Editorial by suchenfz


Aperturen is published
by Acreo AB
A part of Swedish ICT Research
Legally responsible
Hans Hentzell
Anders Josefsson, 08-632 77 87
                                                              This issue of Aperturen gives an overview of the research of future
Lena Lindmark, 08-632 77 12                                Internet at Swedish ICT and some selected key research topics in the
lena.lindmark@acreo.se                                     area of future Internet at Acreo.
Acreo AB                                                      The spectacular growth of the Internet together with new types
Electrum 236 (Isafjordsg 22)
164 40 Kista                                               of services will continue and it creates tough requirements for the
Phone: 08-632 77 00                                        technology that shall make it possible. The exciting possibilities also
Fax: 08-750 54 30
                                                           create new opportunities and threats for the individual user as well as
Acreo AB
                                                           the society which are not only of technical character. All these chal-
Box 787 (Bredgatan 34)                                     lenges call for more research enabling the future Internet.
601 17 Norrköping
                                                              The Research and Innovation plan from the Swedish government
Phone: 011-36 36 00
Fax: 011-36 36 01                Hans Hentzell             will be very important and may set out the course for a more pro-
Acreo AB                         hans.hentzell@acreo.se    gressive development of Sweden as a country supporting innovation
FiberLab                                                   and applied development. Within the area of information and com-
Box 1053 (Håstaholmen 4)
824 12 Hudiksvall                                          munication technology (vehicle and transport ICT, security as well
Phone: 0650-55 66 00                                       as nanoelectronics and printed electronics together with the future
Fax: 0650-180 02
                                                           Internet) we know that Acreo can make a substantial contribution to
MD: Hans Hentzell                                          the development.
08-632 77 50
                                                              I hope you will like this issue of Aperturen!

                                                              Hans Hentzell

Title page:
Artist’s interpretation of
World Wide Web and the
(Anders O Blomberg,
                                 Aperturen 2/2008 • Research for the Future Internet 2 • 100 Gb/s Ethernet 4 • Acreo Control Plane
Sollentuna Grafiska AB            Group 8 • End to End Quality of Service of Video 10 • Acreo National Testbed 15 • SICT Center IBBC 17
                                 • Software Oriented Research 19 • Unwanted Traffic 21 • Acreo Seminars 30 • ”Språkspalten” 32

                                                                                                                        Aperturen 2/2008       1
                           Research for the Future Internet
                           The spectacular growth of the Internet together with new types of services will
                           continue and it creates tough requirements for the technology that shall make it
                           possible. The exciting possibilities also create new opportunities and threats for
                           the individual user as well as the society, which are not of technical nature only. All
                           these challenges call for more research enabling the future Internet.

Anders Berntson                                                                     bile units, phones and computers now have Internet
anders.berntson@acreo.se                                                            connection. This creates a potential for a new types
                                                                                    services that are based on positioning, location and
                                                                                    other capabilities of mobile phones.

                                                                                    Unwanted Traffic
                                                                                    This success is dependent on a basic design prin-
                                                                                    ciple: The Internet is designed to provide generic
                                                                                    connectivity, transporting IP packets with the appli-
                                                                                    cation intelligence at the end-points under user con-
                                                                                    trol. The Internet is not optimized for any specific
                                                                                    application; such optimization would only be done
                                                                                    at the expense of future, yet unknown applications.
                                                                                    But this, the strength of the Internet, also opens for
                                                                                    a weakness: Internet transports just about everything
                           This issue of Aperturen presents some selected           including a lot of unwanted traffic. There are many
                           key research topics in the area of future Internet       types of unwanted traffic, ranging from spam, to
                           at Acreo. This introduction briefly presents the re-      attacks on the infrastructure and to other illegal acti-
                           search field in order to create a framework and put       vities. In fact, the unwanted traffic has become one
                           the different articles into one context.                 of the main problems of the Internet that threatens
                              The Internet is a remarkable success that to-         the network functions and our trust in the Internet
                           gether with services such as e-mail and the web has      infrastructure. Unwanted traffic is discussed in an
                           changed and impacted our everyday lives. Services        article at the end of this Aperturen issue.
                           over the Internet are still evolving rapidly, e.g. the
                                                                                    Increasing Network Traffic
                           social web is a recent phenomenon. The last couple
                                                                                    The success of the Internet services brings rapidly
                           of years we have also seen the success of mobile
                                                                                    increasing volumes of data traffic. The growth rate
                           broadband, Internet has become the killer applica-
                                                                                    depends on where in the network traffic is measured,
                           tion of 3G mobile networks. Large numbers of mo-
                                                                                    and also on who you ask, but often 50%-100%

 2   Aperturen 2/2008
annual growth-rate is quoted. This spectacular             today consists in video content. In most cases it is
growth represents a challenge for the development          being downloaded with a peer-to-peer application,
of the underlying network equipment; twice the ef-         but in many cases content is also being streamed
ficiency in a year. In this issue, Acreo’s research in      in real timer or faster. Functions for broadcast (or
two important technologies that will enable the Inter-     multicast) are not openly available on the Internet
net in the future are discussed: Interfaces for 100        and therefore (overlay) content distribution networks
Gbit/s (see next page) and controlplane and archi-         are a hot topic presently. Secondly, IPTV and Video
tecture for efficient packet transport (page 8).            on Demands seem to be applications that end-users
    Historically, bit-rates have increased step by step    are willing to pay extra for (in addition to Internet
and 100 Gbit/s is the next step in that evolution.         access). This puts IPTV at the center of the efforts
However, 100 Gbit/s also represents a new para-            for introducing a business model where there is
digm, the drive now comes from increased efficiency         room for a service operator that is responsible for
in the IP routers, not from the transport layer and        content and technical quality of the distribution. This
fewer physical interfaces. The first applications will      is nothing else than the business model of traditional
be in data centers and Internet exchange points, not       telephony, but it would be new to the Internet. When
in long distance trunk transmission. The standard-         moving pictures in general is such a key application
ization is driven by the IEEE for Ethernet, not the        it will become increasingly important to be able to
ITU for Optical Transport Networks. It is the suc-         measure and monitor the quality of the video. A re-
cess of the Internet that now shapes the next genera-      view of Acreo’s research activities when it comes to
tion of equipment for optical transmission.                the measurement and monitoring of the end-to-end
    Apart from forwarding IP packets, there are ad-        quality of TV or video is given on page 10 in this
ditional functions which without doubts would be           issue.
good to have, e.g. support for logical traffic sepa-            Additionally in this issue: Acreo has two impor-
ration to group IP packets into flows. This enables         tant tools for interacting with external partners: The
traffic engineering and serves as the basis for other       Acreo National Testbed, a network with real end-
functions such as e.g. tuneling, Virtual Private           users that also serves as a meeting place for different
Networks and emulated network services. These              players, and the Swedish ICT Center IBBC for
functions have already been developed and opti-            handling our industry cooperations.
mized for telephony in circuit switched networks.              Acreo, as a part of Swedish ICT Research, also
The challenge today is to develop the corresponding        has close cooperation with the sister institute SICS.
technology but optimized for efficient transport of         Some highlights of more software oriented Internet
packets. It is the success of the Internet that shapes     research done by SICS is presented in this issue.
the layering and the architecture of future transport      One example is “The Internet of Things”, i.e. the
or core network (for more information this was also        connection of billions of communicating devices
discussed in a previous issue of Aperturen (1/2008)).      which will create increasing demand on the net-
                                                           work capacity. Another example is the EU project
Moving Pictures
                                                           4WARD with research on architecture and design
Looking at the applications that make Internet so
                                                           for the future Internet, aiming to overcome the ob-
attractive to end users, moving pictures is particu-
                                                           stacles of current technology. 
larly interesting from at least two points of view:
First of all, a great deal of the Internet traffic volume

                                                                                                                     Aperturen 2/2008   3
100 Gb/s Ethernet and the Future of DWDM
                            How will DWDM networks keep up with the growth of Internet traffic
                            in the future? Acreo is taking part in a major European initiative
                            called 100GET addressing this challenge by developing solutions
                            for 100 Gb/s Ethernet transport; but what about beyond 100 Gb/s?

Jonas Mårtensson            The remarkable growth of information transported        (Carrier-Suppressed-RZ) and Duobinary which have
jonas.martensson@acreo.se   over the Internet during the last 10-15 years would     a slightly more compact spectrum.
                            not have been possible without an accompanying              As we are now approaching spectral efficiencies
                            growth of capacity of cost-efficient transmission be-    of 1 bit/s/Hz, only turning the light on and off will
                            tween the routers and switches.                         no longer suffice. Some first steps towards multi-
                                This capacity growth, at least in core networks,    level modulation in commercial DWDM systems
                            has largely been enabled by the invention of DWDM       have been taken by modulating the phase of the
                            (Dense Wavelength Division Multiplexing) and op-        light instead of the intensity and using differential
                            tical amplifiers. Since the first commercial DWDM         detection. DQPSK (Differential Quadrature Phase
                            systems were deployed in the middle of the 1990’s,      Shift Keying) allows two bits of information to be
                            allowing carriers to use installed fiber more effi-       transmitted for each symbol. However, to enable
                            ciently, system vendors have responded to increased     even more complex modulation and higher spectral
                            demand for capacity by supporting more wave-            efficiencies it will be necessary to employ coherent
                            lengths as well as higher bitrates per wavelength.      detection allowing both the intensity and the phase
                                While early DWDM systems used 200 GHz               of the transmitted light to be recovered. Coherent
                            channel spacing and 2.5 Gb/s per wavelength,            detection was a hot topic already some 20 years ago
                            state-of-the-art systems today support 40 Gb/s per      but for different reasons than today. Back then it was
                            wavelength at 50 GHz channel spacing. This factor       improved receiver sensitivity, not spectral efficiency,
                            of 64 increase in spectral efficiency was made pos-      that was the main goal. When the EDFA (Erbium
                            sible by improved wavelength precision and stability    Doped Fiber Amplifier) came along, solving the
                            of lasers and optical filters as well as increased       problem of increasing transmission distance, the
                            bandwidth of optical and electrical components.         research on coherent detection almost completely
                            However, the increase could be achieved without         stopped for many years.
                            moving to more spectrally efficient modulation
                                                                                    100 Gb/s Ethernet and Standardisation
                            formats, simply because early systems had a lot of
                                                                                    Research on high-speed DWDM transmission and
                            space between the wavelengths that could be filled
                                                                                    advanced modulation formats was recently given
                            up. Today’s systems still use only the optical inten-
                                                                                    extra fuel when IEEE started standardisation of the
                            sity to transmit information and mostly basic NRZ
                                                                                    next speed for Ethernet, which will be 100 Gb/s.
                            (Non-Return-to-Zero) modulation, even though
                                                                                    This is a factor of 10 upgrade from today’s 10 Gb/s
                            some use more advanced formats such as CS-RZ

