September 25, 2011
The FreeBSD Foundation is pleased to announce that Swinburne University of Technology’s Centre for Advanced Internet Architectures has been awarded a grant to implement DIFFUSE for FreeBSD.
DIFFUSE (Distributed Firewall and Flow-shaper Using Statistical Evidence) is an extension to the FreeBSD IPFW firewall subsystem developed by CAIA. It allows IPFW to classify traffic based on statistical properties of flows being observed in realtime, and instantiate network actions across a distributed set of “action nodes” for particular flows if required.
This project will tidy up and integrate the existing DIFFUSE prototype into FreeBSD, and incorporate a number of important new features. Integration of DIFFUSE into FreeBSD will increase FreeBSD’s utility to designers and implementers of FreeBSD-based networking infrastructure.
Network architects frequently require the ability to classify different traffic types flowing across a network, typically using packet inspection capabilities of base system tools such as ipfw and pf. Traffic classification then enables the provision of customized service levels to different traffic types (such as priority packet queuing and forwarding, or allocation of specific bandwidth guarantees).
DIFFUSE uses machine learning techniques to enable robust and efficient classification of IP traffic flows based on their unique statistical properties in addition to traditional inspection of packet header or payload contents. DIFFUSE also allows traffic classification to occur in one place (e.g. in the core of a network) and trigger traffic shaping and differentiation elsewhere (e.g. at the edges of a network). DIFFUSE has applications in ISP, residential broadband and large corporate network scenarios to name a few.
The project will conclude the end of October 2011.