While the introduction of softwarelization technologies such as software-defined networking and network function virtualization transfers the main focus of network management from hardware to software, network operators still have to deal with various and numerous network and computing equipment located in network centers. Toward fully automated network management, we believe that a robotic approach will be essential, meaning that physical robots will handle network-facility management works on behalf of humans. This paper focuses on robotic assistance for on-site network maintenance works. Currently, for many network operators, some network maintenance works (e.g., hardware check, hardware installation/replacement, high-impact update of software, etc.) are outsourced to computing and network vendors. Attendance (witness work) at the on-site vendor's works is one of the major tasks of network operators. Network operators confirm the work progress for human error prevention and safety improvement. In order to reduce the burden of this, we propose three essential works of robots, namely delegated attendance at on-site meetings, progress check by periodical patrol, and remote monitoring, which support the various forms of attendance. The paper presents our implementation of enabling these forms of support, and reports the results of experiments conducted in a commercial network center.

For many countries in the world, 5G is of strategic significance. In the 5G era, telecom operators are expected to enable and provide multiple services with different communication characteristics like enhanced broadband, ultra-reliable and extreme real-time communications at the same time. To meet the requirements, the 5G network essentially will be more complex compared with traditional 3G/4G networks. The unique characteristics of 5G resulted from new technologies bring a lot of opportunities as well as significant challenges. In this paper we first introduce 5G vision and check the global status. And then we illustrate the 5G technical essentials and point out the new opportunities that 5G will bring to us. We also highlight the coming challenges and share our 5G experience and solutions toward 5G vision in many aspects, including network, management and business.

The static deployment of Virtualized Network Functions (VNFs) introduces 1) significant degradation of Quality of Service (QoS), 2) inefficiency in the network and computing resource utilization, and 3) Network Function Virtualization (NFV)-based services with insufficient scalability, optimality, and flexibility. Caching VNFs is a promising solution to satisfy the dynamic demand to deploy a variety of VNFs and to maximize the performance as well as cost effectiveness. Although the concept of Content Delivery Network (CDN) is popular for efficiently caching and distributing contents, VNF deployment does not realize the benefit of CDN-based caching approaches. The challenges to caching VNFs are 1) to cover the large variety of VNFs and their properties, including the necessity of service chaining, and 2) to achieve high acceptance ratio given the limited availability of resources. This paper proposes Function Delivery Network (FDN), which is a cluster of distributed edge hypervisors for caching VNFs over a Software-Defined Network (SDN). The deployment and quality of the network function can be significantly improved by serving them closer to the end-users from the cached VNFs. FDN introduces a new strategy called Value-based caching that considers 1) the locality of reference and performance parameters of network and edge hypervisors together and 2) a partial deployment of service chains across multiple edge hypervisors for further efficient utilization of hypervisors resources. Evaluations on different patterns of input requests confirm that Value-based caching introduces significant improvement on both QoS and resource utilization in NFV.

Service function chain (SFC) is a series of ordered virtual network functions (VNFs) for processing traffic flows in the virtualized networking environment of future networks. In this paper, we present a mathematical model and dynamic programing based scheme for solving the problem of SFC placement on substrate networks equipped with network function virtualization (NFV) capability. In this paper, we first formulate the overall cost of SFC placement as the combination of setup cost and operation cost. We then formulate the SFC placement problem as an integer linear programing (ILP) model with the objective of minimizing the overall cost of setup and operation, and propose a delay aware dynamic programming based SFC placement scheme for large networks. We conduct numeric simulations to evaluate the proposed scheme. We analyze the cost and performance of network under different optimization objectives, with and without keeping the order of VNFs in SFC. We measure the success rate, resources utilization, and end to end delay of SFC on different topologies. The results show that the proposed scheme outperforms other related schemes in various scenarios.