 4   Aperturen 2/2008
    which is also the bitrate used in most of the installed   ing 100 Gb/s data over a single wavelength using
    base of DWDM systems in core networks. The IEEE           spectrally efficient modulation formats. The solution
    P802.3ba 100 Gb/s Ethernet Task Force is focusing         most people seem to believe in at the moment is Pol-
    on standardising interfaces for limited distances up      Mux (Polarisation-Multiplexed) QPSK modulation
    to 40 km and the first solutions will be parallel in       and coherent detection. This solution is appealing
    the sense that the 100 Gb/s data is distributed over      since it makes use of all available orthogonal dimen-
    several fibers using e.g. 10 x 10 Gb/s fiber ribbon or      sions of light, namely the inphase and quadrature
    wavelengths using e.g. 4 x 25 Gb/s CWDM (Coarse           components of both polarisations. Coherent detec-
    WDM). For these solutions where a single 100 Gb/s         tion has been facilitated by the increase in speed of
    data signal is transmitted over one fiber or fiber rib-     ADCs (Analog-to-Digital Converters), DACs (Digi-
    bon, spectral efficiency is of course not an issue.        tal-to-Analog Converters) and DSP (Digital Signal
    However, for longer distances routers and switches        Processing) circuits which enable phase recovery to
    are connected over a DWDM network which must              be performed in the digital electronic domain, eli-
    also be able to handle the 100 Gb/s data. Carriers        minating the need for optical PLLs (Phase-Locked
    would like to be able to do this without replacing        Loops). Digital phase recovery together with in-
    all of their DWDM infrastructure which means that         creased signal bitrates has also relaxed the need for
    existing 50/100 GHz channel spacing must be sup-          very narrow linewidth lasers. Furthermore, coherent
    ported, and this is one reason why spectral efficiency     detection and DSP enable compensation for optical
    becomes critical. IEEE is collaborating with ITU-T        impairments like chromatic dispersion and PMD
    to ensure compatibility between 100 Gb/s Ethernet         (Polarisation Mode Dispersion) in the electronic
    and interfaces of OTN (Optical Transport Network)         domain as well as digital polarisation demulti-
    standardised by ITU-T for which the next line rate        plexing. OIF (Optical Internetworking Forum) has
    will be about 112 Gb/s including Ethernet 64b/66b         very recently started a project supported by many
    block code, FEC (Forward Error Correction) and            system and component vendors aiming at an im-
    some OTN overhead.                                        plementation agreement for 100 Gb/s long-distance
        The option of distributing the 100 Gb/s data over     DWDM transmission specifying PolMux QPSK as
    several wavelengths exists also for long-distance         the modulation format. Nortel already today has a
    DWDM. A system supporting 10 Gb/s per wave-               commercial 40 Gb/s DWDM product based on this
    length could transport 100 Gb/s Ethernet today by         solution.
    simply introducing adaptation modules performing
                                                              100 GET and Acreo
    inverse multiplexing at the transmit end and multi-
                                                              Acreo participates in a
    plexing the data back to 100 Gb/s at the receive
                                                              large European R&D
    end. However, such a solution does not increase the
                                                              project within the Celtic
    total capacity of a DWDM system. Increasing total
                                                              programme addressing
    capacity per fiber is a more fundamental motivation
                                                              the challenge of coping with continued Internet traf-
    for improving spectral efficiency. It is difficult to
                                                              fic growth and involving the major system vendors
    imagine being able to support a continued growth
                                                              Ericsson, Alcatel-Lucent, Nokia Siemens Networks
    of Internet traffic just by installing and lighting up
                                                              and ADVA. The main goal of the project, called
    more fibers. Therefore, considerable research efforts
                                                              100GET (100 Gigabit Ethernet Transport Tech-
    are now devoted to finding solutions for transmitt-

                                                                                                                      Aperturen 2/2008   5
    clock division and fan out

      clatabus FPGA <-> DAC                                                                                               DAC development
       (connected to probes)                                                                                              board, arm 1

          FPGA development                                                                                                Amplifier, arm 1
                board, arm 1

       2x24 differential pairs                                                                                            Dual Arm Mach

                FPGA -> DAC                                                                                               Zender

                                                                                                                          Amplifier, arm 2

          FPGA development                                                                                                DAC
                board, arm 2                                                                                              development board,
                                                                                                                          arm 2

                                 OFDM transmitter prototype based on FPGAs developed in the
                                 100GET project by Ericsson in Backnang, Germany.

                                 nologies), is to develop metro and core DWDM net-                Acreo is contributing to the 100GET project in
                                 works for transporting 100 Gb/s Ethernet. 100GET             the area of modelling and numerical simulations.
                                 is divided in four subprojects, coordinated by the           This is an area where Acreo has a long and broad
                                 different system vendors. The subproject Acreo is            experience, using simulation software such as
                                 involved in is coordinated by Ericsson and focuses           VPItransmissionMaker to investigate transmission
                                 on the metro network segment. Different techno-              properties of high-speed DWDM systems and ex-
                                 logy options will be explored, including modulation          ploring methods for mitigating impairments such
                                 schemes used extensively in wireless transmission            as chromatic dispersion, PMD and nonlinear fiber
                                 such as OFDM (Orthogonal Frequency Division                  effects. Acreo also develops theoretical models for
                                 Multiplexing) and SCM (Sub-Carrier Multiplexing).            important subsystems and components of DWDM
                                 Higher multi-level constellations will be considered,        systems. Being able to evaluate and compare alter-
                                 like for example 8PSK and 16-QAM (Quadrature                 native system configurations using numerical simu-
                                 Amplitude Modulation), modulated either directly             lations before hardware implementation is crucial
                                 on light or in combination with RF (Radio Frequen-           for an efficient R&D process. This is especially
                                 cy) sub-carriers. High-speed ADCs and DACs will              true for a project like 100GET where many options
                                 be developed and DSP algorithms will be investi-             exist concerning e.g. choice of modulation scheme
                                 gated and implemented in FPGAs (Field Program-               and implementation of necessary functions in both
                                 mable Gate Arrays).                                          optical and electrical domains. In addition to the

6   Aperturen 2/2008
contributions on modelling and simulations, the           for frequent electrical regeneration will eventually
Acreo National Broadband testbed will be used for         make it prohibitively expensive to increase spectral
testing and evaluation of prototypes developed in the     efficiency further. Breakthroughs in optical amplifier
project. The field experiments will be performed on        technology and alternative amplifier types such as
the 800 km DWDM link connecting Acreo labs in             SOAs (Semiconductor Optical Amplifiers) might al-
Kista and Hudiksvall.                                     low an increase in optical amplification bandwidth
                                                          and thereby higher capacity per fiber, but at some
Beyond 100 Gb/s Ethernet
                                                          point new fibers will have to be installed anyway.
So what about the future, looking beyond 100 Gb/s?
                                                          Photonic integration, advocated by companies like
It is clear that the demand for increasing capacity
                                                          Infinera, is another technology that could be signifi-
will not stop here and major ISPs (Internet Service
                                                          cant for the future of DWDM. For example, dividing
Providers) and data center owners are already asking
                                                          100 Gb/s data between 10 wavelengths at 10 Gb/s or
IEEE to start working on the next speed upgrade,
                                                          in the future 1 Tb/s data between 10 wavelengths at
presumably 1 Tb/s Ethernet, as soon as the 100 Gb/s
                                                          100 Gb/s becomes more manageable when those 10
Ethernet standard is ready. The impact on DWDM
                                                          wavelengths can be transmitted and received using
transport is difficult to predict at this point but sup-
                                                          a single chip. Integrating a large number of func-
porting individual 1 Tb/s connections will most
                                                          tions on a PIC (Photonic Integrated Circuit) should
likely require some innovative thinking. Spectral
                                                          mitigate some of the issues, like for example space
efficiency can not be increased indefinitely without
                                                          and power consumption, encountered when trying to
becoming more susceptible to noise resulting from
                                                          keep up with increasing demand for capacity. 
optical amplification. This means that the necessity

                                                                                                                 Simulated 16-QAM
                                                                                                                 constellation diagrams
                                                                                                                 in presence of laser
                                                                                                                 phase noise before
                                                                                                                 and after digital signal

                                                                                                                      Aperturen 2/2008      7
The Acreo Control Plane Group Activities
– an Update
                                There is not a single definition of what a control plane is but in our context
                                it has the meaning of distributed functions that handle resource allocation
                                and maintenance, dissemination of information, and path calculation
                                in networks consisting of multi-technology data/forwarding planes.

Anders Gavler                          Today there are numerous trends within the multi-        refers to the scope of the work, i.e. should the focus
anders.gavler@acreo.se                layer control plane area within the Internet Engi-        on “only” IEEE PBB-TE or other layers of Ethernet
Loa Andersson                         neering Task Force (IETF). This text will give you        as well. End to end service setup in multi flavoured
loa.andersson@acreo.se                an update on what Acreo is focusing on and some of        Ethernet networks (i.e. not only PBB-TE) requires
                                      the current challenges in this area.                      control plane support or alternatively managed so-
Anders Berntson
anders.berntson@acreo.se                  Acreo’s main focus is on:                             lutions.
                                       GMPLS Ethernet – control plane to the IEEE                  WSON - Development of an information model
                                          Ethernet data plane;                                  (i.e. how and which information are needed to de-
                                       Wavelength Switched Optical Networks (WSON)             scribe optical nodes and links) and control plane
                                          – control plane supporting the ITU OTN archi-         protocols in support of the ITU OTN architecture.
                                          tecture;                                              The main focus is on handling optical switching
                                       Path Computation Element (PCE) – distributed            elements which are blocking e.g. ROADMs, the
                                          and centralised architectures for single or multi     wavelength continuity constraint, and analog optical
                                          layer path computation.                               impairments.
                                          Another focus area, that is overlapping with the          MPLS TP – Possible extensions of IETF MPLS
                                      control plane area, is the work done on the MPLS          forwarding, OAM, survivability, network manage-
                                      Transport Profile (MPLS TP), which aims at in-             ment and control plane protocols in support of ITU
                                      cluding ITU transport network requirements to the         transport network requirements. The main effort
                                                               IETF MPLS architecture.          is foreseen to be spent on extensions in support of
  MPLS - Multiprotocol Label Switching                             Below is a short update on   OAM requirements.
  GMPLS - Generalized Multiprotocol Label Switching            relevant parts on some of the        The group also has an activity on more general
  IEEE - Institute of Electrical and Electronics Engineers     above areas:                     and fundamental multi-layer architectural questions.
  ITU - International Telecommunication Union
                                                                   GMPLS Ethernet – Work        The goals are to clearly motivate a multi-layer
  OTN – Optical Transport Network
  PBB-TE - Provider Backbone Bridge Traffic Engineering
                                                               to complement IEEE 802.1         network, through the answers to these questions,
  ROADM - Reconfigurable Optical Add-Drop Multiplexer           with a GMPLS control plane       and to conclude on the relevant functions and corre-
  OAM - Operations, Administration, and Maintenance            and possibly a hierarchical      sponding network scenarios.
  IAB - Internet Architecture Board                            model. The last statement            In the European research project ALPHA Acreo

