Abstract: End user quality perception in the context of Internet applications is often characterized by waiting times before service consumption as well as interruptions during service consumption. In particular in case of bad network conditions, network and service providers have to trade off between these two impairment types, i.e. between the devil and the deep blue sea. In this paper we investigate this tradeoff in order to guide the design and development of Internet applications and network management approaches. The contribution of this paper is twofold. Firstly, we quantify the impact of initial delays on the user perceived Quality of Experience (QoE) for different application scenarios by means of subjective laboratory and crowdsourcing studies. We show that QoE for a given waiting time strongly depends on the concrete application at hand but that rating diversity remains fairly application-invariant. Secondly, using the example of YouTube video streaming we compare the influence of initial delays and interruptions (stallings) during watching. Our results demonstrate that users are extremely sensitive to interruptions and that services should be designed accordingly e.g. by increasing initial delay for prebuffering to overcome lack of resources.

Abstract: The embedded computing devices deployed within the Internet of Things are expected to be resource constrained. This resource constraint not only applies to memory and processing capabilities, but the low-power radio standards utilized further constrain the network interfaces. The IPv6 protocol provides a suitable basis for interoperability in the IoT, due to its large address space and a number of existing protocols that function over IP and its flexibility. We investigate how existing IP-based network management protocols can be implemented on resource-constrained devices. We present the resource requirements for SNMP and NETCONF on an 8-bit AVR based device.

Abstract: Motivated by the needs of precise carbon emission measurement and real-time surveillance for CO 2 management in cities, we present CitySee, a real-time CO 2 -monitoring system using sensor networks for an urban area (around 100 square kilometers). In order to conduct environment monitoring in a real-time and long-term manner, CitySee has to address the following challenges, including sensor deployment, data collection, data processing, and network management. In this discussion, we mainly focus on the sensor deployment problem so that necessary requirements like connectivity, coverage, data representability are satisfied. We also briefly go through the solutions for the remaining challenges. In CitySee, the sensor deployment problem can be abstracted as a relay node placement problem under hole-constraint. By carefully taking all constraints and real deployment situations into account, we propose efficient and effective approaches and prove that our scheme uses additional relay nodes at most twice of the minimum. We evaluate the performance of our approach through extensive simulations resembling realistic deployment. The results show that our approach outperforms previous strategies. We successfully apply this design into CitySee, a large-scale wireless sensor network consisting of 1096 relay nodes and 100 sensor nodes in Wuxi City, China.

Abstract: Software-Defined Networking (SDN) provides a new paradigm for developing innovative management applications for networks and a new way to look for the resolution to the many problems which exist throughout the Internet today. The most popular approach to this paradigm is centralized network management. This approach aims to simplify the complex and difficult task of managing the services of a network. One of the problems raised by the centralized management approach is that the issue of a single point of failure can negatively compromise resilience of the whole network. The aim of this paper is to describe a novel mechanism that provides an increase of resilience in SDN using a component organization. In the SDN architecture, components run independently on top of the network OS, receiving updates from the network or updates generated from other components. Through the handling of these multiple types of updates, we have successfully developed a new component: the CPRecovery component. The CPRecovery component is based on the primary-backup mechanism which offers resilience against several types of failures in a centralized controlled network. Our results show that the building of such service for networks using SDN is straightforward, much less complex, and less prone to errors. Furthermore, it is possible to build management applications resilient to diverse types of failures using component organization approach.

Abstract: Minimization of drive tests is a feature introduced in 3GPP Release 10 that enables operators to utilize users' equipment to collect radio measurements and associated location information, in order to assess network performance while reducing the OPEX associated with traditional drive tests. However, in the increasingly complex wireless packet data networks of today, performance is affected by many different factors and cannot easily be estimated by simple radio measurements. Therefore, in 3GPP Release 11 specifications, MDT is enhanced in order to provide a more complete view of network performance. This article describes the MDT enhancements added in Release 11, explains how measurements collected by MDT can be used to draw conclusions that are relevant for network management, and discusses similarities and differences between MDT and traditional drive tests.

