Bandwidth management and monitoring for IP network traffic : an investigation

Irwin, Barry Vivian William

January 2001

Bandwidth management is a topic which is often discussed, but on which relatively little work has been done with regard to compiling a comprehensive set of techniques and methods for managing traffic on a network. What work has been done has concentrated on higher end networks, rather than the low bandwidth links which are commonly available in South Africa and other areas outside the United States. With more organisations increasingly making use of the Internet on a daily basis, the demand for bandwidth is outstripping the ability of providers to upgrade their infrastructure. This resource is therefore in need of management. In addition, for Internet access to become economically viable for widespread use by schools, NGOs and other academic institutions, the associated costs need to be controlled. Bandwidth management not only impacts on direct cost control, but encompasses the process of engineering a network and network resources in order to ensure the provision of as optimal a service as possible. Included in this is the provision of user education. Software has been developed for the implementation of traffic quotas, dynamic firewalling and visualisation. The research investigates various methods for monitoring and management of IP traffic with particular applicability to low bandwidth links. Several forms of visualisation for the analysis of historical and near-realtime traffic data are also discussed, including the use of three-dimensional landscapes. A number of bandwidth management practices are proposed, and the advantages of their combination, and complementary use are highlighted. By implementing these suggested policies, a holistic approach can be taken to the issue of bandwidth management on Internet links.

TCP/IP (Computer network protocol)

Computer networks

Electronic data processing -- Management

Computer networks -- Management

Securing host and application information in the TCP/IP protocol suite

Boshoff, Paul Marthinus

14 August 2012

M.Sc. / Using the Internet for communication purposes constitutes a high risk, considering the security of such information. The protocol suite used on the Internet is the TCP/IP protocol suite, which consists of the Transmission Control Protocol (TCP) and the Internet Protocol (IP). In a bid to create a basis to support the newly conceptualised ideas, various areas of networking are briefly discussed in this dissertation. The first in this series of areas is that of the OSI layers. This model forms the basis of all networking concepts. The model describes seven layers, of which each performs a certain networking function. The TCP/IP protocol suite fits into this model. Network security and encryption methods are applied and followed to secure information on the Internet. These methods have been used over a long period of time and will also be used to support the newly conceptualised ideas. The main focus of this dissertation falls on the securing of certain parts of the information contained in the headers of both the Transmission Control Protocol (TCP) and the Internet Protocol (IP) in a bid to minimise the amount of data that may be inferred about the communicating parties from these headers. In addition, where multiple routes exist between hosts, the possibility of the deliberate distribution of a single message across these routes is examined. Such distribution will further complicate the task of a hacker attempting to gather information from TCP and IP headers. In addition, such distribution will minimise the possibility that a hacker may assemble a complete message from its constituent parts and that he/she may infer information about the message that cannot be inferred from the isolated parts. The length of a message sent between hosts is one simple example of such information.

TCP/IP (Computer network protocol)

Computer networks

Computer networks -- Security measures

Data encryption (Computer science)

System and Methods for Detecting Unwanted Voice Calls

Kolan, Prakash

12 1900

Voice over IP (VoIP) is a key enabling technology for the migration of circuit-switched PSTN architectures to packet-based IP networks. However, this migration is successful only if the present problems in IP networks are addressed before deploying VoIP infrastructure on a large scale. One of the important issues that the present VoIP networks face is the problem of unwanted calls commonly referred to as SPIT (spam over Internet telephony). Mostly, these SPIT calls are from unknown callers who broadcast unwanted calls. There may be unwanted calls from legitimate and known people too. In this case, the unwantedness depends on social proximity of the communicating parties. For detecting these unwanted calls, I propose a framework that analyzes incoming calls for unwanted behavior. The framework includes a VoIP spam detector (VSD) that analyzes incoming VoIP calls for spam behavior using trust and reputation techniques. The framework also includes a nuisance detector (ND) that proactively infers the nuisance (or reluctance of the end user) to receive incoming calls. This inference is based on past mutual behavior between the calling and the called party (i.e., caller and callee), the callee's presence (mood or state of mind) and tolerance in receiving voice calls from the caller, and the social closeness between the caller and the callee. The VSD and ND learn the behavior of callers over time and estimate the possibility of the call to be unwanted based on predetermined thresholds configured by the callee (or the filter administrators). These threshold values have to be automatically updated for integrating dynamic behavioral changes of the communicating parties. For updating these threshold values, I propose an automatic calibration mechanism using receiver operating characteristics curves (ROC). The VSD and ND use this mechanism for dynamically updating thresholds for optimizing their accuracy of detection. In addition to unwanted calls to the callees in a VoIP network, there can be unwanted traffic coming into a VoIP network that attempts to compromise VoIP network devices. Intelligent hackers can create malicious VoIP traffic for disrupting network activities. Hence, there is a need to frequently monitor the risk levels of critical network infrastructure. Towards realizing this objective, I describe a network level risk management mechanism that prioritizes resources in a VoIP network. The prioritization scheme involves an adaptive re-computation model of risk levels using attack graphs and Bayesian inference techniques. All the above techniques collectively account for a domain-level VoIP security solution.

