Research and European NRENS - is greater collaboration the key?

The 2nd Traffic Monitoring and Analysis (TMA) workshop and the 11th Passive and Active Measurement (PAM) conference took place at the Eidgenössische Technische Hochschule (ETH) in Zürich on April 7-9, 2010.

There were 70 attendees for TMA, 80 for PAM, and 50 attended both. TMA only happens in Europe whereas PAM moves around; Last year it was in Asia, next year it will be in America. There were 14 papers at TMA, with a total of 50 authors. Italian researchers were most successful with contributions to 6 papers. French researchers were second by contributing to 3 papers. UK was joint 3rd with 4 other countries by contributing to 2 papers, although JANET-connected sites only participated with 1, the other being with a collaborator from BT. There were 23 papers at PAM, with a total of 77 authors. American researchers dominated, contributing to 16 papers. France was a distant 2nd with 3. Both sets of talks were recorded and are available online at http://www.pam2010.ethz.ch

The TMA workshop consisted of the following four sessions: Analysis of Internet Datasets, Tools for Traffic Analysis and Monitoring, Traffic Classification, and Performance Measurements. The talks within each area were diverse. For example, within the analysis of Internet datasets, there were talks on DNS, Internet video, and AS topology. However, a common theme was the need for good data sets. Many areas of research would benefit from more live data from real networks. In one talk, the researchers were comparing bandwidth estimation tools. They had no access to data from routers and switches that would tell them the actual utilization of links. The only base line they could take was on a test bed in their lab. Other papers did use data from networks. The methods varied but included netflow monitoring and deep packet inspection. They also varied on capturing headers and using payload-based signatures. Several researchers indicated it was impossible to get live traffic from their NREN but they collaborate with US researchers and use data from the Internet2 Observatory. Other areas of research covered security, in particular Intrusion detection. An interesting observation was made that the landscape is changing. It shifting back to well-known ports. It was not clear if applications are reversing the recent trend of using ephemeral ports to evade identification or if it is simply a greater percentage of traffic is using the well-known ports.

The PAM conference was similarly broken down into sessions. The sessions were; Routing, Transport Protocols, Mobile Devices, Topology, Measurement Infrastructure, Characterising Network Usage, Analysis Techniques, Traffic Analysis, and Web. Each session consisted of 2-4 papers. Additionally there was a keynote speech, a closing sponsor talk, and a poster session. Even though PAM was dominated by American collaborators, the themes were similar to that in TMA. Although there wasn’t necessarily as much diversity within the sessions, for example all 3 papers in the Topology session focused on techniques to identify which AS actually controlled a particular border router. Many researchers also talked about data sets. PAM gives an award for the best data set that is made public. The closing talk, albeit not a peer-reviewed research paper, discussed the Open Information Security Foundation. The project was started by the US Department of Homeland security following the closing of the Snort source-code. Numerous commercial vendors and US universities have joined the consortium and are working on development. The speaker wasn't aware of any involvement from UK universities.

In conclusion, there is plenty of interesting research but apparently not too much collaboration between researchers and European NRENs. TMA and PAM are operationally focused and some research could benefit JANET, and certainly JANET can help the UK research community. Researchers are encouraged to provide input. Furtermore, the upcoming JANET research requirements workshop: http://www.ja.net/services/events/2010/ResearchRequirements/details.html may include discussion on access to traffic data for network research.

Warren - Traffic Monitoring and Analysis (TMA) workshop and the 11th Passive and Active Measurement (PAM) conference - Eidgenössische Technische Hochschule (ETH), Zürich, April 7-9, 2010.