Abstract: Systems, methods and apparatus for managing machine-to-machine (M2M) entities are disclosed. Included herein is a method that may include implementing one or more management layers for managing M2M entities in an M2M environment. The method may also include using a plurality of management layers to manage a M2M area network, wherein the M2M area network may include one or more M2M end devices. The M2M end devices may include, for example, an M2M gateway and/or an M2M device. The management layers may include any of an application management layer, service management layer, network management layer and a device management layer. The management layers may provide any of configuration management, fault management, and performance management of the M2M entities.

Abstract: An increasingly diverse set of applications, such as Internet games, streaming videos, e-commerce, online banking, and even mission-critical emergency call services, all relies on IP networks. In such an environment, best-effort service is no longer acceptable. This requires a transformation in network management from detecting and replacing individual faulty network elements to managing the end-to-end service quality as a whole. In this paper, we describe the design and development of a Generic Root Cause Analysis platform (G-RCA) for service quality management (SQM) in large IP networks. G-RCA contains a comprehensive service dependency model that incorporates topological and cross-layer relationships, protocol interactions, and control plane dependencies. G-RCA abstracts the root cause analysis process into signature identification for symptom and diagnostic events, temporal and spatial event correlation, and reasoning and inference logic. G-RCA provides a flexible rule specification language that allows operators to quickly customize G-RCA and provide different root cause analysis tools as new problems need to be investigated. G-RCA is also integrated with data trending, manual data exploration, and statistical correlation mining capabilities. G-RCA has proven to be a highly effective SQM platform in several different applications, and we present results regarding BGP flaps, PIM flaps in Multicast VPN service, and end-to-end throughput degradation in content delivery network (CDN) service.

Abstract: Wireless home networks are increasingly deployed in people's homes worldwide. Unfortunately, home networks have evolved using protocols designed for backbone and enterprise networks, which are quite different in scale and character to home networks. We believe this evolution is at the heart of widely observed problems experienced by users managing and using their home networks. In this paper we investigate redesign of the home router to exploit the distinct social and physical characteristics of the home. We extract two key requirements from a range of ethnographic studies: users desire greater understanding of and control over their networks' behaviour. We present our design for a home router that focuses on monitoring and controlling network traffic flows, and so provides a platform for building user interfaces that satisfy these two user requirements. We describe and evaluate our prototype which uses NOX and OpenFlow to provide per-flow control, and a custom DHCP implementation to enable traffic isolation and accurate measurement from the IP layer. It also provides finer-grained per-flow control through interception of wireless association and DNS resolution. We evaluate the impact of these modifications, and thus the applicability of flow-based network management in the home.

Abstract: Commercial sponsorship has continually adapted to the needs of the market. The purpose of this paper is to tracks these changes and draw out the evolution in management capabilities required to manage sponsorship effectively. Five distinct approaches to sponsorship have been identified from an extensive review of the literature, including: the philanthropic approach, the market-centred approach, the consumer-centred approach, the strategic resource, and finally the relations and networks approach. By examining these approaches, the paper identifies key capabilities required for the future of sponsorship, including network visioning, network orchestration, and relationship portfolio management. This is presented in a four-level framework for sponsorship network management. This paper serves two key audiences. On the one hand, for sponsorship managers, it examines past and future capabilities required to manage sponsorship effectively. For researchers, the paper historically reviews the emergence o...

Abstract: Security administration plays a vital role in network management tasks. The intrusion detection systems are primarily designed to protect the availability, confidentiality and integrity of critical network information systems. There are plenty of IDSes to choose from, both commercial and open source. Since most of the commercial intrusion detection systems are at typically thousands of dollars and they tend to represent a significant resource requirement in themselves, for small networks, use of such IDS is not feasible. Therefore mostly open source IDS are being used. This paper provides a general working behaviour, features and comparison of two most popular open source network IDS - SNORT & BRO. Keywords-alerts, intrusion, logging, network traffic, open source, packets

Abstract: Generally, this disclosure describes a network controller for remote system management. A host device may include the network controller and a programmable network element. The network controller may include controller circuitry configured to acquire network management data related to operation of the network controller and to receive host management data related to operation of the host device. The network controller may further include a transmitter configured to transmit the network and host management data to a management system remote from the network controller and a receiver configured to receive a command from the management system related to the management data, the command configured to reprogram the programmable network element to change a behavior of the programmable network element.