VoIP

behavior

spam

Internet telephony.

TCP/IP (Computer network protocol)

Digital telephone systems.

A study of user level scheduling and software caching in the educational interactive system

Tsunoda, Kaoru

01 January 1997

No description available.

Teleconferencing in education

Client/server computing

Educational Interactive System (EIS)

TCP/IP (Computer network protocol)

Computer Sciences

Adaptive polling for SNMP protocol

Teng, Un Tung

01 January 1999

No description available.

Computer networks -- Management

Electrical and Computer Engineering

Engineering

A framework for promoting interoperability in a global electronic market-space

Pather, Maree

30 June 2005

The primary contributions to the area of electronic business integration, propounded by this thesis, are (in no particular order):  A novel examination of global Business-to-Business (B2B) interoperability in terms of a "multiplicity paradox" and of a "global electronic market-space" from a Complex Systems Science perspective.  A framework for an, integrated, global electronic market-space, which is based on a hierarchical, incremental, minimalist-business-pattern approach. A Web Services-SOA forms the basis of application-to-application integration within the framework. The framework is founded in a comprehensive study of existing technologies, standards and models for secure interoperability and the SOA paradigm. The Complex Systems Science concepts of "predictable structure" and "structural complexity" are used consistently throughout the progressive formulation of the framework.  A model for a global message handler (including a standards-based message-format) which obviates the common problems implicit in standard SOAP-RPC. It is formulated around the "standardized, common, abstract application interface" critical success factor, deduced from examining existing models. The model can be used in any collaboration context.  An open standards-based security model for the global message handler. Conceptually, the framework comprises the following:  An interoperable standardized message format: a standardized SOAP-envelope with standardized attachments (8-bit binary MIME-serialized XOP packages).  An interoperable standardized message-delivery infrastructure encompassing an RPC-invoked message-handler - a Web service, operating in synchronous and/or asynchronous mode, which relays attachments to service endpoints.  A business information processing infrastructure comprised of: a standardized generic minimalist-business-pattern (simple buying/selling), comprising global pre-specifications for business processes (for example, placing an order), standardized specific atomic business activities (e.g. completing an order-form), a standardized document-set (including, e.g. an order-form) based on standardized metadata (common nomenclature and common semantics used in XSD's, e.g. the order-form), the standardized corresponding choreography for atomic activities (e.g. acknowledgement of receipt of order-form) and service endpoints (based on standardized programming interfaces and virtual methods with customized implementations). / Theoretical Computing / PHD (INFORMATION SYSTEMS)

005.71

Internetworking (Telecommunication)

Electronic commerce--Computer programs

Software engineering

Internet programming

ebXML (Document markup language)

Electronic data interchange

Web services--Computer programs

Electronic data interchange

A framework for promoting interoperability in a global electronic market-space

Pather, Maree

30 June 2005

The primary contributions to the area of electronic business integration, propounded by this thesis, are (in no particular order):  A novel examination of global Business-to-Business (B2B) interoperability in terms of a "multiplicity paradox" and of a "global electronic market-space" from a Complex Systems Science perspective.  A framework for an, integrated, global electronic market-space, which is based on a hierarchical, incremental, minimalist-business-pattern approach. A Web Services-SOA forms the basis of application-to-application integration within the framework. The framework is founded in a comprehensive study of existing technologies, standards and models for secure interoperability and the SOA paradigm. The Complex Systems Science concepts of "predictable structure" and "structural complexity" are used consistently throughout the progressive formulation of the framework.  A model for a global message handler (including a standards-based message-format) which obviates the common problems implicit in standard SOAP-RPC. It is formulated around the "standardized, common, abstract application interface" critical success factor, deduced from examining existing models. The model can be used in any collaboration context.  An open standards-based security model for the global message handler. Conceptually, the framework comprises the following:  An interoperable standardized message format: a standardized SOAP-envelope with standardized attachments (8-bit binary MIME-serialized XOP packages).  An interoperable standardized message-delivery infrastructure encompassing an RPC-invoked message-handler - a Web service, operating in synchronous and/or asynchronous mode, which relays attachments to service endpoints.  A business information processing infrastructure comprised of: a standardized generic minimalist-business-pattern (simple buying/selling), comprising global pre-specifications for business processes (for example, placing an order), standardized specific atomic business activities (e.g. completing an order-form), a standardized document-set (including, e.g. an order-form) based on standardized metadata (common nomenclature and common semantics used in XSD's, e.g. the order-form), the standardized corresponding choreography for atomic activities (e.g. acknowledgement of receipt of order-form) and service endpoints (based on standardized programming interfaces and virtual methods with customized implementations). / Theoretical Computing / PHD (INFORMATION SYSTEMS)

