Web streaming is the
exciting new technology that enables customers to view live or pre-recorded
video, audio and rich media across the Internet. In this project we propose a
model for Video/Streaming On Demand
Anycast servers in QoS enabled networks. We expect that queuing analysis and simulation results of the
model will give us ideas how the system might perform in real life implmentation.
Anycast
Service Broker for Qos sensitive Customers
When there are several
replicated servers in QoS enabled
network, customers would like to connect to the best available server via a path that meets QoS
requirements. There are many possible scenarios where QoS can offer
serious improvements to networked
applications. For example, content provider often offer on-line streaming
services, or content download (say DVD download, online software selling etc.)
from geographically distributed replicated servers (stream servers in case of
streaming). In this project we intend to propose an architecture and implement
a simple service broker capable of selecting the best possible server
supporting the QoS needs of a customer in anycast environment.
Content providers often need
to deliver high quality contents to selected registered customers while
offering contents of reasonable quality to the general mass. Providers may
deliver contents of equal quality to all customers during low content demand,
but during heavy network load contents
of high quality must be delivered to selected customers while degrading the
service of non-registered, non-paying ones. This project deals with these
emerging content delivery issues.
In anycasting we try to
select the best server that gives us the best response time from a set of
replicated servers. Under heavy traffic the utilization of all the servers is
the same, and random selection or selection based on hop counts (to save
network resource) is probably all we need. With multiple anycast servers
offering different service rates (i.e assymetric servers) we want to derive
mathematical formulas and analyze results on av. queueing delay or mean system
time of service requests for various types of server selection methods.
In anycasting we achive
load-balancing and reduce client-perceived latency by placing servers around
the world and close to clients. One of the foremost problems is to decide where to place a new replicated
server to minimize the cost of clients (maximize response time). In this
project we want to investigate issues
related to the placement of anycast server that aims to benefit customers of
anycasting service. The servers here could be video/audio streaming servers, or
any replicated content servers delivering high bandwidth consuming contents
such as DVD download.
DDoS
Attack Forecasting and Early Prevention: Defense for the Defenseless
DDoS attacks may originate
from several sources. Recent works have focused on detection and prevention of
DDoS at enterprise edge, or traceback after the victims have been attacked and
severe damages have been. While traceback is
important to catch the culprits, and detection with prevention are essential
to safeguard an enterprise network, ISPs can do even better by forecasting
early about possible attacks. Along with the forecasting ISPs can also take
preventive measures to stop the attacks in the network core even before
enterprise networks are attacked. In this project, we propose an architecture
for early DDoS forecasting and prevention. We show that ISPs are in a better
position than any other party to place intelligent sensors at network edge and
core that can identify possible coordinated attacks and prevent them to
progress further. By preventing attacks at domain ingress, core or egress,
such an approach has the benefits of saving expensive edge and core bandwidth. This also benefits those customers that
cannot defend against attacks, and makes network safer for all regardless of
their strength in defensive and preventive measures.
EnterPrise-wise
Firewall Poilcy Mangager and Vulnerability Analyzer
We have recently seen
Firewall Management toolkit that
manages traffic filter rules and
detects policy mis-configuration in a
single device. In a large organization traffic typically goes through several
firewalls before it reaches the destination. Setting polices device-by-device
in a hierarchical organization in non-cooperating mode may easily create
conflicts in policies. A certain traffic type may be allowed in a lower order
firewall but blocked by a higher order device. Also, a conflict analyzer able to detect conflicts in a single device
is not capable of analyzing enterprise wise policy anomalies. Moreover, most of
the existing tools are very much device specific while today's organizations operate in
multi-vendor environment. In this project,
we aim to provide solutions to remedy these problems. We propose a an
architecture for enterprise-wise firewall policy management system that can
detect conflict in real-time when a new policy in any new firewall. Since many
organizations already have polices in place, we intend to develop an analyzer
that can detect existing enterprise-wise anomalies
Policy
Auditing and Translation for Large Network Device Migration
Large corporations often
update large number of network devices from one brand to a new one to enhance
security policy and also for ease of management of the new brand and lower
purchasing and maintenace costs. While this is painful to network managers,
considering long term prospects, they often opt to migrate brands to reap
greater benefits of newer brands. The newer brands of network devices could be
from a different vendor that are run and configured in a very different way.
Proper migration requires error free translation of existing network
configuration and security policies that would work correctly in new network
devices. Manual translation of devices in large coroporations can easily be
error-prone and extremely time consuming. It would probably be extremely hard,
if not impossible, to complete migration quickly if network adminstrators are
forced to opt the manual process. No doubt, large highly skilled manpower would
be needed. All these warrants for a migration plan and architecture that can
ensure the seamless trasition in a quick, error-free and cost-effective way.
This project proposes a novel device translation and migration architecture
while addressing overall network security polices.
Predictive Differential Pricing for Traffic Engineered Paths
Although the current flat
rate pricing with uniform best effort data transport service is simple and
attractive, it has many defects. It provides a single leve l of service
quality, and doesn't allow users to select what is best for their needs. To
many, this leads to misallocation of resources. To deal with this, there are
proposals to regulate the usage by imposing fees based on the amount of data
actually sent. This, however, is fundamentally flawed as usage based fees would
impose usage costs on the user whether the network is congested or not and
might even collapse the whole revenue model.
In this project, we want to
develop a new predictive pricing model
for traffic engineered paths (say MPLS LSPs) in IP networks that would be fairer (to customers) as compared to
existing pricing models.