempel compression algorithms specifically tailored to operate within a BGP real-time collecting environment. The proposed technique exploits the high degree of repetitiveness characterizing BGP data and reduces the ICE memory usage by as much as 30%. ICE is currently used as the route collecting software in the Isolario project.
Title: BGP Scanner: C library & tool (by Lorenzo Cogotti)
Abstract: During the last years the amount of data collected has increased greatly, mostly due to the introduction of new route collectors (e.g. PCH, Isolario), new BGP feeders, new BGP extensions (e.g. Multiprotocol RFC4760, ADDPATH RFC7911) and, of course, due to the natural growth of the Internet. Most of the available MRT-BGP data reader available were designed when the amount of data available was smaller, and as a consequence are not able to perform efficiently with current datasets. Moreover most of them do not support most of the BGP extensions introduced in time usually because they are not properly maintained and updated. In this presentation is presented BGP scanner, a new open source MRT-BGP data reader and C library implemented at IIT-CNR, which is exploited in Isolario project. To the best of our knowledge, BGP scanner outperforms all the MRT-BGP data reader freely available online, in terms of speed and memory consumption.
Nowadays, data analytics has become a critical component of modern online services, especially for data-driven online services. Typically, this component requires to process large-scale datasets which may contain private and sensitive information of online services’ customers. Moreover, it becomes even worse when these online services rely on cloud computing to store and process the sensitive data. In such setting, privacy and security become of paramount concern since the customers need to trust both service providers and cloud providers. Unfortunately, in the past, this trust has been violated. In this situation, an interesting question is how to perform data analytics in a secure and privacy-preserving manner? To answer this question, in this talk we will present and demonstrate our solution using SCONE - a shielded execution framework built on modern Trusted Execution Environments (TEEs). The main aim of SCONE is to protect the data analytics application and its secrets against strong attackers (attackers with root access) in a transparent manner, i.e., without changing the application’s source code. At the end of the talk, we will provide a live demo on how to secure PySpark - a widely used framework for data analytics in industry - using SCONE.
2018-12-11 AS Rank v2: Autonomous Systems and their Ranking
AS Rank v2: Autonomous Systems and their Ranking
Location
Internet Initiative Japan, 13F Opera2
Speaker
Bradley Huffaker (CAIDA)
In the Internet, an Autonomous System (AS) is a collection of connected Internet Protocol (IP) routing prefixes under a single administrative domain. As such, they present a window through which to understand the wider Internet topology. In this talk we will provide a brief overview of the Autonomous Systems, their ranking and topology. We will then end with an introduction to AS Rank API v2, a public web service which provides information about individual ASes, their rank, and topology.
2018-11-28 Large-scale active measurements with RIPE Atlas
Large-scale active measurements with RIPE Atlas
Location
Internet Initiative Japan, 13F Opera2
Speaker
Emile Aben (RIPE NCC)
RIPE Atlas is a large scale active measurement platform. With over 10000 measurement vantage points (“probes”) all over the Internet at your fingertips, it is a powerful platform for network operations and research. We’ll introduce the platform, and cover topics like how to get information about probes and measurements already running, the measurement primitives available and how to run your own measurements.
2018-07-24 ICLab: A Platform for Global Censorship Measurement
ICLab: A Platform for Global Censorship Measurement
Location
Internet Initiative Japan, 13F Cantata
Speaker
Shinyoung Cho (Stony Brook University)
Recent years have seen the Internet become a key vehicle for citizens around the globe to express political opinions and organize protests. This fact has not gone unnoticed, with countries around the world repurposing network management tools (e.g., URL filtering products) and protocols (e.g., BGP, DNS) for censorship. Previous work has focused on understanding how censorship is performed in specific countries. However, there are no major studies to understand global censorship trends over time, and to identify, on a global scale, the networks responsible for performing censorship. Also, repurposing network products for censorship can have an unintended international impact, which we refer to as censorship leakage. While there have been anecdotal reports of censorship leakage, there has yet to be a systematic study of censorship leakage at a global scale. We build a global censorship measurement platform (ICLab) and combine it with a general-purpose technique - boolean network tomography - to identify how a censor performs censorship and which AS on a network path is performing censorship.
