Presentation is loading. Please wait.

Presentation is loading. Please wait.

Centre for Applied Internet Research Centre for Applied Internet Research www.cair-uk.org.

Published byAshleigh Chafe Modified over 9 years ago

Similar presentations

Presentation on theme: "Centre for Applied Internet Research Centre for Applied Internet Research www.cair-uk.org."— Presentation transcript:

1 Centre for Applied Internet Research Centre for Applied Internet Research www.cair-uk.org

2 Centre for Applied Internet Research The Internet: A difficult beast to control? Professor Vic Grout Director of the Centre for Applied Internet Research (CAIR) Glyndŵr University, North Wales v.grout@glyndwr.ac.uk www.cair-uk.org MIC 2011 Keynote, 14/02/2011, Innsbruck

3 Centre for Applied Internet Research The Internet: A difficult beast to control? MIC 2011 Keynote, 14/02/2011, Innsbruck A rambling – and probably confused – collection of thoughts from 25 years’ research into network algorithms and optimization!

4 Centre for Applied Internet Research Control? Optimization? optimize or optimise verb (optimized, optimizing) 1 to make the most or best of (a particular situation or opportunity, etc). 2 to make the most efficient use of something, especially by analysing and planning. 3 intrans to be optimistic or act optimistically. 4 intrans to become optimal. 5 computing to prepare or modify (a computer system or program) so as to achieve the greatest possible efficiency. optimization noun. ETYMOLOGY: 19c. So what’s ‘Optimizing the Internet’? Making the Internet perfect? Having a look at something somewhere and consider tinkering with it?

5 Centre for Applied Internet Research Internet Optimization? There you are … I’ve optimized it!

6 Centre for Applied Internet Research Internet Optimization? There you are … I’ve optimized it!

7 Centre for Applied Internet Research We don’t always agree what optimization is! Thought #1

8 Centre for Applied Internet Research Conventionally, two different types of model/problem/solution: Design Topologies Dimensioning Off-line/Centralized Control/Management Traffic handling Routing Filtering Real-time/Distributed Internet/Network Optimization        

9 Centre for Applied Internet Research Actually, there’s a much more interesting (and relevant) way of classifying models/problems/solutions! Thought #2

10 Centre for Applied Internet Research An alternative taxonomy: Internet/Network Optimization Things that have to be done (because finding any solution is a form of optimization). eg, routing Things that don’t have to be done (because there’s an existing valid solution already). eg, compression Things that have an obvious default/initial solution (but it’s probably distinctly sub-optimal). eg, physical design Essential Optional

11 Centre for Applied Internet Research A Cautionary Tale Start with one of the (conceptually) simplest optimization problems in graph theory: Minimum Spanning Tree (MST) “The EMST problem is a common component in applications involving networks. If one desires to set up a communications system among N nodes requiring interconnection cables, using the EMST will result in a network of minimal cost”, Michael Shamos, PhD Thesis, Yale University, 1978 Not practical!

12 Centre for Applied Internet Research Network Topology Complex! Core Access Distribution

13 Centre for Applied Internet Research A Further Complication c ij i j Difficult to assign known costs as inputs ‘Double-drop’ and ‘triple- drop’ heuristics typical

14 Centre for Applied Internet Research There’s often a big difference between the textbook theory and real-world practice! Thought #3

15 Centre for Applied Internet Research Wireless Networks Fibre backbone Subscriber locations Minimum Connected Dominating Set (MCDS)

16 Centre for Applied Internet Research Sometimes the textbook works! Thought #4

17 Centre for Applied Internet Research Wireless Networks Initial network (Feasible links)

18 Centre for Applied Internet Research Wireless Networks MST (Inappropriate)

19 Centre for Applied Internet Research Wireless Networks MCDS

20 Centre for Applied Internet Research Optical Networks Network topology with Impairment Feasible Paths Actual link Feasible path Regenerators needed to maintain signal integrity Very expensive!

21 Centre for Applied Internet Research Optical Networks Transformed graph of the network Effective link

22 Centre for Applied Internet Research Optical Networks Graph transformation and CDS Core network

23 Centre for Applied Internet Research Optical Networks a 2-CDS of the transformed graph Constraints: k-connectivity (core) k-domination (edge) Mk-CDS

24 Centre for Applied Internet Research Wireless Networks Real-time optimisation? Distributed optimisation?

25 Centre for Applied Internet Research Many problems are just too hard! Thought #5

26 Centre for Applied Internet Research Classes of Internet Problem Real-time Runs repetitively/frequently within the network (not part of initial off-line planning) Line-speed Has to complete processing one packet/frame before the next arrives (at least, on average) Distributed Runs independently on each network device (switch, router, etc.) Cooperative Needs input from other network devices prior to solution (eg, topology status) Responsive Needs input from other network devices during solution (eg, control negotiation)

27 Centre for Applied Internet Research Classes of Internet Problem RT: Real-time, LS: Line-speed, D: Distributed, C: Cooperative, R: Responsive RT ‘Conventional’ LS R C D Spanning Tree Protocol STP eg, MST Algorithms and Algorithmics!

28 Centre for Applied Internet Research Routing Routers exchange link-state Information when topology changes Network must converge before too many packets are lost or poorly routed RT/LS/D/C/R

29 Centre for Applied Internet Research Shortest Paths

30 Centre for Applied Internet Research Shortest Paths

31 Centre for Applied Internet Research Shortest Paths

32 Centre for Applied Internet Research Shortest Paths Dijkstra’s Shortest Path Algorithm (DSPA) finds all shortest paths (and places them in the routing table) DSPA is polynomial complexity. Is that OK?

33 Centre for Applied Internet Research Sometimes, even the easy problems are hard! Thought #6

34 Centre for Applied Internet Research Routing c ij j i c = 1 / bandwidth

35 Centre for Applied Internet Research Routing c ij j i c = 10 8 / bandwidth

36 Centre for Applied Internet Research Routing c ij j i c = 10 8 / bandwidth ? P

37 Centre for Applied Internet Research Routing c ij j i c = 10 8 / bandwidth C = Σ ij  P c ij =Σ ij  P 1/b ij ? C = min ij  P b ij ? P Bandwidth ( b ) Delay ( d ) Load ( l ) Reliability ( r ) When we try to optimize something in the Internet, what’s our objective function? What are we trying to maximise or minimise? throughput? delay? reliability? customer satisfaction bank balance? P = f(b)

38 Centre for Applied Internet Research No, seriously, we really don’t know what optimization means! Thought #7

39 Centre for Applied Internet Research Traffic Filtering “ Access Control Lists (ACLs) ” Interfaces: in and out (permit/deny) Also selecting packets for traffic policies Across an internet Can add considerable packet latency  

40 Centre for Applied Internet Research Access Control Lists access-list 173 permit icmp any any access-list 173 permit tcp any any established access-list 173 deny ip RANGE MASK any access-list 173 deny ip 10.77.23.0 0.255.255.255 any access-list 173 deny ip 172.16.2.0 0.15.255.255 any access-list 173 deny ip 192.168.1.0 0.0.255.255 any access-list 173 deny ip 169.254.1.0 0.0.255.255 any access-list 173 deny ip 192.168.2.0 0.0.0.255 any access-list 173 permit tcp any host MAILSERVER eq smtp access-list 173 permit tcp any host NAMESERVER eq domain access-list 173 permit udp any host NAMESERVER eq domain access-list 173 permit udp any eq 53 host NAMESERVER gt 1024 access-list 173 permit tcp host MANAGER host SUN eq telnet access-list 173 permit tcp host MANAGER host SERIAL0 eq telnet access-list 173 permit tcp host MANAGER host ETHERNET0 eq telnet access-list 173 permit udp host MANAGER host SERIAL0 eq snmp access-list 173 permit tcp any host FTPSERVER eq ftp access-list 173 permit tcp any eq ftp-data host FTPSERVER access-list 173 permit tcp any eq ftp-data any gt 1024 access-list 173 permit tcp any host WWWSERVER eq www access-list 173 permit tcp any host SWWWSERVER eq 443 access-list 173 permit udp EXT-NTPSERVER any eq 123 access-list 173 permit udp any range 6970 7170 any access-list 173 deny ip any any Sequence of ‘permit’ and ‘deny’ rules Each rules tries to match some feature of the packet being processed Rules processed sequentially … … until a rule matches the packet (stop) … … or the last rule is reached Various possible implementations: Hardware (TCAMs) Trees/Tries, etc.