005.71

Internetworking (Telecommunication)

Electronic commerce--Computer programs

Software engineering

Internet programming

ebXML (Document markup language)

Electronic data interchange

Web services--Computer programs

Electronic data interchange

Analytic models of TCP performance

Kassa, Debassey Fesehaye

10 1900

Thesis (MSc)--University of Stellenbosch, 2005. / ENGLISH ABSTRACT: The majority of tra c on the Internet uses the Transmission Control Protocol (TCP) as a transport layer protocol for the end-to-end control of information transfer. Measurement, simulation and analytical models are the techniques and tools that can be used to understand and investigate the Internet and its performance. Measurements can only be used to explore existing network scenario or otherwise become costly and in exible with the growth and complexity of the Internet. Simulation models do not scale with the growth of network capacities and the number of users. Computationally e cient analytical models are therefore important tools for investigating, designing, dimensioning and planning IP (Internet Protocol) networks. Existing analytical models of TCP performance are either too simple to capture the internal dynamics of TCP or are too complex to be used to analyze realistic network topologies with several bottleneck links. The literature shows that the xed point algorithm (FPA) is a very useful way of solving analytical models of Internet performance. This thesis presents fast and accurate analytical models of TCP performance with the FPA used to solve them. Apart from what is observed in experimental literature, no comprehensive proof of the convergence and uniqueness of the FPA is given. In this thesis we show how the FPA of analytical models of reliable Internet protocols such as TCP converges to a unique xed point. The thesis speci es the conditions necessary in order to use the FPA for solving analytical models of reliable Internet protocols. We also develop a general implementation algorithm of the FPA of analytical models of TCP performance for realistic and arbitrary network topologies involving heterogenous TCP connections crossing many bottleneck links. The models presented in this thesis give Internet performance metrics, assuming that only basic network parameters such as the network topology, the number of TCP connections, link capacity, distance between network nodes and router bu er sizes are known. To obtain the performance metrics, TCP and network sub{models are used. A closed network of :=G=1 queues is used to develop each TCP sub-model where each queue represents a state of a TCP connection. An M=M=1=K queue is used for each network sub{model which represents the output interface of an IP router with a bu er capacity of K 􀀀��������1 packets. The two sub-models are iteratively solved. We also give closed form expressions for important TCP performance values and distributions. We show how the geometric, bounded geometric and truncated geometric distributions can be used to model reliable protocols such as TCP. We give models of the congestion window cwnd size distribution by conditioning on the slow start threshold ssthresh distribution and vice-versa. We also present models of the probabilities of TCP timeout and triple duplicate ACK receptions. Numerical results based on comparisons against ns2 simulations show that our models are more accurate, simpler and computationally more e cient than another well known TCP model. Our models can therefore be used to rapidly analyze network topologies with several bottlenecks and obtain detailed performance metrics. / AFRIKAANSE OPSOMMING: Die meerderheid van die verkeer op die Internet gebruik die Transmission Control Protocol (TCP) as `n vervoer laag protokol vir die einde-tot-einde kontrole van inligting oordrag. Meting, simulasie en analitiese modelle is die tegnieke en gereedskap wat gebruik kan word om die Internet te ondersoek en verstaan. Meting kan slegs gebruik word om bestaande netwerke scenarios te verken. Meting is duur en onbuigsaam met die groei en samegesteldheid van die Internet. Simulasie modelle skaal nie met die groei van netwerk kapasiteit en gebruikers nie. Analitiese modelle wat berekening e ektief is is dus nodige gereedskap vir die ondersoek, ontwerp, afmeting en beplanning van IP (Internet Protocol) netwerke. Bestaande analitiese TCP modelle is of te eenvoudig om die interne dinamiek van die TCP saam te vat of hulle is te ingewikkeld om realistiese netwerk topologie met heelwat bottelnek skakels te analiseer. Literatuur toon dat die xed point algorithm (FPA) baie handig is vir die oplos van analitiese modelle van Internet verrigting. In hierdie tesis word vinnige en akkurate analitiese modelle van TCP verrigting opgelos deur FPA weergegee. Buiten wat deur eksperimentele literatuur aangedui word is daar geen omvattende bewyse van die konvergensie en uniekheid van die FPA nie. In hierdie tesis word aangedui hoe die FPA van analitiese modelle van betroubare Internet protokolle soos die TCP konvergeer na `n unieke vaste punt. Hierdie tesis spesi seer die voorwaardes benodig om die FPA te gebruik vir die oplos van analitiese modelle van realistiese Internet protokolle. `n Algemene uitvoer algoritme van die FPA van analitiese modelle van TCP vir realistiese en arbitr^ere netwerk topogra e insluitende heterogene TCP konneksies oor baie bottelnek skakels is ontwikkel. Die model in hierdie tesis gee Internet verrigting metodes met die aanname dat slegs basiese netwerk parameters soos netwerk topologie, die aantal TCP konneksies, die konneksie kapasiteit, afstand tussen netwerk nodusse en die roete bu er grotes bekend is. Om die verrigting metodes te verkry, word TCP en netwerk sub-modelle gebruik. `n Geslote netwerk van :=G=1 rye is gebruik om elke TCP sub-model, waar elke ry 'n toestand van `n TCP konneksie voorstel, te ontwikkel. `n M=M=1=K ry is gebruik vir elke netwerk sub-model wat die uitset koppelvlak van `n IP roetemaker met `n bu er kapasiteit van K 􀀀������� 1 pakkies voorstel. Die twee submodelle word iteratief opgelos. Geslote vorm uitdrukkings vir belangrike TCP verrigting waardes en verspreidings word gegee. Daar word getoon hoe geometriese, begrensde geometriese en geknotte geometriese verspreidings gebruik kan word om betroubare protokolle soos die TCP te modelleer. Modelle van die kongestie venster cwnd grootte verspreiding word gegee deur die kondisionering van die stadige aanvang drempel ssthresh verspreiding en andersom. Modelle van die voorspelling van TCP tyduit en trippel duplikaat ACK resepsie word weergegee. Numeriese resultate gebaseer op vergelykings met ns2 simulasies wys dat ons modelle meer akkuraat, eenvoudiger en berekeningsgewys meer e ektief is as ander wel bekende TCP modelle. Ons modelle kan dus gebruik word vir vinnig analise van netwerk topologie met verskeie bottelnekke en om gedetailleerde verrigting metodes te bekom.

TCP/IP (Computer network protocol)

Fixed point theory

Network performance (Telecommunication)

Algorithms

Theses -- Computer science

Dissertations -- Computer science

QUIC-TCP: validation of QUIC-TCP through network simulations

Unknown Date

The scalability of QUIC-TCP was examined by expanding previous developmental 11-node, 4-flow topology to over 30 nodes with 11 flows to validate QUIC-TCP for larger networks. The topology was simulated using ns-2 network simulator with the same ns-2 module of FAST-TCP modified to produce QUIC-TCP agent that the original development used. A symmetrical topology and a random topology were examined. Fairness, aggregate throughput and the object of the utility function were used as validation criteria. It was shown through simulation that QUICTCP optimized the utility function and demonstrated a good balance between aggregate throughput and fairness; therefore QUIC-TCP is indeed scalable to larger networks. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2013.

Ad hoc networks (computer networks)

Embedded computer systems -- Programming

QUIC TCP (Computer network protocol)

Wireless communication systems

Implementation of an Available Bit Rate Service for Satellite IP Networks using a Performance Enhancing Proxy

Reddy, Pavan K

29 April 2004

The transport control protocol (TCP) is one of the most heavily used protocols on the Internet, offering a reliable, connection oriented transport service. However, the quality of service (QoS) provided by the TCP protocol deteriorates when it is used over satellite IP networks. With the increased usage of Internet applications by the military in remote geographical regions, there is an increased need to address some of the shortcomings of TCP performance in satellite IP networks. In this research we describe our efforts at designing and testing a performance enhancing proxy (PEP) that can be used improve the QoS provided by the TCP service in large latency networks. We also show how one can use such a proxy to create a new transport service similar to the Available Bit Rate (ABR) service provided by ATM networks without needing ATM infrastructure, this new service offers a connection oriented, reliable, best effort transport service with minimal queuing delay, jitter and throughput variation.

Performance Enhancing Proxy

ABR

IP

Satellite

QoS

TCP

TCP/IP (Computer network protocol)

Quality control

Satellite transport protocol