Abstract: Energy consumption of communication systems is becoming a fundamental issue and, among all the sectors, wireless access networks are largely responsible for the increase in consumption. In addition to the access segment, wireless technologies are also gaining popularity for the backhaul infrastructure of cellular systems mainly due to their cost and easy deployment. In this context, Wireless Mesh Networks (WMN) are commonly considered the most suitable architecture because of their versatility that allows flexible configurations. In this paper we combine the flexibility of WMN with the need for energy consumption reduction by presenting an optimization framework for network management that takes into account the trade off between the network energy needs and the daily variations of the demand. A resolution approach and a thorough discussion on the details related to WMN energy management are also presented.

Abstract: Information-Centric Networking (ICN) has recently attracted research attention, which decouples content from hosts at the network layer, and retrieves a content object by its name (identifier), instead of its storage location (host IP address) in order to address IP network's limitations in supporting content distribution. However, ICN systems face scalability and efficiency challenges in global deployments. In this paper, we propose a scalable routing and name resolution framework, called Scalable Multi-level Virtual Distributed Hash Table (SMVDHT). SMVDHT uses a combination of name aggregation and multi-level virtual DHTs to achieve scalability. A novel aggregation scheme is proposed to reduce the size and update overhead of name resolution tables, while relieving the "suffix-hole" problem encountered in traditional prefix-based name aggregation. Furthermore, SMVDHT exploits underlying intra- and inter-domain IP routing protocols to build multi-level virtual DHTs for name resolution, which is more efficient than conventional hierarchical DHT schemes and simplifies network management. We also design the new protocols to efficiently resolve the aggregated names and forward a request to the closest available copy of content via multi-level virtual DHTs.

Abstract: Monitoring transit traffic at one or more points in a network is of interest to network operators for reasons of traffic accounting, debugging or troubleshooting, forensics, and traffic engineering. Previous research in the area has focused on deriving a placement of monitors across the network toward the end of maximizing the monitoring utility of the network operator for a given traffic routing. However, both traffic characteristics and measurement objectives can dynamically change over time, rendering a previously optimal placement of monitors suboptimal. It is not feasible to dynamically redeploy/reconfigure measurement infrastructure to cater to such evolving measurement requirements. We address this problem by strategically routing traffic subpopulations over fixed monitors. We refer to this approach as MeasuRouting. The main challenge for MeasuRouting is to work within the constraints of existing intradomain traffic engineering operations that are geared for efficiently utilizing bandwidth resources, or meeting quality-of-service (QoS) constraints, or both. A fundamental feature of intradomain routing, which makes MeasuRouting feasible, is that intradomain routing is often specified for aggregate flows. MeasuRouting can therefore differentially route components of an aggregate flow while ensuring that the aggregate placement is compliant to original traffic engineering objectives. In this paper, we present a theoretical framework for MeasuRouting. Furthermore, as proofs of concept, we present synthetic and practical monitoring applications to showcase the utility enhancement achieved with MeasuRouting.

Abstract: Ubiquitous network access allows people to access an ever increasing range of services from a variety of mobile terminals, including laptops, tablets and smartphones. A flexible and economically efficient way of provisioning such services is through Cloud Computing. Assuming that several cloud-enabled datacenters are made available at the edges of the Internet, service providers may take advantage of them by optimally locating service instances as close as possible to their users. By localizing traffic at the edges of access networks, such an approach may result beneficial for both service and network providers. In this paper we present Follow-Me Cloud (FMC), a technology developed at NEC Laboratories Europe that allows transparent migration of services in TCP/IP networks, thanks to the dynamic configuration of a set of coordinated OpenFlow switches located at the edge of the network. In particular, in this paper we analyze the scalability properties of an FMC-based system and propose a role separation strategy based on distribution of control plane functions which enables scale-out of the system. By means of simulation, we prove that the application of the proposed separation strategy results in less state retained by individual OpenFlow controllers and in more effective localization of network traffic.

