book

Network Algorithmics, 2nd Edition

Name: Network Algorithmics, 2nd Edition
ISBN: 9780128099865

by George Varghese, Jun Xu

November 2022

Intermediate to advanced

594 pages

25h 21m

English

Morgan Kaufmann

Read now

Unlock full access

Cover image
Title page
Table of Contents
Copyright
Dedication
Preface to the second edition
Preface
AudienceWhat this book is aboutOrganization of the bookFeaturesUsageWhy this book was writtenAcknowledgments
15 principles used to overcome network bottlenecks
Part 1: The rules of the game
Introduction

Chapter 1: Introducing network algorithmics
Abstract1.1. The problem: network bottlenecks1.2. The techniques: network algorithmics1.3. Exercise
Chapter 2: Network implementation models
Abstract2.1. Protocols2.2. Hardware2.3. Network device architectures2.4. Operating systems2.5. Summary2.6. ExercisesReferences
Chapter 3: Fifteen implementation principles
Abstract3.1. Motivating the use of principles—updating ternary content-addressable memories3.2. Algorithms versus algorithmics3.3. Fifteen implementation principles—categorization and description3.4. Design versus implementation principles3.5. Caveats3.6. Summary3.7. ExercisesReferences
Chapter 4: Principles in action
Abstract4.1. Buffer validation of application device channels4.2. Scheduler for asynchronous transfer mode flow control4.3. Route computation using Dijkstra's algorithm4.4. Ethernet monitor using bridge hardware4.5. Demultiplexing in the x-kernel4.6. Tries with node compression4.7. Packet filtering in routers4.8. Avoiding fragmentation of LSPs4.9. Policing traffic patterns4.10. Identifying a resource hog4.11. Getting rid of the TCP open connection list4.12. Acknowledgment withholding4.13. Incrementally reading a large database4.14. Binary search of long identifiers4.15. Video conferencing via asynchronous transfer modeReferences
Part 2: Playing with endnodes
Introduction
Chapter 5: Copying data
Abstract5.1. Why data copies5.2. Reducing copying via local restructuring5.3. Avoiding copying using remote DMA5.4. Broadening to file systems5.5. Broadening beyond copies5.6. Broadening beyond data manipulations5.7. Conclusions5.8. ExercisesReferences
Chapter 6: Transferring control
Abstract6.1. Why control overhead?6.2. Avoiding scheduling overhead in networking code6.3. Avoiding context-switching overhead in applications6.4. Scalable I/O Notification6.5. Avoiding system calls or Kernel Bypass6.6. Radical Restructuring of Operating Systems6.7. Reducing interrupts6.8. Conclusions6.9. ExercisesReferences
Chapter 7: Maintaining timers
Abstract7.1. Why timers?7.2. Model and performance measures7.3. Simplest timer schemes7.4. Timing wheels7.5. Hashed wheels7.6. Hierarchical wheels7.7. BSD implementation7.8. Google Carousel implementation7.9. Obtaining finer granularity timers7.10. Conclusions7.11. ExercisesReferences
Chapter 8: Demultiplexing
Abstract8.1. Opportunities and challenges of early demultiplexing8.2. Goals8.3. CMU/Stanford packet filter: pioneering packet filters8.4. Berkeley packet filter: enabling high-performance monitoring8.5. Pathfinder: factoring out common checks8.6. Dynamic packet filter: compilers to the rescue8.7. Conclusions8.8. ExercisesReferences
Chapter 9: Protocol processing
Abstract9.1. Buffer management9.2. Cyclic redundancy checks and checksums9.3. Generic protocol processing9.4. Reassembly9.5. Conclusions9.6. ExercisesReferences
Part 3: Playing with routers
Introduction
Chapter 10: Exact-match lookups
Abstract10.1. Challenge 1: Ethernet under fire10.2. Challenge 2: wire speed forwarding10.3. Challenge 3: scaling lookups to higher speeds10.4. Summary10.5. ExerciseReferences
Chapter 11: Prefix-match lookups
Abstract11.1. Introduction to prefix lookups11.2. Finessing lookups11.3. Non-algorithmic techniques for prefix matching11.4. Unibit tries11.5. Multibit tries11.6. Level-compressed (LC) tries11.7. Lulea-compressed tries11.8. Tree bitmap11.9. Binary search on ranges11.10. Binary search on ranges with Initial Lookup Table11.11. Binary search on prefix lengths11.12. Linear search on prefix lengths with hardware assist11.13. Memory allocation in compressed schemes11.14. Fixed Function Lookup-chip models11.15. Programmable Lookup Chips and P411.16. Conclusions11.17. ExercisesReferences
Chapter 12: Packet classification
Abstract12.1. Why packet classification?12.2. Packet-classification problem12.3. Requirements and metrics12.4. Simple solutions12.5. Two-dimensional schemes12.6. Approaches to general rule sets12.7. Extending two-dimensional schemes12.8. Using divide-and-conquer12.9. Bit vector linear search12.10. Cross-producting12.11. Equivalenced cross-producting12.12. Decision tree approaches12.13. Hybrid algorithms12.14. Conclusions12.15. ExercisesReferences
