DOCSLIB.ORG

Analysis and Control of Middleboxes in the Internet

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Network Architectures and Services Dissertation NET 2013-07-1 Analysis and Control of Middleboxes in the Internet Andreas Müller Network Architectures and Services Department of Computer Science Technische Universität München TECHNISCHE UNIVERSITAT¨ MUNCHEN¨ Institut fur¨ Informatik Lehrstuhl fur¨ Netzarchitekturen und Netzdienste Analysis and Control of Middleboxes in the Internet Andreas Muller¨ Vollst¨andiger Abdruck der von der Fakult¨at fur¨ Informatik der Technischen Universit¨at Munchen¨ zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. Hans-Arno Jacobsen Prufer¨ der Dissertation: 1. Univ.-Prof. Dr.-Ing. Georg Carle 2. Prof. Dr. Ernst W. Biersack (Institut Eur´ecom,Sophia Antipolis, Frankreich) Die Dissertation wurde am 18.12.2012 bei der Technischen Universit¨at Munchen¨ ein- gereicht und durch die Fakult¨at fur¨ Informatik am 26.04.2013 angenommen. Cataloging-in-Publication Data Andreas Muller¨ Analysis and Control of Middleboxes in the Internet Dissertation, July 2013 Network Architectures and Services, Department of Computer Science Technische Universit¨at Munchen¨ ISBN 3-937201-35-1 ISSN 1868-2634 (print) ISSN 1868-2642 (electronic) DOI 10.2313/NET-2013-07-1 Network Architectures and Services NET 2013-07-01 Series Editor: Georg Carle, Technische Universit¨at Munchen,¨ Germany c 2013, Technische Universit¨at Munchen,¨ Germany ABSTRACT With the growing size and complexity of the Internet several types of middleboxes have been introduced to the network in order to solve a number of urgent problems. Net- work Address Translation devices fight against the Internet address depletion problem, caches and proxies help to efficiently distribute content and firewalls protect networks from potential attackers. Unfortunately, middleboxes violate the end-to-end connectiv- ity model of the Internet protocol suite and therefore introduce numerous problems for services and applications. The contribution of this thesis is the study and development of concepts and algorithms for understanding and improving the behavior of middle- boxes, their traversal, as well as their application to problems that emerged with the growing success of the Internet with a focus on unmanaged networks such as home and small company networks. The first part of this thesis designs and implements tools and algorithms to analyze middlebox behavior. We introduce a processing model for describing functional char- acteristics and create an information model to structure relevant middlebox behavior parameters. As an experimental analysis, a public field test is conducted to evaluate existing traversal techniques, understand middlebox behavior, to gain knowledge about their deployment and to draw conclusions on how to improve middlebox traversal. The second part of this thesis focuses on the traversal of middleboxes. Existing middlebox traversal methods do not differentiate between different types of applica- tions and therefore deliver suboptimal results in many situations. We claim that the classification of applications into service provisioning categories helps to determine the best matching middlebox traversal technique, not only dependent on the network topol- ogy, but also considering user-defined requirements. This thesis presents a framework that improves the communication of existing and future applications and services across middlebox devices. The idea is to use previously acquired knowledge about middlebox behavior and services for setting up new connections. Obtained results show that the knowledge-based approach is not only more flexible and applicable, but due to the decoupled connectivity checks, also significantly faster compared to the state of the art. Based on the findings of our experimental analysis we show how to integrate and adapt existing middlebox traversal techniques into the middlebox traversal framework. Additionally, new middlebox traversal techniques are presented and evaluated. In the third part of this thesis the applicability of middlebox services to unmanaged networks is discussed. A secure service infrastructure is presented based upon a trust model combining the power of centralized Certificate Authorities with the flexibility of the Web of Trust and social networks. This security infrastructure fulfills the security requirements of the middlebox traversal framework and provides secure identities for users, services and hosts in a semi-automatic way. A middlebox service helps establish and coordinate secure communications between different domains according to user- defined access control policies. Three application examples for middleboxes show how existing services can be improved and extended to solve open security, privacy and connectivity issues. KURZFASSUNG