41 Centre for Applied Internet Research Linear ACL Optimization n rules in list L Hit-rate h i (L) probability that packets match rule i in list L Latency i (L) time taken to process rule i in list L Cumulative latency  i (L) time taken to process list up to and including i in list L Expected latency E(L) average time to process List L

42 Centre for Applied Internet Research Linear ACL Optimization Expected latency E(L) average time to process List L Dependency Matrix D = (d ij ) Problem: Minimise E(L) subject to D NP-complete (Grout et al., JoH, 2005) RT/LS/D/C/R Rules i and j are dependent otherwise A major problem, even with approximations, is having to re-evaluate the objective function for each potential reordering of the list

43 Centre for Applied Internet Research Simplified ACL Optimization In fact, in comparing rule order for a list L, the significance of rule hit-rates is only relative. It is not necessary for them to be normalised probabilities. This implies that the hit-rate of a newly hit rule, i, can increase without changing the hit-rates of the other rules. Following an increase in a rule i ’s hit-rate, the only possible change in rule order (to reduce E(L) ) is to promote i up the list. The most likely candidate with which to exchange it is rule i-1, immediately above it. The potential saving in expected latency in swapping rules i-1 and i is given by a simple, local calculation. access-list 173 permit icmp any any access-list 173 permit tcp any any established access-list 173 deny ip RANGE MASK any access-list 173 deny ip 10.77.23.0 0.255.255.255 any access-list 173 deny ip 172.16.2.0 0.15.255.255 any access-list 173 deny ip 192.168.1.0 0.0.255.255 any access-list 173 deny ip 169.254.1.0 0.0.255.255 any access-list 173 deny ip 192.168.2.0 0.0.0.255 any access-list 173 permit tcp any host MAILSERVER eq smtp access-list 173 permit tcp any host NAMESERVER eq domain access-list 173 permit udp any host NAMESERVER eq domain access-list 173 permit udp any eq 53 host NAMESERVER gt 1024 access-list 173 permit tcp host MANAGER host SUN eq telnet access-list 173 permit tcp host MANAGER host SERIAL0 eq telnet access-list 173 permit tcp host MANAGER host ETHERNET0 eq telnet access-list 173 permit udp host MANAGER host SERIAL0 eq snmp access-list 173 permit tcp any host FTPSERVER eq ftp access-list 173 permit tcp any eq ftp-data host FTPSERVER access-list 173 permit tcp any eq ftp-data any gt 1024 access-list 173 permit tcp any host WWWSERVER eq www access-list 173 permit tcp any host SWWWSERVER eq 443 access-list 173 permit udp EXT-NTPSERVER any eq 123 access-list 173 permit udp any range 6970 7170 any access-list 173 deny ip any any

44 Centre for Applied Internet Research Simplified ACL Optimization Three-part heuristic (  -opt ): Step 1: Initialisation (following manual ACL configuration) for i := 1 to n do h i := 1 \ hit rates equal at start Step 2: Promotion (on a packet matching rule i) h i := 2h i \ exponentially increase matched hit-rate if d i-1 i =0 and h i λ i-1 > h i-1 λ i then Swap(i-1, i) \ promote if E(L) reduced Step 3: Reduction (periodically to prevent overflow) for i := 1 to n do h i := h i / max j h j

