Vol. 64, No 5-6, May-June 2009
Content available on SpringerLink http://www.springerlink.com/content/0003-4347
Network virtualization: the path to future Internet
Guest editors : Omar Cherkaoui (UQUAM, Canada), Masum Z. Hasan (Cisco, USA), Guy Pujolle (LIP6, France)
O. Cherkaoui, M. Z. Hasan, G. Pujolle
Brief Report: The clean slate approach to future Internet design: a survey of research initiatives
Jim Roberts (Orange Labs)
The AGAVE approach for network virtualization: differentiated services delivery
M. Boucadair1, P. Georgatsos2, N. Wang3, D. Griffin4, G. Pavlou4, M. Howarth3, A. Elizondo5
1France Telecom R&D, 42 Rue des Coutures, 14066 Caen, France
2Algonet SA, Athens, Greece
3University of Surrey, Guildford, UK
4University College London, London, UK
5Téléfonica, Madrid, Spain
Abstract: This paper describes a new paradigm to realize network virtualization and defines two novel concepts, network planes and parallel Internets, to achieve service differentiation. These concepts are packaged in a technologyagnostic and a multi-dimensional approach for the delivery of Internet protocol (IP) service differentiation, both intra- and inter-domain. The definition of the aforementioned concepts covers several dimensions, mainly routing, forwarding, and traffic management ones. Unlike some radical “Post IP” proposals, this paper advocates an evolutionary approach for enhancing the level of experienced connectivity services (including quality of service and robustness) and therefore to enhance the Internet of the future. Both the rationale and the merits of our approach are explained. In addition, this paper focuses on the critical problem of determining the network planes and parallel Internets to be engineered by a given IP network provider to meet the service connectivity requirements of external service providers. Finally, in order to assess the validity of the proposed approach, a network plane Emulation Platform is described.
Keywords: Service differentiation . Quality of service . Traffic engineering . Robustness . Business model
Enhancing virtual environments with QoS aware resource management
Fernando Rodríguez-Haro · Felix Freitag · Leandro Navarro
Computer Architecture Department, Polytechnic University of Catalonia, Jordi Girona, 1-3, D6 Campus Nord, 08034 Barcelona, Spain
Abstract: Nowadays, the consolidation of application servers is the most common use for current virtualization solutions. Each application server takes the form of a virtual machine (VM) that can be hosted into one physical machine. In a default Xen implementation, the scheduler is configured to handle equally all of the VMs that run on a single machine. As a consequence, the scheduler shares equally all of the available physical CPU resources among the running VMs. However, when the applications that run in the VM dynamically change their resource requirements, a different solution is needed. Furthermore, if the resource usage is associated with service-level agreements, a predefined equal share of the processor power is insufficient for the VMs.Within the Xen’s primitives, even though it is possible to tune the scheduler parameters, there is no tool to achieve the dynamic change of the share of the processor power assigned to each VM. A combination of a number of primitives, however, appears to be suited as a base for achieving this. In this paper, we present an approach to efficiently manage the quality of service (QoS) of virtualized resources in multicore machines. We evaluate different alternatives within Xen for building an enhanced management of virtual CPU resources. We compare these alternatives in terms of performance, flexibility, and ease of use. We devise an architecture to build a high-level service that combines interdomain communication mechanisms with monitoring and control primitives for local resource management. We achieve this by our solution, a local resource manager (LRM), which adjusts the resources needed by each VM according to an agreed QoS. The LRM has been implemented as a prototype and deployed on Xen-virtualized machines. By means of experiments, we show that the implemented management component can meet the service-level objectives even under dynamic conditions by adapting the resources assigned to the virtualized machines according to demand. With the LRM, we therefore achieve both fine-grain resource allocation and efficient assignment.
Keyword: Dynamic resource management · Virtualization · Multicore
Scenario-based virtual network infrastructure management in research and educational testbeds with VNUML
Application cases and current challenges
Fermín Galán1 · David Fernández2 · Walter Fuertes3 · Miguel Gómez1 · Jorge E. López de Vergara3
1Telefónica Investigación y Desarrollo (TID), Madrid, Spain
2Departamento de Ingeniería de Sistemas Telemáticos (DIT), Universidad Politécnica de Madrid (UPM), Madrid, Spain
3Departamento de Ingeniería Informática, Universidad Autónoma de Madrid (UAM), Madrid, Spain
Abstrac: Virtual machine technologies have evolved during the last 40 years from mainframe to commodity (x86) systems. Although these techniques are nowadays quite mature in data center environments (consolidation, service continuity, etc.), scenario-based virtual infrastructure management tools keep evolving in research and educational areas. In this work, one such tool is described, Virtual Network User Mode Linux (VNUML), which has been successfully used during the past few years to help researchers and educators to build testbeds in a wide range of innovative network environments (such as IPv6 IX design and third-generation networks). Such application cases are detailed in this paper, assessing the soundness and flexibility of the tool.However, in spite of these successful applications, several challenges remain to be solved in virtual scenario management (distributed management, decoupling from any particular virtualization technique, and alignment with industry standards), and the way they are being addressed as part of VNUML’s evolution is also discussed.
Keyword: Virtual networking infrastructure · Testbeds · Scenario-based management · VNUML ·
Using tunneling techniques to realize virtual routers
Ting-Chao Hou · Ming-Chieh Chan · Chien-Tse Yu
National Chung Cheng University, Chiayi, 62102, Taiwan
Abstrac: The evolution of the router architecture has gradually changed from a conventional architecture, which processes all functions on one operating system/ processor, to a remote architecture, which can be split into a control plane and a data plane with their respective functions. The control plane is mainly responsible for the operations of the routing/signaling protocols and the data plane is responsible for forwarding the large amount of data packets. Furthermore, the remote architecture facilitates the realization of virtual routers. Virtual routers are created basically by logically splitting a routing processor in the control plane into many virtual routing units that have independent routing tables, use independent protocols, and connect to the external network through different interfaces. A virtual router with a remote architecture is more flexible and efficient than conventional routers; however, it requires an additional communication mechanism between the control plane and the data plane. We propose using existing tunneling techniques to provide a communication mechanism between the control plane and the data plane. Many design and implementation issues on the software architecture and protocol ramification are identified. We discuss solutions to these issues and successfully demonstrate a working virtual router with our proposed solutions.
Keyword: Virtual routers · Control plane · Data plane · Tunnel · Virtual interface
Third generation virtualized architecture for the MVNO context
Imen Limam Bedhiaf1 · Omar Cherkaoui1 · Guy Pujolle2
1University of Quebec at Montréal, Montréal, Canada
2University of Pierre and Marie Curie, Paris, France
Abstrac: The third-generation architectures have to support multiple mobile virtual network operators (MVNOs). They have also to host different types of these virtual operators. Virtualizing these architectures will allow the MVNOs to rapidly deploy their equipment. It will separate the management domain between them and the mobile host operator. It will also allow sharing resources and reducing the deployment cost. Motivated by these requirements, we propose some MVNO distributed architectures. First of all, we evaluate the physical and virtual deployment time, then we define the utility function of the equipment for the different types of MVNOs. The utility function evaluates the gain in deployment time for each type of MVNO. This function has to be maximized. Our study demonstrates that the data calls type is the best MVNO candidate for virtualization. This latter consistently yields the best overall utility across an important number of network equipment to be virtualized by varying the time required for software installation and the time spent to determine the physical position of the equipment.
Keyword: MVNO · Virtualization · 3G network · Utility · Deployment time
Hybrid approach for modeling transient EM fields generated by large earthing systems
Moussa Lefouili & Kamel Kerroum1, Khalil El Khamlichi Drissi2
1LAMEL Laboratory, University of Jijel, B.P. 98, Ouled Aissa 18000 Jijel, Algeria
2LASMEA UMR 6602 du CNRS, 24 Avenue des Landais, 63177 Aubière Cedex, France
Abstract: A new hybrid approach is adopted in this paper for modeling the transient electromagnetic fields radiated by grounding systems under lightning strokes. This approach is based on electrical dipole theory for determining EM fields’ radiation in infinite conductive medium, modified images theory, taking into account the interface in the half space and transmission line approach for determining the longitudinal and leakage currents. This model can be used to predict the transient characteristic of grounding systems because it can calculate electromagnetic field in any point of interest; it is sufficiently accurate, time efficient, and easy to apply.
Keywords: Transient . Earthing systems . Electromagnetic fields . Modified images theory
Lossy compression of volumetric medical images with 3D dead-zone lattice vector quantization
Yann Gaudeau1, Jean-Marie Moureaux2
1LSITT, Université de Strasbourg (ULP)-CNRS, Pole API, Bd S. Brant, Illkirch 67412, France
2CRAN, Nancy-Université-CNRS, Faculté des Sciences et Techniques, BP 239,Vandoeuvre-lès-Nancy Cedex F-54506, France
Abstract: This paper presents a new lossy coding scheme based on 3D wavelet transform and lattice vector quantization for volumetric medical images. The main contribution of this work is the design of a new codebook enclosing a multidimensional dead zone during the quantization step which enables to better account correlations between neighbor voxels. Furthermore, we present an efficient rate–distortion model to simplify the bit allocation procedure for our intra-band scheme. Our algorithm has been evaluated on several CT- and MR-image volumes. At high compression ratios, we show that it can outperform the best existing methods in terms of rate–distortion trade-off. In addition, our method better preserves details and produces thus reconstructed images less blurred than the well-known 3D SPIHT algorithm which stands as a reference.
Keywords: Lossy compression . Volumetric medical images . 3D wavelet transform . 3D dead-zone lattice vector quantization
An experimental illustration of 3D facial shape analysis under facial expressions
Boulbaba Ben Amor1 · Hassen Drira1 · Lahoucine Ballihi1,2 · Anuj Srivastava3 · Mohamed Daoudi1
1Institut Telecom; Telecom Lille1, LIFL CNRS, Lille, France
2Faculté des Sciences, GSCM/LRIT, Rabat, Morocco
3Department of Statistics, Florida State University, Tallahassee, FL 32306, USA
Abstract: The main goal of this paper is to illustrate a geometric analysis of 3D facial shapes in the presence of varying facial expressions. This approach consists of the following two main steps: (1) Each facial surface is automatically denoised and preprocessed to result in an indexed collection of facial curves. During this step, one detects the tip of the nose and defines a surface distance function with that tip as the reference point. The level curves of this distance function are the desired facial curves. (2) Comparisons between faces are based on optimal deformations from one to another. This, in turn, is based on optimal deformations of the corresponding facial curves across surfaces under an elastic metric. The experimental results, generated using a subset of the Face Recognition Grand Challenge v2 data set, demonstrate the success of the proposed framework in recognizing people under different facial expressions. The recognition rates obtained here exceed those for a baseline ICP algorithm on the same data set.
Keywords: Facial shape analysis · 3D Face recognition · Automatic preprocessing
Model-based similarity estimation of multidimensional temporal sequences
Romain Tavenard1 · Laurent Amsaleg2 · Guillaume Gravier2
1IRISA / ENS Cachan, Campus de Beaulieu, 35 042 Rennes Cedex, France
2CNRS / IRISA, Campus de Beaulieu, 35 042 Rennes Cedex, France
Abstrac: Content-based queries in multimedia sequence databases where information is sequential is a tough issue, especially when dealing with large-scale applications. One of the key points is similarity estimation between a query sequence and elements of the database. In this paper, we investigate two ways to compare multimedia sequences, one—that comes from the literature—being computed in the feature space while the other one is computed in a model space, leading to a representation less sensitive to noise. We compare these approaches by testing them on a real audio dataset, which points out the utility of working in the model space.
Keyword: Multidimensional feature sequences · Support vector regression · Temporal aspects · Similarity estimation in a model space
MPLS security: an approach for unicast and multicast environments
Sahel Alouneh1, Abdeslam En-Nouaary2, Anjali Agarwal3
1German-Jordanian University, Amman, Jordan
2Institut National des Postes et Telecommunications (INPT), Rabat, Morocco
3Concordia University, Montreal, QC, Canada
Abstract: Multi-Protocol Label Switching (MPLS) network architecture does not protect the confidentiality of data transmitted. This paper proposes a mechanism to enhance the security in MPLS networks by using multi-path routing combined with a modified (k, n) threshold secret sharing scheme. An Internet Protocol (IP) packet entering MPLS ingress router can be partitioned into n shadow (share) packets, which are then assigned to maximally node disjoint paths across the MPLS network. The egress router at the end will be able to reconstruct the original IP packet if it receives any k share packets. The attacker must therefore tap at least k paths to be able to reconstruct the original IP packet that is being transmitted, while receiving k−1 or less of share packets makes it hard or even impossible to reconstruct the original IP packet. In this paper, we consider the multicast case in addition to the unicast. To our best knowledge, no work has been published for MPLS multicast security. We have implemented our model and measured its time complexity on variable packets size.
Keywords: MPLS . Security . Confidentiality . Threshold secret sharing scheme
A robust security scheme for wireless mesh enterprise networks
Md. Abdul Hamid · M. Abdullah-Al-Wadud · Choong Seon Hong · Oksam Chae · Sungwon Lee
Department of Computer Engineering, School of Electronics and Information, Kyung Hee University, 1 Seocheon, Giheung, Yongin, Gyeonggi 446-701, South Korea
Abstrac: In this paper, we address the security challenges for wireless mesh enterprise networks (WMENs). The topology and communication characteristics of WMEN include the following: (a) deployment of the network devices are not planar, rather, devices are deployed over three-dimensional space (e.g., office buildings, shopping malls, grocery stores, etc.); (b) messages, generated/received by a mesh client, traverse through mesh routers in a multihop fashion; and (c) mesh clients, being mostly mobile in nature, may result in misbehaving or be spurious during communications. We propose a security scheme for WMEN in order to ensure that only authorized users are granted network access. Particularly, our scheme includes: (a) a deterministic key distribution technique that perfectly suits the network topology, (b) an efficient session key establishment protocol to achieve the client–router and router–router communications security, and (c) a distributed detection mechanism to identify malicious clients in the network. Analytical and simulation results are presented to verify our proposed solutions.
Keywords:Wireless mesh enterprise networks · Key distribution · Communications security · Malicious client detection