Abstract: Innovation networks that aim at the joint development of products, services or processes represent a particular form of inter-organizational business networks. In order to yield useful results from these collaborations, networks need to be managed thoroughly. By appointing a dedicated network manager to administrate, coordinate, and regulate, the management of tasks is bundled and centralized within a single entity. However, to the best knowledge of the authors, no empirical research has yet been conducted, investigating the impact of a network manager's availability, relevance, and influence on network performance. Using the interaction-oriented network approach as conceptual foundation, we analyze network managers' direct and indirect influence on the network's relational and goal achievement performance. Our results suggest that a network manager enhances innovation network's core management functions, which in turn improve the relational performance (RP). Moreover, RP was found to significantly drive the goal achievement performance (GAP).

Abstract: As the complexity of deployments increases, network managers face two problems that we address in this paper. First, the deployment of middleboxes in choke points (between two routers through which all traffic flows), raises concerns regarding robustness, correctness and efficiency. Second, dynamically managing traffic isolation in a network is a very tedious task. In this paper we propose using Software Defined Networks (SDN) and OpenFlow to simplify network management by addressing these two challenges. SDN consists of decoupling the control and data planes of a network. OpenFlow standardizes the way that the controller communicates with the network devices in an SDN architecture. To overcome the challenge faced by deploying middleboxes in choke points, we show how these appliances can be deployed at waypoints. In this architecture, a waypoint is only traversed by traffic that needs further processing. The remaining data flows through the network without being processed by the middlebox. We have developed an application that implements an encryption processing unit that works as a waypoint and we show how OpenFlow can be used to route through the encryption unit only the traffic that requires encryption. To overcome the challenge of dynamic traffic isolation, we show how a network manager can use an application to create, delete and modify virtual local area networks (VLANs) in a dynamic way to achieve traffic isolation. Our implementation provides a GUI to the user so that the administration of the VLANs is greatly simplified.

Abstract: Wireless body area network (WBAN) is one of the most promising wireless sensor technologies, significantly enhancing the quality of service of healthcare. But the potential users' worries about privacy leakage impede its wider application. To alleviate such worries, we present a remote anonymous authentication protocol to enable client terminals/application to securely access WBAN services. In particular, our protocol is rooted in a novel certificateless cryptosystem, which has negligible computational cost and a number of security properties that are especially desirable in WBANs. Our protocol ensures that even the application providers (APs) cannot recover the user's real identity given all the session information. Also, the network manager (NM), who plays the role of private key generator (PKG), can be prevented from impersonating any legitimate users. We theoretically validate that our protocol can achieve a better tradeoff than most of existing schemes in terms of essential security properties and computational overhead.

Abstract: Mobile Ad-hoc network is spontaneous and infrastructure less network, which consist of wireless mobile nodes. MANET is formed on-the-fly and also provides various operations like packet forwarding, routing, network management, communication, etc between mobile nodes. MANET is one of the types of wireless network, in which any mobile node can join the network and leave the network in dynamic period. Mobile ad-hoc network doesn't having centralized infrastructure and due to its basic characteristics this network is very vulnerable to attack. There are lots of trust models and routing protocol which are used in MANETs to achieve security. Different trust schemes are used to provide confidentiality, integrity and availability in mobile ad-hoc network to gain the secure environment. In this paper, we present the study on various kinds of key management schemes with their special features.

