Talk

It is a tough job for operators to make perfectly accurate configuration of many network elements in large networks. Erroneous configurations may cause critical incidents in network, on which many ICT systems are running. It may also result in a security hole as well as system incidents. There has been much work on preventing erroneous configurations, but this has taken a lot of time to verify routing with large networks.  We propose a new method of verifying network routing. It only focuses on verifying isolation and reachability, but it can verify these properties with O(R^2), where R is the number of flow entries, while the performance of an existing method of verification is O(R^3). We also provide a proof of the correctness of our method.

This event is co-sponsored by CITP and the Department of Computer Science.

The IT department at the NSA is similar to many other large organizations; budgets and manpower are declining, while at the same time demands for higher reliability and additional services are increasing. Because of these factors, these IT departments must change how they do business when building their IT infrastructure. Open networking and software defined networking (SDN) are two promising technology trends that the NSA is applying to resolve these challenges in different areas of its network architecture. This talk will detail that element’s open networking and SDN initiatives in three areas: an OpenStack data center; a data center that hosts a storage cloud; and the campus area networks at branch offices. The talk will describe the motivation for each initiative, the architectures and solutions considered, and early-on lessons learned from development and deployment.

Bryan Larish is the Technical Director for Enterprise Connectivity & Specialized IT Services at the National Security Agency (NSA), and he is responsible for setting the technical direction of the development and operation of NSA’s global network infrastructure.

Prior to joining NSA, Bryan worked in the Chief Engineer’s office at the U.S. Navy’s Space and Naval Warfare Systems Command (SPAWAR). In that role, he was responsible for implementing engineering techniques used to manage, architect, and plan the U.S. Navy’s communications/IT systems portfolio. Bryan’s other experience includes Technical Director for Navy engineering policy and various engineering roles at SPAWAR.

Bryan holds a Ph.D. and M.S. in electrical and computer engineering from the Georgia Institute of Technology and a B.S.E. in electrical engineering from Arizona State University.
 

We present the design and implementation of CDN-on-Demand, a system that provides low-cost protection for websites against DDoS attacks, without impacting on website operation and expenses under normal operating conditions. CDN-on-Demand is a software package rather than a service, it migrates websites to a scalable infrastructure in case of high-load and serves clients from proxies that it automatically deploys on multiple low cost cloud services. In contrast to current CDN services, CDN-on-Demand protects against rogue service providers and compromised proxies by introducing an object security mechanism; this eliminates the need to trust the host with private keys or certificates. Furthermore, CDN-on-Demand protects the website against economic and degradation of service attacks that exploit the automatic scaling mechanism; we show that popular services are vulnerable to such attacks. We provide an open-source implementation of CDN-on-Demand, which we use to evaluate each component as well as the integrated CDN-on-Demand system.

Joint work with Amir Herzberg and Michael Sudkovich
 

Experimental progress toward quantum repeaters is moving at a tremendous rate, and theorists have proposed half a dozen approaches to managing errors to create high-fidelity entanglement along a chain of repeaters.  The next frontier is extending from one-dimensional chains to complex topologies.  Problems in network engineering include robust protocol design and resource management.  I will give an overview of these issues, then discuss the even more daunting challenge of creating networks of networks -- a true quantum Internet -- capable of coupling networks that are heterogeneous in both physical technology and error management scheme.

Rodney Van Meter received a B.S. in engineering and applied science from the California Institute of Technology in 1986, an M.S. in computer engineering from the University of Southern California in 1991, and a Ph.D. in computer science from Keio University in 2006. His current research centers on quantum computer architecture and quantum networking.  Other research interests include storage systems, networking, and post-Moore's Law computer architecture.  He is now an Associate Professor of Environment and Information Studies at Keio University's Shonan Fujisawa Campus.  Dr. Van Meter is a member of AAAS, ACM and IEEE.
 

Software defined networking centralizes control plane functionality, separating it from the data plane which is responsible for packet forwarding. Many management tasks such as finding heavy hitters for multi-path routing may run using SDN in a network with limited resources. However, by abstracting them from resources at individual switches, a resource manager at the controller can optimize their resource usage. As management tasks often have a measurement-control loop, my projects, DREAM and vCRIB, work on measurement and control tasks, respectively: First, Dream ensures a minimum user-specified level of accuracy for tasks instead of allocating a fixed amount of resources to each task. Therefore, it dynamically allocates resources across tasks in reaction to traffic dynamics and task dynamics, which allows resource multiplexing. DREAM is 2x better at the tail of minimum accuracy satisfaction comparing to current practice even in cases with moderate load. Next, vCRIB automatically distributes control rules on all switches in the network giving the abstraction of a centralized rule repository with resources equal to the combined resources of all switches. vCRIB can find feasible rule placement with less than 10% traffic overhead in cases where traffic-optimal rule placement is not feasible with respect to CPU and memory constraints.

Masoud Moshref is a 5th year PhD candidate in University of Southern California. He works on resource virtualization in Software-Defined Networks in Networked Systems Lab under supervision of Ramesh Govindan and Minlan Yu. He got MSc and BSc in Information Technology Engineering from Sharif University of Technology in Iran.