Mit der zunehmenden Komplexit¨at heutiger Netzwerke werden Funktionalit¨aten zur L¨osung aktueller Probleme h¨aufig als Middlebox im Netzwerk implementiert. Net- work Address Translation (NAT) hilft mit der limitierten Anzahl von IPv4 Adressen umzugehen, Firewalls filtern ungewollten Verkehr und Proxies und Web-Caches sind fur¨ die effiziente Verteilung von Inhalten unerl¨asslich. Da Middleboxen jedoch das initiale Ende-zu-Ende Prinzip des Internets verletzen, fuhrt¨ deren Existenz zu einer Vielzahl von Problemen mit existierenden Protokollen, Anwendungen und Diensten. In dieser Arbeit wird das Verhalten von Middleboxen sowie deren Konsequenz fur¨ heutige Netz- werke untersucht. Darauf aufbauend werden Methoden und Algorithmen entwickelt, die eine verhaltensbasierte Traversierung von Middleboxen erm¨oglichen. Daruber¨ hin- aus werden aktuelle Sicherheits- und Privatheitsprobleme aufgezeigt und Middlebox- basierte L¨osungen dafur¨ vorgestellt. Im ersten Teil der Arbeit werden Methoden und Algorithmen entworfen, die in der Lage sind, verschiedene Verhaltensweisen von Middleboxen zu analysieren. Anhand zweier Modelle, einem Verarbeitungs- und einem Informationsmodell, wird das Ver- halten in einem Feldtest anschließend experimentell untersucht. Die so gewonnenen Ergebnisse helfen Schlussfolgerungen bezuglich¨ der Traversierung von Middleboxen zu ziehen, existierende Techniken dafur¨ zu verbessern sowie neue Techniken zu entwerfen. Im zweiten Teil der Arbeit wird ein wissensbasiertes Framework entwickelt, das eine anforderungsgerechte, sichere und performante Middlebox-Traversierung fur¨ ver- schiedene Anwendungsklassen erm¨oglicht. Existierende Traversierungsmethoden be- trachten einige explizite Anforderung von Applikationen nicht, beispielsweise bezuglich¨ der Sicherheit, was zu ungewollten Seiteneffekten fuhren¨ kann. In dieser Arbeit wer- den Anwendungsklassen fur¨ Applikationen entworfen um Traversierungstechniken nicht nur basierend auf der Netzwerktopologie, sondern auch basierend auf der eigentlichen Anwendungskategorie auszuw¨ahlen. Kernpunkt des entwickelten Frameworks ist ein wissensbasierter Ansatz, der das Verhalten von Middleboxen sowie zus¨atzliche Regeln analysiert, geeignete Traversierungstechnik parameterisiert und damit nicht nur zu- verl¨assiger, sondern auch performanter als der Stand der Technik ist. Im dritten Teil der Arbeit werden neue L¨osungskonzepte fur¨ die Anwendbarkeit von Middlebox-basierten Diensten auf aktuelle Sicherheits- und Privatheitsprobleme vorgestellt. Insbesondere in Netzwerken, die nicht professionell administriert sind, wie beispielsweise Heimnetzwerke, k¨onnen aktuelle Sicherheitsmechanismen aus Komplex- it¨atsgrunden¨ oft nicht eingesetzt werden. Diese Arbeit entwickelt eine Sicherheitsinfras- tuktur, die herk¨ommliche Zertifizierungsstellen (CAs) mit dem Ansatz des Web of Trust verbindet und fur¨ unerfahrene Benutzer zug¨anglich macht. Abschließend wird anhand von drei neuen Middlebox-Diensten exemplarisch gezeigt, wie sich aktuelle Sicherheits- und Privatheitsprobleme mit Middlebox-basierten Diensten l¨osen lassen. ACKNOWLEDGMENTS This thesis would have not been possible without the support of many individuals: First of all I would like to thank Prof. Dr.-Ing. Georg Carle for giving me the opportunity to work on many interesting projects during the course of my studies and for supervising this thesis. Thank you Prof. Dr. Ernst Biersack for being my second supervisor and for the valuable feedback and Prof. Dr. Hans-Arno Jacobsen for the organization of the examination. Main parts of this work are part of the research project AutHoNe - Autonomic Home Networking, funded by the Federal Ministry of Education and Research (BMBF). Their financial support was an important foundation. I would like to thank my colleagues at the chair for Network Architectures and Services for creating a productive work environment and for many discussions on various subjects. In particular I would like to thank my former colleague Dr. Andreas Klenk for many discussions on NAT and Holger Kinkelin for his cooperation on the security part and for sharing our office with me for the past 5 years. I also had the chance to work with numerous good students and student assistants who contributed to this work. Thank you Ralph Holz and Dr. Richard Edel for reading and correcting this thesis and for giving valuable feedback on the English language and on the topic itself. A big thanks to my friends who provided me a world outside of research, computer science and work. I am also very thankful to my parents who have always supported and believed in me. Without their support throughout my life many opportunities would not have been possible. Finally, I would like to thank my wife Rebecca,
Recommended publications
  • Distributed Deep Learning in Open Collaborations

    Distributed Deep Learning in Open Collaborations

    Distributed Deep Learning In Open Collaborations Michael Diskin∗y~ Alexey Bukhtiyarov∗| Max Ryabinin∗y~ Lucile Saulnierz Quentin Lhoestz Anton Sinitsiny~ Dmitry Popovy~ Dmitry Pyrkin~ Maxim Kashirin~ Alexander Borzunovy~ Albert Villanova del Moralz Denis Mazur| Ilia Kobelevy| Yacine Jernitez Thomas Wolfz Gennady Pekhimenko♦♠ y Yandex, Russia z Hugging Face, USA ~ HSE University, Russia | Moscow Institute of Physics and Technology, Russia } University of Toronto, Canada ♠ Vector Institute, Canada Abstract Modern deep learning applications require increasingly more compute to train state-of-the-art models. To address this demand, large corporations and institutions use dedicated High-Performance Computing clusters, whose construction and maintenance are both environmentally costly and well beyond the budget of most organizations. As a result, some research directions become the exclusive domain of a few large industrial and even fewer academic actors. To alleviate this disparity, smaller groups may pool their computational resources and run collaborative experiments that benefit all participants. This paradigm, known as grid- or volunteer computing, has seen successful applications in numerous scientific areas. However, using this approach for machine learning is difficult due to high latency, asymmetric bandwidth, and several challenges unique to volunteer computing. In this work, we carefully analyze these constraints and propose a novel algorithmic framework designed specifically for collaborative training. We demonstrate the effectiveness of our approach for SwAV and ALBERT pretraining in realistic conditions and achieve performance comparable to traditional setups at a fraction of the cost. arXiv:2106.10207v1 [cs.LG] 18 Jun 2021 Finally, we provide a detailed report of successful collaborative language model pretraining with 40 participants. 1 Introduction The deep learning community is becoming increasingly more reliant on transfer learning.
  • Ubuntu Enables Advanced Computer Research Into Killer Diseases

    Ubuntu Enables Advanced Computer Research Into Killer Diseases

    Case Study Ubuntu enables advanced computer research into killer diseases Delivering training courses to researchers in developing countries – Ubuntu was the first choice for The Wellcome Trust Sanger Institute. Background The Wellcome Trust Sanger Institute is charity at the forefront of research into the study of the genomes of the world’s major killer diseases such as malaria, typhoid fever and the ‘superbug’ MRSA. The Trust aims to offers workshops for free to countries in the developing world. Giving their researchers up-to- date training in the fast-moving arena of analysis, and providing them with the mechanisms to keep up with new developments. In June 2006, the Trust ran the first of their workshop project in Uruguay. The courseprovided an introduction to the bioinformatics tools freely available on the Internet. It focussed primarily on The Human Genome data and gave students hands-on training in the use of public databases, and web-based sequence analysis tools. In addition to training researchers from all over South America the Wellcome Trust donated high-powered computers, essential for analysing the genomes, to the Instituto de Higiene, Uruguay. Business challenge The Instituto de Higiene set up a permanent training room to house the computers, and act as a centre for workshops in South America. The Institutes Informatics Systems Group needed to ensure that it was possible to install the training room computers, and networks, anywhere in the world that offers reliable electrical power and a connection to the Internet. That’s where Ubuntu came in. Ubuntu solution The Systems Group integrated Ubuntu into a flexible, self-contained training room that was straightforward enough for local staff to administer.
  • Test-Beds and Guidelines for Securing Iot Products and for Secure Set-Up Production Environments

    Test-Beds and Guidelines for Securing Iot Products and for Secure Set-Up Production Environments

    IoT4CPS – Trustworthy IoT for CPS FFG - ICT of the Future Project No. 863129 Deliverable D7.4 Test-beds and guidelines for securing IoT products and for secure set-up production environments The IoT4CPS Consortium: AIT – Austrian Institute of Technology GmbH AVL – AVL List GmbH DUK – Donau-Universit t Krems I!AT – In"neon Technologies Austria AG #KU – JK Universit t Lin$ / Institute for &ervasive 'om(uting #) – Joanneum )esearch !orschungsgesellschaft mbH *+KIA – No,ia -olutions an. Net/or,s 0sterreich GmbH *1& – *1& -emicon.uctors Austria GmbH -2A – -2A )esearch GmbH -)!G – -al$burg )esearch !orschungsgesellschaft -''H – -oft/are 'om(etence 'enter Hagenberg GmbH -AG0 – -iemens AG 0sterreich TTTech – TTTech 'om(utertechni, AG IAIK – TU Gra$ / Institute for A((lie. Information &rocessing an. 'ommunications ITI – TU Gra$ / Institute for Technical Informatics TU3 – TU 3ien / Institute of 'om(uter 4ngineering 1*4T – 1-Net -ervices GmbH © Copyright 2020, the Members of the IoT4CPS Consortium !or more information on this .ocument or the IoT5'&- (ro6ect, (lease contact8 9ario Drobics7 AIT Austrian Institute of Technology7 mario:.robics@ait:ac:at IoT4C&- – <=>?@A Test-be.s an. guidelines for securing IoT (ro.ucts an. for secure set-up (ro.uction environments Dissemination level8 &U2LI' Document Control Title8 Test-be.s an. gui.elines for securing IoT (ro.ucts an. for secure set-u( (ro.uction environments Ty(e8 &ublic 4.itorBsC8 Katharina Kloiber 4-mail8 ,,;D-net:at AuthorBsC8 Katharina Kloiber, Ni,olaus DEr,, -ilvio -tern )evie/erBsC8 -te(hanie von )E.en, Violeta Dam6anovic, Leo Ha((-2otler Doc ID8 DF:5 Amendment History Version Date Author Description/Comments VG:? ?>:G?:@G@G -ilvio -tern Technology Analysis VG:@ ?G:G>:@G@G -ilvio -tern &ossible )esearch !iel.s for the -2I--ystem VG:> >?:G<:@G@G Katharina Kloiber Initial version (re(are.
  • Developing P2P Protocols Across NAT Girish Venkatachalam

    Developing P2P Protocols Across NAT Girish Venkatachalam

    Developing P2P Protocols across NAT Girish Venkatachalam Abstract Hole punching is a possible solution to solving the NAT problem for P2P protocols. Network address translators (NATs) are something every software engineer has heard of, not to mention networking professionals. NAT has become as ubiquitous as the Cisco router in networking terms. Fundamentally, a NAT device allows multiple machines to communicate with the Internet using a single globally unique IP address, effectively solving the scarce IPv4 address space problem. Though not a long-term solution, as originally envisaged in 1994, for better or worse, NAT technology is here to stay, even when IPv6 addresses become common. This is partly because IPv6 has to coexist with IPv4, and one of the ways to achieve that is by using NAT technology. This article is not so much a description of how a NAT works. There already is an excellent article on this subject by Geoff Huston (see the on-line Resources). It is quite comprehensive, though plenty of other resources are available on the Internet as well. This article discusses a possible solution to solving the NAT problem for P2P protocols. What Is Wrong with NAT? NAT breaks the Internet more than it makes it. I may sound harsh here, but ask any peer-to-peer application developer, especially the VoIP folks, and they will tell you why. For instance, you never can do Web hosting behind a NAT device. At least, not without sufficient tweaking. Not only that, you cannot run any service such as FTP or rsync or any public service through a NAT device.
  • Traversing NAT: a Problem

    Traversing NAT: a Problem

    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Spring 3-2021 Traversing NAT: A Problem Tyler Flaagan Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Information Security Commons, OS and Networks Commons, and the Systems Architecture Commons Recommended Citation Flaagan, Tyler, "Traversing NAT: A Problem" (2021). Masters Theses & Doctoral Dissertations. 365. https://scholar.dsu.edu/theses/365 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. Traversing NAT: A Problem A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Operations March 2021 By Tyler Flaagan Dissertation Committee: Dr. Kyle L. Cronin Dr. Michael J. Ham Dr. Mark L. Hawkes DocuSign Envelope ID: 8BDB3DA0-604E-4AB7-9BFE-F25909CF4FC0 DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Tyler Flaagan Dissertation Title: Traversing NAT: A Problem
  • Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix

    Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix

    Debian \ Amber \ Arco-Debian \ Arc-Live \ ASLinux \ BeatriX \ BlackRhino \ BlankON \ Bluewall \ BOSS \ Canaima \ Clonezilla Live \ Conducit \ Corel \ Xandros \ DeadCD \ Olive \ DeMuDi \ \ 64Studio (64 Studio) \ DoudouLinux \ DRBL \ Elive \ Epidemic \ Estrella Roja \ Euronode \ GALPon MiniNo \ Gibraltar \ GNUGuitarINUX \ gnuLiNex \ \ Lihuen \ grml \ Guadalinex \ Impi \ Inquisitor \ Linux Mint Debian \ LliureX \ K-DEMar \ kademar \ Knoppix \ \ B2D \ \ Bioknoppix \ \ Damn Small Linux \ \ \ Hikarunix \ \ \ DSL-N \ \ \ Damn Vulnerable Linux \ \ Danix \ \ Feather \ \ INSERT \ \ Joatha \ \ Kaella \ \ Kanotix \ \ \ Auditor Security Linux \ \ \ Backtrack \ \ \ Parsix \ \ Kurumin \ \ \ Dizinha \ \ \ \ NeoDizinha \ \ \ \ Patinho Faminto \ \ \ Kalango \ \ \ Poseidon \ \ MAX \ \ Medialinux \ \ Mediainlinux \ \ ArtistX \ \ Morphix \ \ \ Aquamorph \ \ \ Dreamlinux \ \ \ Hiwix \ \ \ Hiweed \ \ \ \ Deepin \ \ \ ZoneCD \ \ Musix \ \ ParallelKnoppix \ \ Quantian \ \ Shabdix \ \ Symphony OS \ \ Whoppix \ \ WHAX \ LEAF \ Libranet \ Librassoc \ Lindows \ Linspire \ \ Freespire \ Liquid Lemur \ Matriux \ MEPIS \ SimplyMEPIS \ \ antiX \ \ \ Swift \ Metamorphose \ miniwoody \ Bonzai \ MoLinux \ \ Tirwal \ NepaLinux \ Nova \ Omoikane (Arma) \ OpenMediaVault \ OS2005 \ Maemo \ Meego Harmattan \ PelicanHPC \ Progeny \ Progress \ Proxmox \ PureOS \ Red Ribbon \ Resulinux \ Rxart \ SalineOS \ Semplice \ sidux \ aptosid \ \ siduction \ Skolelinux \ Snowlinux \ srvRX live \ Storm \ Tails \ ThinClientOS \ Trisquel \ Tuquito \ Ubuntu \ \ A/V \ \ AV \ \ Airinux \ \ Arabian
  • Technology Stack for Decentralized Mobile Services

    Technology Stack for Decentralized Mobile Services

    Technology Stack for Decentralized Mobile Services Matouš Skála Technology Stack for Decentralized Mobile Services by Matouš Skála to obtain the degree of Master of Science at the Delft University of Technology, to be defended publicly on Monday August 31, 2020 at 3:00 PM. Student number: 4893964 Project duration: November 15, 2019 – August 31, 2020 Thesis committee: Dr.ir. J.A. Pouwelse, TU Delft, supervisor Dr. J.S. Rellermeyer, TU Delft Dr. N. Yorke-Smith, TU Delft An electronic version of this thesis is available at http://repository.tudelft.nl/. Preface When I was choosing my thesis topic, I originally came up with an idea of designing a decen- tralized social network. After realizing how ambitious that goal was, I later decided to focus on more fundamental issues first and create a library that would allow for building any de- centralized applications, running purely on an overlay network consisting of smartphones. Rather than reinventing the wheel, I took inspiration from an existing networking library de- veloped at TU Delft over the last decade and created its wire-compatible implementation in Kotlin. Interestingly, in the end, I have even implemented a trivial social network to demon- strate the usage of the library, returning back to the original idea. I would like to thank my supervisor Johan Pouwelse for an endless stream of fresh ideas and valuable feedback, and to PhD students of the Delft Blockchain Lab for numerous coffee meetings and for serving me as a walking documentation of the existing codebase. Matouš Skála Prague,
  • ESSENTIAL GUIDE to THREAT MANAGEMENT Your Organizations Are Under Attack from Organized Groups That Are After the Lifeblood of Your Company

