Michael Menth

University of Tuebingen | EKU Tübingen · Department of Computer Science

In this work, we present P4TG, a P4-based traffic generator (TG) which runs on the programmable Intel Tofino™ ASIC. In generation mode, P4TG is capable of generating traffic up to 1 Tb/s split across 10x 100 Gb/s ports. Thereby it measures rates directly in the data plane. Generated traffic may be fed back from the output to the input ports, possib...

Bit Index Explicit Replication (BIER) has been introduced by the IETF to transport IP multicast (IPMC) traffic within a BIER domain. Its advantage over IPMC is improved scalability regarding the number of multicast groups. However, scaling BIER to large networks is a challenge. To that end, receivers of a BIER domain are assigned to smaller subdoma...

802.1X, MACsec, and IPsec are widespread network security mechanisms that control network access and add encryption and authentication to L2 and L3 networking. They are standardized by IEEE and IETF, and are part of most open-source and commercial network hardware and software appliances. However, lots of manual configuration is needed for their ap...

Time-Sensitive Networking (TSN) is an enhancement of Ethernet which provides various mechanisms for real-time communication. Time-triggered (TT) traffic represents periodic data streams with strict real-time requirements. Amongst others, TSN supports scheduled transmission of TT streams, i.e., the transmission of their frames by end stations is coo...

In this manuscript, we describe the soft- and hardware architecture as well as the implementation of a modern Internet of Medical Things (IoMT) system for sensor-assisted telepsychotherapy. It enables telepsychotherapy sessions in which the patient exercises therapy-relevant behaviors in their home environment under the remote supervision of the th...

Today, industrial real-time communication is commonly designed based on two key principles to satisfy the challenging Quality of Service (QoS) requirements of industrial applications: a) local communication and b) purpose-built networks. IEEE Time-Sensitive Networking (TSN) and IETF Deterministic Networking (DetNet) promise to lift these two limita...

TSN is an enhancement of Ethernet which provides various mechanisms for real-time communication. Time-triggered (TT) traffic represents periodic data streams with strict real-time requirements. Amongst others, TSN supports scheduled transmission of TT streams, i.e., the transmission of their packets by edge nodes is coordinated in such a way that n...

Wi-Fi is a popular wireless technology and is continuously extended to keep pace with requirements such as high throughput, real-time communication, dense networks, or resource and energy efficiency. The IEEE 802.11ax standard, also known as Wi-Fi 6, promises to provide data rates of up to almost 10 Gb/s, lower energy consumption, and higher reliab...

In modern psychotherapy, digital health technology offers advanced and personalized therapy options, increasing availability as well as ecological validity. These aspects have proven to be highly relevant for children and adolescents with obsessive-compulsive disorder (OCD). Exposure and Response Prevention therapy, which is the state-of-the-art tr...

In modern psychotherapy, digital health technology offers advanced and personalized therapy options, increasing availability as well as ecological validity. These aspects have proven to be highly relevant for children and adolescents with obsessive-compulsive disorder (OCD). Exposure and Response Prevention therapy, which is the state-of-the-art tr...

In modern psychotherapy, digital health technology offers advanced and personalized therapy options, increasing availability as well as ecological validity. These aspects have proven to be highly relevant for children and adolescents with obsessive-compulsive disorder (OCD). Exposure and Response Prevention therapy, which is the state-of-the-art tr...

The idea of an Alternative Best Effort (ABE) per-hop behaviour (PHB) emerged about 20 years ago. It provides a low-delay traffic class in the Internet at the expense of more packet loss than Best Effort (BE). Therefore, ABE is better suited than BE for loss-tolerant but delay-sensitive applications. Furthermore, ABE traffic should not degrade the s...

Bit Index Explicit Replication (BIER) is an efficient domainbased transport mechanism for IP multicast (IPMC) that indicates receivers of a packet through a bitstring in the packet header. Recently, BIER forwarding has been implemented on 100 Gbit/s per port hardware using the P4 programming language. However, the implementation requires packet rec...

Modern applications in industrial automation rely on a deterministic network service, i.e., low latency, high reliability , and network convergence. Therefore, the IEEE 802.1 TSN Task Group introduces Time-Sensitive Networking (TSN). Besides mechanisms for traffic shaping, time synchronization, and reliability, TSN introduces three different config...

In software-defined networks, forwarding entries on switches are configured by a controller. In case of an unreachable next-hop, traffic is dropped until forwarding entries are updated, which takes significant time. Therefore, fast reroute (FRR) mechanisms are needed to forward affected traffic over alternate paths in the meantime. Loop-free altern...

The Industrial Internet of Things, Industry 4.0 and cloud computing are fundamentally transforming today’s industrial networks towards high connectivity. At the same time, the number of cyber-attacks against industrial infrastructure increased drastically over the last years, requiring to tightly limit the connectivity between the networked devices...

Traditional IP multicast (IPMC) maintains state per IPMC group in core devices to distribute one-to-many traffic along tree-like structures through the network. This limits its scalability because whenever subscribers of IPMC groups change, forwarding state in the core network needs to be updated. Bit Index Explicit Replication (BIER) has been prop...

With traditional networking, users can configure control plane protocols to match the specific network configuration, but without the ability to fundamentally change the underlying algorithms. With SDN, the users may provide their own control plane, that can control network devices through their data plane APIs. Programmable data planes allow users...

Based on a study of probe vehicle data measured on different highways during different days we have revealed some common empirical microscopic characteristic features of sequences of phase transitions from free flow to synchronized flow and back from synchronized flow to free flow occurring before traffic breakdown at a highway bottleneck predicted...

In this paper we describe P4-SFC to support service function chaining (SFC) based on a single P4-capable switch and off-the-shelf components. It utilizes MPLS-based segment routing for traffic forwarding in the network and SR-IOV for efficient packet handling on hosts. We describe the P4-SFC architecture and demonstrate its feasibility by a prototy...

Bit Indexed Explicit Replication (BIER) is a novel IP multicast (IPMC) forwarding paradigm proposed by the IETF. It offers a transport layer for other IPMC traffic, keeps core routers unaware of IPMC groups, and utilizes a routing underlay, e.g., an IP network, for its forwarding decisions. With BIER, core networks do not require dynamic signaling...

The electrical/electronic (E/E) architecture of cars has evolved from a single CAN bus to a domain-based model with domain-specific buses and centralized gateways. With increasing bandwidth demand resulting from the integration of camera and multimedia applications, Ethernet becomes a relevant network technology for in-vehicle networks. Automotive...

We propose P4-MACsec to protect network links between P4-based SDN switches through automated deployment of MACsec, a widespread IEEE standard for securing Layer 2 infrastructures. MACsec is supported by switches and routers from many manufacturers. On these devices, it has only little performance limitations compared to VPN technologies such as IP...

1+1 protection is a method to secure traffic between two nodes against failures in between. The sending node duplicates the traffic and forwards it over two disjoint paths. The receiving node assures that only a single copy of the traffic is further forwarded to its destination. In contrast to other protection schemes, this method prevents almost a...

In this work, we present P4-IPsec, a concept for IPsec in software-defined networks (SDN) using P4 programmable data planes. The prototype implementation features ESP in tunnel mode and supports different cipher suites. P4-capable switches are programmed to serve as IPsec tunnel endpoints. We also provide a client agent to configure tunnel endpoint...

Activity-Based Congestion management (ABC) is a novel domain-based QoS mechanism providing more fairness among customers on bottleneck links. It avoids per-flow or per-customer states in the core network and is suitable for application in future 5G networks. However, ABC cannot be configured on standard devices. P4 is a novel programmable data plan...

We propose xRAC to permit users to run special applications on managed hosts and to grant them access to protected network resources. We use restricted application containers (RACs) for that purpose. A RAC is a virtualization container with only a selected set of applications. Authentication verifies the RAC user's identity and the integrity of the...

In this paper we propose P4-IPsec which follows the software-defined networking (SDN) paradigm. It comprises a P4-based implementation of an IPsec gateway, a client agent, and a controller-based, IKE-less signalling between them. P4-IPsec features the Encapsulation Security Payload (ESP) protocol, tunnel mode, and various cipher suites for host-to-...

The integration of weather-dependent renewable energy sources leads to an increased volatility of electrical energy supply. As a result, considerable intra-day price spreads can be observed at the spot markets for electrical energy. To benefit from variable energy prices, enterprises can use price forecasts for cost-optimized load scheduling. There...

We propose P4-MACsec to protect network links between P4 switches through automated deployment of MACsec, a widespread IEEE standard for securing Layer 2 infrastructures. It is supported by switches and routers from major manufacturers and has only little performance limitations compared to VPN technologies such as IPsec. P4-MACsec introduces a dat...