 8   Aperturen 2/2008
will look into using a GMPLS control plane in metro      The figure shows the long term research scope of the Alpha metro access network. It also
access type networks. This research has its starting     indicates the possible needs of redundant infrastructure in the first mile, and also possibility
point in the today used solution called access MPLS,     of different topologies.
and aims at studying possible benefits of introducing
a GMPLS control plane into this environment. The                                              Target network
future access metro network is assumed to have
tougher requirements than today on e.g. multi tech-
nology building practises and on protection and res-                           Customer
toration, which could motivate the use of a common                  Home
                                                                                                       AN                                   Multi
                                                                                    GW                                             AN                     Provider
control plane and the traffic engineering possibilities             Network                                                                  Edge            Edge

of GMPLS.                                                                                                                                                             Core
                                                                                         Next Generation Access Network MSE
                                                                                            AN    Access
                                                                                                           AN                                                 PE
    An important support of the above activities is                                               Nodes                                                              Network
the Acreo GMPLS testbed. The main benefit of the                    Network          GW
Acreo GMPLS testbed was the possibility of intero-
perability tests between vendors that had products
                                                            Home network edge
in this area. Today we have full control and in house     functions, e.g. service            Network control and management functions,
                                                                                              e.g. routing, signalling, fibre management
                                                                                                                                               Core network edge
                                                                                                                                               functions, e.g. peering
development of our own GMPLS software stack                    Home Network                                                                      Core Network
                                                                                         Next Generation Access Network Topology
(routing, signalling, data plane control and emula-
tion). The possibility of interoperability testing is                         Single or multi-technology resource allocation through
                                                                             Generalised Multi Protocol Label Switching control plane
still true, but controlling the code base also enables
us to implement and test novel solutions, standard
solutions, and to support work being done in stan-
dardisation bodies, as well as creating network
demonstrators in various projects. This makes us                                                                                              GMPLS regions
                                                                       The Acreo GMPLS Testbed
an attractive partner to both industry and European                                                                                                       C    L2SC
projects due to the fact that we can offer an easily                                                                                                          LS

accessible and open platform.                                             IP/MPLS                              IP/MPLS
    In standardisation Acreo has an established pre-                                                                                             Packet link (PSC)
sence in the Internet engineering task force (IETF),                                                                                             Ethernet link (L2SC)

especially through the participation in the IETF                                                                                                 Optical link (LSC)

                                                                                                                                                 Juniper MPLS router
“board”, the IAB, and the work around MPLS TP
and WSON. During the next year we will expand the                   Ethernet                            Ethernet                                 Acreo MPLS software router

                                                                                                                                                 SwitchCore Ethernet switch
active standardisations work into GMPLS Ethernet                                                                                                 Acreo software Ethernet switch

area. The IETF work is mainly on the control and                                                                                                 Acreo software Ethernet switch

management plane issues and not in specifying the                                                                                                Transmode optical node
                                                                         OTN                                   OTN                               Acreo software OXC
different data plane technologies. This means that it
                                                                                                                                                     Acreo software ROADM
is very important to have good insight or presence in
other standardisations bodies like the IEEE and es-      The multi-layer topology network where the top layer is IP/MPLS, the second one is 802.1Q framed,
pecially the work around 802.1, the ITU-T and the        and the bottom one is the OTN region. The vertical inter layer separation shows on the right hand side
work around the OTN architecture.                       (blue) data plane and control plane software nodes that runs as virtual machines on a host server.

                                                                                                                                                      Aperturen 2/2008         9
End to End Quality of Service of Video
Kjell Brunnström                                                                                                  End-to-end perceived
kjell.brunnstrom@acreo.se                                                                                         quality of service as
                                                                                                                  defined in the EU
                                                                                                                  project MUSE

                            It is often said that a chain is as strong as its weakest link.
                            This is particularly true when it comes to service delivery over a network.
                            For instance, if TV is sent to a customer and the net-   However, for a TV or video-on-demand service
                            work has very good capacity all the way and intro-       there is also a basic signal quality to be added to the
                            duces no transmission errors, but the content i.e. the   scenario.
                            TV-program or the movie in itself is of poor picture         How could the end-to-end quality i.e. the quality
                            quality, perhaps due to too severe compression, then     from and including the source of the signal to the
                            of course the end quality is not good. On the other      end user be guaranteed? One common approach, es-
                            end of the scale, the signal could be of excellent       pecially when the technology is not mature enough,
                            quality, perhaps HDTV, but shown on a very poor          is vertical integration. This means that a service pro-
                            display. However, in most cases the situation is not     vider takes control over the whole end-to-end chain,
                            as clear cut as in the examples given. The quality ex-   often with the consequence that customer have little
                            perienced by the user has a complicated interrelation    or no flexibility to chose another services provider if
                            between the signal quality, the particular service       they are not satisfied. On the other hand, in a more
                            content, the terminal quality and errors introduced      open network where the user is free to select service
                            by the transmission of the signal from the source to     provider and the network owner is not connected to
                            the user. The end-to-end perceived quality as defined     the service provisioning, there are higher demands
                            in the EU-project Multi-Service Access Everywhere        for standardisation and maturity of the technology.
                            (MUSE) is illustrated in the figure above. In this        The network needs to be enabled for many types
                            particular example, a video phone service, all com-      of services, which puts different requirements on
                            ponents that are involved for establishing the percei-   the network. It also very likely that several network
                            ved quality is directly involved in the service setup.   owners are involved in the delivery and then the

10 Aperturen 2/2008
different networks need to be compatible with each        Rec. J.144 and ITU-R BT.1683), when the distorted
other.                                                    video can be directly compared to the undistorted
    Regardless whether the network is open or ver-        original.
tically integrated, there is a need to measure and to         The latest evaluation which was called Multi-
have control over the quality that can be delivered to    media phase 1, was probably the largest video
the end user. How to measure and the requirements         quality project ever executed. Target towards small
for a particular service are different for different      images size and bitrates, suited for PDAs and mobile
services. TV, often referred to as IPTV when it is de-    phones. It involved creating a very large database of
livered over a data network, is a demanding service       subjective quality data from about forty subjective
and a key service to get to function well. This article   assessment experiments where more than 160,000
will give an overview of the research activities at       opinion scores were collected in about ten different
Acreo when it comes to the measurement and moni-          countries all over the world. Acreo performed two of
toring of the end-to-end quality of TV or video. The      these experiment and had provided the experimen-
topics covered are: objective video quality metrics       tal software, ArcVQWin, that showed the video for
and standardisation; quality of channel zapping;          the viewers and collected their opinion scores. This
display quality for moving images as well as basic        software was used by all laboratories involved in the
network qualifications for IPTV.                           test. The voting dialog is shown in the figure below.
                                                              The effort, which took over five years of prepa-
Objective Quality Metrics and Standardisation
                                                          rations, has resulted in two draft recommendations
An objective video quality metric accurately esti-
                                                          by the ITU and will most likely become recommen-
mates the quality of video without performing an
                                                          dations already late 2008.
assessment with a panel of viewers. These can
be useful for a number of applications, e.g. per-         Quality of Channel Zapping
formance testing to define encoding profiles, equip-        The end user experience of service quality is criti-
ment testing to compare codec performance, and            cal to the success of a service provider’s IPTV
quality assurance and in-service quality monitoring.      deployment program. A key element involved in
In order to know whether an objective quality metric      validating IPTV quality of experience (QoE) is how
can predict quality, it is necessary to compare its
output to the opinions of a panel of viewers. The                                                                 The voting dialog of the
international authority on evaluations on objective                                                               Acreo developed experi-
video quality metrics is the Video Quality Experts                                                                mental software ArcVQWin
Group (VQEG, www.vqeg.org), where the author
has been active for several years and is Co-chair of
the Multimedia group as well as the Independent
Laboratories’ group. The results from the evalua-
tions are then submitted to standardisation organisa-
tions and in particular to the International Telecom-
munication Union (ITU). An already existing stan-
dard that is based on evaluations of VQEG is video
quality metrics for standard definition TV (ITU-T

                                                                                                                        Aperturen 2/2008     11
       Model and the MOS                                                                                 providers that offer triple play. In
                                       MOS=max{min -1.02*ln(Zapping Time)+2.65, 5},1}
      of the subjective data                                                                             addition it can be remarked that zap-
                                                                                                         ping time also plays an important
                                                                                                         role for other com-munication devi-
                                                                                                         ces that can operate with a remote
                                                                                                         control such as DVD players, satel-
                                                                                                         lite, or terrestrial receivers, etc.
                                                                                                             The study involved about twenty
                                                                                                         test persons that judged the quality
                                                                                                         of different zapping times. A model
                                                                                                         was derived which had a good fit to
                                                                                                         the data, see the figure.
                                                                                                             From the model we can derive a
                                                                                                         useful rule of thumb for the zapping
                                                                                                         time. For the quality to be good or
                                                                                                         better the MOS value needs to be
                               quickly and reliably users can change TV channels,        more then 3.5 and this will give that the zapping
                               often referred to as channel zapping. Although it is      time needs to be below 0.43 sec.
                               well-known that zapping time is an important factor
                                                                                         Display Quality of Moving Images
                               influencing QoE there is not much information about
                                                                                         The end-to-end quality is highly affected by the
                               the requirements for zapping time (a.k.a. switching
                                                                                         display quality. It has been recognised for some
                               time). Kozamernik and Vermaele published a study
                                                                                         time now that LCD displays will introduce blur in
                               2005 that zapping time could be called satisfactory
                                                                                         the images when showing moving objects. There
                               if it is below 1 second. This is consistent with the
                                                                                         are two effects that contribute to the motion blur.
                               common guidelines for response time of computer
                                                                                         An LCD display contains a matrix of picture ele-
                               systems. A recent literature study revealed that cur-
                                                                                         ments, containing liquid crystals elements that have
                               rently there is no knowledge about the explicit re-
                                                                                         to be turned in order to change the local image of
                               lation between zapping time and the user perceived
                                                                                         the display. If the liquid crystal elements change
                               quality as expressed as a Mean Opinion Score
                                                                                         too slowly, then motion blur will be introduced.
                               (MOS). Therefore, a study was initiated and resulted
                                                                                         However, even if the response time of the liquid
                               in a model that maps zapping time to perceived qual-
                                                                                         crystals would be instantaneous, motion blur is still
                               ity in terms of MOS. Note that because IPTV is an
                                                                                         introduced due to the way the picture elements are
                                                                        eminent part
    Picture of moving edge                                                               updated in an LCD display. A picture element will
                                                                        of triple play
            taken by a high                                                              hold its value until it is changed. This is referred to
                                                                        offerings the
             speed camera                                                                as sample-and-hold. The interesting thing is that the
                                                                                         blur is an interaction effect between the screen up-
                                                                        of channel
                                                                                         date and the human visual system. If a moving edge
                                                                        zapping is of
                                                                                         on a display is captured by a high speed camera,
                                                                        great impor-
                                                                                         there is no blur, see the figure.
                                                                        tance to all

12 Aperturen 2/2008
                                                                                                                 When the eyes are
                                                                                                                 tracking an edge on
                                                                                                                 CRT the eye will receive
                                                                                                                 the same amount of
                                                                                                                 light from each point
                                                                                                                 around the tracked
                                                                                                                 edge, whereas this will
                                                                                                                 vary around the edge
                                                                                                                 for the LCD display,
                                                                                                                 which will give rise to
                                                                                                                 a blurry impression of
                                                                                                                 the edge.