2018-02-27Scale-free dynamics in Internet traffic - The benefits of multivariate analysis
Scale-free dynamics in Internet traffic - The benefits of multivariate analysis
Location
Internet Initiative Japan, 13F Opera2
Speaker
Patrice Abry (ENS de Lyon/CNRS)
It is now well accepted that aggregated packet or byte count time series in Internet traffic are well modeled with scale-free temporal dynamics, often accounted for by self-similarity processes, such as fractional Brownian motion. The corresponding scaling exponent has been theoretically and practically related to the heavy-tail behaviors of the « objects » transferred on the Internet. However, it remains an open and controversial question to decide whether self-similarity is better measured on packet or byte count time series, or on both, with or without the same scaling exponents. To address such issues we aim to explain how and why multivariate similarity analysis permits a better understanding on Internet traffic scale-free dynamics. For instance bivariate similarity that analyzes jointly Bytes and packet time series, as opposed to 2 univariate analysis of byte and packet time series independently, offers a better characterization of scale-free dynamics in Internet traffic. Combining the use of random projections (or hashing procedures) to ensure a characterization of background traffic robust to anomalies of all sorts, and multivariate multiscale (wavelet) analysis, we detail a methodology for the robust characterization of 2-variate (Byte, Packet) or 4-variate (Byte, Packet, outoing, ingoing) selfsimilarity in Internet trafic and to uncover rich scale-free dynamics. It will also be illustrated M-variate self-similarity analysis provide practitioners with multiscale functions of interest for anomaly detection.
The criticity of the Internet keeps increasing with a very high number of services depending on its infrastructure. The Internet is expected to support services with an increasing tangible impact on the physical world such as the Internet of Things (IoT) or autonomous vehicles. It is thus important to address the current infrastructure shortcomings in terms of scalability, confidentiality and reliability. Multipath communications are one possible solution to address this challenge. The transition towards multipath technologies is not obvious, there are several challenges ahead. Some network devices block unknown protocols, thus preventing the emergence of new technologies, which plays a part in what is often referred to as the ossification of the Internet. Moreover, due to technical reasons, there are cases for which multipath technologies perform worse than their single path counterpart. This presentation intends to expose the situation and some techniques to mitigate these cases and limit their impact, so that multipath communications perform better than single path communications as often as possible. More specifically, we propose enhancements to Multipath TCP (MPTCP).
2018-01-16The Reliability of Broadband Internet Access
The Reliability of Broadband Internet Access
Location
Internet Initiative Japan, 13F Opera2
Speaker
Zachary Bischof (IIJ Innovation Institute)
Propelled by government and private interests, the availability and capacity of broadband services continues to grow rapidly worldwide. With the proliferation of high-capacity access and the migration to over-the-top services for entertainment, communication, and home automation, users have greater expectations for the reliability of their broadband service. Consequently, users, service providers, and regulatory agencies have expressed interest in metrics and clear standards for characterizing broadband reliability. We develop an approach for broadband reliability characterization using data collected by the many emerging national initiatives to study broadband. We apply this approach to the data collected by the FCC's Measuring Broadband America project. Motivated by our findings on both the importance of reliability and the degree of reliability offered by broadband services, we present the design and evaluation of a practical approach for improving access reliability through multihoming.
2017-12-19Multipath QUIC: Taking the Best of Multipath and TCP
Multipath QUIC: Taking the Best of Multipath and TCP
Location
Internet Initiative Japan, 13F Opera2
Speaker
Quentin De Coninck (Université Catholique de Louvain)
Quick UDP Internet Connection (QUIC) is a recent protocol initiated by Google that merges the functions of HTTP/2, TLS and TCP directly over UDP. It can replace the traditional HTTP/TLS/TCP stack and the IETF has chartered a working group to standardize it. QUIC encrypts all data and most protocol headers to prevent interferences from middleboxes. However, the current QUIC design still assumes a single-path flow. This talk presents Multipath QUIC, a QUIC extension that enables a QUIC connection to simultaneously use different network paths. This ability to spread data over several networks provides bandwidth aggregation and better support for mobility scenarios. I will first discuss the design of the proposed solution. Based on our implementation based on quic-go, I will then show a comparison of performance between (Multipath) QUIC and (Multipath) TCP in a various environments covering large network parameter spaces (bandwidth, delay, buffer sizes, losses). Finally, I will discuss several new usecases opened by Multipath QUIC, some being unpractical with (Multipath) TCP.
k claffy, Bradley Huffaker, Matthew Luckie (CAIDA)
mapping our way to a more secure Internet (k claffy)
abstract: Today the "cyber threat" is one of our most serious economic and national security challenges. But our lack of empirically grounded understanding of the structure, dynamics, and scope of vulnerabilities of the global Internet renders this challenge virtually intractable. In this talk, we examine the emerging field of cyber-cartography: what kind of maps of the Internet do we need, and what problems do they solve? What capabilities are required to construct which maps, and what blocks progress on development of these capabilities? We'll provide examples of applied mapping research and development activities at various levels of maturity, including those that support detection of Internet security and stability weaknesses. By the end of this talk you will learn at least five ways that you personally can participate in the field of cybercartography.