We propose activity-based congestion management (ABC) to enforce fair bandwidth sharing among users in packetbased communication networks without requiring per-user information in forwarding nodes. Activity relates to the sent data rate of a user and its contracted reference rate. Activity meters monitor user traffic at edge nodes and add activity...

Software-defined networking (SDN) decouples data and control plane, i.e., forwarding elements are remotely configured by centralized controllers instead through distributed control protocols. Wireless sensor networks (WSNs) have mostly been controlled in a distributed way, but its configuration challenges are complex and can be theoretically better...

The Demonstration Project Virtual Power Plant Neckar-Alb is constructing a Virtual Power Plant (VPP) demonstration site at the Reutlingen University campus. The VPP demonstrator integrates a heterogeneous set of distributed energy resources (DERs) which are connected to control infrastructure and an energy management system. This paper describes th...

Moving averages (MAs) are often used in adaptive systems to monitor the state during operation. Their output is used as input for control purposes. There are multiple methods with different ability, complexity, and parameters. We propose a framework for the definition of MAs and develop performance criteria, e.g., the concept of memory, that allow...

TSOMpy is a Python library for online measurement of time series, i.e., it provides functions to calculate moving averages, moving histograms, and time-dependent rates. The demo illustrates various methods for these concepts and points out their differences. The tool can be used to apply online measurement to time series randomly generated accordin...

BelWue is the Internet service provider for higher education and research institutions in Baden-Wuerttemberg, Germany. Recently, high-performance zones (HPZs) have been established on major university campuses and interconnected with a high-speed network for innovation and research (NeIF). This work presents the SDN-NeIF architecture, a resilient i...

SEcure data-centric application eXtension (SeDAX) is a publish/subscribe information-centric networking architecture, where publishers send messages to the appropriate message broker over a Delaunay-triangulated overlay network. Resilient data forwarding and data redundancy enable a high level of reliability. Overlay nodes and topics are addressed...

Kurzfassung Dezentrale Stromerzeugungsanlagen, Energiespeicher und Steuerungseinrichtungen für Erzeuger und Verbraucher sind die Grundbausteine eines virtuellen Kraftwerks, welches im Stromnetz der Zukunft, dem Smart Grid, eine wichtige Rolle spielt. Im Rahmen des Demonstrationsprojekts Virtuelles Kraftwerk Neckar-Alb soll an der Hochschule Reutlin...

Loop-Free Alternates (LFAs) are a local fast-reroute mechanism defined for IP networks. They are simple but suffer from two drawbacks. Firstly, some flows cannot be protected due to missing LFAs, i.e., this concept does not provide full protection coverage, which depends on network topology. Secondly, some LFAs cause loops in case of node or multip...

Loop-free alternates (LFAs) have been developed for fast reroute (FRR) in intradomain IP networks. They are simple, standardized, and already offered by several vendors. However, LFAs have two major drawbacks. They often cannot provide failure protection against all single link or node failures in spite of physical connectedness, and some LFAs caus...

The evolution toward emerging active distribution networks (ADNs) can be realized via a real-time state estimation (RTSE) application facilitated by the use of phasor measurement units (PMUs). A critical challenge in deploying PMU-based RTSE applications at large scale is the lack of a scalable and flexible communication infrastructure for the time...

In this paper we propose a novel resilience scheme for OpenFlow-based Software-Defined Networking (SDN). To forward packets in line speed, OpenFlow switches store their flow tables in expensive, limited TCAM due to which the stored tables cannot be large. Most resilience mechanisms require additional entries thus the implementation in OpenFlow may...

In this paper we propose and investigate load-dependent load balancing for resilient OpenFlow networks. The objective is to spare extra capacity for the primary path of a traffic aggregate (flow) by accommodating excess traffic on its backup path. The contribution of the paper is manyfold. We explain existing OpenFlow features for traffic monitorin...

The electrical grid is changing from a centralized system with predictable and controllable power generation to a system integrating large numbers of distributed energy resources including weather-dependent renewables. As a consequence, the future retail energy market for electrical energy will have many more participants and see more volatile pric...

Data stored in a non-trusted environment can be easily modified by attackers. In the context of a cloud, the attacker may be the cloud provider. Therefore, data should be protected against undetected modification. Conventional methods for protection of data integrity do not help if the data in the cloud is exchanged with a previous version of the d...

Limited scalability, reliability, and security of todays utility communication infrastructures are main obstacles to the deployment of smart grid applications. The C-DAX project aims at providing and investigating a communication middleware for smart grids to address these problems, applying the information-centric networking and publish/subscribe...