Recent carrier-grade networks use many network elements (switches, routers) and servers for various network-based services (e.g., video on demand, online gaming) that demand higher quality and better reliability. Network log data generated from these elements, such as router syslogs, are rich sources for quickly detecting the signs of critical failures to maintain service quality. However, log data contain a large number of text messages written in an unstructured format and contain various types of network events (e.g., operator's login, link down); thus, genuinely important log messages for network operation are difficult to find automatically. We propose a proactive failure-detection system for large-scale networks. It automatically finds abnormal patterns of log messages from a massive amount of data without requiring previous knowledge of data formats used and can detect critical failures before they occur. To handle unstructured log messages, the system has an online log-template-extraction part for automatically extracting the format of a log message. After template extraction, the system associates critical failures with the log data that appeared before them on the basis of supervised machine learning. By associating each log message with a log template, we can characterize the generation patterns of log messages, such as burstiness, not just the keywords in log messages (e.g. ERROR, FAIL). We used real log data collected from a large production network to validate our system and evaluated the system in detecting signs of actual failures of network equipment through a case study.

Finding widespread events in a distributed network is crucial when detecting cyber-attacks or network malfunctions. We propose a new detection scheme for widespread events based on bitmaps that can succinctly record and deliver event information between monitoring agents and a central coordinator. Our proposed scheme reduces communication overhead as well as total number of rounds, and achieves even higher accuracy, compared with the current state of the art.

Network equipment, such as routers, switches, and RADIUS servers, generate various log messages induced by network events such as hardware failures and protocol flaps. In large production networks, analyzing the log messages is crucial for diagnosing network anomalies; however, it has become challenging due to the following two reasons. First, the log messages are composed of unstructured text messages generated in accordance with vendor-specific rules. Second, network events that induce the log messages span several geographical locations, network layers, protocols, and services. We developed a method to tackle these obstacles consisting of two techniques: statistical template extraction (STE) and log tensor factorization (LTF). The former leverages a statistical clustering technique to automatically extract primary templates from unstructured log messages. The latter builds a statistical model that collects spatial-temporal patterns of log messages. Such spatial-temporal patterns provide useful insights into understanding the impact and patterns of hidden network events. We evaluate our techniques using a massive amount of network log messages collected from a large operating network and confirm that our model fits the data well. We also investigate several case studies that validate the usefulness of our method.

Round-trip time (RTT) is an important performance metric. Traditional RTT estimation methods usually depend on the cooperation of other networks and particular active or passive measurement platforms, whose global deployments are costly and difficult. Thus a new RTT estimation algorithm, ME algorithm, is introduced. It can estimate the RTT of two hosts communicating through border routers by using TCP CUBIC bulk flow data from those routhers without the use of extra facilities, which makes the RTT estimation in large-scale high-speed networks more effective. In addition, a simpler and more accurate algorithm — AE algorithm — is presented and used when the link has large bandwidth and low packet loss rate. The two proposed algorithms suit sampled flow data because only duration and total packet number of a TCP CUBIC bulk flow are inputs to their calculations. Experimental results show that both algorithms work excellently in real situations. Moreover, they have the potential to be adapted to other TCP versions with slight modification as their basic idea is independent of the TCP congestion control mechanism.

Tenant network provisioning in multi-tenancy data centers is time-consuming and error-prone due to the need to configure network devices with hundreds of parameter values (e.g., VLAN ID, IP address) determined according to complicated operational rules. Past works have aimed to automate such operational rule-based provisioning processes by implementing data center-specific provisioning programs, but a crucial problem is the high cost of adapting the programs to suit multiple data centers. In this paper, we aim to solve this problem by enabling to describe the provisioning processing, which has been hard-coded programs in conventional approaches, in easy-to-edit “provisioning template” files. The key component of the provisioning template is the parameter decision rule, which is a declarative abstract representation of parameter dependency and parameter assignment. We design the provisioning template so that it can handle various configuration items while preserving its editability for tenant provisioning. We design and implement the provisioning platform, and the evaluation based on a production data center shows that the provisioning platform can adopt multiple data centers with a single program, leading to less development cost compared to past approaches (i.e., program development for each data center).

In conventional networks, service control function and network control function work independently. Therefore, stereotypical services are provided via fixed routes or selected routes in advance. Recently, advanced network services have been provided by assortment of distributed components at low cost. Furthermore, service platform, which unifies componentized network control and service control in order to provide advanced services with flexibility and stability, has attracted attention. In near future, network management system (NMS) is promising, which replies an answer quickly for such advanced service platforms when route setting is requested with some parameters: quality of service (QoS), source and destination addresses, cost (money) and so on. In addition, the NMS is required to provide routes exploiting functions such as path computation element (PCE) actually. This paper proposes scalable network architecture that can quickly reply an answer by pre-computing candidate routes when route setting is requested to a control unit like an Autonomous System (AS). Proposed architecture can manage network resources scalably, and answer the availability of the requested QoS-aware path settings instantaneously for the forthcoming service platform that finds an adequate combination of a server and a route. In the proposed method, hierarchical databases are established to manage the information related to optical network solution and their data are updated at fewer times by discretized states and their boundaries with some margin. Moreover, with multiple and overlapped overlay, it pre-computes multiple candidate routes with different characteristics like available bandwidth and the number of hops, latency, BER (bit error rate), before route set-up request comes. We present simulation results to verify the benefits of our proposed system. Then, we implement its prototype using OpenFlow, and evaluate its effectiveness in the experimental environment.

Software-Defined Networking currently appears to be a major evolution towards network programmability. In this paper, we first analyze the network management capabilities of OpenFlow in order to identify the main challenges that are raised for SDN management. We address current deficiencies of SDN management and suggest solutions that incur research directions to be carried out for the management of enhanced SDN.

Critical infrastructures are falsely believed to be safe when they are isolated from the Internet. However, the recent appearance of Stuxnet demonstrated that isolated networks are no longer safe. We observe that a better intrusion detection scheme can be established based on the unique features of critical infrastructures. In this paper, we propose a whitelist-based detection system. Network and application-level whitelists are proposed, which are combined to form a novel cross-layer whitelist. Through experiments, we confirm that the proposed whitelists can exactly detect attack packets, which cannot be achieved by existing schemes.

To accurately evaluate and manage future distributed wireless networks, it is indispensable to fully understand cooperative propagation channels. In this contribution, we propose cascaded multi-keyhole channel models for analyzing cooperative diversity wireless communications. The cascaded Wishart distribution is adopted to investigate the eigenvalue distribution of the multi-keyhole MIMO (multiple input multiple output) channel matrix, and the capacity performance is also presented for the wireless systems over such channels. A diversity order approximation method is proposed for better evaluating the eigenvalue and capacity distributions. The good match of analytical derivations and numerical simulations validates the proposed models and analysis methods. The proposed models can provide an important reference for the optimization and management of cooperative diversity wireless networks.

In this paper, we propose an SNMP-aware web cache design that has two main objectives: (1) to avoid overload of network devices by SNMP requests, and (2) guaranteeing the monitoring time granularity of SNMP Object Identifiers (OID) for a large scale network such as the Internet. To meet these objectives, a cache is built into an RESTful active proxy, called Tambourine, which is the gateway for accessing management information through the Internet. Tambourine changes the landscape of traditional SNMP monitoring by allowing the Internet users to monitor closed-domain network devices through translating requests in HTTP into SNMP. However, the typical web cache algorithm can not be used in Tambourine due to two main reasons: (1) SNMP is not a cache-aware protocol and therefore can not provide Tambourine with the caching rules that need to be applied, and (2) the cache in Tambourine needs to accommodate two SNMP monitoring patterns: periodic and on-demand polling. In order for efficient periodic polling, SNMP traffic is reduced by a multi-TTL cache and user (or Manager)-side aggregation. For efficient on-demand polling, four-state transition is used to categorize OIDs into dynamic and static objects, each of which is allocated an optimum TTL. To provide users with a proper time stamp, the cache time stamp is included in the response to the users' request. Our experiments show that our cache design gives the staleness of 0 and a bounded number of SNMP requests even when the number of users' requests goes to infinity.

