CS386M: Communication Networks

Homework 2

Spring 2008

Due: April 16^th, 2008

 

Basic guidelines:

• You may discuss the homework problems with other students in the class. However, you must prepare your own solutions.
• Please use a text formatter (latex, word, etc.) to prepare your answer. Please submit a hard-copy.
• Homework is due at the beginning on class on the due date.

 

P1.  Basic concepts.  (35 points)

1. What’s the difference between signature-based intrusion detection and anomaly detection?  What are their main challenges?
2. Pick a common network engineering task that is not “Maintenance” and explain how the “measure, model, and control” paradigm can be applied.
3. Give two unique challenges that we need to address if we want to apply “measure, model and control” to wireless network management.
4. What is an explicit route?  Why is it useful?
5. Give one advantage and one disadvantage of MPLS tunneling.
6. Why does BGP/MPLS VPN use two labels to forward packets instead of one?
7. In what sense does BGP/MPLS VPN enhance security?  Does it provide end-to-end security?

 

P2. Scaling of overlay multicast trees.  This problem is designed for you to have some exercise on back-of-the-envelop calculation.  [50 points]

 

Consider 2¹⁶ = 65,536 overlay routers.  Each overlay router has 500 MB memory.  These overlay routers collectively form a multicast service overlay.  The overlay network topology is designed to ensure that each overlay router has at most 32 neighbors.

 

Given a multicast group G with M members, a shared multicast tree is used to connect all the group members.  If the shared multicast tree is constructed using CBT, then the total number of nodes on this multicast tree can be estimated according to the Chuang-Sirbu scaling law [CS98, PST99].  Specifically, we assume that with M members, the average number of on-tree nodes is given by min (M + M^0.8, 2¹⁶).

 

The group size distribution is governed by the following power law.  Among all the multicast groups, the number of groups with exactly M members (1 £ M £ 2¹⁶) is inversely proportional to M.

 

Meanwhile, we assume that the amount of data traffic for a multicast group with M members is proportional to M². 

 

For a given group G, each node on the multicast tree maintains the following group state: (i) a 32-bit group ID, and (ii) a 32-bit bit-vector that indicates whether each of its neighbors has downstream member(s) of G.

 

1. How much data traffic do the 10% most active groups contribute to (in percentage)?  Please show the details of your analysis. [10 points]
2. Assuming perfect load balancing (w.r.t. memory consumption), how many multicast groups can this overlay network hold state for?  Please show the details of your analysis [20 points].

 

As I mentioned in class, one promising idea to improve the scalability of multicast service overlay is through the use of “aggregated multicast trees”.  Specifically, we can take multiple multicast groups and create a single aggregated multicast tree to connect the members of all these groups.  In this way, we are able to reduce the number of multicast trees and thus reduce the overall memory requirement.  The tradeoff here is state reduction versus traffic duplication – members of group G in an aggregated multicast tree now need to receive not only traffic destined to G itself but also traffic destined to other groups in the aggregated multicast tree.  The following question is designed to capture this tradeoff.

 

3. Suppose we create “aggregated multicast trees” to reduce the state requirement of multicast groups with at most N members.  As a result, we are able to reduce the total state requirement for these multicast groups by a factor of 3.  Meanwhile, the total amount of data traffic for these multicast groups increases by 50% (due to traffic duplication).  
   Find the smallest N that would allow the overlay to support a billion (10⁹) multicast groups. [10 points]
4. With the above N, how much does the total amount of data traffic for all 10⁹ multicast groups increase (in percentage)? [10 points]
   
   

Note: You may need to write a little program to compute the numerical answer.

 

Reference:

[CS98]    J. Chuang, and M. Sirbu, Pricing multicast communications: A cost-based approach. In: Proceedings of the INET'98 (1998).

[PST99]  G. Phillips, S. Shenker, and H. Tangmunarunkit, Scaling of multicast trees: comments on the Chuang-Sirbu scaling law. In: Proceedings of ACM SIGCOMM’99 (1999).

 

P3.  Accuracy of anomaly detection. [15 points]

Suppose the true false positive ratio of an anomaly detector is p = 0.01%.  For a given time series with n true negatives (i.e. non-anomalies), we can obtain an estimated false positive ratio p_est. How large does n need to be in order to ensure that the estimated false positive ratio p_est is within +/-10% of the true false positive ratio p with 95% confidence?  If the input time series is SNMP link load data aggregated at 5-min intervals, what is the minimal required total duration of the input trace?