Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Syslog Performance: Data Modeling and Transport
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. (Datavetenskap)ORCID iD: 0000-0003-2765-7873
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. (Datavetenskap)
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. (Datavetenskap)
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. (Datavetenskap)
2011 (English)In: Proceedings of the 3rd International Workshop on Security and Communication Networks (IWSCN 2011), Norway: IEEE Press, 2011, 31-37 p.Conference paper, Published paper (Refereed)
Abstract [en]

Syslog is one of the basic methods for event logging in computer networks. Log messages that are generated by syslog can be used for a number of purposes, including optimizing system performance, system auditing, and investigating malicious activities in a computer network. Considering all these attractive uses, both timeliness and reliability is needed when syslog messages are transported over a network. The unreliable transport protocol UDP was specified in the original syslog specification; later a reliable transport service based on TCP was also proposed. However, TCP is a costly alternative in terms of delay. In our previous work, we introduced the partially reliable extension of SCTP, PR-SCTP, as a transport service for syslog, trading reliability against timeliness by prioritizing syslog messages. In this work, we first model syslog data using real syslog traces from an operational network. The model is then used as input in the performance evaluation of PR-SCTP. In the experiments, real congestion is introduced in the network by running several competing flows. Although PR-SCTP clearly outperformed TCP and SCTP in our previous work, our present evaluations show that PR-SCTP performance is largely influenced by the syslog data size characteristics

Place, publisher, year, edition, pages
Norway: IEEE Press, 2011. 31-37 p.
National Category
Computer Science
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-10922OAI: oai:DiVA.org:kau-10922DiVA: diva2:494481
Conference
The 3rd International Workshop on Security and Communication Networks (IWSCN 2011), May 18-20, Gjøvik, Norway
Available from: 2012-02-08 Created: 2012-02-08 Last updated: 2016-10-14Bibliographically approved
In thesis
1. Performance Analysis and Improvement of PR-SCTP in an Event Logging Context
Open this publication in new window or tab >>Performance Analysis and Improvement of PR-SCTP in an Event Logging Context
2012 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Due to certain shortcomings in TCP and UDP, the Stream Control Transmission Protocol (SCTP) was defined for transporting telephony signaling traffic. The partially reliable extension of SCTP, PR-SCTP, has been considered as a candidate for prioritizing content sensitive traffic and trading reliability against timeliness for applications with soft real time requirements. 

 

In this thesis, we investigate the applicability of PR-SCTP for event logging applications. Event logs are inherently prioritized. This makes PR-SCTP a promising candidate for transporting event logs. However, the performance gain of PR-SCTP can be very limited when application message sizes are small and messages have mixed reliability requirements. Several factors influence PR-SCTP’s performance. One key factor is the inefficiency in the forward_tsn mechanism of PR-SCTP. We examine the inefficiency in detail and propose several solutions. Moreover, we implement and evaluate one solution that utilizes the Non-Renegable Selective Acknowledgements (NR-SACKs) mechanism currently being standardized in the IETF, which is available in the FreeBSD operating system. Our results show a significant performance gain for PR-SCTP with NR-SACKs. In some scenarios, the average message transfer delay is reduced by more than 75%. Moreover, we evaluate NR-SACK based PR-SCTP using real traces from an event logging application called syslog. It significantly improves the syslog application performance as compared to SCTP, TCP and UDP.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2012. 35 p.
Series
Karlstad University Studies, ISSN 1403-8099 ; 2012:44
National Category
Computer Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-14676 (URN)978-91-7063-451-2 (ISBN)
Presentation
2012-11-01, 21A342, Karlstads universitet, Karlstad, 10:15 (English)
Opponent
Supervisors
Available from: 2012-10-15 Created: 2012-09-06 Last updated: 2015-11-12Bibliographically approved
2. Towards a Low Latency Internet: Understanding and Solutions
Open this publication in new window or tab >>Towards a Low Latency Internet: Understanding and Solutions
2015 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Networking research and development have historically focused on increasing network throughput and path resource utilization, which particularly helped bulk applications such as file transfer and video streaming. Recent over-provisioning in the core of the Internet has facilitated the use of interactive applications like interactive web browsing, audio/video conferencing, multi- player online gaming and financial trading applications. Although the bulk applications rely on transferring data as fast as the network permits, interactive applications consume rather little bandwidth, depending instead on low latency. Recently, there has been an increasing concern in reducing latency in networking research, as the responsiveness of interactive applications directly influences the quality of experience.