45 Centre for Applied Internet Research ACL Optimization Effectiveness ACL characteristics: DI (dependency index) probability of two rules being dependent Traffic self-similarity: SI (self-similarity index) Probability that a packet matches the same rule as the previous packet Minimum number of rules ( n* ) for  -opt to work: DI =0.000.250.500.751.00 SI =0.0019212333  0.2516192129  0.5013151926  0.759101321  1.00891217 

46 Centre for Applied Internet Research Sometimes, just sometimes, we get a break! Thought #8

47 Centre for Applied Internet Research The Spanning Tree Protocol

48 Centre for Applied Internet Research The Spanning Tree Protocol

49 Centre for Applied Internet Research Complexity can be complex! Thought #9

50 Centre for Applied Internet Research Recap We don’t always agree what optimization is! There are different ways of classifying problems! There’s often a big difference between theory and practice! Sometimes the textbook works! Many problems are too hard! Sometimes even the easy problems are hard! We really don’t know what optimization means! Sometimes we get a break! Complexity can be complex!

51 Centre for Applied Internet Research Some Conclusions Matching textbook problems to Internet applications requires care to make potential solutions realistic and appropriate Real-time optimization within the Internet places severe restrictions on time (and space) complexity and often needs to be distributed Often a lot of the elegance of the original model is lost in practical application However, a use for standard methods can sometimes still be found – but not necessarily in the obvious applications A successful network algorithmist or algorithmatist probably needs a foot in both camps!

52 Centre for Applied Internet Research Thank you … … Any questions? Professor Vic Grout Director of the Centre for Applied Internet Research (CAIR) Glyndŵr University, North Wales v.grout@glyndwr.ac.uk www.cair-uk.org MIC 2011 Keynote, 14/02/2011, Innsbruck

53 Centre for Applied Internet Research Centre for Applied Internet Research www.cair-uk.org

Download ppt "Centre for Applied Internet Research Centre for Applied Internet Research www.cair-uk.org."

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.
Student Guide www.visioninfosystems.org Access List.

Student Guide Access List.
Heuristic Search techniques

Heuristic Search techniques
Access Control Lists. Types Standard Extended Standard ACLs Use only the packets source address for comparison 1-99.

Access Control Lists. Types Standard Extended Standard ACLs Use only the packets source address for comparison 1-99.
1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.

1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.
Capacity Planning IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Capacity Planning IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Configuring and Troubleshooting ACLs

Configuring and Troubleshooting ACLs
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Networks Unit 3 & 4 IP&M JEOPARDY Acknowledgements: VITTA for the jeopardy pro-forma Mark Kelly’s Network slideshow.

Networks Unit 3 & 4 IP&M JEOPARDY Acknowledgements: VITTA for the jeopardy pro-forma Mark Kelly’s Network slideshow.
Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
Route Optimisation RD-CSY3021.

Route Optimisation RD-CSY3021.
Communication Networks Recitation 3 Bridges & Spanning trees.

Communication Networks Recitation 3 Bridges & Spanning trees.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
6.033: Intro to Computer Networks Layering & Routing Dina Katabi & Sam Madden Some slides are contributed by N. McKewon, J. Rexford, I. Stoica.

6.033: Intro to Computer Networks Layering & Routing Dina Katabi & Sam Madden Some slides are contributed by N. McKewon, J. Rexford, I. Stoica.
Introduction to TCP/IP TCP / IP –including 2 protocols Protocol : = a set of rules that govern the communication between different devices Protocol : =

Introduction to TCP/IP TCP / IP –including 2 protocols Protocol : = a set of rules that govern the communication between different devices Protocol : =
CSE 534 Fundamentals of Computer Networks Lecture 4: Bridging (From Hub to Switch by Way of Tree) Based on slides from D. Choffnes Northeastern U. Revised.

CSE 534 Fundamentals of Computer Networks Lecture 4: Bridging (From Hub to Switch by Way of Tree) Based on slides from D. Choffnes Northeastern U. Revised.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Network Capacity Planning IACT 418 IACT 918 Corporate Network Planning.

Network Capacity Planning IACT 418 IACT 918 Corporate Network Planning.

Similar presentations

Ads by Google