    However, when a moving edge is viewed on a            can be obtained using a simple sensor sampling the
screen the human visual system will track the edge        temporal behaviour of the LCD display. Acreo has
then on a display where the images are flashed for         evaluated both method for some displays and also
short intervals, see (a) in the figure above, a sharp      found that they are equivalent. This procedure will
image of the edge will be shown at the location           most likely be used by TCO, when revising TCO
where the human visual system is anticipating it          ‘06. What is lacking now is to understand how much
each time it is flashed and since it is dark in between    blur is acceptable to the user. An experiment with
no smear of the edge will be introduced. However,         the goal of finding this level is planned for the se-
on a hold-type display the image of the edge will be      cond half of 2008.
visible at the old location, see (b), until it is moved
                                                          Network Qualifications for IPTV
to the new. The eyes will smoothly follow the edge,
                                                          If the end-to-end perceived quality of TV should be
which means that the edge location will move on the
                                                          good, then as mentioned before the TV signal, the
retina, giving rise to a blurred edge. Another way to
                                                          end user equipment, the connection between the user
explain the phenomenon is as illustrated in the figu-
                                                          and the network must be good, as well as the whole
re, with the amount of light reaching the eye around
                                                          network from the service provider to the home gate-
edge while tracking the edge.
    Methods for measuring motion blur have been
                                                              Before a network owner even can start to con-
proposed and the most the well-known is the
                                                          sider delivering IPTV, he/she should go through
Moving Picture Response Time (MPRT). Unfortu-
                                                          the network and check whether it fulfils the basic
nately, this method requires a rather complicated
                                                          requirements for IPTV.
system to be performed, involving a moving camera
                                                              Acreo has for several years compiled guidelines
or scanning mirrors. It has been shown by Sharp
                                                          for network owners on requirements for the network
Laboratories and NASA that the same measurements

                                                                                                                 Aperturen 2/2008       13
                      for delivering IPTV. The latest contribution was           on-demand service. It accounts for several percent of
                      written during spring 2008.                                the data traffic on the Internet today and passed 100
                         It is not in the scope of this article to go into       million videos per day already in 2006 (http://news.
                      details on the requirements stated in this document,       bbc.co.uk/go/pr/fr/-/1/hi/technology/5186618.
                      but as an example the bandwidth requirements will          stm). The early adopters are the younger gene-           T
                      be discussed a little bit. To deliver standard TV, it is   ration, which means that they will get used to an        m
                      often believed that 4-5 MBit/s is sufficient, but since     On-demand viewing behaviour. However, YouTube
                      TV very often are produced with variable bitrate           videos are typically of low quality and often quite      r
                      with peak bitrates that are considerably higher, the       short. If TV-programs, movies etc. are to be avail-      i
                      recommendation is to have at least 9 MBit/s avail-         able on-demand in standard definition or even high
                      able per TV channel in the access to the home, to          definition quality with sustained high QoS, the net-      w
                      be robust against packet drops. Furthermore, it is a       work needs to be optimized to handle it.                 o
                      minimum requirement for a household to be able                 Currently, the access networks need to be up-
                      to watch two channels at the same time, which de-          graded, but also the codecs, caching techniques and      n
                      mands in total at least 18 MBit/s.                         network management should be optimized to handle
                                                                                 unicast based video services. The peer-to-peer tech-
                      On-Demand and Peer-to-PeerTV
                                                                                 nique here offers an interesting possibility to handle
                      – The TV of the Future
                                                                                 this trade-off. Acreo in collaboration with SICS and
                      Bandwidth usage is increasing rapidly, with more
                                                                                 several Swedish companies are currently working on
                      than 100% over the last two years. This can be ex-
                                                                                 this problem in a 3 year project financed by Vinnova
                      plained by an increase in video traffic. Furthermore,
                                                                                 and the participating companies.
                      the prognoses say that that the rapid increase will
                      continue. An explanation to this is an anticipated be-     Conclusions
                      haviour shift among users as it becomes increasingly       To be able to deliver a service with good quality,
                      possible to view TV-programs, video or movies              care should be taken for the whole delivery chain.
                      whenever the user wants without being bound to             This article has discussed and exemplified, for TV
                      a specific broadcast time: i.e. on-demand viewing.          and video, different aspect of the delivery chain
                      YouTube is an example of a very successful video-          where Acreo today has activities. 

14 Aperturen 2/2008
The Acreo National Testbed, ANT
The Acreo National Testbed, ANT, is a                                                                                Behaviour
                                                                         Testbed activities
meeting place for a wide spectrum of
regional, national and international                                                                                 Broadband access
                                                              Living Labs              Equipment testing
institutions and companies working
with research and commercialisation                           User behaviour           Commercial test and
                                                              provides input to        evaluation of equip-
of products and services for broadband                        product and service      ment for access and           Connectivity
networks.                                                     development              home networks

The focus of the testbed is the end user. This in-         pilots that have agreed to tolerate network down-     Claus Popp Larsen
cludes analysis of user traffic patterns and behav-         time, so much tougher tests can be performed than     claus.popp.larsen@acreo.se
iour; advanced high-capacity services often based          what is the case in commercial production networks.
on an IPTV platform; and studies and evaluation of         Furthermore, Acreo’s engineers have vast experience
equipment close to the end user - access and home          in Layer 1, 2 and 3 equipment from various vendors
networks.                                                  – including interoperability testing.

ANT is an Umbrella for Different Kinds of                  Living Lab
Testbed Activities                                         In ANT we strive to work in accordance with the
ANT contains many interconnected activities that           concept of Living Labs. It means that the end user
can be roughly divided into the following areas:           is continually involved in the development process
Behaviour, Broadband access, Fixed-mobile con-             – all the way from mapping the end users’ needs &
vergence, and Connectivity.                                requirements over prototype development to beta
   Common for all testbed activities is that they are      testing.
performed in real networks using real end users – we           The testbed is open to collaboration concerning
call them test pilots! It is our firm belief that testing   development or testing of services or equipment
services and equipment in a real environment is            with close end user involvement. This could be
superior compared to the lab test. The deployed net-       through either commercial assignments or joint
work equipment is often state-of-the-art commercial        projects. Acreo is part of the Stockholm Living Lab
equipment supplied by our partners, but it can also        network.
be a precommercial from one of our projects.
Equipment Testing                                          The prime sponsors for the research projects and
The testbed is open to companies that wish to test         activities in the testbed are VINNOVA and EU
their equipment in a sophisticated environment with        (through FP7 and the Structural Funds). Industrial
real end users. We have a friendly population of test      financing of both small and large projects and/or

                                                                                                                     Aperturen 2/2008    15
                      assignments is another important source of funding.
                          Here follows a description of the four areas co-   ANT :: Broadband access
                      vered by ANT.                                         The broadband access part of ANT contains a
                                                                             test pilot population of around 60 people living
                                                                             in Hudiksvall and connected to Acreo equipment
                         ANT :: Behaviour                                    located in the network of the local muni net
                         The behaviour testbed includes traffic measure-      Fiberstaden. The test pilots have a high speed
                         ments in Hudiksvall and in a municipality net-      broadband connection (10 or 100 Mbit/s symmet-
                         work in southern Sweden. These measurements         rical) and get Internet and TV and in some cases
                         allow us to investigate people’s Internet traffic    telephony over this connection. The test pilots are
                         patterns in terms of popular applications, peak     subject to test of equipment (either in their own
                         traffic hours etc. Other ways of monitoring test     homes or in the access network) and services (pri-
                         pilot behaviour are through personal interviews     marily over the TV but also Internet based).
                         and through interactive, TV-based questionnai-      Acreo has designed and built an open IPTV plat-
                         res.                                                form, a.k.a. “Open Choice”. The prime service
                                                                             over the open IPTV platform is TV, but many other
                                                                             services such as video on demand, games, guitar
                        ANT :: Fixed-mobile convergence                      playing lessons etc. have been evaluated over the
                        In a joint project with Ericsson a 3G testbed has    platform by the test pilots.
                        been established which contains 20 test pilots
                        in scarcely populated areas around Hudiksvall.
                        Some test pilots have never had broadband access     ANT :: Connectivity
                        before, and through traffic measurements and in-      Acreo has many partners - primarily around
                        terviews we hope to get an indication of how such    Stockholm and Kista, in Hudiksvall and at Mid
                        a fixed-wireless connection impacts people’s lives    Sweden University in Sundsvall - with whom we
                        and behaviour.                                       exchange contents. Typically our partners get ac-
                                                                             cess to our IPTV platform. This requires operating
                                                                             a geographically wide network including switches,
                                                                             routers and optical transmission equipment.

                        The figure shows where
                       Acreo has different kinds
                            of testbed activities.                                                          Behaviour
                        The main locations are
                       Hudiksvall and Kista with
                                                                                                            Broadband access



                                                                                                                  Optical fibre

16 Aperturen 2/2008
                                                                                                                  Gunnar Jacobsen

SICT Center IBBC is one of 3 competence centers at Acreo which provides
a meeting place for Swedish industry and academia within the ICT area
on technical state of the art level.