To appreciate the significance of latency-sensitive applications for today's Internet, we need to understand their traffic pattern and quantify their prevalence. In this thesis, we quantify the proportion of potentially latency-sensitive traffic and its development over time. Next, we show that the flow start-up mechanism in the Internet is a major source of latency for a growing proportion of traffic, as network links get faster.

The loss recovery mechanism in the transport protocol is another major source of latency. To improve the performance of latency-sensitive applications, we propose and evaluate several modifications in TCP. We also investigate the possibility of prioritization at the transport layer to improve the loss recovery. The idea is to trade reliability for timeliness. We particularly examine the applicability of PR-SCTP with a focus on event logging. In our evaluation, the performance of PR-SCTP is largely influenced by small messages. We analyze the inefficiency in detail and propose several solutions. We particularly implement and evaluate one solution that utilizes the Non-Renegable Selective Acknowledgments (NR-SACKs) mechanism, which has been proposed for standardization in the IETF. According to the results, PR-SCTP with NR-SCAKs significantly improves the application performance in terms of low latency as compared to SCTP and TCP.

Abstract [en]

Interactive applications such as web browsing, audio/video conferencing, multi-player online gaming and financial trading applications do not benefit (much) from more bandwidth. Instead, they depend on low latency. Latency is a key determinant of user experience. An increasing concern for reducing latency is therefore currently being observed among the networking research community and industry.

In this thesis, we quantify the proportion of potentially latency-sensitive traffic and its development over time. Next, we show that the flow start-up mechanism in the Internet is a major source of latency for a growing proportion of traffic, as network links get faster.

The loss recovery mechanism in the transport protocol is another major source of latency. To improve the performance of latency-sensitive applications, we propose and evaluate several modifications in TCP. We also investigate the possibility of prioritization at the transport layer to improve the loss recovery. The idea is to trade reliability for timeliness. We particularly examine the applicability of PR-SCTP with a focus on event logging. In our evaluation, the performance of PR-SCTP is largely influenced by small messages. We analyze the inefficiency in detail and propose several solutions. We particularly implement and evaluate one solution that utilizes the Non-Renegable Selective Acknowledgments (NR-SACKs) mechanism, which has been proposed for standardization in the IETF. According to the results, PR-SCTP with NR-SCAKs significantly improves the application performance in terms of low latency as compared to SCTP and TCP.

Place, publisher, year, edition, pages
Karlstad: Karlstad University Press, 2015. 39 p.
Series
Karlstad University Studies, ISSN 1403-8099 ; 41
Keyword
latency; traffic classification; slow-start; TCP; SCTP; PR-SCTP; NR-SACKs; event logging; performance evaluation
National Category
Computer Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-37487 (URN)978-91-7063-659-2 (ISBN)
Public defence
2015-11-12, Lagerlöfsalen, 1A305, Karlstads universitet, 09:00 (English)
Opponent
Supervisors
Available from: 2015-10-16 Created: 2015-08-14 Last updated: 2015-11-12Bibliographically approved

Open Access in DiVA

No full text

Other links

http://iwscn2011.hig.no/

Search in DiVA

By author/editor
Rajiullah, MohammadLundin, ReineLindskog, StefanBrunström, Anna
By organisation
Department of Computer ScienceCentre for HumanIT
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

Total: 452 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf