As P2P systems account for a large portion of Internet traffic, and their topology is not correlated with Internet AS topology, this leads to performance bottlenecks for both P2P users and ISPs. We are looking at ways to enhance locality in neighborhood selection for P2P systems, so that both ISPs and P2P users can benefit. We have recently proposed that ISPs host an oracle server, which explicitly helps P2P users to pick up optimal neighbors within its AS (ACM CCR '07 paper). We have already analyzed the effects of such a scheme on structural properties of P2P connectivity graphs, and performance characteristics of Gnutella.

We now wish to extend this scheme to pick optimal neighbors within as AS based on latency, bandwidth or other OSPF/BGP metrics. Experiments can be performed on graph simulator (C/C++), P2P simulation framework SSFNet (Java), Planetlab or the Testbed. While we primarily work with Gnutella and Bittorrent, we are open to other P2P systems as well.

Other possible topics are to analyze the effect of oracle on pollution in P2P systems – how can the oracle be used to enhance trust in P2P users, or to detect malicious content? Using the oracle concept to make an Internet-wide coordinate system is another topic of current research.

Another recent strain of research that we are pursuing is adapting oracle-based ISP-P2P collaboration scheme for the emerging breed of media streaming applications, e.g. IPTV or P2P-TV. Here we investigate how these applications need to be changed/enhanced to make use of the ISP-hosted oracle server.

If you are interested in the above or other related P2P topics, please contact Vinay Aggarwal.

The Timemachine employs a connection cutoff, that basically only stores the first N bytes of a connection. This connection cutoff is currently done in user space by the time machine itself and therefore all network packets have to be copied from kernel to user space, which is time consuming. The goal of this project / thesis is to move the cutoff to kernel space. I. e. to modify the capturing stack of the kernel to include connection cutoff. The operating system is FreeBSD or Linux, preferably FreeBSD, since it outperforms Linux in capturing applications.

The Timemachine also employs different cutoff values for different traffic classes and the Timemachine can also suspend the cutoff for a particular connection and it can dynamically change cutoff values. This must also be taken into account when developing the kernel cutoff.

Based on my master thesis the mechanisms are to be examined, how capturing and analysis of data units from the network works. A comparison according to the priciple used in my master thesis is to be done for:

• FreeBSD 4.x and 6.x

• a current Linux version

• different versions of Windows

• 64-bit systems (Linux and FreeBSD)

• SMP affinity and special network interface cards

With respect to windows it is additionally necessary to perform an analysis — which should be similar to the one from my SEP. Likewise, the measurement system has to be adopted for Windows.

(Computer) networks and their graph properties are understood very well nowadays in the research community. A more challenging question is how the "network" that the users of those computer networks are forming looks like. In this case users correspond to nodes, and the links (or edges) between them correspond to fact that those people are communicating with each other. Those networks are refered to as "Social Networks". The topic of this work would be to extract such a Social Network from real traces, and to analyse it regarding its graph properties.

As we allready have a student working on the eMail based extraction of Social Networks, this analysis has to be done based on Internet Chat traffic.

C-BGP is an efficient solver for BGP, the de facto standard protocol used for exchanging routing information accross domains in the Internet. C-BGP is aimed at computing the outcome of the BGP decision process in networks composed of several routers. For this purpose, it takes into account the routers' configuration, the externally received BGP routes and the network topology. It supports the complete BGP decision process, versatile import and export filters, route-reflection, and experimental attributes such as redistribution communities. It is easily configurable through a Cisco-like command-line interface.

Studying the performance of C-BGP is essential to improve the simulator. Within the scope of the project, the student is supposed to study C-BGPs scalability in terms of number of routers, policies, etc. Analyzing memory usage and convergence times can for example help to identify memory leaks in the used data structures. The goal of this project is twofold: Apart from obtaining insights into simulation techniques, this project also improves the understanding for Internet routing in general.

Holger Dreger developed a half-automatic configuration tool for Bro which adjusts a Bro installation to work stable and efficiently for a given network with given hardware. You should evaluate the performance of the configuration tool, i. e., you should develop metrics of how to measure the efficiency of such a tool and then evaluate how good the metrics are fullfilled, e. g., compare to a hand-tuned configuration.

A common format used to export summaries of network traffic are flows. A flow gives some details on a connection with in the Internet like, amount of data transferd, start and end time, and many more (the most common format is Cisco Netflow specified in RFC 3954, see also Wikipedia on Netflow). The task here is to find out how good different databases like, e.g., SQLite or HDF5 (hierarchical data format) can be used for the task of storing huge amounts of flow data and perform queries on this data efficiently.

The goal of the thesis is to explore means of emulation – the ability of a device to imitate other devices – for networks.

The benefits of network emulation are twofold. First emulation could enable the setup of large-scale network experiments in small testbeds. Our router lab at TU Berlin/T-Labs only consists of a limited set of routers. The vision is to have multiple routing instances on a single router that are interconnected with instances on the same router or on other routers. Second, network emulation has the potential of being used by network providers to debug their network or to anticipate the outcome of network changes. For example, ISPs could emulate their complete network on a small set of routers before applying changes to the productive network.

Fortunately, router manufacturers already provide mechanisms to partition a physical router into multiple independent routing instances. The two mechanisms to be studied as part of this thesis are VRF functionality (Virtual Routing and Forwarding) and Juniper's Logical Router concept.

The thesis does not require experience with Cisco IOS or JunOS, although it can be useful. After learning how to configure Cisco and Juniper routers, we expect you to evaluate the performance and scalability of both approaches. We also expect you to develop a tool that supports the automatic emulation of larger networks on a single or a small set of Juniper routers.

The RouterLab consists of switches, routers (Cisco, Juniper) and Linux PCs (so-called "Loadgens") that are mainly destined to generate workload. This small testbed is used for teaching as well as for scientific experiments. Currently the Loadgens are extensively used for a wide range of applications that frequently require customized kernels. At the same time the majority of experiments are idle every now and then (e.g., waiting for user interaction).

To make more effective use of the available resources, we plan to use the Emulab facility. Emulab is a network testbed, giving researchers a wide range of environments in which to develop, debug, and evaluate their systems. The name Emulab refers both to a facility and to a software system. Our goal is to use the Emulab software as a management plane for our RouterLab. This would allow to swap out experiments, releasing all of the Loadgens used in the experiment and storing the current experiment state in a database. Once an experiment is swapped out, it can be swapped back again later on. Ideally, the user finds exactly the same workspace as the one before the experiment has been swapped out.

Leveraging Emulab functionality allows to make more effective use of our Loadgens. If an experiment is inactive for a while, we can start another experiment and resume the original experiment with little overhead later on. With Emulab this is even true if the experiments rely on different customized kernels. The goal of this thesis is to explore how Emulab functionality could be integrated with our RouterLab and to implement the adopted approach.

The RouterLab is a small network testbed destined for research as well as for teaching. It consists of switches, routers (Cisco, Juniper) and Linux PCs. To prevent people from accessing the same device simultaneously, the devices need to be reserved before they are used.

This functionality is provided by the Labtool that offers a commandline interface to create new reservations. Besides, it allows to modify and delete existing reservations and to dump and restore the configurations of routers. Unfortunately, the Labtool in its current state does not follow modern software design principles and therefore is not easy to extend and maintain. Furthermore, we would like to offer the users a Web-based interface that is easy to use and that integrates the numerous commandline options that are currently available.

The goal of this project is to design and implement a modern web-based frontend for the Labtool. You should be interested in applying state-of-the-art object-oriented software design principles and tools to develop a nice Web GUI that is fun to use and easy to extend. Knowledge of Ruby/RubyOnRails, or Python/Django is useful, but not mandatory.

Voice over IP (VoIP) is becoming more and more prevelant. Various protocols and applications are used to enable VoIP, examples include SIP, H.232, and Skype. In this thesis you will focus on SIP, the Session Initiation Protocol. SIP is used to exchange signalling messages to establish and tear-down multimedia (e.g., VoIP) sessions.
Bro is an Open Source Network Intrusion Detection System (NIDS), that we use extensively for security monitoring, and general network traffic analysis.

In this thesis you will write a SIP Analyzer for Bro. The goal is to be able to parse SIP traffic and to figure out, how SIP is used. Your analyzer should be able to parse a SIP messages and to identify the actual data connection, that carries the voice call. In a second step the analysis could be enhanced to also accommodate other VoIP protocols an to compare traffic characteristics.

Draft a system to automatically distribute software to OpenWRT nodes. This should include installing new firmware images, or to add or remove ipkgs (OpenWRT's software package format). Use ssh for commands and http to transfer software. This system should contain mechanism to customize the configuration on the individual node (e.g. IP-Address, hostname, …). You should be able to customize

• postinstall scripts

• UCI variables (can be set with a single shell command)

• postinstall extra files.

2a)   Project 2 can be extended with

• version management for software/config

• feeding back online changes

and addressed by a group of students. Think of "Apply last Tuesday's config to all nodes in the network". OpenWRT already uses a read-write overlay to a read-only filesystem, which can be used to find out which files have changed.

As the nodes will be deployed outdoors, installing new software bears the risk of loosing connectivity to the central manager. As many as possible of the following situations should be handled:

• New kernel does not boot (The hardware seem to have some kind of watchdog, the internal flash can be partitioned with multiple boot partitions, the boot loader is opensource. This should make a failover possible.)

• No network connectivity (wrong drivers?)

• Wrong network parameters

• Manager cannot reach node (two-way test)

A simple failover action should be triggered (such as loading a stable firmware and rebooting).

This topic is about building a test bench for the time machine, which generates both input traffic (which is subject to be recorded) and queries according to this input traffic. Afterwards the framework has to check if the response is consistent with the input traffic. The additional challenge is to generate the queries in a way which reflects real queries to the system.

Skype is a proprietary communication protocol, mainly used for VoIP telephony. Skype uses a lot of mechanisms to circumvent firewalls and NAT gateways. Furthermore the protocol as well as the proprietary client are encrypted and therefore hard to analyze. Your task is to develop a Bro analyzer for the Skype protocol which detects and classifys (where possible) Skype traffic reliably. Based on this work, you should evaluate the behaviour of Skype traffic on real network traffic.

The goal is to secure DNS via persistent TCP Connections betweeen DNS Servers. Keeping compatibility requires unsecure UDP connections as well, but those can then be limited, thus hindering DoS attacks.