Traffic measurement is a critical component for the control and engineering of communication networks. We argue that traffic measurement should make it possible to obtain the spatial flow of traffic through the domain, i.e., the paths followed by packets between any ingress and egress point of the domain. Most resource allocation and capacity planning tasks can benefit from such information. Also, traffic measurements should be obtained without a routing model and without knowledge of network state. This allows the traffic measurement process to be resilient to network failures and state uncertainty. We propose a method that allows the direct inference of traffic flows through a domain by observing the trajectories of a subset of all packets traversing the network. The key advantages of the method are that (i) it does not rely on routing state, (ii) its implementation cost is small, and (iii) the measurement reporting traffic is modest and can be controlled precisely. The key idea of the method is to sample packets based on a hash function computed over the packet content. Using the same hash function will yield the same sample set of packets in the entire domain, and enables us to reconstruct packet trajectories. I.

We propose a time-scale decomposition approach to measurement-based admission control (MBAC). We identify a critical time-scale T h such that: 1) aggregate traffic fluctuation slower than T h can be tracked by the admission controller and compensated for by flow admissions and departures; 2) fluctuations faster than T h have to be absorbed by reserving spare bandwidth on the link. The critical time-scale is shown to scale as T h = n, where T h is the average flow duration and n is the size of the link in terms of number of flows it can carry. An MBAC design is presented which filters aggregate measurements into low and high frequency components separated at the cutoff frequency 1= T h , using the low frequency component to track slow time-scale traffic fluctuations and the high frequency component to estimate the spare bandwidth needed. Our analysis shows that the scheme achieves high utilization and is robust to traffic heterogeneity, multiple time-scale fluctuations and measurement errors. The scheme uses only measurements of aggregate bandwidth and does not need to keep track of per-flow information.

We propose and develop a novel virtual time reference system as a unifying scheduling framework to provide scalable support for guaranteed services. This virtual time reference system is designed as a conceptual framework upon which guaranteed services can be implemented in a scalable manner using the DiffServ paradigm. The key construct in the proposed virtual time reference system is the notion of packet virtual time stamps, whose computation is core stateless, i.e., no per-flow states are required for its computation. In this paper, we lay the theoretical foundation for the definition and construction of packet virtual time stamps. We describe how per-hop behavior of a core router (or rather its scheduling mechanism) can be characterized via packet virtual time stamps, and based on this characterization, establish end-to-end per-flow delay bounds. Consequently, we demonstrate that, in terms of its ability to support guaranteed services, the proposed virtual time reference system has the same expressive power and generality as the IntServ model. Furthermore, we show that the notion of packet virtual time stamps leads to the design of new core stateless scheduling algorithms, especially work-conserving ones. In addition, our framework does not exclude the use of existing scheduling algorithms such as stateful fair queuing algorithms to support guaranteed services.

As today's network infrastructure continues to grow and Differentiated Services IP backbones are now available to provide various levels of quality of service (QoS) to VPN traffic, the ability to manage increasing network complexity is considered as a crucial factor for QoS enabled VPN solutions. There is growing trend by corporate customers to outsource such complicated management services to Internet Service Providers (ISP) not only to avoid the complexities of VPN establishment and management, but also for economic reasons. In this paper, we present methods to provide end-to-end capacity allocation to VPN connections in a single ISP domain and show the implementation of a Bandwidth Broker managing the outsourced VPNs for corporate customers that have Service Level Agreements (SLAs) with their ISPs. We also present practical configuration examples of commercial routers for enabling QoS enabled VPN tunnels and show how the Bandwidth Broker can dynamically establish tunnels when users...