The SICT Center IBBC is based at Acreo in Kista.          Center activities were building up during Y2007
Acreo, with its long history and extensive resources      with initial financing secured till the end of Y2009.
in fiber optical systems, network implementations          The center has a total budget of 12 MSEK/year with
and networked video and display quality brings to-        half of the budget from industry and half from pub-
gether, under one umbrella, laboratory resources and      lic sources (VINNOVA and Acreo research financing
expertise from academia, industry and institutes.         (K-medel)). Current center partners (all with Center
    This enables the center to study all aspects of       board participation) are Ericsson, Transmode, Packet-
BroadBand communication all the way from the              front, TCO Development and INTERTEK.
optical layer to the human interaction with the user.         The active working areas fall in 4 categories;
The Center addresses the needs of individual indu-        100 Gb optical communication issues; dynamical
strial partners and also creates collaboration clusters   networking; advanced screen tests and equipment
that will lead to new solutions and open markets.         tests in the Acreo National Testbed.
The clusters are seen as drivers for the innovative           A consortium agreement has been prepared after
generation of new products. In collaboration with         consultancy with Vinnova. The agreement has been
university partners, the Center aims at excelling aca-    signed by industry partners and Acreo.
demically and drawing international recognition and           Center partners are also seen as participators
partnerships. The Center provides the participating       engaged in “open network” research focusing on
enterprises with competence, new technologies and         product and service development and testing with
added value. It channels new products and concepts        interoperability as a main consideration. The more
to the innovation systems.                                telecom/datacom oriented industry (Ericsson,
    The SICT Center IBBC brings together a pool           PacketFront, Transmode) participates in R&D con-
of companies, innovation systems, public sector           cerning complete horizontally integrated network
partners, universities and institutes in the broadband    implementations connected to international standard-
area. The work in the Center takes place in Applied       ization. Different service and human interaction
collaboration projects with industry as well in com-      is also a concern of the center and is supported
petence build-up research projects. Research activ-       by companies such as: TCO Development and
ities are supported by close collaboration in PhD         INTERTEK. Negotiations with additional potential
projects with Acreo advisors where PhD students are       partners are ongoing at this time.
enrolled at KTH. Research activities are coordinated          Our vision is to form a Center with a self-
with research at KTH on a strategical level. The          sustained academic and industrial environment that

                                                                                                                      Aperturen 2/2008   17
                                                                                    SICT Center IBBC Relation to Acreo Broadband
                       SICT Center IBBC                                             Activities
                       SICT Center IBBC is one of 3 Competence Centers at Acreo     SICT Center IBBC is the corner stone within Broad-
                       and acts as a meeting place between Swedish ICT industry
                                                                                    band activities at Acreo. In addition to the Center,
                       and academia within the ICT area on technical state of the
                       art level.
                                                                                    Acreo also drives or is active within a number of
                                                                                    other types of projects, all related to and depending
                       Partners: Industry partners are Ericsson, Transmode,
                                                                                    on the Center. Examples:
                       Packetfront, TCO Development, INTERTEK. Main academic
                       partner is KTH.                                               EU FP6 and FP7 projects (e.g. MUSE, NOBEL,
                                                                                        HECTO, BONE, ALPHA)
                       Funding: 50/50 industrial partners and Swedish funding
                       organizations VINNOVA and Acreo (“K-medel”).                  CELTIC projects (e.g. TRAMMS, 100GET and
                       Created: 1st January 2007.
                       More information: www.acreo.se
                                                                                     Projects in VINNOVA call “Mobilitet, mobil
                       Contact: Gunnar Jacobsen, Gunnar.Jacobsen@acreo.se,              kommunikation och Bredband”
                       Center Manager                                                Acreo National Testbed (with significant support
                                                                                        from MÅL2 in Gävleborgs Län)
                                                                                     Basebox
                      will be viable over time. The Center will contribute              In all of these additional projects and activities,
                      significantly to enhance industry competitiveness in           we collaborate with a large number of Swedish
                      the Y2007-2015 time frame.                                    and overseas companies. We also collaborate with
                         This is highly significant for the economic                 Chalmers, KTH and MittUniversitetet.
                      growth in Sweden since the ICT sector provides                    Also, Acreo in many instances has bi- or multi-
                      15 % of the export value and has in the order of              lateral commercial projects with companies outside
                      200.000 jobs. In addition the Center will act as a            the scope of publicly funded research programs.
                      vehicle for IT-based savings in the public sector (E-             In almost all projects referred to above, SICT
                      health, 24-hours government, E-education) and thus            Center IBBC is a key enabling factor without which
                      create direct society benefits.                                we could not run most of the additional projects. 

18 Aperturen 2/2008
Software Oriented Research for
the Future Internet
Acreo, as a part of Swedish ICT Research, has close cooperation with the sister insti-
tute SICS. Some highligths of more software oriented Internet research done by SICS
is presented below.
                                                         to locations where the information can be analyzed,       Adam Dunkels
                                                         correlated with other data and acted upon.                adam@sics.se
                                                             The emerging application space for smart objects      Bengt Ahlgren
                                                         requires scalable and interoperable communication         bengt.ahlgren@sics.se
                                                         mechanisms that support future innovation as the
                                                                                                                   Kersti Hedman
                                                         application space grows. IP has proven itself a long-     kersti@sics.se
                                                         lived, stable, and highly scalable communication
                                                         technology that supports both a wide range of app-
                                                         lications, devices, and underlying communication
Adam Dunkels, researcher                                 technologies. The minimal IP stacks, developed
at SICS, who has developed                               by SICS, are lightweight and run on tiny, battery
   the lightweight IP stack,                             operated embedded devices. IP therefore has all the
        is a member of the                               qualities to make “The Internet of Things” a reality,
 Alliance’s technical board.                             connecting billions of communicating devices.
                                                             For more information, visit
IP Stack Developed by SICS Basis of Industrial               www.IPSO-Alliance.org and
Alliance for the Internet of Things                          www.sics.se/contiki.
A new IP for Smart Objects (IPSO) Alliance has
                                                         SICS Center for Networked Systems
been formed with a mission to promote IP as the
                                                         SICS Center for Networked Systems (CNS) is a
networking technology best suited for connecting
                                                         joint industry-academia research centre within the
sensor- and actuator-equipped or ”smart” objects
                                                         Swedish ICT group. The vision of the centre is The
and delivering information gathered by those ob-
                                                         Reliable Internet, a secure and reliable infrastructure
jects. The 27 founding companies include Cisco,
                                                         which provides predictable service, enable robust
Ericsson, Sun, Atmel, Freescale, and SICS, one of
                                                         applications on heterogeneous networks, is secure
Acreo’s sister institutes within the Swedish ICT
                                                         and, at the same time, easier to manage.
                                                            SICS Center for Networked Systems is funded
    Smart objects are objects in the physical world
                                                         by VINNOVA, SSF, and KK-Stiftelsen through the
that – typically with the help of embedded devices –
                                                         Institute Excellence Centres program. Partners are
transmit information about their condition or environ-
                                                         ABB, Ericsson, Saab Systems, TeliaSonera, T2Data,
ment (e.g., temperature, light, motion, health status)

                                                                                                                        Aperturen 2/2008   19
                      KTH, Mälardalen University, and Uppsala Univer-               4WARD overcomes this impasse through a set
                      sity.                                                     of radical architectural approaches which improves
                                                                                our ability to design inter-operable and comple-
                      4WARD – Architecture and Design for the
                                                                                mentary families of network architectures. These
                      Future Internet
                                                                                approaches enable the co-existence of multiple
                      4WARD is a large EU project led by Ericsson
                                                                                networks on common platforms through carrier
                      Research where the two SICS labs NETS and IAM
                                                                                grade virtualization of networking resources, and
                      participate. 4WARD takes a long-term approach to
                                                                                make the networks self managing. The robustness
                      research towards the Future Internet which means
                                                                                and efficiency are increased by leveraging diversity.
                      that the focus is set on innovation and bright new
                                                                                Finally application support is improved by a new
                      ideas rather than current problems with compati-
                                                                                information-centric paradigm in place of the old
                      bility with existing network. This approach is
                                                                                host-centric approach. These solutions will embrace
                      needed to create a network of the future which can
                                                                                the full range of technologies, from fibre backbones
                      overcome the obstacles of current technologies.
                                                                                to wireless and sensor networks.
                          Today’s network architectures are stifling inno-
                                                                                    4WARD has about 35 partners and is now in its
                      vation, restricting it mostly to the application level,
                                                                                first two-year phase. SICS is engaged in three of the
                      while the need for structural change is increasingly
                                                                                work packages:
                      evident. The absence of adequate facilities to design,
                                                                                 In Network Management
                      optimize and interoperate new networks currently
                                                                                 Forwarding and Multiplexing for Generic Paths
                      forces a convergence to an architecture that is sub-
                                                                                 Network of Information
                      optimal for many applications, and that cannot sup-
                                                                                    For more information, visit
                      port innovations within itself, the Internet. We have
                                                                                    www.4ward-project.eu/. 
                      reached a critical point in the impressive develop-
                      ment cycle of the Internet that now requires a major

20 Aperturen 2/2008
Unwanted Traffic
The Internet carries a lot of unwanted traffic today. At its most fundamental,
unwanted traffic consists of packets that consume network and computing
resources in ways that do not benefit the owners of the resources.

To gain a better understanding of the driving forces                    mayhem to their equally mindless peers. Although             Elwyn Davies
behind such unwanted traffic and to assess exist-                        the consequences for the targeted networks and               elwyn.davies@folly.org.uk
ing countermeasures, the Internet Architecture                          hosts were generally immediate and catastrophic,             Loa Andersson
Board (IAB) organised an ‘Unwanted Internet                             with significant economic loss for the victims, the
Traffic Workshop’ in March 2006 where a number                           attackers mostly did not profit at all.                       Danny McPherson
of experts – including operators, vendors, and                              Over the past few years, the situation has altered
                                                                                                                                     Lixia Zhang
researchers – exchanged experiences, views, and                         dramatically. The anarchic hackers of the past have          lixia@cs.ucla.nospam.edu
ideas on this important topic. This article sum-                        been harnessed or displaced by criminals intending
marizes the findings of the workshop and looks at                        to use the Internet for illicit gain.
some developments that have occurred since that                             The underground network economy that has
time.                                                                   developed within the Internet mirrors the under-
The Underground Network Economy                                         ground economy in the physical world: tools of the
The most important message from the Unwanted                            [criminal] trade are created and sold to other crimi-
Traffic Workshop was that the enormous volume                            nals; stolen information is fenced for use in further
of unwanted traffic is a symptom of a vast criminal                      criminal activity; and the illicit proceeds laundered
underground economy. This economy is a parasite                         electronically allowing the criminals to benefit from
on both open technology and the innovative culture                      their activities.
of the Internet as it has developed over the past 20                        The underground network economy has evolved
years.                                                                  quickly, changing from an initial barter system into
                                                                        a gigantic shopping mall for tools and informa-
From Anarchy to Criminality                                             tion. This has led to a rapid shift in the nature of
Early in the life of the Internet, unwanted traffic was                  unwanted traffic and the ways in which the traffic
largely an expensive nuisance. Much of it was gene-                     affects the network. It is now a fully integrated and
rated by so-called script kiddies, who had no clear                     persistent subculture that sucks many billions of
motive beyond demonstrating their ability to cause                      dollars out of the legitimate network economy by

 The full report of the workshop “Unwanted Internet Traffic Workshop” in March 2006 was published in Andersson,
 L, Davies, E, Zhang, L ”Report from the IAB workshop on Unwanted Traffic March 9-10, 2006” RFC4948, August 2007.
  Acreo is grateful for the privilege to publish this article which is a shorter version of an article previously published in the
 IETF Journal Vol 3 Issue 3 (Dec 07)

                                                                                                                                         Aperturen 2/2008        21
                                                                                                                    of the network, but they also
                       About the authors:
                       Elwyn Davies (Folly Consulting Ltd) is a former member of the IAB and a consultant who       facilitate misuse.
                       specializes in Internet Routing and Addressing, IPv6, Security and Delay and Disruption          One of the key weapons
                       Tolerant Networking.                                                                         used by criminals include
                        Loa Andersson (Acreo AB) is a member of the IAB and network architect at Acreo AB.          compromised hosts, also
                        Danny McPherson (Arbor Networks) is a member of the IAB and currently Chief Security        known as ’bots or zombies.
                        Officer (CSO) with Arbor Networks, an Internet Security and traffic management.               Networks of bots (botnets,
                        Lixia Zhang (UCLA) is a member of the IAB and Professor of the Computer Science
                                                                                                                    for short) are created by
                        Department at University of California, Los Angeles.                                        exploiting security flaws in
                                                                                                                    networked machines or by
                                                                                                                    inducing naive users to install
                      exploiting the commercial growth of e-business. The                  in their machines certain backdoor remote control
                      parasites are wholly dependent on the availability                   capabilities of which they are unaware. Remotely
                      of the network to continue making profits: causing                    controlled bots can then be used either as means of
                      significant damage to the network would be counter-                   capturing valuable personal or financial information
                      productive.                                                          from the users of the machine or as ways of gene-
                                                                                           rating further unwanted traffic, such as e-mail spam
                      Subverting the Network
                                                                                           or distributed denial-of-service (DDoS) attacks that
                      The marketplace for the underground network
                                                                                           cannot easily be traced to their true origins.
                      economy is typically hosted on IRC (Internet
                                                                                               In most cases, bots do not cause major dis-
                      Relay Chat) servers that provide access to ‘stores’
                                                                                           ruption to the hosting machine by either obviously
                      that sell the tools that are needed to operate in the
                                                                                           disrupting operations or clogging the machine’s
                      underground economy. Readily available strong
                                                                                           network connection with large amounts of unwanted
                      encryption software for e-mail and other communi-
                                                                                           traffic. The objective in most cases is to provide a re-
                      cations tools allow deals to be closed with little
                                                                                           source that can be used by the miscreants for as long
                      risk of detection. It is no longer necessary to be a
                                                                                           as possible. To use a medical analogy, unwanted
                      skilled programmer to be a successful miscreant in
                                                                                           traffic no longer creates an acute disease in the com-
                      the underground economy. The malware, bot code,
                                                                                           promised host; rather, it creates chronic carriers that
                      and access to compromised hosts or Web servers
                                                                                           may go undiagnosed for a long time and that act as
                      can be bought off the shelf, and some of the profits
                                                                                           sources of infection that can perpetuate the problem.
                      can be used to finance new tools and to set up ‘dirty’
                                                                                               A major reason that the underground economy
                      Internet service providers to host IRC servers and
                                                                                           is so successful is the ease with which botnets can
                      fraudulent Web sites.
                                                                                           be created. Miscreants view them as expendable re-
                          The network itself provides the means to turn the
                                                                                           sources, and they are rarely bothered by operators
                      available tools and stolen information into real as-
                                                                                           who may see what they’re doing. As long as their
                      sets. Electronic funds transfer between countries and
                                                                                           cash flow is not significantly impacted, miscreants
                      stolen credit card information can facilitate money
                                                                                           simply move on to new venues when ISPs take
                      laundering. The international nature of the Internet,
                                                                                           action to clean up bots and protect their customers.
                      the absence of audit trails, and the ease with which
                                                                                           However, taking out one of the IRC servers might
                      anonymity can be achieved are important features
                                                                                           provoke a severe and ruthless attack on the ISP,

22 Aperturen 2/2008
typically through the use of botnets to launch a
DDoS attack targeting the ISP’s network. In this
way, the attackers create an example that might
intimidate other ISPs into leaving them alone.

Simplicity and Power versus Vulnerability
and Ignorance
The end-to-end architecture of the Internet empha-
sises the flexibility of implementing new applica-
tions in the end system while keeping the network
itself as simple as possible. The network neither
enhances nor interferes with end system data flows.
The success and adaptability of the Internet demon-
strate the power of this model, but it can also make
life easy for those who operate in the underground
    This flexibility and the wealth of applications in
each end host results in increasing complexity that is     Running under the Radar
difficult to analyse and so is liable to be vulnerable      Although some of the consequences of the flood of
to exploits that can turn it into a bot. The majority      unwanted traffic – such as spam e-mails and DDoS
of hosts are vulnerable to a greater or lesser extent,     attacks – are all too visible, many other types of un-
but miscreants will inevitably target the most com-        wanted traffic are hard to detect and counter.
mon platforms, such as Microsoft Windows, that                 Hosts are now quietly subverted and linked to
will give the best return on investment such as a          botnets while leaving their normal functionality and
larger botnet.                                             connectivity essentially unimpaired. Detection of
    The ordinary people who own these vulnerable           bots and the functions they perform is often hard and
systems are eager to jump into the exciting online         may well come too late, because the bot may have
world but are rarely trained to fully understand how       already carried out the intended (mal)function if de-
the system can be abused without them being aware.         tection relies on monitoring the unwanted traffic.
The software is mostly designed to hide the com-               ’Quiet’ botnets are a particularly challenging pro-
plexities of the system so novices are not deterred        blem for the security of the Internet. The resulting
from making use of the system.                             stolen (financial) information leads to enormous
    It is therefore not surprising that the Internet now   economic losses, but there does not appear to be a
boasts a large number of compromised hosts whose           quick fix for the problem. Almost any fix needs to
owners are unaware that their friendly machine is          be applied at places that see little or no local benefit
hiding a bot. Although most of those machines are          from the solution. For example, an infection in a
home PCs, evidence shows that corporate servers            home PC is unlikely to be cured if the bot doesn’t
or backbone routers — even government firewalls             stop the owner playing online games, even though
— have also fallen victim to compromise.                   the public interest is endangered.

                                                                                                                     Aperturen 2/2008   23
                          Simplicity at the core of the network and the na-    understanding of the ways the Internet is intended to
                      ture of the routing system can also make life easier     work and of the complex value judgments that need
                      for attackers. IP is specifically designed to minimise    to be applied in order to balance the ease of use with
                      the amount of state information needed in the data       the danger of misuse.
                      plane to forward traffic from one end to the other.
                                                                               Known Vulnerabilities
                      The network core does not record audit trails for in-
                                                                               According to a survey conducted by Arbor Net-
                      dividual traffic streams unless special measures have
                                                                               works, the first two vulnerabilities discussed here
                      been planned in advance, such as when the police
                                                                               are currently believed to be the most critical for the
                      request lawful interception of some particular traffic.
                                                                               Internet. Other possibilities certainly exist, and the
                          A key capability of the Internet is anywhere-to-
                                                                               ones that are most commonly exploited shift over
                      anywhere communication. The simplicity of the
                                                                               time in the continuing tussle between miscreants and
                      core combined with worldwide access means not
                                                                               security experts.
                      only that there is essentially no limit on what a host
                                                                                   Lying about Traffic Source Addresses: In the
                      can use the network to do, but also that there is no
                                                                               past, many attacks on networks using unwanted
                      trace – after the event – of what a host may have
                                                                               traffic relied on injecting packets with a forged IP
                      done. Currently, there is virtually no effective tool
                                                                               source address. Receivers might then be deceived
                      available to provide either problem diagnosis or
                                                                               about the source of questionable packets and might
                      packet traceback. This makes tracking DDoS attacks
                                                                               therefore accept packets they would not have ac-
                      and other generators of unwanted traffic launched
                                                                               cepted if the packets’ true source were known, or
                      from multiple compromised hosts labour-intensive,
                                                                               they may direct return traffic to the forged source
                      requiring sophisticated skills. Even if the compro-
                                                                               address, making them part of a DDoS attack (reflec-
                      mised hosts and the controller of the botnet can be
                                                                               tion attack). This process is called address spoofing.
                      located, it is likely that more than one organisation
                                                                               The prevalence of botnets that can launch various
                      has responsibility for the machines and networks
                                                                               attacks using the real address of the bot means that
                      involved, which makes investigation difficult. Com-
                                                                               address spoofing is no longer as important a tech-
                      pounding the problems associated with the high cost
                                                                               nique as it used to be, but many attacks — especially
                      and the lack of incentive to report security attacks
                                                                               reflection attacks — still use spoofed addresses.
                      (see below) is the fact that attacks are rarely traced
                                                                                   Hijacking Inter-Domain Routing: Attacks can
                      to their real roots..
                                                                               be launched on the Border Gateway Protocol (BGP),
                      The On-Ramp                                              which routes Internet traffic between administrative
                      The Internet is designed to be both friendly and flex-    domains. Various attacks can lead to traffic that gets
                      ible so that it does not constrain new applications.     misrouted, but a particularly insidious attack injects
                      Such a design is, of course, a double-edged sword:       routes for IP addresses that are not in genuine use.
                      capabilities that make it easy to develop useful new     Because the existence of these routes provides a
                      applications can be just as easily misused to create     measure of acceptability for packets sourced from
                      unwanted traffic. The aspects of Internet architecture    the bogus IP addresses, attackers can use these ad-
                      that can be exploited to insinuate unwanted traffic       dresses to source spam messages. Since the additio-
                      onto the Internet are quite complex. Trying to ensure    nal routes do not affect normal packet delivery and
                      that the Internet remains open to innovation while       since careful selection of the address prefix used can
                      denying access to unwanted traffic requires a deep

24 Aperturen 2/2008
hide the bogus route among genuine ones, the bogus        unwanted traffic from almost anywhere in the net-
routes often have little chance of being noticed.         work and to target victims who are equally widely
    Other Vulnerabilities: Other areas of vulnerabi-      distributed. Attackers are interested in finding targets
lity include:                                             that offer maximal returns with minimal efforts. Re-
 Misuse of Web Protocols: Application designers          gions with lots of high-speed, high-bandwidth user
    frequently misuse HTTP (HyperText Transfer            connections but poorly managed end hosts are ideal
    Protocol) as a general transport protocol because     targets for originating DDoS traffic.
    it is the only protocol that can be reliably expec-
                                                          Effects on Specific Domains
    ted to traverse enterprise firewalls. . However,
                                                              Backbone Providers are generally not directly
    transporting everything over HTTP does not
                                                          affected by unwanted traffic as they do not support
    block attacks; it simply moves the vulnerability
                                                          the main targets – end users – directly. However, the
    from one place to another, and the miscreants are
                                                          high capacity of their well-provisioned networks can
                                                          actually facilitate DDoS attacks, and operators may
 Difficulties Authenticating Identity: Authen-
                                                          in future need to provide tools to detect and mitigate
    tication is frequently tied to the data link layers
                                                          such attacks.
    in the network and mobility means that a host
                                                              From the Access Providers’ viewpoint, the most
    can move across different authentication do-
                                                          severe impact of unwanted traffic is on their cus-
    mains during a single session (e.g., mobile phone
                                                          tomer support load. Access providers have to deal
    (GPRS) to Wi-Fi). This makes robust user
                                                          directly with end users. Residential customers in
    authentication difficult.
                                                          particular see the access provider as their IT help
The Scale of the Problem                                  desk, and the competitive nature of the business
Unwanted traffic is a major problem for network            means that a single call can possibly wipe out any
owners and operators today both because of the            profits the provider might have made from the cus-
volume and because of the ubiquitous adverse im-          tomer.
pact of the traffic on normal operations. The work-            Enterprise Networks can be affected in many
shop did not look in any detail at the actual volumes     different ways. Much unwanted traffic, such as
of traffic: a look at almost any e-mail in-box is          spam, is just a costly nuisance using up valuable
evidence enough that the volumes of spam alone are        resources, but some unwanted traffic has the capa-
very large. This section looks briefly at how specific      city to seriously damage the enterprise, for example
types of network are affected.                            by blocking normal business with a DDoS attack,
Everywhere Is Affected                                    stealing confidential information through monitoring
There are a variety of types of unwanted traffic on        internal activity, or destroying customer confidence
the Internet today. The IAB workshop concentra-           by defacing or subverting an e-business web site.
ted on DDoS and spam. The impact of unwanted              Advance planning is key to responding to attacks,
traffic depends on the nature of the network domain        especially DDoS: there is little time to respond
through which it is flowing, but it affects almost         when it starts. Working with access providers to
every part of the network adversely.                      provide tools that will detect and suppress the traffic
    The global nature of the Internet and the ease of     before it concentrates on the intended victim is a key
ubiquitous connectivity allow miscreants to originate     strategy.

                                                                                                                    Aperturen 2/2008   25
                                                                                     Analysis of the reasons for the ineffectiveness
                                                                                 of the Internet’s defenses is critical to the design of
                                                                                 future effective approaches to the unwanted traffic

                                                                                  Problems for Today’s Defenses
                                                                                 Although there are some techniques available to
                                                                                 protect against the known vulnerabilities, a number
                                                                                 of inadequacies exist in the tools themselves; more
                                                                                 critically, some of the available tools are not used,
                                                                                 and the scale of deployment of the remainder is in-
                                                                                 adequate, as is education of users and operators in
                                                                                 the secure usage and operation of the Internet.
                                                                                     Generally, operators do not have adequate tools
                                                                                 for diagnosing network problems. Current ap-
                      Unwanted Traffic and Internet Infrastructure                proaches rely primarily on the skills and experience
                      Services                                                   of operators. Better and automated tools would help;
                      The Internet needs certain infrastructure services         the same is true for tools that help by mitigating
                      – such as provision of the Domain Name System              attacks.
                      (DNS) – that are potentially vulnerable to DDoS at-
                                                                                 Lack of Incentives for Countering Unwanted
                      tacks, such as those on the root and top level domain
                      servers reported at the workshop. Those attacks lead
                                                                                 A common theme that runs through the analysis of
                      to disruption of critical services, and the situation is
                                                                                 how unwanted traffic affects networks outside the
                      likely to get worse because the daily peaks of DNS
                                                                                 enterprise is the lack of incentives for network ope-
                      usage have been growing at a much faster rate than
                                                                                 rators to deploy security measures. That lack is due
                      the number of Internet users. This trend is expected
                                                                                 mainly to the low return on investment from what
                      to continue. The increasing load on the DNS infra-
                                                                                 are essentially preventive measures.
                      structure has led to an increase in complexity that
                                                                                     There is also a continuing unwillingness to report
                      potentially makes greater targets for attacks.
                                                                                 fraud due to commercial sensitivity. That sensitivity
                      Defenses: Available but Relatively Ineffective             also applies to the reporting of security incidents by
                      The Internet is not totally defenseless against the        network operators who fear that their reputations
                      attacks from the underground economy. It is un-            – or the reputations of their customers – would be
                      fortunate that for a variety of reasons, many of the       damaged. Network reputation is key to gaining
                      defenses are not as effective as they might be. Many       new customers, and so, minimising the amount of
                      of the reasons are economic and political rather than      publicity given to security incidents is important to
                      technical, including lack of resources, a perception       service providers’ survival. As a result, investment in
                      that the benefits of deployment are felt by organisa-       prevention is minimal, and mitigation work tends to
                      tions other than those that have to bear the costs, and    be local so as to avoid releasing commercially sensi-
                      the need for coordination between competing orga-          tive information, hamstringing efforts to coordinate
                      nisations to achieve best results.                         responses to attacks or to track malicious activity.

26 Aperturen 2/2008
   Notwithstanding the inadequacies of the available         Behaviour in the face of security breaches is
techniques, the view of the IAB workshop was that a      depressing: response (or more usually lack of it)
significant reduction of unwanted traffic could be ac-     is essentially similar for all users (enterprises often
hieved with the limited tools available if those tools   use centralized systems to enforce compliance!).
were deployed extensively and operated correctly.        Patching of breaches exhibits a ‘half-life’ beha-
Educating users to be more demanding and judicious       viour in which typically about 40% of remaining
application of government regulation may assist the      vulnerable systems are patched each month after
incentivization of providers to deploy the tools.        a patch is issued, leaving a significant number of
                                                         machines vulnerable for the rest of their working
Available Defensive Techniques
Countering DDoS in the Backbone: A recent deve-
                                                             Maintaining Profitability in Enterprises: En-
lopment offers managed DDoS security services that
                                                         terprises, particularly large ones, are more willing to
deliver cleaned traffic to attached customer or lower-
                                                         investigate security breaches than backbone or ac-
level provider sites based on traffic pattern learning,
                                                         cess providers are, because they can directly impact
which allows recognition and filtering of abnormal
                                                         the enterprise’s operations and profitability. This
patterns that signal a DDoS attack before they con-
                                                         also motivates enterprises to spend money on secu-
centrate on the target. However, these solutions are
                                                         rity tools, and a thriving market has emerged to meet
designed to aid particular customers who are willing
                                                         the demand. Unfortunately, the tools offered provide
to pay for the extra service, and because of the per-
                                                         mostly reactive solutions, such as regularly updated
ceived low return on investment, there is still little
                                                         virus scanner databases to counter newly emerging
incentive for the backbone provider to deploy these
                                                         vulnerability exploits, leading to an ongoing arms
solutions for every connection.
                                                         race between security exploits and patching solu-
    Know Your Sources: Best practice for filtering
                                                         tions. Workshop participants expressed concerns that
out traffic with spoofed source addresses has been
                                                         this was not a sustainable situation because it does
documented by the IETF in BCP 38 (RFC 2827) and
                                                         not enable us to get ahead of the attackers. Also
BCP 84 (RFC 3704). Many routers implement these
                                                         enterprises are very wary of overly sensitive tools
capabilities but network operators have not deployed
                                                         that generate ‘false positive’ responses because of
these techniques universally – at least partially
                                                         the potential wasted effort if the network has to be
because of the lack of incentive resulting from the
                                                         shutdown unnecessarily.
heavy management costs of maintaining the filtering
                                                             Over-engineering the Infrastructure: At
and because of the need to ensure that legitimate
                                                         present, the only effective mitigation strategy for
traffic is not accidentally filtered out.
                                                         DDoS attacks on critical infrastructure services is
    Managing Access: Customer Behavior: Access
                                                         over-engineering. There is some concern that the
providers routinely offer free security software to
                                                         runaway growth of demand especially for DNS
customers in the hope of avoiding future help calls
                                                         services is eroding the safety margins. The expected
after a security break-in. Unfortunately, customers
                                                         widespread deployment of IPv6 and deployment of
are often not educated about the need to install secu-
                                                         the new DNS security extensions (DNSSEC) in the
rity software, and even when they are, they may lack
                                                         near future will bring new and potentially flawed
the skills to correctly configure a complex system
                                                         software into widespread use that could be abused to
and the motivation to do the work.
                                                         generate new DDoS attacks.

                                                                                                                   Aperturen 2/2008   27
                      Law and Regulation Playing Catch-up                           Getting the legal definitions right. Lawmakers
                      In human society, legal systems provide protection             are generally unfamiliar with the new world of
                      from and deterrence for criminals. Laws and regula-            cyberspace, and therefore they often lack the
                      tions aim to penalise criminal conduct after the fact,         technical understanding necessary to specify laws
                      but if the likelihood of detection is low, the deter-          precisely and in such a way that they will actually
                      rent effect is also minimal. At present, the develop-          target undesirable acts without limiting legitimate
                      ment of legal systems aimed at cyberspace crime is             use of the network. As in many areas where there
                      lagging behind the development of the crime that the           are active innovation and financial incentive, the
                      legal systems are intended to deter, and the likeli-           underground economy will always be seeking to
                      hood of detection of the real criminals is low.                push the limits by using techniques that are bor-
                         Some of the reasons for the ineffectiveness and             derline legal and conceal evidence through com-
                      slow development of the law of cyberspace include:             plexity. The lawmakers are inevitably playing
                       The international scope of the problem. The                  catch-up in cyberspace.
                         Internet spans the globe, and crimes master-               Quantifying the damage. Overstretched author-
                         minded in one national jurisdiction may be                  ities are unlikely to take action unless significant
                         executed by machines in one or more other                   damage has been caused. Unfortunately, it is of-
                         countries, with victims in yet other jurisdictions.         ten either difficult to quantify the loss, or, where
                         The laws are not uniform across the countries               financial institutions are involved, there is a re-
                         that have legislation, which makes it difficult to           luctance to admit the scale of the losses for fear
                         prosecute criminals for offences carried out from           of ongoing commercial damage. Consequently,
                         other jurisdictions. There is also little political in-     much cybercrime is either not reported to the
                         centive to pursue criminals when the victims are            authorities or not investigated.
                         not in the same national jurisdiction. Although            Defining unwanted traffic. Countries already
                         there is a coalition between countries on col-              differ over what is defined as unwanted traffic,
                         lecting evidence of cybercrime worldwide, there             and traffic that would be seen as wholly legiti-
                         is no rigorous way to trace unwanted traffic or to           mate in many countries may result in criminal
                         measure the consequences of cybercrime across               prosecutions elsewhere. It needs only a shift in
                         national borders.                                           the definition of unwanted to move from con-
                       Pinning down the responsible organisation. A                 straining the underground economy to facilitating
                         single episode of unwanted traffic and the bot-              censorship and limiting open access. There is a
                         nets that are responsible for much of the traffic            trade-off between having audit trails to facilitate
                         can involve many different organisations such as            forensic analysis and providing the means to en-
                         owners of hosts, enterprise networks, and service           force censorship. Building monitoring capabili-
                         providers of various kinds. Many of these organi-           ties into the network will surely result in stronger
                         sations would see themselves as innocent parties,           pressure from legislators requiring that operators
                         and others, such as the owners of compromised               actually carry out monitoring.
                         hosts, see no incentive to take action. This makes         The workshop also emphasised that, while an
                         it extremely difficult to either regulate effectively        effective legal system is necessary to create
                         in advance to make life difficult for the criminals          effective deterrence for and sanctions against the
                         or to make any organisation responsible for clean-          parasites, it is by no means sufficient on its own.
                         ing up after an attack has been detected.

