Yu-Chung Cheng - Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis
The combination of unlicensed spectrum, cheap wireless interfaces and the inherent convenience of untethered computing has made 802.11-based networks ubiquitous in the enterprise. Modern universities, corporate campuses and government offices routinely deploy scores of access points to blanket their sites with wireless Internet access. However, while the fine-grained behavior of the 802.11 protocol itself has been well studied, our understanding of how large 802.11 networks behave in their full empirical complexity is surprisingly limited. In this paper, we present a system called Jigsaw that uses multiple monitors to provide a single unified view of all physical, link, network and transport-layer activity on an 802.11 network. To drive this analysis, we have deployed an infrastructure of over 170 radio monitors that simultaneously capture all 802.11b and 802.11g activity in a large university building (1M+ cubic feet). We describe the challenges posed by both the scale and ambiguity inherent in such an architecture, and explain the algorithms and inference techniques we developed to address them.
So far, we have used Jigsaw's global cross layer viewpoint to resolve wireless problem tickets and isolate performance artifacts , both explicit, such as management inefficiencies, and implicit, such as co-channel interference. Surprisingly many wireless problems involve the wired infrastructure such as DoS attacks by mis-behaving clients. Others include microwave interferences, slow 802.11 roaming, access points bugs, etc. We believe this is the first analysis combining this scale and level of detail for a real production network.
More at http://wireless.ucsdsys.net
Ranveer Chandra, Venkat Padmanabhan, Ming Zhang - WiFiProfiler: Cooperative Diagnosis in Wireless LANs
While 802.11-based wireless hotspots are proliferating, users often have little recourse when the network does not work or performs poorly for them. They are left trying to manually debug the problem, which can be a frustrating and disruptive process. The users' troubles are compounded by the absence of network administrators or an IT department to turn to in many 802.11 hotspot settings (e.g., cafes, airports, conferences).
We present WiFiProfiler, a system in which wireless hosts cooperate to diagnose and possibly resolve network problems in an automated manner, without requiring any infrastructural support. The key observation is that even if a host's wireless link to an access point is not working, the host is often within the range of other wireless nodes and is in a position to communicate with them (a little) peer-to-peer. We leverage this ability to create a shared information plane, which enables wireless hosts to exchange a range of information about their network settings and the health of their network connectivity. By aggregating and correlating such information across multiple wireless hosts, we infer the likely cause of the problem. Our implementation on Windows XP shows that WiFiProfiler is effective in diagnosing a range of problems and imposes a low overhead on the participating hosts.
Dave Thaler, Tin Qian - Network Diagnostics in Windows Vista
Computer networking has become increasingly important and pervasive in people’s daily life. On the other hand, the networks are getting more and more complex in terms of the size and topology, the mix of technology involved, and the number of applications/services supported. How to make networking a reliable and painless experience for 300+ million windows users has become a pressing yet extremely challenging task. Windows Vista introduces an innovative network diagnostics framework that provides an extensible diagnostics platform aiming at helping non-technical windows users’ trouble shooting network problems in an intuitive and interactive fashion. It defines a general trouble shooting programming model for integrates various trouble-shooting logics for different network components. To support a simple and intuitive user experience, it focuses on in-context diagnosis where the trouble-shooting process is done interactively within the context of user’s network usage. Moreover, computer networking is an area where rapid technology advancement is being made constantly. To effectively cope with the ever changing network issues, the network diagnostics framework in Vista incorporates a full feedback mechanism via SQM/WER to help quickly identifying and responding to new top network pain areas. Its built-in extensibility model also enable 3rd IHVs/ISVs to provide trouble-shooting value-adds seamlessly to the windows diagnostics experience.
Hitesh Ballani, Paul Francis - CONMan: Taking the complexity out of Network Management
Network management is difficult, costly, and error prone, and this is becoming more so as the network complexity increases. We argue that this is an outcome of two fundamental ﬂaws in the existing architecture: the management plane depends on the data plane and the complexity of the ever-evolving data plane en- cumbers the management plane. Consequently, addressing these flaws can make the network amenable to management.
