Browse Theses

This research studies and designs techniques for coordinated network monitoring, traffic conditioning, and flow control as integral components of the edge routers in a network domain. The enhanced edge routers yield secure network domains, and achieve better performance in terms of high data throughput, low delay, and low loss rates. The potential performance gain from the proposed techniques is critical for the current and emerging network services such as multimedia applications. Using simulation, we evaluate the edge router for data intensive applications such as FTP and delay sensitive applications such as Telnet and Web. The contributions of this thesis can be summarized as follows: (1) Network Monitoring. Continuous monitoring of network activity is required to maintain confidence in the security of networks with quality of service (QoS) support. The flows are monitored for possible service level agreement violations and bandwidth theft attacks. We design and evaluate tomography-based and overlay-based network monitoring methodologies for efficient and scalable network monitoring. These schemes infer the internal characteristics of a network domain without involving the core routers. Our results show that we can monitor a network domain with O(n) probes, where n is the number of edge routers. Monitoring mechanism can be used to detect denial of service (DoS) attacks at an early stage. A quantitative comparison among schemes to defeat DoS attacks is conducted, in which, we highlight the merits of each scheme and estimate the processing and communication overhead introduced by it. The comparison provides guidelines for selecting the appropriate scheme based on the requirements and how much overhead can be tolerated. (2)  Policy Enforcement. To improve the QoS, we enforce policy on the incoming flows and focus on congestion and unfairness in network resource allocation problems. We design an adaptive conditioner that considers congestion window size, round trip time (RTT), retransmission time-out, and explicit congestion notification information to mark and shape a flow. The conditioner also improves the fairness among long and short-RTT flows. (3)  Flow Control. We use the differentiated services framework and network tomography to detect the unresponsive flows. The flow detection mechanism is scalable, and it requires very low overhead. An adaptive congestion control framework is designed that follows TCP-like congestion control algorithm and regulates the unresponsive flows to alleviate the congestion.