Abstract: Modern network control plane that supports versatile communication services (e.g. performance differentiation, access control, virtualization, etc.) is highly complex. Different control components such as routing protocols, security policy enforcers, resource allocation planners, quality of service modules, and more, are interacting with each other in the control plane to realize complicated control objectives. These different control components need to coordinate their actions, and sometimes they could even have conflicting goals which require careful handling. Furthermore, a lot of these existing components are distributed protocols running on large number of network devices. Because protocol state is distributed in the network, it is very difficult to tightly coordinate the actions of these distributed control components, thus inconsistent control actions could create serious problems in the network. As a result, such complexity makes it really difficult to ensure the optimality and consistency among all different components. Trying to address the complexity problem in the network control plane, researchers have proposed different approaches, and among these the centralized control plane architecture has become widely accepted as a key to solve the problem. By centralizing the control functionality into a single management station, we can minimize the state distributed in the network, thus have better control over the consistency of such state. However, the centralized architecture has fundamental limitations. First, the centralized architecture is more difficult to scale up to large network size or high requests rate. In addition, it is equally important to fairly service requests and maintain low request-handling latency, while at the same time having highly scalable throughput. Second, the centralized routing control is neither as responsive nor as robust to failures as distributed routing protocols. In order to enhance the responsiveness and robustness, one approach is to achieve the coordination between the centralized control plane and distributed routing protocols. In this thesis, we develop a centralized network control system, called Maestro, to solve the fundamental limitations of centralized network control plane. First we use Maestro as the central controller for a flow-based routing network, in which large number of requests are being sent to the controller at very high rate for processing. Such a network requires the central controller to be extremely scalable. Using Maestro, we systematically explore and study multiple design choices to optimally utilize modern multi-core processors, to fairly distribute computation resource, and to efficiently amortize unavoidable overhead. We show a Maestro design based on the abstraction that each individual thread services switches in a round-robin manner, can achieve excellent throughput scalability while maintaining far superior and near optimal max-min fairness. At the same time, low latency even at high throughput is achieved by Maestro's workload-adaptive request batching. Second, we use Maestro to achieve the coordination between centralized controls and distributed routing protocols in a network, to realize a hybrid control plane framework which is more responsive and robust than a pure centralized control plane, and more globally optimized and consistent than a pure distributed control plane. Effectively we get the advantages of both the centralized and the distributed solutions. Through experimental evaluations, we show that such coordination between the centralized controls and distributed routing protocols can improve the SLA compliance of the entire network.

Abstract: MANET (Mobile Ad-hoc Network) is hot spot for research due to its various advantages and disadvantages. Providing safe communication between mobile nodes, recognization the position of nodes, reducing overhead, handling misbehavior and location updates are such a difficult issues in ad-hoc network, so providing trust schemes is an important in this network. MANET provides some basic functions like routing, communication, network management and packet forwarding etc over self organized network. Because MANET has not a fixed topology, in which mobile nodes comes and leaves the network within a random period of time. It effects energy, bandwidth and memory computations of network. Providing trust in MANET is such a crucial task because it doesn’t having centralized infrastructure. In this paper, we survey the different trust model schemes of MANET with their unique features, merits and demerits & findings.

Abstract: Energy efficiency is a significant requirement for the design and management of mobile networks and has recently gained substantial attention from both network operators and the research community. The general concept of energy saving management aims to match the capacity offered by operators to the actual demand at given times and geographic areas. This paper introduces the notion of energy partition, an association of powered-on and powered-off BSs to deliver network-level energy saving. It then elaborates how such concept is applied to perform energy re-configuration to flexibly re-act to load variations encouraging none or minimal extra energy consumption. A simulation-based study evaluates the performance of the proposed algorithms under different network topologies and traffic conditions, highlights the benefits and drawbacks, and provides recommendations for deployment scenarios.