Chapter 13: Switching
Abstract13.1. Router versus telephone switches13.2. Shared-memory switches13.3. Router history: from buses to crossbars13.4. The take-a-ticket crossbar scheduler13.5. Head-of-line blocking13.6. Avoiding HOL blocking via output queuing13.7. Avoiding HOL blocking via virtual output queuing13.8. Input-queued switching as a bipartite matching problem13.9. Parallel iterative matching (PIM)13.10. Avoiding randomization with iSLIP13.11. Computing near-optimal matchings via learning13.12. Sample-and-compare: a stunningly simple adaptive algorithm13.13. SERENA: an improved adaptive algorithm13.14. The queue-proportional sampling strategy13.15. QPS implementation13.16. Small-batch QPS and sliding-window QPS13.17. Combined input and output queueing13.18. Scaling to larger and faster switches13.19. Scaling to faster link speeds13.20. Conclusions13.21. ExercisesReferences
Chapter 14: Scheduling packets
Abstract14.1. Motivation for quality of service14.2. Random early detection14.3. Approximate fair dropping14.4. Token bucket policing14.5. Multiple outbound queues and priority14.6. A quick detour into reservation protocols14.7. Providing bandwidth guarantees14.8. Schedulers that provide delay guarantees14.9. Generalized processor sharing14.10. Weighted fair queueing14.11. Worst-case fair weighed fair queueing14.12. The data structure and algorithm for efficient GPS clock tracking14.13. Implementing WFQ and WF2Q14.14. Quick fair queueing (QFQ)14.15. Towards programmable packet scheduling14.16. Scalable fair queuing14.17. Summary14.18. ExercisesReferences
Chapter 15: Routers as distributed systems
Abstract15.1. Internal flow control15.2. Internal Link Striping15.3. Distributed Memory15.4. Asynchronous updates15.5. Conclusions15.6. ExercisesReferences
Part 4: Endgame
Introduction
Chapter 16: Measuring network traffic
Abstract16.1. Why measurement is hard16.2. Reducing SRAM width using DRAM backing store16.3. A randomized counter scheme16.4. Maintain active counters using BRICK16.5. Extending BRICK for maintaining associated states16.6. Reducing counter width using approximate counting16.7. Reducing counters using threshold aggregation16.8. Reducing counters using flow counting16.9. Reducing processing using sampled NetFlow16.10. Reducing reporting using sampled charging16.11. Correlating measurements using trajectory sampling16.12. A concerted approach to accounting16.13. Computing traffic matrices16.14. Sting as an example of passive measurement16.15. Generating better traffic logs via data streaming16.16. Counting the number of distinct flows16.17. Detection of heavy hitters16.18. Estimation of flow-size distribution16.19. The Tug-of-War algorithm for estimating F216.20. Conclusion16.21. ExercisesReferences
Chapter 17: Network security
Abstract17.1. Searching for multiple strings in packet payloads17.2. Approximate string matching17.3. IP traceback via probabilistic marking17.4. IP traceback via logging17.5. Detecting worms17.6. EarlyBird system for worm detection17.7. Carousel: scalable logging for intrusion prevention systems17.8. Conclusion17.9. ExercisesReferences
Chapter 18: Conclusions
Abstract18.1. What this book has been about18.2. What network algorithmics is about18.3. Network algorithmics and real products18.4. Network algorithmics: back to the future18.5. The inner life of a networking deviceReferences
Appendix A: Detailed models
A.1. TCP and IPA.2. Hardware modelsA.3. Switching theoryA.4. The interconnection network ZooReferences
References
References
Index

Content preview from Network Algorithmics, 2nd Edition

Chapter 17: Network security

Hacking is an exciting and sometimes scary phenomenon, depending on which side of the battlements you happen to be standing.

—Marcus J. Ranum

Abstract

Anomaly detection can potentially detect new types of attacks that signature-based systems will miss. Unfortunately, anomaly detection systems are prone to falsely identifying events as malicious. Thus, this chapter does not address anomaly-based methods. Meanwhile signature-based systems are highly popular due to their relatively simple implementation and their ability to detect commonly used attack tools. This chapter samples three important subtasks that arise in the context of intrusion detection. The first is an analysis subtask, string matching, which is a key bottleneck ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780128099865

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Network Algorithmics, 2nd Edition

by George Varghese, Jun Xu

Chapter 17: Network security

Abstract

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.