Furies provides a control framework for scalable, efficient admission control and traffic policing. Furies leverages the knowledge of traffic demand distributions between ingress-egress pairs and the network topology within an ISP in making admission control decisions. We propose to aggregate admitted flows for policing at edge routers instead of monitoring individual flows. Furies achieves this by assigning a unique flow-identifier to every admitted flow based on its ingress and egress point. As a result, the amount of states maintained by the edge routers can be reduced from O(n) to O(square root(n)), where n is the number of admitted flows, while core routers are stateless. Simulation results show that we can successfully detect a majority (64-83%) of the malicious flows with virtually zero false-alarms without having to keep per-flow state at the edge. Our implementation demonstrates that Furies adds minimal processing overhead to edge routers and can be incrementally deployed.
The lack of a well-studied policy architecture to regulate resource provisioning within large domains or across multiple domains in a scalable manner has motivated our design of a Clearing House (CH) Architecture as an alternative solution. The CH attempts to provide better QoS assurance and higher network utilization, as offered by stateful networks (e.g., Int-Serv), while maintaining the scalability of a stateless network architecture (e.g., Diff-Serv).
Our CH architecture uses a hybrid of a flat and a hierarchical structure. A hierarchical structure helps in distributing the network state information among the various CH-nodes and reduces the amount of states maintained, while a flat structure is helpful for peer-to-peer provisioning across domains. At the top level, our architecture appears flat while the hierarchical structure is associated with large ISPs or ASs. We have also developed a distributed controller that attempts to maximize the effective throughput seen by the entire system and adapts to fluctuating load patterns. The CH-nodes close to the host networks are responsible for performing admission control. The edge routers maintain only aggregated state information about the flows and the core routers are completely stateless. The CH-nodes keep track of the intra- and inter-domain traffic patterns, and adapt aggregate reservations dynamically based on "Gaussian traffic predictors".
Details about the Clearing House design and simulation results are described in the following papers.
Abstract
We have designed a security infrastructure and built a simple
prototype that allows a wireless device such as a cel phone to
interoperate securely with data networks. This would enable a valid
user to use the handset to invoke multi-services such as unlocking an
office door, turning on the lights, sending out emergency messages to
campus police etc.
The required infrastructure would include support for authenticated,
private messages/commands (for instance, voice-recognized key words or
codes keyed into the keypad). Our study is based on GSM networks,
and we address the following security issues:
Abstract
The main aim of the project is to demonstrate the feasibility and
efficiency of providing IP services in UMTS over and IP-based backbone.
As part of the effort, it is important to study the QoS control mechanisms
that can support differentiated services in UMTS, especially for
latency-sensitive applications such as real-time audio and video
conferencing.
Resource reservation is essential for QoS provisioning in the Integrated
Services Packet Networks (ISPNs) that we envision in the future UMTS
networks. We set up a test-bed to evaluate effectiveness of
RSVP-enabled QoS control for real-time traffic over a private subnet.
Our preliminary performance study used both real-time audio/video
streams, and simulated background traffic.
Email chuah at
ece.ucdavis.edu