There has been an increasing need to make the Internet architecture capable of meeting the diverse service requirements of non-traditional applications such as real-time flows. A framework for efficient and scalable resource provisioning is essential to provide better end-to-end quality-of-service (QoS) support. In this thesis, we propose a QoS-aware control architecture, the Clearing House, to allocate resources within and across multiple domains based on a set of traffic predictors. Our design rationale is influenced by discussions with two major U. S. Internet service providers, and reflects realistic network topology and traffic demand distributions. Two key ideas that contribute to the scalability of our architecture are: aggregation and hierarchical control. In our model, various basic routing domains are aggregated to form logical domains (LDs), which can then be aggregated to form larger LDs and so forth. This introduces a hierarchical tree of the LDs, and a distributed CH architecture is associated with each LD. This hierarchical tree of CH-nodes forms a "virtual overlay network" on top of existing wide-area network topology. The CH performs inter-domain trunk reservations based on Gaussian traffic predictors, and dynamically adapt the allocation to track the aggregate traffic pattern at a larger time-scale.

Within each domain, we propose a framework called Furies to provide scalable traffic policing and admission control. Admission control is necessary for limiting the usage of resources by competing flows, while policing is useful for detecting and penalizing malicious flows (i.e., flows that violate their allocated share of bandwidth). Furies estimates traffic demand distributions between all ingress-egress pairs and uses this knowledge to construct a traffic matrix. The admission threshold is computed based on this traffic matrix and the bandwidth of bottleneck links (determined from underlying routing protocols). We propose to aggregate admitted flows for policing at edge routers instead of monitoring individual flows. Furies achieves this by assigning a unique flow-identifier to every flow based on its ingress and egress point. As a result, the amount of state maintained by edge routers can be reduced from to , where n is the number of admitted flows. We study the architectural, performance and scalability issues of our proposed framework through simulations and lab prototypes. Results show that we can successfully detect a majority (64-83%) of the malicious flows with virtually zero false alarms without having to keep per-flow state at the edge. Our admission policy can achieve 95% utilization level with less than 1% packet loss rate, which is sufficient for most real-time applications.

Preliminary pages: Cover page, abstract, table of contents, acknowledgement, etc. (ps.gz, pdf)

Chapter 1: Introduction. (ps.gz, pdf)

Chapter 2: Related Work. (ps.gz, pdf)

Chapter 3: Methodology. ps.gz, pdf)

Chapter 4: The Clearing House ps.gz, pdf) Architecture.

Chapter 5: Intra- and Inter-Domain Resource Control Mechanisms (ps.gz, pdf)

Chapter 6: Traffic Policing and Malicious Flow Detection (ps.gz, pdf)

Chapter 7: Conclusions and Future Work (ps.gz, pdf)

Bibliography (ps.gz, pdf)

The whole dissertation as a compressed (gzipped) postscript file.