I am a final year PhD student advised by Prof. Dr. Laurent Vanbever.
I earned my bachelor as well as master degree in electrical engineering and information technology from ETH Zürich.
My research focus is on network measurements and I try to improve the observability of large networks. In the past, I worked on the MAMI project with Mirja and Brian.
In addition, I am heavily involved in the Communication Networks lecture as head teaching assistant.
BibTeX...
Tobias Bühler, Romain Jacob, Ingmar Poese, Laurent Vanbever
USENIX NSDI 2023. Boston, MA, USA (April 2023).
Monitoring where traffic enters and leaves a network is a routine task for network operators. In order to scale with Tbps of traffic, large Internet Service Providers (ISPs) mainly use traffic sampling for such global monitoring. Sampling either provides a sparse view or generates unreasonable overhead. While sampling can be tailored and optimized to specific contexts, this coverage–overhead trade-off is unavoidable.
Rather than optimizing sampling, we propose to “magnify” the sampling coverage by complementing it with mirroring. Magnifier enhances the global network view using a two-step approach: based on sampling data, it first infers traffic ingress and egress points using a heuristic, then it uses mirroring to validate these inferences efficiently. The key idea behind Magnifier is to use negative mirroring rules; i.e., monitor where traffic should not go. We implement Magnifier on commercial routers and demonstrate that it indeed enhances the global network view with negligible traffic overhead. Finally, we observe that monitoring based on our heuristics also allows to detect other events, such as certain failures and DDoS attacks.
Tobias Bühler, Roland Schmid, Sandro Lutz, Laurent Vanbever
ACM HotNets 2022. Austin, Texas, USA (November 2022).
In theory, any network operator, developer, or vendor should have access to large amounts of live network traffic for testing their solutions. In practice, though, that is not the case. Network actors instead have to use packet traces or synthetic traffic, which is highly suboptimal: today's generated traffic is unrealistic. We propose a system for generating live application traffic leveraging massive codebases such as GitHub.
Our key observation is that many repositories have now become "orchestrable" thanks to the rise of container technologies. To showcase the practicality of the approach, we iterate through >293k GitHub repositories and manage to capture >74k traces containing meaningful and diverse network traffic. Based on this first success, we outline the design of a system, DYNAMO, which analyzes these traces to select and orchestrate open-source projects to automatically generate live application traffic matching a user's specification.
Thomas Holterbach, Tobias Bühler, Tino Rellstab, Laurent Vanbever
ACM SIGCOMM CCR 2020. Volume 50 Issue 2 (April 2020).
Each year at ETH Zurich, around 100 students collectively build and operate their very own Internet infrastructure composed of hundreds of routers and dozens of Autonomous Systems (ASes). Their goal? Enabling Internet-wide connectivity.
We find this class-wide project to be invaluable in teaching our students how the Internet infrastructure practically works. Among others, our students have a much deeper understanding of Internet operations alongside their pitfalls. Besides students tend to love the project: clearly the fact that all of them need to cooperate for the entire Internet to work is empowering.
In this paper, we describe the overall design of our teaching platform, how we use it, and interesting lessons we have learnt over the years. We also make our platform openly available.
Piet De Vaere, Tobias Bühler, Mirja Kühlewind, Brian Trammell
ACM IMC 2018. Boston, Massachusetts, USA (October 2018).
Passive measurement is a commonly used approach for measuring round trip time (RTT), as it reduces bandwidth overhead compared to large-scale active measurements. However, passive RTT measurement is limited to transport-specific approaches, such as those that utilize Transmission Control Protocol (TCP) timestamps. Furthermore, the continuing deployment of encrypted transport protocols such as QUIC hides the information used for passive RTT measurement from the network.
In this work, we introduce the latency spin signal as a light-weight, transport-independent and explicit replacement for TCP timestamps for passive latency measurement. This signal supports per-flow, single-point and single direction passive measurement of end-to-end RTT using just three bits in the transport protocol header, leveraging the existing dynamics of the vast majority of Internet-deployed transports. We show how the signal applies to measurement of both TCP and to QUIC through implementation of the signal in endpoint transport stacks. We also provide a high-performance measurement implementation for the signal using the Vector Packet Processing (VPP) framework. Evaluation on emulated networks and in an Internet testbed demonstrate the viability of the signal, and show that it is resistant to even large amounts of loss or reordering on the measured path.
Olivier Tilmans, Tobias Bühler, Ingmar Poese, Stefano Vissicchio, Laurent Vanbever
USENIX NSDI 2018. Renton, Washington, USA (April 2018).
For an Internet Service Provider (ISP), getting an accurate picture of how its network behaves is challenging. Indeed, given the carried traffic volume and the impossibility to control end-hosts, ISPs often have no other choice but to rely on heavily sampled traffic statistics, which provide them with coarse-grained visibility at a less than ideal time resolution (seconds or minutes). We present Stroboscope, a system that enables fine-grained monitoring of any traffic flow by instructing routers to mirror millisecond-long traffic slices in a programmatic way. Stroboscope takes as input high-level monitoring queries together with a budget and automatically determines: (i) which flows to mirror; (ii) where to place mirroring rules, using fast and provably correct algorithms; and (iii) when to schedule these rules to maximize coverage while meeting the input budget. We implemented Stroboscope, and show that it scales well: it computes schedules for large networks and query sizes in few seconds, and produces a number of mirroring rules well within the limits of current routers. We also show that Stroboscope works on existing routers and is therefore immediately deployable.