    ESSENTIAL GUIDE to THREAT MANAGEMENT Your Organizations Are Under Attack from Organized Groups That Are After the Lifeblood of Your Company

    IINFNFOORMRMAATTIIOONN SECURITY® ESSENTIAL GUIDE TO THREAT MANAGEMENT Your organizations are under attack from organized groups that are after the lifeblood of your company. We’ll identify those attack vectors and tell you how to best secure your critical digital assets. INSIDE 7 New Web, New Threats 16 A Dangerous Delineation 24 UTM Should Not = Unnecessary Threat Management 33 This is Only a Drill INFOSECURITYMAG.COM , Let them roam loselaptops surf audit cutbudgets You do! Liberating your people and freeing up time and who cares resources makes productive sense. Sophos security and data protection solutions deliver: Install, set and forget. Easy on your time, easy on your system and easy on your business, everything from Endpoint to Compliance, Email, Web and Encryption is covered and all accessed and controlled with refreshing simplicity. Now, with security taken care of, you’ve got the rest of the day to do all the other things that can’t wait. See for yourself – learn more about Sophos today. ESSENTIAL GUIDE contentsTHREAT MANAGEMENT FEATURES 7 New Web, New Threats WEB 2.0 THREATS The collaborative nature of Web 2.0 introduces myriad threats to data that must be proactively countered. BY DAVID SHERRY 16 A Dangerous Delineation INSIDER RISK Enterprises can no longer differentiate between insiders and external threats. That’s such a 2003 paradigm. BY MICHAEL S. MIMOSO 24 UTM Should Not = Unnecessary Threat Management THREAT MANAGEMENT Buying the right unified threat management appliance means knowing what—if anything— you actually need beyond a firewall. BY NEIL ROITER 33 This is Only a Drill INCIDENT RESPONSE Delaware’s Dept.
  • Technical Report Sce-12-04 Nat Traversal in Peer-To

    Technical Report Sce-12-04 Nat Traversal in Peer-To

    TECHNICAL REPORT SCE-12-04 DEPARTMENT OF SYSTEMS AND COMPUTER ENGINEERING CARLETON UNIVERSITY NAT TRAVERSAL IN PEER -TO -PEER ARCHITECTURE Marc-André Poulin¹, Lucas Rioux Maldague¹, Alexandre Daigle¹, François Gagnon² 1 Cégep de Sainte-Foy, Canada [email protected] , [email protected] , [email protected] 2 Carleton University, Canada [email protected] Abstract. Peer-to-peer networks are well known for file sharing between multiple computers. They establish virtual tunnels between computers to transfer data, but NATs makes it harder. A NAT, Network Address Translation , is a process which transforms private IP addresses, such as 192.168.2.1, into public addresses, such as 203.0.113.40. The idea is that multiple private addresses can hide behind a single public address and thus virtually enlarge the number of allocable public IP addresses. When an application in the local network establishes a connection to Internet, the packet passes through the NAT which adjusts the IP header and maps an external port to the computer which sent the request. When packets are received from the Internet by the NAT, they are forwarded to the internal host which is mapped to the port on which the packet was received, or dropped if no mapping exists. In this paper, we will introduce you to NAT and P2P, we will discuss the numerous ways NATs use to translate private IP addresses into public ones, we will discuss known techniques used to fix the problem and we will also present how popular peer-to-peer programs bypass NATs. This paper is written so anybody with a reasonable knowledge of networking would grasp the essentials.
  • A Framework for Multi- Channel Telecommunication Applied to Telecare Application