We present Complexity Oblivious Network Management (CONMan), a network architecture in which the management plane does not depend on the data plane and all data plane protocols expose a generic management interface. This restricts the operational complexity of protocols to their implementation and allows the management plane to achieve high level policies in a structured fashion. Our preliminary experience with building the CONMan interface of a couple of protocols and using them for real world management tasks indicates the architecture’s potential to alleviate the management troubles of the Internet.
Eric Rozner, Yogita Mehta, Aditya Akella, Lili Qiu - Traffic-Aware Channel Assignment in Wireless LANs
The importance of channel assignment in wireless LANs has been long recognized and has attracted significant research attention. Despite much recent progress, several important challenges still remain: First, what is the right "performance metric" to optimize for? Most existing approaches to channel assignment try to minimize the number of mutually-interfering APs. However it is not clear if this metric accurately reflects client performance. Second, to what extent is the quality of channel assignment improved by incorporating the observed traffic demands at APs and clients? Recent work in IP traffic engineering has shed light on the tremendous effectiveness of using traffic demands in network engineering decisions. However, to date, no approach to channel assignment has taken traffic demands into account.
In this work, we conduct simulations over publicly-available wireless traffic traces, to study the relative efficacy of different optimization metrics in tracking client performance. We show that being "traffic-aware" could substantially improve the overall quality of a channel assignment, irrespective of the metric employed. We also examine the effect of incomplete traffic information on the quality of a channel assignment. Finally, we develop and evaluate a preliminary set of practical traffic-aware assignment algorithms that predict future demands based on historical information and use the predicted demands for assigning channels.
Hemant Rokesh, Hui Zhang - 4D on NetFPGA
The project aims to demonstrate how 4D can be used to effectively manage data networks. The low cost NetFPGA platform is used to build an experimental network that is configured, controlled and managed as per the 4D architecture.
The 4D architecture is a clean slate approach to network control. It is guided by the following three principles: Network-level objectives, network-wide views, direct control. 4D realizes these principles by decomposing the functions of network control into 4 planes. A decision plane that is responsible for creating a network configuration (e.g. computing FIBs for each router in the network); a dissemination plane that gathers information about network state (e.g. link up/down information) to the decision plane, and distributes decision plane output to routers; a discovery plane that enables devices to discover their directly connected neighbors; and a data plane for forwarding network traffic.
In this project we want to explore the practical difficulties and implementation specific challenges that arise in using 4D to control real network devices. A few aspects we are interested in looking into are-
(a.) How quickly does 4D react to link and device failures in practice
(b.) Can 4D implement advanced functionalities (like FRR, VLANs) in the data-plane when traffic is injected at full line-rate
(c.) How effective is 4D in controlling heterogeneous (IP plus Ethernet)
(d.) Is the 4D architecture/interfaces simple enough to be implemented on low-cost memory constrained switches?
For addressing these issues, we wish to build and deploy the 4D NetFPGA infrastructure in a real network like a data-center.
Ratul Mahajan - Wit: Analyzing the MAC-level Behavior of Wireless Networks in the Wild
Wit is a tool to understand the detailed MAC-level behavior of wireless networks. It takes as input data that is acquired only through passive sniffing, and so can be used to evaluate live systems. Wit is based on several novel techniques. A robust merging technology combines the inevitably incomplete views of individual sniffers into a single, more complete trace of wireless activity. An inference engine based on formal language methods fills in still missing packets and annotates each packet with information, such as whether it was received by its intended recipient. This annotated data enables several new kinds of analyses. We have devised, for instance, a technique to estimate the number of stations competing for the medium at each moment.
We have used Wit over multi-sniffer traces collected at a well-attended academic conference to understand how 802.11 performs in such deployments. We uncovered several MAC-layer characteristics, which to our knowledge, cannot be inferred using other currently available techniques. We find transmissions from clients to APs were usually more reliable than those in the other direction. The network was dominated by periods of low contention even during busy periods of the day. The medium utilization was highly inefficient in the common case of low contention, but network performance did not degrade during periods of high contention.
Changhoon Kim, Jennifer Rexford - Joint Analysis of Layer-2 and Layer-3 Configuration in Enterprise Networks
Managing enterprise networks is challenging because of the complex interaction between IP and the underlying layer-2 technologies. For example, many enterprises make heavy use of virtual LANs (VLANs) to contain broadcast traffic and apply access-control policies. A single VLAN may span multiple physical links, and a single physical link may carry traffic for multiple VLANs, making it difficult to study an individual VLAN or link in isolation. In addition, middleboxes, such as firewalls and traffic shapers, may transparently drop or delay traffic based on fields in the IP packet header, which can blur the symptoms and origins of a problem. Understanding both the layer-2 and layer-3 configuration of an enterprise network is crucial for detecting, diagnosing, and fixing performance and reachability problems.
Despite years of research on inferring network topologies and diagnosing performance problems in backbone networks, the unique challenges introduced by layer-2 technologies in enterprise networks have received limited attention. The goal of our research is to create techniques for diagnosing cross-layer problems in enterprise networks. Initially, we focus on "white-box" approaches where we jointly analyze the configuration of layer-2 devices (such as switches and middleboxes) and the routers in operational networks. First, we plan to characterize the use of VLANs in several operational networks, using the Princeton campus network and our department's network as a starting point. Moving beyond characterization, we hope to create analysis techniques for identifying configuration mistakes and inefficient mappings between the layer-3 and layer-2 topologies. Then, we plan to join the configuration data with traffic and performance measurements to guide the detection and diagnosis of problems.
Paul Barham, Moises Goldszmidt, Rebecca Isaacs, John MacCormick, Richard Mortier - Constellation: an Application-level Traceroute
Constellation is an infrastructure for distributed anomaly detection and diagnosis. Each host in the constellation constructs a probabilistic model of its own traffic using annotated packet arrival and departure times. When the user, or their agent, notices that something is wrong, the local host performs self-diagnosis before propagating the diagnosis request to its set of “likely suspects”, who in turn repeat the process. This packet-level approach allows detailed inter-service temporal relationships to be captured in the model – for example, the dependency of an email service on an authentication service. Constellation is early work that explores some novel machine learning techniques, and applies them to packet traces containing real-world inter-service dependencies from Microsoft’s corporate network.
Ajay Mahimkar, Jasraj Dange, Vitaly Shmatikov, Harrick M. Vin, Yin Zhang - Transparent Network-based DoS Mitigation
Denial of service (DoS) attacks are a growing threat to the availability of Internet services. We present dFence, a novel DoS mitigation system that is completely transparent to the existing Internet infrastructure and requires no software modification at either routers, or end hosts. The core of dFence is a coalition of network-based, on-demand middleboxes. Middleboxes are introduced into the data path dynamically and transparently via standard intra-ISP routing mechanisms, intercept both directions of IP traffic (to and from attacked hosts), and apply stateful policies to mitigate a broad range of spoofed and unspoofed attacks. We describe the architecture of the middlebox, including defenses against DoS attacks on the middlebox itself, as well as on-demand introduction and removal mechanisms. The implementation is evaluated using a prototype testbed based on Intel IXP network processors.
Measuring and Monitoring Enterprise Networks
Chas DiFatta, Mark Poepping - The Case for Comprehensive Diagnostics
The Internet has achieved great creative success, opening our eyes to radically new communication capabilities and distributed control opportunities. Yet for all the critical and commercial success of the past twenty years, we remain essentially unable to quantify or trace the actions of services and devices on the network. The Internet is a maelstrom of packets and protocols, an infrastructure built to speed it all along to quick completion, but constructed without detailed measures, without consistency of metrics or traces, with no visibility into how it's operating.
When there is a perceived problem with an application or supported service, a diagnostician must have the tools and information at their disposal to pinpoint the problem with reasonable certainty, in hopes of avoiding the problem in the future.
We propose creating a new capability, one to collect, manage, and correlate log and diagnostic event information to not only enable investigation of problems, but that can also support validation of correct operation in complex networked systems. If realized, the resulting capabilities will provide the visibility to understand, control and validate essential operation in the computing environments we increasingly rely upon.
Richard Mortier - Measuring and Monitoring Microsoft’s Enterprise Network
In this talk I will describe some recent work at MSR Cambridge to measure Microsoft's enterprise network as seen from our site. I will describe our collection method, the problems we faced, and the solutions we implemented. I will describe the data we collected, totalling 13TB of network traffic, to give a flavour of the traffic on our enterprise network in aggregate, per-application and per-host. Finally, I will use OSPF data to outline the topological properties of the network in which our site resides. In summary, we find that there is extreme volatility in application traffic both temporally and spatially (i.e. over time and between hosts); the application mix is significantly different to prior studies of Internet backbone traffic and university campus traffic; and the network is quite stable. This was joint work with Rebecca Isaacs and Dinan Gunawardena, with additional analysis from Laurent Massoulie and Peter Key.
David Kotz - Wireless Network Measurement Challenges
Wireless networks, including Wi-Fi infrastructure and mesh networks, are becoming ubiquitous. It is critical to measure these networks to gain a better understanding of the traffic on the networks, the way they are used, and the response of the networks to different traffic patterns. It is also important to monitor operational wireless networks to improve security, capacity planning, and trouble shooting. Wireless networks pose unique challenges to measurement, however. In this talk I survey some of these challenges and describe some of the efforts underway to improve our ability to measure and monitor operational wireless networks.
Enterprise Security and Policy
Mark Ashida - Customer Insight: CSO's Perspective on Network Policies
Martin Casado - The Protection Problem in Enterprise Networks
Attempts to retrofit access controls into enterprise networks have met with varied success. Often doing so has a deleterious effect, resulting in complex, brittle networks that are engineered around choke-points. In this talk, I will discuss what protection properties are desired by enterprise environments today, how existing solutions that try to approximate them fall short, and how those solutions often have negative, unintended consequences.
Jitu Padhye - Managing Corporate WiFi Networks Using DAIR
We present a framework for monitoring and managing enterprise wireless networks using desktop infrastructure. The framework is called DAIR, which is short for Dense Array of Inexpensive Radios.
Prior proposals in this area include monitoring the network via a combination of access points (APs), mobile clients, and dedicated sensor nodes. We show that a dense deployment of sensors is necessary to effectively monitor Wi-Fi networks, and one can not accomplish this using access points alone. An ordinary, single-radio AP can not monitor multiple channels effectively, without adversely impacting the associated clients. Moreover, we show that a typical deployment of access points is not sufficiently dense for several management tasks, particularly those related to security. Due to power constrain mobile devices can provide only limited assistance in monitoring wireless networks. Deploying a dense array of dedicated sensor nodes is an expensive proposition.
Our solution is based on two simple observations. First, in most enterprise environments, one finds plenty of desktop machines with good wired connectivity, and spare CPU and disk resources. Second, inexpensive USB-based wireless adapters are commonly available. By attaching these adapters to desktop machines, and dedicating the adapters to the task of monitoring the wireless network, we create a low cost management infrastructure.
We describe how several common wireless network management tasks can use the DAIR platform. As a demonstrative example, we consider the task of detecting rogue APs, and describe how the DAIR platform can be leveraged to carry out this task effectively.
Antonio Nucci - How to Build a Carrier-Grade Defense-Shield
Dr. Nucci will be unable to attend due to a family emergency
In this talk, Dr. Antonio Nucci, Chief Technology Officer at Narus Inc, will highlight the major shifts in the security market over the past few years, discuss the dynamics of the security threats and the emerging interest of Internet Service Providers to play a key role in this market. He will then introduce the requirements of this new emerging type of security and present a new preventative technology based on Information Entropy, also known as Carrier-Class Defense-Shield, that will help large high-speed ISP to efficiently defend their network perimeters from the most invasive and deadly threads.
Network Architectures and Network Design
David A. Maltz - Problems and Solutions in Enterprise Network Control
Enterprise networks today are fundamentally complex, as they bring together a heterogeneous collection of hosts and network devices, ranging from security cameras, to Ethernet switches, to IP routers, to storage networks. The designers of these networks are often called upon to implement sophisticated policies for reasons of security, load balancing, or reliability. This talk will give an overview of the problem space and describe an architectural change that aims to improve the manageability of enterprise networks by eliminating much of the complexity.
Aditya Akella - New Directions in Enterprise Network Management
In this talk, we will review current and past techniques for managing and trouble-shooting enterprise networks, and their drawbacks and limitations. Furthermore, we will review initial ideas for an alternate Layer-2 architecture for connectivity and communication in enterprise networks that vastly simplifies management tasks.