A Look at Router Geolocation in Public and Commercial Databases (Bradley Huffaker)
abstract: Internet measurement research frequently needs to map infrastructure components, such as routers, to their physical locations. Although public and commercial geolocation services are often used for this purpose, their accuracy when applied to network infrastructure has not been sufficiently assessed. Prior work focused on evaluating the overall accuracy of geolocation databases, which is dominated by their performance on end-user IP addresses. In this work, we evaluate the reliability of router geolocation in databases. We use a dataset of about 1.64M router interface IP addresses extracted from the CAIDA Ark dataset to examine the country- and city-level coverage and consistency of popular public and commercial geolocation databases. We also create and provide a ground-truth dataset of 16,586 router interface IP addresses and their city-level locations, and use it to evaluate the databases’ a curacy with a regional breakdown analysis. Our results show that the databases are not reliable for geolocating routers and that there is room to improve their country- and city-level accuracy. Based on our results, we present a set of recommendations to researchers concerning the use of geolocation databases to geolocate routers.
Software Systems for Surveying Spoofing Susceptibility (Matthew Luckie)
abstract: Despite source IP address spoofing being a known vulnerability for at least 25 years, and despite many efforts to shed light on the problem, spoofing remains a viable attack method for redirection, amplification, and anonymity. The goal of the CAIDA spoofer project is to increase the density of crowd-sourced measurement of ingress filtering, and publicly provide evidence of where remediation attention should be focused. In this talk, I will discuss the new measurement system we developed, present the public reporting website, report on remediation and outreach efforts, and discuss lessons learned.
2017-10-10Benchmarking methodology for IPv6 transition technologies
Benchmarking methodology for IPv6 transition technologies
Location
Internet Initiative Japan, 13F Opera2
Speaker
Gábor Lencse (Department of Network Systems and Services, Budapest University of Technology and Economics)
Abstract: RCF 2544 deals with the benchmarking methodology for network interconnect devices and RFC 5180 addresses IPv6 specificities, but explicitly declares that IPv6 transition technologies are outside of its scope. The fresh RFC 8219 defines benchmarking methodologies for them.
This presentation introduces the most important solutions described in RFC 8219 by following its categories as dual stack, single translation, double translation and encapsulation technologies plus DNS64, which does not fit into any of these categories. Besides the definitions of performance metrics and their measurement procedures, both some interesting theoretical questions are discussed and some very practical problems are considered such as the available measurement tools (e.g. dns64perf++ for DNS64) and the issues of their development.
2017-07-12Simulating Satellite Internet Links into Pacific Islands
Simulating Satellite Internet Links into Pacific Islands
Location
Internet Initiative Japan, 13F Opera2
Speaker
Ulrich Speidel (Department of Computer Science, The University of Auckland)
Abstract: RCF 2544 deals with the benchmarking methodology for network interconnect devices and RFC 5180 addresses IPv6 specificities, but explicitly declares that IPv6 transition technologies are outside of its scope. The fresh RFC 8219 defines benchmarking methodologies for them.
Abstract: In many small Pacific Island countries, remoteness, deep ocean and low GDP put international submarine cable connectivity out of reach, and satellite Internet is the only option. However, satellite bandwidth is expensive: typical ISP capacities are between 8 and < 100 Mbps on geostationary satellites, and a few hundred Mbps on medium earth orbit satellites. These are often shared between dozens if not hundreds of end users. This bottleneck, along with the significant latency of satellite links, conspires badly against TCP senders and islanders: Many flows never get to open their congestion windows, those that do do so only very slowly, and TCP queue oscillation is rife. Many links are badly underutilised as a result. Potential solutions are at hand in the form of performance-enhancing proxies (PEPs) and forward error correction across packets and the satellite link input queue - but how can we tell how well they might work? To answer such questions, we have built a satellite network simulator at the University of Auckland. The simulator is largely hardware based, with 84 Raspberry Pis and 10 Intel NUCs providing client demand on the "island side", one dedicated Super Micro Server simulating the satellite link itself, one Super Micro on either side providing coding and/or PEP services, and 14 further Super Micros providing "world" TCP traffic to the island at avariety of "terrestrial" latencies. My talk will cover our simulation approach, our current results, challenges faced and lessons learned so far.
