Método para avaliação de sistema de gerenciamento de redes orientado a eficiência energética. / Method for evaluating network management systems oriented to energy efficiency.

Januário, Guilherme Carvalho

12 February 2014

Funcionalidades de eficiência energética vêm sendo integradas a protocolos e sistemas de gerenciamento de redes. Várias dessas funcionalidades afetam a rede de diferentes modos, acarretando compromissos. Podem afetar a confiabilidade e a disponibilidade da rede ao colocarem equipamentos e enlaces em modo dormente; e podem afetar o tempo de vida dos equipamentos ao alterarem seu modo de utilização. Os resultados da integração dessas funcionalidades à rede podem ser avaliados por emulação, que provê informação sobre como algum mecanismo de roteamento em particular, fruto dessa integração, agiria em diferentes condições de rede. Preparar um ambiente de experimentação que trate das interações entre diferentes funções da rede, considerando as funcionalidades de eficiência energética, traz alguns desafios. Uma combinação de emulação e implementação das principais funcionalidades de eficiência energética provê uma visão mais próxima sobre o que pode ocorrer em implantações reais de sistemas de gerenciamento energeticamente eficiente. Esta dissertação discute (i) como se avaliarem os compromissos existentes no emprego de técnicas de eficiência energética, mostrando também como o tempo de vida de equipamentos pode ser alterado e como a confiabilidade e disponibilidade da rede podem ser degradadas, e discute (ii) requisitos para o desenvolvimento de um ambiente de experimentação para avaliação de tais técnicas. O ambiente é baseado em roteadores implementados por software, para emulação de funcionalidades ainda não disponíveis, mas desejadas, de equipamentos de rede. Após a experimentação do protótipo de um sistema de gerenciamento de redes orientado por política de eficiência energética, aplicam-se os métodos de avaliação dos compromissos ocasionados por este sistema. / Energy efficiency features are being integrated in network protocols and management systems. Many of such features affect the network in different ways, thus yielding tradeoffs. They can affect the reliability and availability of the network when they put devices or links into sleep mode, and they can affect the lifetime of the devices as a result of the new operating pattern. The effects of integrating these features to the network can be assessed through emulation, which can provide insight on how a particular routing mechanism would perform in different network conditions. In addition, building an experimentation environment that is able to comprehensively account for interactions between different network functions taking into account energy efficiency features is challenging. A combination of emulation and implementation of major energy efficiency features provides a view closer to what may happen in a real deployment of energy-efficient management systems. This dissertation discusses (i) how to evaluate the tradeoffs existing between the use of energy-efficiency techniques and the lifetime of devices and with the reliability and availability of the network, and (ii) requirements for the development of a testbed to evaluate such techniques. The testbed is based on software routers, so to emulate future and desired network equipment functionalities. After experiments with the prototype of a sustainability-oriented network management system based on policies, an evaluation about the tradeoffs brought by such system to the network is performed.

Ambiente de experimentação

Availability in networking

Computer networks management

Disponibilidade em redes

Eficiência energética

Energy efficiency

Gerenciamento de redes de computadores

Testbed

Hybrid multicasting using Automatic Multicast Tunnels (AMT)

Alwadani, Dhaifallah

January 2017

Native Multicast plays an important role in distributing and managing delivery of some of the most popular Internet applications, such as IPTV and media delivery. However, due to patchy support and the existence of multiple approaches for Native Multicast, the support for Native Multicast is fragmented into isolated areas termed Multicast Islands. This renders Native Multicast unfit to be used as an Internet wide application. Instead, Application Layer Multicast, which does not have such network requirements but is more expensive in terms of bandwidth and overhead, can be used to connect the native multicast islands. This thesis proposes Opportunistic Native Multicast (ONM) which employs Application LayerMulticast (ALM), on top of a DHT-based P2P overlay network, and Automatic Multicast Tunnelling (AMT) to connect these islands. ALM will be used for discovery and initiating the AMT tunnels. The tunnels will encapsulate the traffic going between islands' Primary Nodes (PNs). AMT was used for its added benefits such as security and being better at traffic shaping and Quality Of Service (QoS). While different approaches for connecting multicast islands exists, the system proposed in the thesis was designed with the following characteristics in mind: scalability, availability, interoperability, self-adaptation and efficiency. Importantly, by utilising AMT tunnels, this approach has unique properties that improve network security and management.

004.6

Método para avaliação de sistema de gerenciamento de redes orientado a eficiência energética. / Method for evaluating network management systems oriented to energy efficiency.

Guilherme Carvalho Januário

12 February 2014

Funcionalidades de eficiência energética vêm sendo integradas a protocolos e sistemas de gerenciamento de redes. Várias dessas funcionalidades afetam a rede de diferentes modos, acarretando compromissos. Podem afetar a confiabilidade e a disponibilidade da rede ao colocarem equipamentos e enlaces em modo dormente; e podem afetar o tempo de vida dos equipamentos ao alterarem seu modo de utilização. Os resultados da integração dessas funcionalidades à rede podem ser avaliados por emulação, que provê informação sobre como algum mecanismo de roteamento em particular, fruto dessa integração, agiria em diferentes condições de rede. Preparar um ambiente de experimentação que trate das interações entre diferentes funções da rede, considerando as funcionalidades de eficiência energética, traz alguns desafios. Uma combinação de emulação e implementação das principais funcionalidades de eficiência energética provê uma visão mais próxima sobre o que pode ocorrer em implantações reais de sistemas de gerenciamento energeticamente eficiente. Esta dissertação discute (i) como se avaliarem os compromissos existentes no emprego de técnicas de eficiência energética, mostrando também como o tempo de vida de equipamentos pode ser alterado e como a confiabilidade e disponibilidade da rede podem ser degradadas, e discute (ii) requisitos para o desenvolvimento de um ambiente de experimentação para avaliação de tais técnicas. O ambiente é baseado em roteadores implementados por software, para emulação de funcionalidades ainda não disponíveis, mas desejadas, de equipamentos de rede. Após a experimentação do protótipo de um sistema de gerenciamento de redes orientado por política de eficiência energética, aplicam-se os métodos de avaliação dos compromissos ocasionados por este sistema. / Energy efficiency features are being integrated in network protocols and management systems. Many of such features affect the network in different ways, thus yielding tradeoffs. They can affect the reliability and availability of the network when they put devices or links into sleep mode, and they can affect the lifetime of the devices as a result of the new operating pattern. The effects of integrating these features to the network can be assessed through emulation, which can provide insight on how a particular routing mechanism would perform in different network conditions. In addition, building an experimentation environment that is able to comprehensively account for interactions between different network functions taking into account energy efficiency features is challenging. A combination of emulation and implementation of major energy efficiency features provides a view closer to what may happen in a real deployment of energy-efficient management systems. This dissertation discusses (i) how to evaluate the tradeoffs existing between the use of energy-efficiency techniques and the lifetime of devices and with the reliability and availability of the network, and (ii) requirements for the development of a testbed to evaluate such techniques. The testbed is based on software routers, so to emulate future and desired network equipment functionalities. After experiments with the prototype of a sustainability-oriented network management system based on policies, an evaluation about the tradeoffs brought by such system to the network is performed.