Sharad Agarwal - Is an Office Without Wires Feasible?
A wireless office is an office without wired Ethernet connectivity, or rather, one with the least number of machines connected by wires. What happens if we re-design the network in an office – remove all the network infrastructure (wireless APs, switches, routers, etc.), replace the Ethernet wires to every desktop and server with IEEE 802.11, and maintain a very small number of “gateway” machines for access to the wired corporate intranet and the Internet?
We evaluated the feasibility of a mesh network for an all-wireless office using traces of 11 office users spanning over a month and an actual 21-node multi-radio mesh testbed in an office area. Unlike previous mesh studies that have examined routing design in detail, we examine how different office mesh design choices impact the performance of user traffic. We find that the performance on our mesh network depends on the combination of routing metric, user-server placement, traffic load, wireless hardware and wireless settings. While clearly it is possible to overwhelm typical wireless networks, we conclude that for our traces and deployed system, all-wireless office meshes are feasible. In most cases, individual transactions incur under 20ms of additional delay over the mesh network. We believe this is an acceptable delay for most applications where a wired network to every machine is not readily available. We argue that our results are scalable to a network of over 100 users.
Services and Management
Ken Birman - Pushing Group Communication to the Edge will Enable Radically New Distributed Applications
Advances in scalable group communication, fusing classical group communication protocols with new P2P ideas, are about to transform communication options for application developers. Modern platforms make it easy to implement group communication at the same layer where we support remote method invocation. Thus, we’ll suddenly be in a position to present groups to users as shared live files (or other kinds of objects), publish-subscribe topics, or even distributed shared memory. Supporting the abstraction with solutions that scale well, are robust under stress, and that can be secured will enable a
revolutionary advances for a tremendous range of applications that have been bogged down by the highly restrictive communication options available today. Cornell University’s Quicksilver platform, developed by PhD student Krzys Ostrowski, will soon be available for download from http://www.cs.cornell.edu/projects/quicksilver/.
Tzi-cker Chiueh - Virtual LAN as a Network Control Mechanism
Modern Ethernet switches, even low-end ones, come with various advanced features such as IGMP snooping, VLAN, class-based traffic prioritization, host access control, etc. Most of these features can be configured either through standard SNMP commands or through normal packets. Although these features were originally designed for network provisioning at deployment time, there is no reason why they could not be used as dynamic control mechanisms at run time. In the past several years, we have been trying to leverage one of these features, VLAN, as a network resource management primitive, and apply it to
Metro ethernets, storage area networks, and cluster interconnects. This talk will describe the important ideas in these efforts.
Dinesh Verma - Experiences Managing Networks in IBM HPC Grid Infrastructure and Enterprise VoIP
In this talk, we will discuss the problems and issues that were encountered in managing the network infrastructure for High Performance Computing infrastructure centers that were established as a part of the IBM on Demand and Grid Computing initiatives. We would identify the problems that were encountered in managing and automating the management infrastructure of the network. We would also discuss the experiences gained from the management of VoIP infrastructure as it was rolled out in the IBM Research intranet, and some of the challenges encountered in managing the VoIP infrastructure as it is operational today.
Anders Vinberg - A Data Model for Policy
Policy is the foundation for self-managing systems, IT control and governance/compliance monitoring. How do we design a policy language, or policy schema, that is rich enough to be useful but simple enough to be amenable to analysis? How do we validate that policy matches intent, how do we understand how policies interact, how do we understand impact of a policy change?
Nick Feamster - Troubleshooting Campus Networks
This talk presents an overview of the problems we are tackling in helping network operators debug firewall, switch, and router configurations on a large campus network. Today, campus network operators have a preliminary set of tools to help them spot potential inconsistencies and errors, but they have no recourse when the actual network behavior is inconsistent with the behavior suggested by static configuration analysis. We present some examples of configuration challenges faced by campus network operators, propose possible roles for static and dynamic analysis for fault detection and troubleshooting, and describe some preliminary experience using a deployed active monitoring system on a major research and administrative network with 60,000 nodes, 160 buildings across 4 campuses, and 130 firewalls.
Yin Zhang - Experimental Design for Flexible Network Diagnosis
Albert Greenberg - Managing Data for Diagnosis