Abstract: Introduction Translational research networks are a deliberate strategy to bridge the gulf between biomedical research and clinical practice through interdisciplinary collaboration, supportive funding and infrastructure. The social network approach examines how the structure of the network and players who hold important positions within it constrain or enable function. This information can be used to guide network management and optimise its operations. The aim of this study was to describe the structure of a translational cancer research network (TCRN) in Australia over its first year, identify the key players within the network and explore these players9 opportunities and constraints in maximising important network collaborations. Methods and analysis This study deploys a mixed-method longitudinal design using social network analysis augmented by interviews and review of TCRN documents. The study will use network documents and interviews with governing body members to explore the broader context into which the network is embedded as well as the perceptions and expectations of members. Of particular interest are the attitudes and perceptions of clinicians compared with those of researchers. A co-authorship network will be constructed of TCRN members using journal and citation databases to assess the success of past pre-network collaborations. Two whole network social network surveys will be administered 12 months apart and parameters such as density, clustering, centrality and betweenness centrality computed and compared using UCINET and Netdraw. Key players will be identified and interviewed to understand the specific activities, barriers and enablers they face in that role. Ethics and dissemination Ethics approvals were obtained from the University of New South Wales, South Eastern Sydney Northern Sector Local Health Network and Calvary Health Care Sydney. Results will be discussed with members of the TCRN, submitted to relevant journals and presented as oral presentations to clinicians, researchers and policymakers.

Abstract: As traffic volumes and the types of analysis grow, network intrusion detection systems (NIDS) face a continuous scaling challenge. Management realities, however, limit NIDS hardware upgrades to occur typically once every 3-5 years. Given that traffic patterns can change dramatically, this leaves a significant scaling challenge in the interim. This motivates the need for practical solutions that can help administrators better utilize and augment their existing NIDS infrastructure. To this end, we design a general architecture for network-wide NIDS deployment that leverages three scaling opportunities: on-path distribution to split responsibilities, replicating traffic to NIDS clusters, and aggregating intermediate results to split expensive NIDS processing. The challenge here is to balance both the compute load across the network and the total communication cost incurred via replication and aggregation. We implement a backwards-compatible mechanism to enable existing NIDS infrastructure to leverage these benefits. Using emulated and trace-driven evaluations on several real-world network topologies, we show that our proposal can substantially reduce the maximum computation load, provide better resilience under traffic variability, and offer improved detection coverage.

Abstract: In one embodiment, a device, such as a network management server, determines a traffic matrix of a mesh network, where the traffic matrix indicates an amount of traffic per type of traffic transitioning between the mesh network and a global computer network via one or more current root devices. One or more optimized root devices may then be selected for corresponding directed acyclic graphs (DAGs) based on the amount of traffic and type of traffic. As such, a DAG formation request may be transmitted to the selected root devices, carrying a characteristic for a corresponding DAG to form by the respective selected root devices that indicates which one or more types of traffic correspond to the corresponding DAG.

Abstract: Wireless communication is ubiquitous today and deployments are growing rapidly leading to increased interference, increasing conflicts, etc. As a result monitoring the wireless environment is increasingly important for regulators, service providers, Government agencies, enterprises etc. Such monitoring should be flexible in terms of the networks being monitored within the wireless environment but should also provide real-time monitoring to detect unauthorized transmitters, provide dynamic network management, etc. Accordingly, based upon embodiments of the invention, a broadband, real-time signal analyzer (RTSA) circuit that allows for the deployment of RTSA devices in a distributed environment wherein determination of policy breaches, network performance, regulatory compliance, etc. are locally determined and exploited directly in network management or communicated to the central server and network administrators for subsequent action. Beneficially the RTSA exploits a broadband RF front end in conjunction with parallel direct down conversion and FFT techniques.

Abstract: In this paper, we propose a quantification of the vulnerability of a communication network where links are subject to failures due to the actions of a strategic adversary. We model the adversarial nature of the problem as a 2-player game between a network manager who chooses a spanning tree of the network as communication infrastructure and an attacker who is trying to disrupt the communication by attacking a link. We use previously proposed models for the value of a network to derive payoffs of the players and propose the network’s expected loss-in-value as a metric for vulnerability. In the process, we generalize the notion of betweenness centrality: a metric largely used in Graph Theory to measure the relative importance of a link within a network. Furthermore, by computing and analyzing the Nash equilibria of the game, we determine the actions of both the attacker and the defender. The analysis reveals the existence of subsets of links that are more critical than the others. We characterize these critical subsets of links and compare them for the different network value models. The comparison shows that critical subsets depend both on the value model and on the connectivity of the network.