Mirja Kühlewind, Tobias Bühler, Brian Trammell, Stephan Neuhaus, Roman Müntener, Gorry Fairhurst
CNSM 2017. Tokyo, Japan (November 2017).
The deployment of encrypted transport protocols imposes new challenges for network operations. Key in-network functions such as those implemented by firewalls and passive measurement devices currently rely on information exposed by the transport layer. Encryption, in addition to improving privacy, helps to address ossification of network protocols caused by middleboxes that assume certain information to be present in the clear. However, ``encrypting it all'' risks diminishing the utility of these middleboxes for the traffic management tasks for which they were designed. A middlebox cannot use what it cannot see.
We propose an architectural solution to this issue, by introducing a new ``path layer'' for transport-independent, in-band signaling between Internet endpoints and network elements on the paths between them, and using this layer to reinforce the boundary between the hop-by-hop network layer and the end-to-end transport layer. We define a path layer header on top of UDP to provide a common wire image for new, encrypted transports. This path layer header provides information to a transport-independent on-path state machine that replaces stateful handling currently based on exposed header flags and fields in TCP; it enables explicit measurability of transport layer performance; and offers extensibility by sender-to-path and path-to-receiver communications for diagnostics and management. This provides not only a replacement for signals that are not available with encrypted traffic, but also allows integrity-protected, enhanced signaling under endpoint control. We present an implementation of this wire image integrated with the QUIC protocol, as well as a basic stateful middlebox built on Vector Packet Processing (VPP) provided by FD.io.
Olivier Tilmans, Tobias Bühler, Stefano Vissicchio, Laurent Vanbever
ACM HotNets 2016. Atlanta, Georgia, USA (November 2016).
For Internet Service Provider (ISP) operators, getting an accurate picture of how their network behaves is challenging. Given the traffic volumes that their networks carry and the impossibility to control end-hosts, ISP operators are typically forced to randomly sample traffic, and rely on aggregated statistics. This provides coarse-grained visibility, at a time resolution that is far from ideal (seconds or minutes).
In this paper, we present Mille-Feuille, a novel monitoring architecture that provides fine-grained visibility over ISP traffic. Mille-Feuille schedules activation and deactivation of traffic-mirroring rules, that are then provisioned networkwide from a central location, within milliseconds. By doing so, Mille-Feuille combines the scalability of sampling with the visibility and controllability of traffic mirroring. As a result, it supports a set of monitoring primitives, ranging from checking key performance indicators (e.g., one-way delay) for single destinations to estimating traffic matrices in subseconds. Our preliminary measurements on existing routers confirm that Mille-Feuille is viable in practice.
Assistant
Spring 2016
BibTeX...
Hande Harputluoglu
Supervisors: Roland Schmid, Tobias Bühler, Dr. Georgia Fragkouli, Prof. Laurent Vanbever
Hande Harputluoglu
Supervisors: Tobias Bühler, Roland Schmid, Prof. Laurent Vanbever
Alain Kohli
Supervisors: Tobias Bühler, Coralie Busse-Grawitz, Tibor Schneider, Prof. Laurent Vanbever
Sandro Lutz
Supervisors: Tobias Bühler, Roland Schmid, Prof. Laurent Vanbever
Leonardo Rodoni
Supervisors: Tobias Bühler, Thomas Graf
Sandro Lutz
Supervisors: Dr. Thomas Holterbach, Tobias Bühler, Prof. Laurent Vanbever
Eduard Bachmakov
Supervisors: Tobias Bühler, Thomas Graf, Prof. Laurent Vanbever
Hendrik Züllig
Supervisors: Tobias Bühler, Prof. Laurent Vanbever
Alex Studer
Supervisors: Dr. Thomas Holterbach, Tobias Bühler, Prof. Laurent Vanbever
Denis Mikhaylov
Supervisors: Dr. Thomas Holterbach, Tobias Bühler, Prof. Laurent Vanbever
Manuel Pulfer
Supervisors: Dr. Thomas Holterbach, Tobias Bühler, Prof. Laurent Vanbever
Leonardo Rodoni
Supervisors: Tobias Bühler, Prof. Laurent Vanbever
Eric Marty
Supervisors: Dr. Thomas Holterbach, Tobias Bühler, Prof. Laurent Vanbever
Tom Kuchler
Supervisors: Tobias Bühler, Prof. Laurent Vanbever
Tino Rellstab
Supervisors: Tobias Bühler, Dr. Thomas Holterbach, Prof. Laurent Vanbever
Hendrik Züllig
Supervisors: Tobias Bühler, Prof. Laurent Vanbever
Supervisors: Dr. Roland Meier, Tobias Bühler, Alexander Dietmüller, Prof. Laurent Vanbever
Supervisors: Tobias Bühler, Prof. Laurent Vanbever
Piet De Vaere
Supervisors: Brian Trammell, Dr. Mirja Kühlewind, Prof. Laurent Vanbever, Tobias Bühler