As part of a broader organisational restructure, data networking research at Swinburne University of Technology has moved from the Centre for Advanced Internet Architecture (CAIA) to the Internet For Things (I4T) Research Lab.

Although CAIA no longer exists, this website reflects CAIA's activities and outputs between March 2002 and February 2017, and is being maintained as a service to the broader data networking research community.

DIFFUSE for freebsD - DIFFUSED

Overview

CAIA has developed a number of systems which utilise machine learning (ML) techniques to classify network traffic based on flow statistics. ANGEL and more recently DIFFUSE (funded by the Cisco University Research Program) have both proved to be novel and capable architectures for providing automated QoS provisioning for IP networks based on ML classification.

DIFFUSE's architectural approach of integrating with FreeBSD's IPFW firewall system makes it possible to easily integrate and deploy advanced ML capabilities with a general purpose operating system and widely used firewall.

DIFFUSE extends IPFW to classify traffic based on statistical properties of flows being observed in realtime, and instantiate network actions across a distributed set of "action nodes" for particular flows if required.

Network architects frequently require the ability to classify different traffic types flowing across a network, typically using packet inspection capabilities of base system tools such as ipfw and pf. Traffic classification then enables the provision of customised service levels to different traffic types (such as priority packet queuing and forwarding, or allocation of specific bandwidth guarantees).

This project aims to refine our DIFFUSE prototype and integrate all components of the architecture into FreeBSD.

Project Goals

  • Cleanup and audit the DIFFUSE prototype code to prepare it for inclusion in FreeBSD.
  • Integrate the DIFFUSE kernel and userspace code into the FreeBSD Subversion "head" branch.
  • Add a new capability to the classifier so that it can perform an asynchronously controlled dump of all current rules to the flow exporter so that a freshly booted action node can receive the current system state.
  • Add a rule templating facility to the collector so that it can be run on any system which provides fairly standard IP firewalling capabilities, not just FreeBSD systems running IPFW.

Schedule

The project will conclude by the end of October 2011.

Program Members

freebsd foundation logo

This project has been funded by a grant from the FreeBSD Foundation.

Last Updated: Thursday 29-Sep-2011 19:10:18 AEST | Maintained by: Lawrence Stewart ([email protected]) | Authorised by: Grenville Armitage ([email protected])