    A Framework for Multi- Channel Telecommunication Applied to Telecare Application

    Master Thesis A Framework for Multi- Channel Telecommunication Applied to TeleCare Application Author: Yifan Ruan Supervisor: Danny Weyns Examiner: Danny Weyns Date: 2015-6-4 Course Code: 5DV00E, 30 credits Subject: Software Technology Level: Master Department of Computer Science Abstract This thesis is deriving from a telemedicine project "TeleCare" of constructing soft- ware for remote medical diagnosis between the doctor and the patient. The software has to fix the problem of managing local and remote media information. This thesis presents a telecommunication framework for synchronizing multiple media chan- nels, following research methodology, from problem description, iterative and incre- mental development to prototype finalization. For the framework, I have described the framework requirements and corresponding architecture design and implemen- tation. From the evaluation result of "TeleCare" software developed above it, I can conclude the framework has reached the problem. Keywords: framework, communication, synchronization, channel Preface Nowadays, the population of elderly people is growing fast around the world. So It is a nice idea to provide better social care with assistive technologies, such as "TeleCare" soft- ware. With "TeleCare", the patient and the doctor can communicate with each other like face-to-face meeting. In addition, with some state-of-the-art device, touchscreen monitor, they can express themselves through drawing on the screen. For example, the doctor can draw an arrow representing the patient should raise his arm to a certain height, and the patient can follow the instruction when seeing it on his screen. Image a scenario that if an elderly person lives far away from the hospital, one day he broke his leg, it was inconve- nient for him to go to hospital for reexamination again and again.
  • Cablelabs® Ipv6 Roadmap Requirements Document CM-GL

    Cablelabs® Ipv6 Roadmap Requirements Document CM-GL

    CableLabs® IPv6 Roadmap Requirements Document CM-GL-IPv6-REQ-V01-120831 ISSUED Notice This CableLabs Requirements document is the result of a cooperative effort undertaken at the direction of Cable Television Laboratories, Inc. for the benefit of the cable industry and its customers. This document may contain references to other documents not owned or controlled by CableLabs. Use and understanding of this document may require access to such other documents. Designing, manufacturing, distributing, using, selling, or servicing products, or providing services, based on this document may require intellectual property licenses from third parties for technology referenced in this document. Neither CableLabs, nor any other entity participating in the creation of this document, is responsible for any liability of any nature whatsoever resulting from or arising out of use or reliance upon this document by any party. This document is furnished on an AS-IS basis and neither CableLabs, nor other participating entity, provides any representation or warranty, express or implied, regarding its accuracy, completeness, or fitness for a particular purpose. Distribution of this document is restricted pursuant to the terms of separate access agreements negotiated with each of the parties to whom this document has been furnished. Cable Television Laboratories, Inc., 2012 Confidential CM-GL-IPv6-REQ-V01-120831 CableLabs® CAUTION This document contains proprietary, confidential information that is the exclusive property of CableLabs®. If you do not have a valid agreement with CableLabs for the use of this document, or have not signed a non-disclosure agreement with CableLabs, then you received this document in an unauthorized manner and are not legally entitled to possess or read it.
  • Project-Team GRAND-LARGE

    Project-Team GRAND-LARGE

    IN PARTNERSHIP WITH: CNRS Université Paris-Sud (Paris 11) Université des sciences et technologies de Lille (Lille 1) Activity Report 2011 Project-Team GRAND-LARGE Global parallel and distributed computing IN COLLABORATION WITH: Laboratoire d’informatique fondamentale de Lille (LIFL), Laboratoire de recherche en informatique (LRI) RESEARCH CENTER Saclay - Île-de-France THEME Distributed and High Performance Computing Table of contents 1. Members :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 1 2. Overall Objectives :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 1 2.1. Grand-Large General Objectives1 2.2. Highlights 2 3. Scientific Foundations :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::2 3.1. Large Scale Distributed Systems (LSDS)2 3.1.1. Computing on Large Scale Global Computing systems3 3.1.2. Building a Large Scale Distributed System4 3.1.2.1. The resource discovery engine4 3.1.2.2. Fault Tolerant MPI4 3.2. Volatility and Reliability Processing5 3.3. Parallel Programming on Peer-to-Peer Platforms (P5)6 3.3.1. Large Scale Computational Sciences and Engineering7 3.3.2. Experimentations and Evaluations7 3.3.3. Languages, Tools and Interface8 3.4. Methodology for Large Scale Distributed Systems8 3.4.1. Observation tools8 3.4.2. Tool for scalability evaluations9 3.4.3. Real life testbeds: extreme realism9 3.5. High Performance Scientific Computing9 3.5.1. Communication avoiding algorithms for numerical linear algebra 10 3.5.2. Preconditioning techniques 10 3.5.3. Fast linear algebra solvers based on randomization 10 3.5.4. Sensitivity analysis of linear algebra problems 11 4. Application Domains :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::11 4.1. Building a Large Scale Distributed System for Computing 11 4.2. Security and Reliability of Network Control Protocols 11 4.3.