Ambiente de experimentação

Disponibilidade em redes

Eficiência energética

Gerenciamento de redes de computadores

Availability in networking

Computer networks management

Energy efficiency

Testbed

Integer programming approaches to networks with equal-split restrictions

Parmar, Amandeep

09 May 2007

In this thesis we develop integer programming approaches for solving network flow problems with equal-split restrictions. Such problems arise in traffic engineering of internet protocol networks. Equal-split structure is used in protocols like OSPF and IS-IS that allow flow to be split among the multiple shortest paths. Equal-split assumptions also arise in peer-to-peer networks and road optimization problems. All the previous work on this problem has been focused on developing heuristic methods for the specific applications. We are the first ones to study the problem as a general network flow problem and provide a polyhedral study. First we consider a general multi-commodity network flow problem with equal split restrictions. This problem is NP-hard in general. We perform a polyhedral study on mixed integer linear programming formulation for this problem. Valid inequalities are obtained, and are incorporated within a branch-and-cut framework to solve the problem. We provide fast separation schemes for most of the families of valid inequalities. Computational results are presented to show the effectiveness of cutting plane families. Next, we consider the OSPF weight setting problem. We propose an integer programming formulation for this problem. A decomposition based approach to solve the problem is presented next. Valid inequalities, exploiting the structure, are obtained for this problem. We also propose heuristic methods to get good starting solutions for the problem. The proposed cutting planes and heuristic methods are integrated within a branch-and-cut framework to solve the problem. We present computational experiments that demonstrate the effectiveness of our approach to obtain solutions with tight optimality gaps as compared with default CPLEX. Finally, we consider an equal split flow problem on bipartite graphs. We present an integer programming formulation for this problem that models the equal-split in a different way than the multi-commodity network flow problem discussed before. Valid inequalities and heuristic methods for this problem are proposed, and are integrated within the branch-and-cut framework. We present computational experiments demonstrating the effectiveness of our solution strategy. We present an alternate formulation for the problem with some favorable polyhedral properties. Lastly, a computational comparison between the two formulations is presented.

Branch-and-cut

School districting

OSPF

Network flow

Equal-split

Integer programming

Computer networks Management

Network analysis (Planning)

Integer programming

Combinatorial optimization

Flexible access control for campus and enterprise networks

Nayak, Ankur Kumar

07 April 2010

We consider the problem of designing enterprise network security systems which are easy to manage, robust and flexible. This problem is challenging. Today, most approaches rely on host security, middleboxes, and complex interactions between many protocols. To solve this problem, we explore how new programmable networking paradigms can facilitate fine-grained network control. We present Resonance, a system for securing enterprise networks , where the network elements themselves en- force dynamic access control policies through state changes based on both flow-level information and real-time alerts. Resonance uses programmable switches to manipulate traffic at lower layers; these switches take actions (e.g., dropping or redirecting traffic) to enforce high-level security policies based on input from both higher-level security boxes and distributed monitoring and inference systems. Using our approach, administrators can create security applications by first identifying a state machine to represent different policy changes and then, translating these states into actual network policies. Earlier approaches in this direction (e.g., Ethane, Sane) have remained low-level requiring policies to be written in languages which are too detailed and are difficult for regular users and administrators to comprehend. As a result, significant effort is needed to package policies, events and network devices into a high-level application. Resonance abstracts out all the details through its state-machine based policy specification framework and presents security functions which are close to the end system and hence, more tractable. To demonstrate how well Resonance can be applied to existing systems, we consider two use cases. First relates to "Network Admission Control" problem. Georgia Tech dormitories currently use a system called START (Scanning Technology for Automated Registration, Repair, and Response Tasks) to authenticate and secure new hosts entering the network [23]. START uses a VLAN-based approach to isolate new hosts from authenticated hosts, along with a series of network device interactions. VLANs are notoriously difficult to use, requiring much hand-holding and manual configuration. Our interactions with the dorm network administrators have revealed that this existing system is not only difficult to manage and scale but also inflexible, allowing only coarse-grained access control. We implemented START by expressing its functions in the Resonance framework. The current system is deployed across three buildings in Georgia Tech with both wired as well as wireless connectivities. We present an evaluation of our system's scalability and performance. We consider dynamic rate limiting as the second use case for Resonance. We show how a network policy that relies on rate limiting and traffic shaping can easily be implemented using only a few state transitions. We plan to expand our deployment to more users and buildings and support more complex policies as an extension to our ongoing work. Main contributions of this thesis include design and implementation of a flexible access control model, evaluation studies of our system's scalability and performance, and a campus-wide testbed setup with a working version of Resonance running. Our preliminary evaluations suggest that Resonance is scalable and can be potentially deployed in production networks. Our work can provide a good platform for more advanced and powerful security techniques for enterprise networks.