Rodney Van Meter, Associate Professor (Faculty of Environment and Information Technology, Keio University)
Abstract: The next information revolution is coming. Data will no long be simple zeroes and ones, but instead will take on characteristics driven by quantum mechanics. How will this change what we can compute and communicate? In this talk, I will lead you through the key ideas in quantum information (with almost no math!) and talk about what we can do with a quantum Internet. I divide the applications of quantum communications into three categories: quantum cryptographic functions, quantum sensor networks, and distributed quantum computation. Some of these functions are drop-in replacements for existing, classical functionality, with additional, desirable characteristics. At least one of the most exciting is an entirely new capability brought by quantum computation.
Bio: Rodney Van Meter received a B.S. in engineering and applied science from the California Institute of Technology in 1986, an M.S. in computer engineering from the University of Southern California in 1991, and a Ph.D. in computer science from Keio University in 2006. His current research centers on quantum computer architecture and quantum networking. Other research interests include storage systems, networking, and post-Moore's Law computer architecture. He is now an Associate Professor of Environment and Information Studies at Keio University's Shonan Fujisawa Campus. Dr. Van Meter is a member of AAAS, ACM and IEEE.
2017-03-27Unbounded Spigot Algorithms for the Digits of Pi
Unbounded Spigot Algorithms for the Digits of Pi
Location
IIJ Innovation Institute 13F Opera2
Speaker
Jeremy Gibbons (Oxford University)
Abstract: Rabinowitz and Wagon presented a spigot algorithm for computing the digits of π. A spigot algorithm yields its outputs incrementally, and does not reuse them after producing them. Rabinowitz and Wagon’s algorithm is inherently bounded; it requires a commitment in advance to the number of digits to be computed. We propose some streaming algorithms based on the same and some similar characterizations of π, with the same incremental properties, but without requiring the prior bound. They are nice examples of lazy functional programming, and instances of a more general scheme for streaming computation.
2017-02-06TouIX to TouSIX : The Internet eXchange SDN experience
TouIX to TouSIX : The Internet eXchange SDN experience
Location
Internet Initiative Japan 13F Cantata
Speaker
Marc Bruyere (The University of Tokyo)
Abstract: The Internet eXchange Points (IXP) are essential for the Internet evolution as they empower high bandwidth low latency and inexpensive local traffic peering as opposed to transit traffic. OpenFlow SDN enables network programmability to control network behavior via open interfaces, as opposed to the legacy closed-box solutions and proprietary-defined interfaces.
This presentation is about the migration of the TouIX from a traditional to a full OpenFlow IXP. A quick view of the architecture choices to eliminate broadcast traffic to reduce complexity are discussed and how switches have been selected and programmed with the TouSIX-Manager. The TouSIX-Manager have been developed internally to give direct monitoring and programmability to the members through web interfaces.
TouIX is a non-profit neutral Internet eXchange Point organization founded in 2005. It provides an interconnected network infrastructure at 4 PoPs around the city of Toulouse and the Paris FranceIX and LyonIX IXPs.
Abstract: This presentation is about the Internet of Things(IoT) work at the IETF. It covers the working groups work and main topics in the field of connecting constrained devices, networks to Internet.
2016-10-12Reaping the Benefits of IPv6 Segment Routing
Reaping the Benefits of IPv6 Segment Routing
Location
Internet Initiative Japan 13F Cantata
Speaker
David Leburun (Université catholique de Louvain)
Abstract: Segment Routing is a modern variant of source routing being standardised by the IETF. It enables routers and endhosts to better control the path followed by the packets in the network. Using SR as a foundation, we articulate two key aspects of its potential: the data plane and the control plane. Firstly, we show how the SR data plane enables operators to perform tasks and provide services that may be otherwise difficult to achieve with current techniques. Secondly, we show how to leverage the SDN paradigm with an SR IPv6 control plane and briefly describe a possible deployment.
Biography: David Lebrun is a PhD student in the IP Networking Lab at Université catholique de Louvain in Belgium, in his fourth and last year. His PhD thesis is focused on leveraging the IPv6 flavor of Segment Routing for value-added services and on implementing it into the Linux kernel.
2016-07-19A Fast and Practical Software Packet Scheduling Archtecture
A Fast and Practical Software Packet Scheduling Archtecture
Location
Internet Initiative Japan 13F Opera2
Speaker
Luigi Rizzo (Università di Pisa)
Abstract: Dynamic resource scheduling is key to achieve dependable service guarantees, allocate spare capacity and protect systems against misuse. For network traffic in a cloud environment, packet scheduling is often done in software, a task made hard by the extremely high frequency of decisions (10+ million packets per second) and the large number of concurrent sources.
No currently available solution simultaneously supports high decision rates, scales to many concurrent clients, and has provable, small deviation from ideal allocation at high link utilization. The pieces to make the above possible do exist, though, from efficient schedulers with tight analytical service guarantees to fast packet I/O frameworks.
In this talk we fill the gap and propose an architecture to run software packet schedulers efficiently even in a high speed, highly concurrent environment. We achieve this result by separating the scheduling decision from the actual packet transmission, so that the latter can be performed in parallel by clients. We provide analytical bounds on the service guarantees of our scheduling architecture even at high link utilization, and present an accurate discussion of implementation issues. Our prototype can make over 20 million scheduling decisions per second even with tens of concurrent clients running on a multi-core, multi-socket system, while adding less than 2 us to the communication delay.
Bio: Luigi Rizzo is a professor at the Università di Pisa. He has worked on network emulation, high performance networking, packet scheduling, multicast and reliable multicast. He is a long time contributor to FreeBSD, for which he has developed several subsystems including the dummynet network emulator, the ipfw firewall, and the netmap framework. He has been program committe member for for sigcomm, conext, infocom, nsdi, Usenix ATC, ANCS and other conferences, as well as PC chair for Sigcomm 2009 and Conext 2014, ANCS 2016, and general chair for Sigcomm 2006. Luigi has been a frequent visiting researcher at various institutions including ICSI/UC Berkeley, Google Mountain View, Intel Research Cambridge, Intel Research Berkeley.
2015-10-27Internet privacy: Towards more transparency
Internet privacy: Towards more transparency
Speaker
Balachander Krishnamurthy (AT&T Labs – Research)
Abstract: Internet privacy has become a hot topic recently with the radical growth of Online Social Networks (OSN) and attendant publicity about various leakages. For the last several years we have been examining aggregation of user's information by a steadily decreasing number of entities as unrelated Web sites are browsed. I will present results from several studies on leakage of personally identifiable information (PII) via Online Social Networks and popular non-OSN sites. Linkage of information gleaned from different sources presents a challenging problem to technologists, privacy advocates, government agencies, and the multi-billion dollar online advertising industry. Economics might hold the key in increasing transparency of the largely hidden exchange of data in return for access of so-called free services.
Bio: Balachander Krishnamurthy is a lead inventive scientist at AT&T Labs--Research. His focus of research of is in the areas of Internet privacy, Online Social Networks, and Internet measurements. He has authored and edited ten books, published 100 technical papers, holds 64 patents, and has given invited talks in thirty five countries.
He co-founded the successful Internet Measurement Conference and in 2013 the Conference on Online Social Networks. He has been on the thesis committee of several PhD students, collaborated with over eighty researchers worldwide, and given tutorials at several industrial sites and conferences.
His most recent book "Internet Measurements: Infrastructure, Traffic and Applications" (525pp, Wiley, with Mark Crovella), was published in July 2006 and is the first book focusing on Internet Measurement. His previous book 'Web Protocols and Practice: HTTP/1.1, Networking Protocols, Caching, and Traffic Measurement' (672 pp, Addison-Wesley, with Jennifer Rexford) is the first in-depth book on the technology underlying the World Wide Web, and has been translated into Portuguese, Japanese, Russian, and Chinese. Bala is homepageless and not on any OSN but many of his papers can be found at http://www.research.att.com/~bala/papers
2015-06-09An Empirical Mixture Model for Large-Scale RTT Measurements
An Empirical Mixture Model for Large-Scale RTT Measurements
Speaker
Romain Fontugne (National Institute of Informatics)
Abstract: Monitoring delays in the Internet is essential to understand the network condition and ensure the good functioning of time-sensitive applications. Large-scale measurements of round-trip time (RTT) are promising data sources to gain better insights into Internet-wide delays. However, the lack of efficient methodology to model RTTs prevents researchers from leveraging the value of these datasets. In this work, we propose a log-normal mixture model to identify, characterize, and monitor spatial and temporal dynamics of RTTs. This data-driven approach provides a coarse grained view of numerous RTTs in the form of a graph, thus, it enables efficient and systematic analysis of Internet-wide measurements. Using this model, we analyze more than 13 years of RTTs from about 12 millions unique IP addresses in passively measured backbone traffic traces. We evaluate the proposed method by comparison with external data sets, and present examples where the proposed model highlights interesting delay fluctuations due to route changes or congestion. We also introduce an application based on the proposed model to identify hosts deviating from their typical RTTs fluctuations, and we envision various applications for this empirical model.