The main network solutions for supporting QoS rely on traffic policing (conditioning, shaping). In particular, for IP networks the IETF has developed Intserv (individual flows regulated) and Diffserv (only aggregates regulated). The regulator proposed could be based on the (dual) leaky-bucket mechanism. This explains the interest in network element performance (loss, delay) for leaky-bucket regulated traffic. This paper describes a novel approach to the above problem. Explicitly using the correlation structure of the sources' traffic, we derive approximations for both small and large buffers. Importantly, for small (large) buffers the short-term (long-term) correlations are dominant. The large buffer result decomposes the traffic stream in a stream of constant rate and a periodic impulse stream, allowing direct application of the Brownian bridge approximation. Combining the small and large buffer results by a concave majorization, we propose a simple, fast and accurate technique to statistically multiplex homogeneous regulated sources. To address heterogeneous inputs, we present similarly efficient techniques to evaluate the performance of multiple classes of traffic, each with distinct characteristics and QoS requirements. These techniques, applicable under more general conditions, are based on optimal resource (bandwidth and buffer) partitioning. They can also be directly applied to set GPS (Generalized Processor Sharing) weights and buffer thresholds in a shared resource system. Key words---packet networks, policing, admission control, queueing theory, buffer overflow, ATM, IP, Internet, Intserv, Diffserv. I.

One of the key issues in deployment of QoS is determining the set of applications or users, which are allowed to have a preferential access to network resources. The administrative criteria for regulating access to resources constitute the QoS policies. A policy could determine which of the reservation requests in the network be honored during the processing of a signaling protocol such as RSVP, or it could determine the class of applications or users which are to be placed in a specific DiffServ class of service.

Customers of Virtual Private Networks (VPN) over Differentiated Services (Diffserv) infrastructure are most likely to demand not only security but also guaranteed Quality of Service (QoS) as there is a desire to have leased line like services. However, it is expected that they will be unable or unwilling to predict load between VPN endpoints. In this paper, we propose that customers specify their requirements as a range of quantitative service in the Service Level Agreements (SLAs). To support such services ISPs would need to have automated provisioning system that can logically partition the capacity at the edges to various classes (or groups) of VPNs and manage them efficiently to allow resource sharing among the groups in a dynamic and fair manner. While with edge provisioning certain amount of resources based on SLAs (traffic contract at edge) are allocated to VPN connections, we also need to provision the interior nodes of a transit network to meet the assurances offered at the bo...

This paper analyzes a framework to offer reservation of resources and QoS guarantees according to the Resource Reservation Protocol (RSVP) paradigm in a network cloud that supports a differentiated services architecture. The key elements are: intelligent Edge Devices; a flow admission and resource allocation method involving an Admission Control Server; “simple ” core routers based on the differentiated services model. The main functionality of a client/server protocol between the Edge Devices and the Admission Control Server, called Simple Admission Control Protocol, is described. The proposed framework is referred to as

We examine in this paper the tradeoff between application complexity, network complexity, and network efficiency. We argue that the design of the current Internet reflects a tradeoff between lower network complexity (no state in the network, no signalling) and higher application complexity (rate and error control mechanisms to obtain an adaptive application) assuming a unicast service model. For such a service model, a design methodology that leans heavily towards application complexity has proven very successful. However, we also argue that this tradeoff changes radically for a multicast/multilayer service model. There are several reasons for this. First, implementing a multicast/multilayer service requires per-flow state. The incremental cost of deploying a slightly more elaborate service model that takes into account flow dependence is much smaller than in the case of unicast. Second, several end-to-end functions, such as channel estimation and error control, are considerably more ...

The ability to rapidly create and deploy new network services and architectures in response to new user demands is a driving force behind the emergence of programmable networks. The goal of open network control is being addressed in the IEEE P1520 Working Group (http://www.ieee-pin.org/) through the definition of a set of open network programming interfaces for networks. In this paper, we discuss a set of open programmable interfaces for IP-based router and switch networks. These open interfaces allow service providers to manipulate the state of the network through high-level languages and abstractions in order to construct and manage new network services with quality of service support. Keywords: Open Programmable Routers, Router Interfaces, Differentiated Services 1