Code review is a fundamental part of developing high quality software.  Pretty much every software organization that cares about good code has some kind of code review system in place.

But automating code review, particularly for a large and complex codebase that has many active contributers, is surprisingly challenging.  This is especially so for a correctness-critical codebase where it's important that review be done completely, even in awkward corner-cases.

This talk will cover the design of Iron, a code review and release management tool that was developed at Jane Street to address these problems.  We'll show Iron models the process of code review, and uses that model to effectively handle complex cases like reading through a conflicted merge.  In addition, we'll describe how Iron's integrated release management and its system of hierarchical features is used to allow multiple different release workflows to co-exist harmoniously on the same codebase.

Yaron Minsky heads the Technology group at Jane Street, a proprietary trading firm that is the largest industrial user of OCaml. He was responsible for introducing OCaml to the company and for managing the company's transition to using OCaml for all of its core infrastructure. Today, billions of dollars worth of securities transactions flow each day through those systems. Yaron obtained his PhD in Computer Science from Cornell University, where he studied distributed systems. Yaron has lectured, blogged and written about OCaml for years, with articles published in Communications of the ACM and the Journal of Functional Programming. He chairs the steering committee of the Commercial Users of Functional Programming, and is a member of the steering committee for the International Conference on Functional Programming.

Complicated systems require expressive configuration languages. But language design is hard: It's no surprise that many applications have either limited configurability or an unwieldy configuration format with
complex semantics.

At Jane Street, we have seen this problem enough times that we decided to start writing our configs the same way that we write our code, in OCaml. In this talk, we'll discuss our experiences using ocaml-plugin[1], a library we developed to embed OCaml within an application, providing a configuration language that is both expressive and familiar.

We'll also discuss some of the potential problems of using a Turing-complete language for configuration, as well as how to capture some of the benefits of a simpler and more constrained configuration system without giving up the power of a programming language.
 

[1] https://github.com/janestreet/ocaml_plugin

Middleboxes play a major role in contemporary networks, as forwarding packets is often not enough to meet operator demands, and other functionalities (such as security, QoS/QoE provisioning, and load balancing) are required. Traffic is usually routed through a sequence of such middleboxes, which either reside across the network or in a single, consolidated location. Although middleboxes provide a vast range of different capabilities, there are components that are shared among many of them.  A task common to almost all middleboxes that deal with L7 protocols is Deep Packet Inspection (DPI). Today, traffic is inspected from scratch by all the middleboxes on its route. In this paper, we propose to treat DPI as a service to the middleboxes, implying that traffic should be scanned only once, but against the data of all middleboxes that use the service. The DPI service then passes the scan results to the appropriate middleboxes. Having DPI as a service has significant advantages in performance, scalability, robustness, and as a catalyst for innovation in the middlebox domain. Moreover, technologies and solutions for current Software Defined Networks (SDN) (e.g., SIMPLE [41]) make it feasible to implement such a service and route traffic to and from its instances.

This is joint work with Anat Bremler-Barr, Yotam Harchol, and David Hay, and will appear at CoNEXT in December 2014.
Yaron received his PhD at Tel Aviv University and is a new postdoc at Princeton.

It's often believed that multipath routing is always beneficial. Taking a traffic engineering perspective, we consider commonly used goals such as congestion minimization, minimum average delay, and minimum cost routing. Using a well-known result from linear programming, we show that numbers of paths taken by all demands at optimality is limited by the total number of demands and links in a network. When all node pairs (demands) in a network have traffic,  multipath routing essentially becomes single-path routing, especially as the network becomes large. Under certain traffic conditions, single-path routing is found to be optimal. We will also present results on a number of traffic scenarios and load conditions using topologies used by ISPs and in data center networks. These observations are counter-intuitive due to our commonly held belief about multipath routing. 

Deep Medhi is Curators' Professor in the Department of Computer Science and Electrical Engineering at the University of Missouri- Kansas City, USA. He received B.Sc. in Mathematics from Cotton College, Gauhati University, India, M.Sc. in Mathematics from the University of Delhi, India, and his Ph.D. in Computer Sciences from the University of Wisconsin-Madison, USA. Prior to joining UMKC in 1989, he was a member of the technical staff at AT&T Bell Laboratories. He was an invited visiting professor at the Technical University of Denmark, a visiting research fellow at Lund Institute of Technology, Sweden, a research visitor at University of Campinas, Brazil under the Brazilian Science Mobility Program and served as a Fulbright Senior Specialist. He is the Editor-in-Chief of Springer’s Journal of Network and Systems Management, and is on the editorial board of IEEE/ACM Transactions on Networking, IEEE Transactions on Network and Service Management, and IEEE Communications Surveys & Tutorials. He is co-author of the books, Routing, Flow, and Capacity Design in Communication and Computer Networks (2004) and Network Routing: Algorithms, Protocols, and Architectures (2007), both published by Morgan Kauffman/Elsevier.