Prof. Jeremy Gibbons (University of Oxford, Department of Computer Science)
Abstract: Computer programs describe how computers operate. In order to control computers, we need to reason about programs: to construct them, to transform them, to prove properties about them. Traditionally, this reasoning about programs is performed indirectly, in terms of the operational behaviour they describe. But operational reasoning is often difficult and inconvenient. I will explain how one may instead perform equational reasoning, directly about the programs themselves instead of indirectly about their behaviour. To do so requires a more abstract programming style, such as pure functional programming. I will explain functional programming, and show how to reason about functional programs.
Abstract: Over the years middleboxes have become a fundamental part of today’s networks, and there is a recent trend towards network function virtualization (NFV), in essence proposing to turn these middleboxes into software-based, virtualized entities. In this talk I will introduce ClickOS, a high-performance, virtualized software middlebox platform. ClickOS virtual machines are small (5MB), boot quickly (about 30 milliseconds), add little delay (45 microseconds) and over one hundred of them can be concurrently run while saturating a 10Gb pipe on a commodity server. I will further describe current ongoing work towards massive consolidation, running as many as 10,000 virtual machines on a single, commodity server.
Biography: Dr. Felipe Huici is a chief researcher at NEC Europe Labs in Heidelberg. He received his undergraduate degree with honours from the University of Virginia, and his Masters in Data Communications, Networks and Distributed Systems from University College London, graduating top of the class; he received his Ph.D. from that same institution under the supervision of Prof. Mark Handley. Felipe has published on several top-tier conferences and journals such as SIGCOMM, NSDI, CoNEXT, and SIGCOMM CCR, regularly acts as TPC member of conferences and journals such as INFOCOM, CoNEXT and SIGCOMM CCR, and holds a number of patent grants.
CrypTech: More Assured, Open Source, Hardware Security Modules
Speaker
Randy Bush (Internet Initiative Japan Inc.)
Abstract: Recent revelations have called into question the integrity of some of the implementations of basic cryptographic functions and devices used to secure communications on the Internet. There are serious questions about algorithms and about implementations of those algorithms in software and particularly hardware.
The algorithmic issues are in the domain of the heavy math cryptography folk. But we must also deal with the implementation issues. We therefore are embarking on development of an open-source hardware cryptographic engine that meets the needs of high assurance Internet infrastructure systems that use cryptography. The open-source hardware cryptographic engine must be of general use to the broad Internet community, covering needs such as secure email, web, DNS, PKIs, etc.
The intent is that the resulting open-source hardware cryptographic engine can be built by anyone from public hardware specifications and open-source firmware. Anyone can then operate it without fees of any kind.
2013-08-29Cloud computing research activities at Jordan University of Science and Technology
Cloud computing research activities at Jordan University of Science and Technology
Speaker
Yaser Jararweh (Jordan University of Science and Technology)
Abstract: Current challenges of adopting cloud computing by targeted customers present hot research issues for both industrial and academic research communities. These challenges are ranging from efficient cloud resources management, power efficiency, better cloud capabilities utilization, cloud integration with other available technologies, and security.
In this talk, we present our current research activities at Jordan University of Science and Technology to address these issues. More specifically, we will introduce CloudFlow concept as an autonomic power and performance management of cloud resources. Also, our Multithreading based MapReduce solution for big data processing in the cloud. Moreover, we will present our vision of integrating cloud based systems with mobile computing (Mobile Cloud Computing) and with WBANs system. An important part of our work is related to security issues in the cloud, especially for cloud insider attacks, our current activities will be also presented. Finally, we will talk about a set of software tools that we are developing for cloud computing experiments and teaching (TeachCloud, CloudExp, MCCSim).
Abstract: The goal was to create an 6LoWPAN border router on an ARM platform running Linux. In particular this border router allows to connect IEEE 802.15.4 devices to Internet. Some solutions already exist to create such a border router under Linux. However these solutions are generally based on an user space daemon which renders the implementation very specific. This project differs from these solutions and uses the MAC IEEE 802.15.4 and 6LoWPAN subsystem directly from the Linux kernel. The project also comprises the development of a set of tools to ease debugging in an IEEE 802.15.4 Wireless Sensor Networks.
