Tobias Bühler
PhD Student
I am a third year PhD student advised by Prof. Dr. Laurent Vanbever.
I earned my bachelor as well as master degree in electrical engineering and information technology from ETH Zürich.
My research focus is on network measurements and I try to improve the observability of large networks. In the past, I worked on the MAMI project with Mirja and Brian.
In addition, I am heavily involved in the Communication Networks lecture as teaching assistant.
Recent Publications
Three Bits Suffice: Explicit Support for Passive Measurement of Internet Latency in QUIC and TCP
ACM IMC 2018. Boston, Massachusetts, USA (October 2018).
@inproceedings {spinbit,
author = {Piet {De Vaere} and Tobias B{\"u}hler and Mirja K{\"u}hlewind and Brian Trammell},
title = {{Three Bits Suffice: Explicit Support for Passive Measurement of Internet Latency in QUIC and TCP}},
booktitle={Proceedings of the 2018 Internet Measurement Conference},
year = {2018},
address = {Boston, MA},
organization={ACM}
}
Passive measurement is a commonly used approach for measuring round trip time (RTT), as it reduces bandwidth overhead compared to large-scale active measurements. However, passive RTT measurement is limited to transport-specific approaches, such as those that utilize Transmission Control Protocol (TCP) timestamps. Furthermore, the continuing deployment of encrypted transport protocols such as QUIC hides the information used for passive RTT measurement from the network.
In this work, we introduce the latency spin signal as a light-weight, transport-independent and explicit replacement for TCP timestamps for passive latency measurement. This signal supports per-flow, single-point and single direction passive measurement of end-to-end RTT using just three bits in the transport protocol header, leveraging the existing dynamics of the vast majority of Internet-deployed transports. We show how the signal applies to measurement of both TCP and to QUIC through implementation of the signal in endpoint transport stacks. We also provide a high-performance measurement implementation for the signal using the Vector Packet Processing (VPP) framework. Evaluation on emulated networks and in an Internet testbed demonstrate the viability of the signal, and show that it is resistant to even large amounts of loss or reordering on the measured path.
Stroboscope: Declarative Network Monitoring on a Budget
USENIX NSDI 2018. Renton, Washington, USA (April 2018).
@inproceedings {211289,
author = {Olivier Tilmans and Tobias B{\"u}hler and Ingmar Poese and Stefano Vissicchio and Laurent Vanbever},
title = {Stroboscope: Declarative Network Monitoring on a Budget},
booktitle = {15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18)},
year = {2018},
address = {Renton, WA},
url = {https://www.usenix.org/conference/nsdi18/presentation/tilmans},
publisher = {{USENIX} Association},
}
For an Internet Service Provider (ISP), getting an accurate picture of how its network behaves is challenging. Indeed, given the carried traffic volume and the impossibility to control end-hosts, ISPs often have no other choice but to rely on heavily sampled traffic statistics, which provide them with coarse-grained visibility at a less than ideal time resolution (seconds or minutes). We present Stroboscope, a system that enables fine-grained monitoring of any traffic flow by instructing routers to mirror millisecond-long traffic slices in a programmatic way. Stroboscope takes as input high-level monitoring queries together with a budget and automatically determines: (i) which flows to mirror; (ii) where to place mirroring rules, using fast and provably correct algorithms; and (iii) when to schedule these rules to maximize coverage while meeting the input budget. We implemented Stroboscope, and show that it scales well: it computes schedules for large networks and query sizes in few seconds, and produces a number of mirroring rules well within the limits of current routers. We also show that Stroboscope works on existing routers and is therefore immediately deployable.
A Path Layer for the Internet: Enabling Network Operations on Encrypted Protocols
CNSM 2017. Tokyo, Japan (November 2017).
@inproceedings{,
author = {Mirja Kühlewind and Tobias Bühler and Brian Trammell and Stephan Neuhaus and Roman Müntener and Gorry Fairhurst},
title = {A Path Layer for the Internet: Enabling Network Operations on Encrypted Protocols},
address = {Tokyo, Japan},
booktitle = {Proc. IEEE International Conference on Network and Service Management},
month = {Nov},
year = {2017}
}
The deployment of encrypted transport protocols imposes new challenges for network operations. Key in-network functions such as those implemented by firewalls and passive measurement devices currently rely on information exposed by the transport layer. Encryption, in addition to improving privacy, helps to address ossification of network protocols caused by middleboxes that assume certain information to be present in the clear. However, ``encrypting it all'' risks diminishing the utility of these middleboxes for the traffic management tasks for which they were designed. A middlebox cannot use what it cannot see.
We propose an architectural solution to this issue, by introducing a new ``path layer'' for transport-independent, in-band signaling between Internet endpoints and network elements on the paths between them, and using this layer to reinforce the boundary between the hop-by-hop network layer and the end-to-end transport layer. We define a path layer header on top of UDP to provide a common wire image for new, encrypted transports. This path layer header provides information to a transport-independent on-path state machine that replaces stateful handling currently based on exposed header flags and fields in TCP; it enables explicit measurability of transport layer performance; and offers extensibility by sender-to-path and path-to-receiver communications for diagnostics and management. This provides not only a replacement for signals that are not available with encrypted traffic, but also allows integrity-protected, enhanced signaling under endpoint control. We present an implementation of this wire image integrated with the QUIC protocol, as well as a basic stateful middlebox built on Vector Packet Processing (VPP) provided by FD.io.
Mille-Feuille: Putting ISP traffic under the scalpel.
ACM HotNets 2016. Atlanta, Georgia, USA (November 2016).
@inproceedings {TBVV16,
title = {{Mille-Feuille: Putting ISP traffic under the scalpel}},
author = {Olivier Tilmans and Tobias Bühler and Stefano Vissicchio and Laurent Vanbever},
year = {2016},
booktitle = {Proceedings of HotNets-XV},
}
For Internet Service Provider (ISP) operators, getting an accurate picture of how their network behaves is challenging. Given the traffic volumes that their networks carry and the impossibility to control end-hosts, ISP operators are typically forced to randomly sample traffic, and rely on aggregated statistics. This provides coarse-grained visibility, at a time resolution that is far from ideal (seconds or minutes).
In this paper, we present Mille-Feuille, a novel monitoring architecture that provides fine-grained visibility over ISP traffic. Mille-Feuille schedules activation and deactivation of traffic-mirroring rules, that are then provisioned networkwide from a central location, within milliseconds. By doing so, Mille-Feuille combines the scalability of sampling with the visibility and controllability of traffic mirroring. As a result, it supports a set of monitoring primitives, ranging from checking key performance indicators (e.g., one-way delay) for single destinations to estimating traffic matrices in subseconds. Our preliminary measurements on existing routers confirm that Mille-Feuille is viable in practice.
Lectures
Communication Networks
Spring 2019
Communication Networks
Spring 2018
Communication Networks
Spring 2017
Communication Networks
Spring 2016
Supervised Theses
Leveraging Network Programmability for Machine Learning in the Data Plane (M)
Next-Generation Network Monitoring Using Programmable Network Devices (M)