Per-flow traffic measurement is essential for network management; billing, traffic engineering, mitigating denial of service attacks, to mention just a few. In this field, the fundamental problem is that the size of expensive SRAM is too small to hold traffic data from high-speed networks. In this paper, we propose a new method for per-flow traffic measurement, which is based on the virtual vector that was originally designed for the problem of spread estimation. We modify the original virtual vector and show that this simple change yields a highly effective per-flow traffic estimator. Experiments show that our proposed scheme outperforms the state-of-the-art method in terms of both processing time and space requirement.

A new network measurement primitive was recently proposed, known as long duration flows (LDF). LDF deserves special attention for network management and security monitoring. This kind of traffic appears periodically and persistently through a long period, but its total amount of traffic is not necessarily large. This feature makes detection difficult especially when the resources of detection system are limited or the detection should cover high-speed networks. In this paper, we propose a new lightweight data structure and streaming algorithm to detect such traffic.

This letter proposes a scalable network emulator architecture to support IP optical network management. The network emulator uses the same router interfaces to communicate with the IP optical TE server as the actual IP optical network, and behaves as an actual IP optical network between the interfaces. The network emulator mainly consists of databases and three modules: interface module, resource simulator module, and traffic generator module. To make the network emulator scalable in terms of network size, we employ TCP/IP socket communications between the modules. The proposed network emulator has the benefit that its implementation is not strongly dependent on hardware limitations. We develop a prototype of the network emulator based on the proposed architecture. Our design and experiments show that the proposed architecture is effective.

This paper presents a domain-ontology driven multi-agent based scheme for representing the knowledge of the communication network management system. In the proposed knowledge-intensive framework, the static domain-related concepts are articulated as the domain knowledge ontology. The experiential knowledge for managing the network is represented as the fault-case reasoning models, and it is explicitly encoded as the core knowledge of multi-agent middleware layer as heuristic production-type rules. These task-oriented management expertise manipulates the domain content and structure during the diagnostic sessions. The agents' rules along with the embedded generic java-based problem-solving algorithms and run-time log information, perform the automated management tasks. For the proof of concept, an experimental network system has been implemented in our laboratory, and the deployment of some test-bed scenarios is performed. Experimental results confirm a marked reduction in the management-overhead of the network administrator, as compared to the manual network management techniques, in terms of the time-taken and effort-done during a particular fault-diagnosis session. Validation of the reusability/modifiability aspects of our system, illustrates the flexible manipulation of the knowledge fragments within diverse application contexts. The proposed approach can be regarded as one of the pioneered steps towards representing the network knowledge via reusable domain ontology and intelligent agents for the automated network management support systems.

Traditional traffic analysis is can be performed online only when detection targets are well specified and are fairly primitive. Local processing at measurement point is discouraged as it would considerably affect major functionality of a network device. When traffic is analyzed at flow level, the notion of flow timeout generates differences in flow lifespan and impedes unbiased monitoring, where only n-top flows ordered by a certain metric are considered. This paper proposes an alternative manner of traffic analysis based on source IP aggregation. The method uses flows as basic building blocks but ignores timeouts, using short monitoring intervals instead. Multidimensional space of metrics obtained through IP aggregation, however, enhances capabilities of traffic analysis by facilitating detection of various anomalous conditions in traffic simultaneously.

Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent this type of traffic is to identify the attack nodes and detach (or block) attack nodes at their egress routers. However, existing traceback mechanisms are currently not widely used for several reasons, such as the necessity of replacement of many routers to support traceback capability, or difficulties in distinguishing between attacks and legitimate traffic. In this paper, we propose a new scheme that enables a traceback from a victim to the attack nodes. More specifically, we identify the egress routers that attack nodes are connecting to by estimating the traffic matrix between arbitral source-destination edge pairs. By monitoring the traffic variations obtained by the traffic matrix, we identify the edge routers that are forwarding the attack traffic, which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately.