The FreeBSD Foundation is pleased to announce that Swinburne Universityof Technology's Centre for Advanced Internet Architectures hasbeen awarded a grant to implement DIFFUSE for FreeBSD.
DIFFUSE (Distributed Firewall and Flow-shaper Using StatisticalEvidence) is an extension to the FreeBSD IPFW firewall subsystemdeveloped by CAIA. It allowsIPFW to classify traffic based on statistical properties of flows beingobserved in realtime, and instantiate network actions across adistributed set of "action nodes" for particular flows if required.
This project will tidy up and integrate theexisting DIFFUSEprototype into FreeBSD, and incorporate a number of important newfeatures. Integration of DIFFUSE into FreeBSD will increase FreeBSD'sutility to designers and implementers of FreeBSD-based networkinginfrastructure.
Network architects frequently require the ability to classify differenttraffic types flowing across a network, typically using packetinspection capabilities of base system tools such as ipfw and pf.Traffic classification then enables the provision of customized servicelevels to different traffic types (such as priority packet queuing andforwarding, or allocation of specific bandwidth guarantees).
DIFFUSE uses machine learning techniques to enable robust and efficientclassification of IP traffic flows based on their unique statisticalproperties in addition to traditional inspection of packet header orpayload contents. DIFFUSE also allows traffic classification to occur inone place (e.g. in the core of a network) and trigger traffic shapingand differentiation elsewhere (e.g. at the edges of a network). DIFFUSEhas applications in ISP, residential broadband and large corporatenetwork scenarios to name a few.
The project will conclude the end of October 2011.
More...
DIFFUSE (Distributed Firewall and Flow-shaper Using StatisticalEvidence) is an extension to the FreeBSD IPFW firewall subsystemdeveloped by CAIA. It allowsIPFW to classify traffic based on statistical properties of flows beingobserved in realtime, and instantiate network actions across adistributed set of "action nodes" for particular flows if required.
This project will tidy up and integrate theexisting DIFFUSEprototype into FreeBSD, and incorporate a number of important newfeatures. Integration of DIFFUSE into FreeBSD will increase FreeBSD'sutility to designers and implementers of FreeBSD-based networkinginfrastructure.
Network architects frequently require the ability to classify differenttraffic types flowing across a network, typically using packetinspection capabilities of base system tools such as ipfw and pf.Traffic classification then enables the provision of customized servicelevels to different traffic types (such as priority packet queuing andforwarding, or allocation of specific bandwidth guarantees).
DIFFUSE uses machine learning techniques to enable robust and efficientclassification of IP traffic flows based on their unique statisticalproperties in addition to traditional inspection of packet header orpayload contents. DIFFUSE also allows traffic classification to occur inone place (e.g. in the core of a network) and trigger traffic shapingand differentiation elsewhere (e.g. at the edges of a network). DIFFUSEhas applications in ISP, residential broadband and large corporatenetwork scenarios to name a few.
The project will conclude the end of October 2011.
More...