Access control

Security

Enterprise networks

Programmable networks

Computer networks Security measures

Computer networks Management

Computer networks

Local area networks (Computer networks)

Supporting system deployment decisions in public clouds

Khajeh-Hosseini, Ali

January 2013

Decisions to deploy IT systems on public Infrastructure-as-a-Service clouds can be complicated as evaluating the benefits, risks and costs of using such clouds is not straightforward. The aim of this project was to investigate the challenges that enterprises face when making system deployment decisions in public clouds, and to develop vendor-neutral tools to inform decision makers during this process. Three tools were developed to support decision makers: 1. Cloud Suitability Checklist: a simple list of questions to provide a rapid assessment of the suitability of public IaaS clouds for a specific IT system. 2. Benefits and Risks Assessment tool: a spreadsheet that includes the general benefits and risks of using public clouds; this provides a starting point for risk assessment and helps organisations start discussions about cloud adoption. 3. Elastic Cost Modelling: a tool that enables decision makers to model their system deployment options in public clouds and forecast their costs. These three tools collectively enable decision makers to investigate the benefits, risks and costs of using public clouds, and effectively support them in making system deployment decisions. Data was collected from five case studies and hundreds of users to evaluate the effectiveness of the tools. This data showed that the cost effectiveness of using public clouds is situation dependent rather than universally less expensive than traditional forms of IT provisioning. Running systems on the cloud using a traditional 'always on' approach can be less cost effective than on-premise servers, and the elastic nature of the cloud has to be considered if costs are to be reduced. Decision makers have to model the variations in resource usage and their systems' deployment options to obtain accurate cost estimates. Performing upfront cost modelling is beneficial as there can be significant cost differences between different cloud providers, and different deployment options within a single cloud. During such modelling exercises, the variations in a system's load (over time) must be taken into account to produce more accurate cost estimates, and the notion of elasticity patterns that is presented in this thesis provides one simple way to do this.

004.67

Investigating the viability of a framework for small scale, easily deployable and extensible hotspot management systems

Thinyane, Mamello P

January 2006

The proliferation of PALs (Public Access Locations) is fuelling the development of new standards, protocols, services, and applications for WLANs (Wireless Local Area Networks). PALs are set up at public locations to meet continually changing, multiservice, multi-protocol user requirements. This research investigates the essential infrastructural requirements that will enable further proliferation of PALs, and consequently facilitate ubiquitous computing. Based on these requirements, an extensible architectural framework for PAL management systems that inherently facilitates the provisioning of multiple services and multiple protocols on PALs is derived. The ensuing framework, which is called Xobogel, is based on the microkernel architectural pattern, and the IPDR (Internet Protocol Data Record) specification. Xobogel takes into consideration and supports the implementation of diverse business models for PALs, in respect of distinct environmental factors. It also facilitates next-generation network service usage accounting through a simple, flexible, and extensible XML based usage record. The framework is subsequently validated for service element extensibility and simplicity through the design, implementation, and experimental deployment of SEHS (Small Extensible Hotspot System), a system based on the framework. The robustness and scalability of the framework is observed to be sufficient for SMME deployment, withstanding the stress testing experiments performed on SEHS. The range of service element and charging modules implemented confirm an acceptable level of flexibility and extensibility within the framework.

Local area networks (Computer networks)

Computer networks -- Management

Computer network architectures

Computer network protocols

Wireless communication systems

XML (Document markup language)

Gerenciamento baseado em modelos da configuração de sistemas de segurança em ambientes de redes complexos / Model-based configuration management of security systems in complex network environments

Pereira, João Porto de Albuquerque

24 May 2006

Orientador: Paulo Licio de Geus / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-07T08:33:59Z (GMT). No. of bitstreams: 1 Pereira_JoaoPortodeAlbuquerque_D.pdf: 3410336 bytes, checksum: b604fcebba7d50ce5939b35de40ce518 (MD5) Previous issue date: 2006 / Resumo: Os mecanismos de segurança empregados em ambientes de redes atuais têm complexidade crescente e o gerenciamento de suas configurações adquire um papel fundamental para proteção desses ambientes. Particularmente em redes de computadores de larga escala, os administradores de segurança se vêem confrontados com o desafio de projetar, implementar, manter e monitorar um elevado número de mecanismos, os quais possuem sintaxes de configuração heterogêneas e complicadas. Uma conseqüência dessa situação é que erros de configuração são causas freqüentes de vulnerabilidades de segurança. O presente trabalho oferece uma sistemática para o gerenciamento da configuração de sistemas de segurança de redes que corresponde especialmente às necessidades dos ambientes complexos encontrados em organizações atuais. A abordagem, construída segundo o paradigma de Gerenciamento Baseado em Modelos, inclui uma técnica de modelagem que trata uniformemente diferentes tipos de mecanismos e permite que o projeto de suas configurações seja executado de forma modular, mediante um modelo orientado a objetos. Esse modelo é segmentado em Subsistemas Abstratos, os quais encerram um grupo de mecanismos de segurança e outras entidades relevantes do sistema ¿ incluindo seus diferentes tipos de mecanismo e as inter-relações recíprocas entre eles. Uma ferramenta de software apóia a abordagem, oferecendo um diagrama para edição de modelos que inclui técnicas de visualização de foco e contexto. Essas técnicas são particularmente adaptadas para cenários de larga escala, possibilitando ao usuário a especificação de certa parte do sistema sem perder de vista o contexto maior no qual essa parte se encaixa. Após a conclusão da modelagem, a ferramenta deriva automaticamente parâmetros de configuração para cada mecanismo de segurança do sistema, em um processo denominado refinamento de políticas. Os principais resultados deste trabalho podem ser sumarizados nos seguintes pontos: (i) uma técnica de modelagem uniforme e escalável para o gerenciamento de sistemas de segurança em ambientes complexos e de larga escala; (ii) um processo para o projeto de configurações apoiado por uma ferramenta que inclui técnicas de foco e contexto para melhor visualização e manipulação de grandes modelos; (iii) uma abordagem formal para a validação do processo de refinamento de políticas / Abstract: The security mechanisms employed in current networked environments are increasingly complex, and their configuration management has an important role for the protection of these environments. Especially in large scale networks, security administrators are faced with the challenge of designing, deploying, maintaining and monitoring a huge number of mechanisms, most of which have complicated and heterogeneous configuration syntaxes. Consequently, configuration errors are nowadays a frequent cause of security vulnerabilities. This work offers an approach to the configuration management of network security systems specially suited to the needs of the complex environments of today¿s organizations. The approach relies upon the Model-Based Management (MBM) paradigm and includes a modelling framework that allows the design of security systems to be performed in a modular fashion, by means of an object-oriented model. This model is segmented into logical units (so-called Abstract Subsystems) that enclose a group of security mechanisms and other relevant system entities, offering a more abstract representation of them. In this manner, the administrator is able to design a security system¿including its different mechanism types and their mutual relations¿by means of an abstract and uniform modelling technique. A software tool supports the approach, offering a diagram editor for models, which includes focus and context visualization techniques. These techniques are particularly suitable to large scale scenarios, enabling a designer to precisely specify a given part of the system without losing the picture of the context to which this part belongs. After the model is complete, the tool automatically derives configuration parameters for each security mechanism in the system, in a process called policy refinement. The major results of this work can be summarised as follows: (i) definition of a uniform and scalable object-oriented modelling framework for the configuration management of large, complex network security systems; (ii) development of a configuration design process assistes by a tool that implements focus and context techniques to improve visualization and manipulation of large models; (iii) a formal validation approach of the policy refinement process / Doutorado / Doutor em Ciência da Computação

Redes de computadores - Gerência

Modelagem de dados

Internet

Computer networks, security measures

Computer networks, management

Data modeling

Internet (Computer networks)

Integrated Network Management Using Extended Blackboard Architecture

Prem Kumar, G

07 1900

No description available.

Computer Networks - Management

Computer Network Architectures

Integrated Network Management (INM)

Extended Blackboard Architecture

Network Fault Management

Security Management

Network Management (NM)

Computer Science

Proposta e validação de nova arquitetura de redes de data center / Proposal and Validation of New Architecture for Data Center Networks

Macapuna, Carlos Alberto Bráz

18 August 2018

Orientadores: Mauricio Ferreira Magalhães; Christian Esteve Rothenberg / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-18T11:07:49Z (GMT). No. of bitstreams: 1 Macapuna_CarlosAlbertoBraz_M.pdf: 1236245 bytes, checksum: a91bba6ee11302ae78b90231dd6c0241 (MD5) Previous issue date: 2011 / Resumo: Assim como as grades computacionais, os centros de dados em nuvem são estruturas de processamento de informações com requisitos de rede bastante exigentes. Esta dissertação contribui para os esforços em redesenhar a arquitetura de centro de dados de próxima geração, propondo um serviço eficaz de encaminhamento de pacotes, que explora a disponibilidade de switches programáveis com base na API OpenFlow. Desta forma, a dissertação descreve e avalia experimentalmente uma nova arquitetura de redes de centro de dados que implementa dois serviços distribuídos e resilientes a falhas que fornecem as informações de diretório e topologia necessárias para codificar aleatoriamente rotas na origem usando filtros de Bloom no cabeçalho dos pacotes. Ao implantar um exército de gerenciadores de Rack atuando como controladores OpenFlow, a arquitetura proposta denominada Switching with in-packet Bloom filters (SiBF) promete escalabilidade, desempenho e tolerância a falhas. O trabalho ainda defende a ideia que o encaminhamento de pacotes pode tornar-se um serviço interno na nuvem e que a sua implementação pode aproveitar as melhores práticas das aplicações em nuvem como, por exemplo, os sistemas de armazenamento distribuído do tipo par <chave,valor>. Além disso, contrapõe-se ao argumento de que o modelo de controle centralizado de redes (OpenFlow) está vinculado a um único ponto de falhas. Isto é obtido através da proposta de uma arquitetura de controle fisicamente distribuída, mas baseada em uma visão centralizada da rede resultando, desta forma, em uma abordagem de controle de rede intermediária, entre totalmente distribuída e centralizada / Abstract: Cloud data centers, like computational Grids, are information processing fabrics with very demanding networking requirements. This work contributes to the efforts in re-architecting next generation data centers by proposing an effective packet forwarding service that exploits the availability of programmable switches based on the OpenFlow API. Thus, the dissertation describes and experimentally evaluates a new architecture for data center networks that implements two distributed and fault-tolerant services that provide the directory and topology information required to encode randomized source routes with in-packet Bloom filters. By deploying an army of Rack Managers acting as OpenFlow controllers, the proposed architecture called Switching with in-packet Bloom filters (SiBF) promises scalability, performance and fault-tolerance. The work also shows that packet forwarding itself may become a cloud internal service implemented by leveraging cloud application best practices such as distributed key-value storage systems. Moreover, the work contributes to demystify the argument that the centralized controller model of OpenFlow networks is prone to a single point of failure and shows that direct network controllers can be physically distributed, yielding thereby an intermediate approach to networking between fully distributed and centralized / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica

Arquitetura de redes de computador

Centros de processamento de dados

Redes de computadores - Gerência

Redes de computadores - Protocolos

Redes de computadores

Computer networks

Architecture of computer networks

Data processing center

Computer networks (Management)

Computer networks - Protocols