28 Aperturen 2/2008
   It can work only in conjunction with effective        Research into specific problems resulting from
   user education as well as technical solutions to         unwanted traffic
   unwanted traffic prevention and detection. Only        Development of a uniform global legal fram-
   a well-informed and motivated user community             ework to support prosecution across national
   can collectively establish a defense against un-         borders. This work needs to be informed by the
   wanted traffic in cyberspace.                             best possible technical expertise to ensure that it
Consequences                                                leaves Internet flexibility intact so far as is pos-
The consequences of the large volumes of unwanted           sible.
traffic on the Internet today are highly detrimental.     Appropriate regulation of network operators
The health of the network presents a picture that is        encouraging action against unwanted traffic and
far from rosy.                                              sharing of information to help mitigate attacks
 There are big economic incentives and a rich en-          and drive miscreants out of business
    vironment to exploit.                                Increased deployment of available tools, possibly
 There is no specific party to carry responsibility.        aided by incentivisation through regulation or
 There are problems of underdeployment of the              customer demand
    limited defensive tools that are available.          Vendors applying more appropriate default secu-
 There are no auditing systems to trace back to the        rity settings in equipment so that newly deployed
    sources of attacks.                                     end hosts are less vulnerable to subversion from
 There are no well-established legal regulations to        the moment without the need for sophisticated
    punish offenders.                                       configuration by users
    The combination of these factors inevitably leads    Vitally, improved education of users to make
to ever-increasing types and volumes of unwanted            them more aware of the risks to their systems, the
traffic. However, the real threats are not the bots          ways in which these risks can be mitigated, and
or DDoS attacks but the parasitic criminals behind          mobilizing them to demand action from network
them. Unwanted traffic is no longer aiming only              operators where this is needed to support network
for maximal disruption; in many cases, it is now a          security in enterprises and homes.
means to illicit ends, and its specific purpose is to        Above all, the Internet community needs to get
generate financial gains for the miscreants. Their       ahead of the miscreants. At present, almost all acti-
crimes cause huge economic losses, counted in mul-      vity for countering unwanted traffic is reactive, by
tiple billions of dollars and growing.                  post facto identification of malware and retroactive
    The Internet community needs to increase its        patching of security holes. Recently, there have been
awareness of the problem of unwanted traffic and         improvements in the use of traffic pattern analysis
take action to make the network less friendly to this   to identify attacks as they happen, but future work
type of traffic. And it needs to do so without signi-    needs to be intelligence led, and it must concentrate
ficantly reducing the flexibility of the network that     on eliminating opportunities for miscreants before
has been the key factor in the economic success of      such opportunities are deployed. 
the Internet.
    All Internet stakeholders can potentially contri-
bute to the reduction of unwanted traffic. At a high
level, actions should include the following.

                                                                                                                  Aperturen 2/2008   29
                      Acreo Seminars 2008
                      Acreo’s appreciated seminar acitivity continues. Below are short notices from the
                      seminars during the first part of 2008. Read more about all our events and
                      download presentations from www.acreo.se/Events. Information on coming
                      events can be found on Hot topics.

                                                    Seminar : Broadband Technology
                                                    - Technology and market trends
                                                    Home network has become a buzzword attracting more and more
                                                    attention worldwide. To distribute IP-based TV and telephony together
                                                    with Internet (“triple play”) within the home, clearly some kind of infra-
                                                    structure is required.
                                                        Future end users will need simplicity, accessibility and high quality,
                                                    to fully embrace the new broadband based services.
                                                        Key note speaker of this seminar was Michael Philpott, principal
                                                    analyst specialising in broadband access strategy and technology.
                                                        More information and presentations to be downloaded from
                                                        www.acreo.se/broadband-20080408. 

                                                    Seminar: Nanoelectronics and sensors - Security
                                                    Seminar in Swedish organized by Acreo in collaboration with KTH.
                                                    62 participants from 30 different organisations listened to presentations
                                                    about different aspects of security: ”Surveillance and identification”
                                                    and ”Detection of dangerous substances”.
                                                       We learnt that the IR cameras are becoming more inexpensive, RF
                                                    MEMS can be used for miniaturized car safety and security radar, and
                                                    RFID for security tracking and tracing. MEMS based electronic nose
                                                    can detect drugs and explosives, and UV-sensors can be used for flame
                                                    and bacteria detection.
                                                       More information and presentations to be downloaded from
                                                       www.acreo.se/nanoelsecurity2008-doc. 

30 Aperturen 2/2008
Seminar: Plastic Optical Fibre
 For quite a few years plastic optical fibre (”POF”) has been a promi-
sing technology. It is now commercially deployed by both enterprises
and large operators at customer premises. The seminar agenda included
lectures on: ”Optical fibre communication”, ”POF - the innovative
home network alternative”, ”Are optical technologies ready for low-
cost mass deployment?”, as well as demonstrations and do-it-yourself.
An overview was also given of the the ALPHA project - ”Archictec-
tures for fLexible Photonic Home and Access networks”.
   More information and presentations to be downloaded from
   www.acreo.se /POF. 

Seminar: Nanoelectronics and Photonics
- Telecommunication
The technical advances in nanoelectronics and photonics open oppor-
tunities for the development of new components for next generation
telecom systems, an area in which the Swedish industry is already very
    73 persons from more than 20 different companies and organisa-
tions visited the seminar organized by Acreo in collaboration with
KTH. The programme included the sections ”High speed communi-
cation” and ”Extreme integration”, and closed by a discussion of the
use of nanotechnology and the potential for the Swedish Communi-
cation industry.
    More information and presentations to be downloaded from
    www.acreo.se/nanotelecom2008-doc. 

Seminar: Internet Exchange Points, IPv6 and Infrastructure
Kurtis Lindqvist is a profile from Internet operations and stan-
dardization. He is the manager of Netnod, active in the IETF, a co-
author of several RFCs and a member of the Internet Architecture
Board. The seminar provided an overview of the history of the Internet
Exchange points, and discussed the transition to IPv6 and threats to the
existing Internet Infrastructure.
    The presentation, ”IPv6, Internet Exchanges, root-servers and secu-
rity threats...” can be downloaded from
    www.acreo.se/seminar-080904. 

                                                                           Aperturen 2/2008   31
                                Språkspalten                                              ”The Language Column”
                                                                                          The only Aperturen article in Swedish.
                                Termer rörande intensitet och färg
              Sten Walles       Svenska optiktermgruppen (f.d. Svenska optik-             synsinnets spektrala känslighetsfördelning vikta
     sten.walles@comhem.se      sällskapets arbetsgrupp för språkvårdsfrågor) har         radiansens spektrala fördelning – med andra ord den
      Svenska OptikSällskapet
                                diskuterat termer rörande intensitet och färg. Det        spektrala radiansen – hos en strålkälla och därefter
                                visade sig att en del engelska termer kan vara vansk-     summera den resulterande fördelningen över hela
                                liga att översätta till svenska, rent av olämpliga. Vi    våglängdsområdet.
                                går därför igenom termerna och tillhörande begrepp,            Eftersom strålningen varierar med våglängden
                                inklusive färglärans begrepp. Låt mig berätta om en       eller frekvensen införs således storheten spektral
                                del av resultatet – vår utredning pågår fortfarande.      radians, (eng. spectral radiance), som är radiansens
                                    I dagligt tal använder man ju, lite odefinierat,       fördelning på våglängds- eller frekvensaxeln. Den
                                ordet intensitet, när man talar om styrkan hos en         kan exempelvis mätas i enheten watt per kvadrat-
                                ljuskälla som man betraktar. Inom fotometrin har          meter och steradian per nanometer eller kanske watt
                                termen ljusstyrka en väldefinierad betydelse, näm-         per kvadratmeter och steradian per hertz. Noga ta-
                                ligen ’ljusflöde per rymdvinkel i en given riktning’.      get skulle nog termen hellre kallas spektral radians-
                                Den fotometriska storheten ljusstyrka (eng. luminous      fördelning för att tydliggöra att det inte är fråga om
                                intensity) mäts i lumen per steradian, eller candela      radians, utan om fördelning av radians på våglängds-
                                – en av SI-systemets sju grundenheter.                    eller frekvensaxeln.
                                    Den ljusupplevelse vi får av en lysande yta                Klaus Biedermann, som tog fram underlaget
                                bestäms emellertid inte av ljusstyrkan, utan av en        till optiktermgruppens diskussion, framhöll att det
                                storhet som kallas luminans (eng. luminance). Lumi-       engelska ordet brightness är en i sammanhanget för-
                                nansen är också en fotometrisk storhet. Definitionen       åldrad synonym till den engelska termen luminance.
                                lyder: ’ljusflöde per area och rymdvinkel i en given       Vidare används de engelska orden brightness och
                                riktning’. Luminansen mäts i lumen per kvadrat-           brilliance ibland felaktigt i stället för den korrekta
                                meter och steradian eller i candela per kvadrat-          termen radiance. I en vanlig engelsk-svensk ordbok
                                meter.                                                    fann jag brilliance, men inte brightness. Brightness
                                    I dessa två definitioner förkommer storheten           tycks ha en flerfaldig teknisk innebörd, som vi bör
                                ljusflöde (eng. luminous flux), som mäts i enheten          utreda mera.
                                lumen. Den är den fotometriska motsvarigheten till             Att så är fallet märks inom färgläran, där vi har
                                den radiometriska storheten strålningseffekt eller        träffat på begreppet ljushet (eng. lightness). På
                                strålningsflöde (eng. radiant flux), som mäts i watt        engelska skiljer man på lightness, som gäller för
                                och är ett uttryck för den totala effekt som strålas ut   en reflekterande yta, och brightness, som gäller för
                                inom en bestämd geometri.                                 en lysande yta. Vi har definierat ljushet som ’ljus-
                                    Mot den fotometriska storheten luminans svarar        nivå såsom den uppfattas av synsinnet’. Färglärans
                                den radiometriska storheten radians (eng. radiance),      begrepp, bland andra kulör (eng. hue) och mättnad
                                vars definition analogt blir ’strålningseffekt per area    (eng. saturation), kommer att kräva ytterligare
                                och rymdvinkel i en given riktning’. Radiansen mäts       genomgångar, innan vi helt har klarlagt den ter-
                                förstås i watt per kvadratmeter och steradian.            minologiska bilden för oss. Inom NCS-systemet
                                    Kanske borde jag ha börjat med att skriva om          (Natural Colour System) talar man exempelvis om
                                radians, som är ett mera generellt begrepp än lumi-       svarthet, en egenskap som är rakt motsatt ljusheten:
                                nans. Luminansen får man ju fram genom att med            svartheten är noll, när ytans färg har den högsta ljus-
                                                                                          heten. 

  32 Aperturen 2/2008

To top