Traffic measurement is a critical component for the control and engineering of communication networks. We argue that traffic measurement should make it possible to obtain the spatial flow of traffic through the domain, i.e., the paths followed by packets between any ingress and egress point of the domain. Most resource allocation and capacity planning tasks can benefit from such information. Also, traffic measurements should be obtained without a routing model and without knowledge of network state. This allows the traffic measurement process to be resilient to network failures and state uncertainty. We propose a method that allows the direct inference of traffic flows through a domain by observing the trajectories of a subset of all packets traversing the network. The key advantages of the method are that (i) it does not rely on routing state, (ii) its implementation cost is small, and (iii) the measurement reporting traffic is modest and can be controlled precisely. The key idea of the method is to sample packets based on a hash function computed over the packet content. Using the same hash function will yield the same sample set of packets in the entire domain, and enables us to reconstruct packet trajectories. I.

This paper presents a decentralized auction-based approach to pricing of edge-allocated bandwidth in a differentiated services Internet. The players in our network economy model are one raw-capacity seller per network, one broker per service per network, and users, to play the roles of whole-sellers, retailers, and end-buyers, respectively, in a two-tier wholeseller/retailer market, which is best interpreted as a "sender-pay" model. With the progressive second price auction mechanism as the basic building block, we conduct a game theoretic analysis, deriving optimal strategies for buyers and brokers, and show the existence of networkwide market equilibria.

Abstract. This paper presents techniques for designing pattern matching circuits for complex regular expressions, such as those found in network intrusion detection patterns. We have developed a pattern-matching coprocessor that supports all the pattern matching functions of the Snort rule language [3]. In order to achieve maximum pattern capacity and throughput, the design focuses on minimizing circuit area while maintaining high clock speed. Using our approach, we are able to store the entire current Snort rule database consisting of over 1,500 rules and 17,000 characters into a single onemillion-gate FPGA while comparing all patterns against traffic at gigabit rates. 1

The current generation of centralized network intrusion detection systems (NIDS) have various limitations on their performance and effectiveness. In this paper, we argue that intrusion detection analysis should be distributed to network node IDS (NNIDS) running in hardware on the end hosts. An NNIDS can unambiguously inspect traffic to and from the host, and when implemented on the network interface hardware, can function independently of the host operating system to provide better protection with less overhead than software implementations. We discuss the computation and communication characteristics of typical software intrusion detection analysis tasks. Then, we describe our efforts in mapping these tasks to a hardware platform using COTS components including Intel IXP network processors and Xilinx Virtex FPGAs. We report the performance of our prototype NNIDS implementation and provide analysis on how the network processor architecture affects the performance. Our results show that the NNIDS can achieve high performance with a pipeline of processing stages and careful allocation of tasks to the most appropriate hardware resources. 1.

Large, Petabyte-scale data stores need detailed design considerations about distributing and replicating particular parts of the data store in a cost-effective way. Technical issues need to be analysed and, based on these constraints, an optimisation problem can be formulated. In this paper we provide a novel cost model for building a world-wide distributed Petabyte data store which will be in place starting from 2005 at CERN and its collaborating, world-wide distributed institutes. We will elaborate on a framework for assessing potential system costs and influences which are essential for the design of the data store. 1 Introduction With the growth of the Internet in the last couple of years and expanding technologies in database research, data warehousing, networking and data storage, large distributed data stores with data amounts in the range of Petabytes are emerging [16]. Not only the choice of the optimal data storage system (relational or object-oriented databases, flat files...

The global information service in the Internet is a heterogeneous and rapidly evolving environment. Constantly, new information services are added, others are modified, removed or in fault, making it more and more intractable to maintain a coherent image of the information environment. Moreover, users ’ interests and demands for information services are rapidly changing. In this paper we propose the concept of an Autonomous Community Information System (ACIS) to meet the users ’ requirements and guarantees the evolution and continuity of the information systems. It allows individual end-users (community members) to communicate directly with one another and share information without relying on any centralized authorities to organize the network. Moreover, it does not load up any single node excessively. For an efficient communication among the community members, we propose an autonomous decentralized community construction technique. It makes hotspots in the community network very improbably and satisfies the fairness by distributing the network traffic evenly among the community members. In addition, it is highly scalable because the complexity of this technique at each node grows logarithmically with the number of the community members. 1.

The flexibility to adapt to new services and protocols without changes in the underlying hardware is and will increasingly be a key requirement for advanced networks. Introducing a processing component into the data path of routers and implementing packet processing in software provides this ability. In such a programmable router, a powerful processing infrastructure is necessary to achieve a level of performance that is comparable to custom silicon-based routers and to demonstrate the feasibility of this approach. This work aims at the general design of such programmable routers and, specifically, at the design and performance analysis of the processing subsystem. The necessity of programmable routers is motivated, and a router design is proposed. Based on the design, a general performance model is developed and quantitatively evaluated using a new network processor benchmark. Operational challenges, like scheduling of packets to processing engines, are addressed, and novel algorithms are presented. The results of this work give qualitative and quantitative insights into this new domain that combines issues from networking, computer architecture, and system design.

Autonomous Community Information System (ACIS) is a proposition made to contend with the extreme dynamism in the large-scale information system. ACIS is a decentralized bilateral-hierarchy architecture that forms a community of individual end-users (community members) having the same interests and demands in somewhere, at specified time. It allows the community members to mutually cooperate and share information without loading up any single node excessively. In this paper, an autonomous decentralized community communication technique is proposed to assure a flexible, scalable and a multilateral communication among the community members. The main ideas behind this communication technique are: content-code communication (community service-based) for flexibility and multilateral benefits communication for scalable and productive

The enormous growth and the dynamism of the Internet initiated various new trends that reflects the need for powerful communication methods than the simpler client/server and Peer-to-Peer architecture. Despite their great potential, these systems still lack e#cient data dissemination mechanisms. They deliver the information considering the users' demands regardless of their situations. There is no discernment between di#erences in place and time; users in any situation receive the same contents. However, situation and context-aware dissemination-oriented cooperative services motivate an increasing interest for evolving both the social and economic environments. Therefore, this thesis proposes the following community communication architecture and two community technologies to assure information dissemination by realizing the Timeliness, Scalable online-expansion and Fault-tolerance requirements in the large-scale and dynamic environment. The dissertation proposes an Autonomous Decentralized Community Communication System (ADCCS) and illustrates the concept, system architecture and technology of the ADCCS that permits to e#ciently disseminate data according to the current situations of the system. Considered changing situations are changes of the community members' demands and situations (location, time), and the status of community nodes and logical links. The leading concept of autonomous community communication is the autonomy of the community nodes in recognizing members from non members, organizing the Community Overlay Network (CON ) and achieving an e#cient community communication based on local data, so that self-organized and self-adaptable ADCCS can be procured. Two techniques are proposed to satisfy the requirements mentioned before. First, Service-Oriented mu...

In this dissertation we posit a coherent area of research called Internet Algorithmics. We study a number of different algorithmic problems which are motivated by or are relevant to the various processes which activate the Internet or are activated by it.