SEcure Networking for a DATa Center Cloud in Europe


Large Data Centers (DCs) are forming the most important control centers of the Internet nowadays. Within DCs, business as well as private data is stored, edited, forwarded, and processed. Although current DCs have a huge computing power, massive storage capacities, and an enormous performance based on centrally stored data, they are located far away from the customer, use the network only for transport, and are mostly run by non-European companies. This leads to low flexibility, long delays to customers, and security concerns.

New application scenarios of our digital society such as Industrial Internet, mobile connected objects, Internet of Things, health applications, and especially 5G lead to a huge number of end devices and an enormous increase of traffic volume. The high demands on security, location awareness, service guarantees, flexibility, and latency require a convergence of telecommunication networks and IT as well as distributed data centers, which are placed close to the customers. Innovative approaches such as Network Functions Virtualization (NFV) in combination with Software Defined Networking (SDN) are the basis for a secure, flexible, low latency, and locality-aware distributed data center approach to support the upcoming application scenarios.

Within the SENDATE-PLANETS project, all project partners together will design a network architecture and technologies for secure and flexible distributed data centers in close collaboration. The target is to develop security mechanisms for NFV/SDN networks as well as set up, develop, and optimize VNFs and their placement in distributed data centers.

TUM Chair of Network Architecures and Services investigates methods for validating specific properties of the configurations and the integration and adaption of network intrusion detection with SDN-based high speed networks. Objectives are to combine techniques of SDN and network intrusion detection systems to increase network security and to analyze how SDN can support the flexible deployment of network intrusion detection systems. As second activity our research group focuses on the designs of a framework for measurements that operates and applies to data center components. The framework addresses performance and bottleneck prediction and optimization including the three layers of hardware, services and service management layer.

Partners in Sub-Project SENDATE-PLANETS:

  • NOKIA Networks
  • Airbus Group Innovations
  • Fraunhofer AISEC
  • genua GmbH
  • Infineon Technologies AG
  • Infosim GmbH & Co. KG
  • Karlsruher Institut für Technologie
  • Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften
  • Ruhr Universität Bochum (RUB)
  • TU Braunschweig
  • TU Darmstadt
  • Uni Würzburg
  • x-ion GmbH

Related publications

2017.09 Daniel Raumer, Simon Bauer, Paul Emmerich, Georg Carle, “Performance Implications for Intra-node Placement of Network Function Chains,” in accepted at the 2017 IEEE 6th International Conference on Cloud Networking (CloudNet’17), Prague, Czech Republic, Sep. 2017. [Pdf] [Bib]
2017.07 Paul Emmerich, Daniel Raumer, Sebastian Gallenmüller, Florian Wohlfart, Georg Carle, “Throughput and Latency of Virtual Switching with Open vSwitch: A Quantitative Analysis,” to appear in Journal of Network and Systems Management, Jul. 2017. [DOI] [Bib]
2017.05 Sebastian Gallenmüller, Paul Emmerich, Rainer Schönberger, Daniel Raumer, Georg Carle, “Building Fast but Flexible Software Routers,” in ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS 2017), Beijing, China, May 2017. [Pdf] [Poster] [Bib]
2016.10 Daniel Raumer, Sebastian Gallenmüller, Paul Emmerich, Lukas Märdian, Florian Wohlfart, Georg Carle, “Efficient serving of VPN endpoints on COTS server hardware,” in 2016 IEEE 5th International Conference on Cloud Networking (CloudNet’16), Pisa, Italy, Oct. 2016. [Pdf] [Bib]
2016.10 Julius Michaelis, Cornelius Diekmann, “LOFT – Verified Migration of Linux Firewalls to SDN,” Archive of Formal Proofs, Oct. 2016. Formal proof development [Url] [Bib]
2016.09 Cornelius Diekmann, Lars Hupel, “Iptables_Semantics,” Archive of Formal Proofs, Sep. 2016. Formal proof development [Url] [Bib]
2016.08 Cornelius Diekmann, Julius Michaelis, Max Haslbeck, “Simple Firewall,” Archive of Formal Proofs, Aug. 2016. Formal proof development [Url] [Bib]
2016.08 Julius Michaelis, Cornelius Diekmann, “Routing,” Archive of Formal Proofs, Aug. 2016. Formal proof development [Url] [Bib]
2016.07 Daniel Raumer, Sebastian Gallenmüller, Florian Wohlfart, Paul Emmerich, Patrick Werneck, Georg Carle, “Revisiting Benchmarking Methodology for Interconnect Devices,” in The Applied Networking Research Workshop 2016 (ANRW ’16), Berlin, Germany, Jul. 2016. [Pdf] [Bib]
2016.06 Cornelius Diekmann, Julius Michaelis, Lars Hupel, “IP Addresses,” Archive of Formal Proofs, Jun. 2016. Formal proof development [Url] [Bib]

Finished student theses

Author Title Type Advisors Links
Thomas Bachmaier Scanning for TCP SYN Proxy Implementations BA Dominik Scholz, Paul Emmerich, Quirin Scheitle, Minoo Rouhi Pdf
Krzysztof Lesiak DDoS Mitigation in the Linux Kernel with XDP BA Dominik Scholz, Paul Emmerich Pdf
Thomas Eidenmüller Analysis of Parallel Packet Processing on NUMA Architectures BA Daniel Raumer, Florian Wohlfart Pdf
Chris Hanselmann Implementation and Evaluation of a Client Controlled Multipath Proxy BA Daniel Raumer, Quirin Scheitle
Michael Remmler Entwicklung eines OpenFlow-Switch Benchmarks MA Daniel Raumer, Florian Wohlfart Pdf
Elias Tatros Live Monitoring of Network Experiments IDP Daniel Raumer Pdf
Bernhard Metz Throughput and Latency in Cloud-benchmarking BA Daniel Raumer Pdf
Adrian Weis Measuring and Modelling the Performance of OpenStack BA Daniel Raumer, Sebastian Gallenmüller Pdf
Simon Bauer Network function chaining: configuration guidelines for optimal performance MA Daniel Raumer, Paul Emmerich Pdf

Open and running student theses

Author Title Type Advisors Links
open Service Level Agreement Specification and Resolution for Policy-based Security Management MA Johannes Naab, Iris Adam Pdf
open Description and Processing of Security Policies MA Johannes Naab, Lukas Schwaighofer, Manfred Schäfer, Christian Banse Pdf
Alexander Kurtz Application-level Firewalling with eBPF IDP Dominik Scholz, Paul Emmerich, Daniel Raumer Pdf
Sebastian Bruhn An Analysis of Linux Firewall Performance BA Daniel Raumer, Lukas Schwaighofer, Johannes Naab Pdf
Bastian Hofmann Benchmarking of Docker-based Network Functions BA Daniel Raumer, Florian Wohlfart Pdf
Benedikt Jaeger Evaluation of TCP BBR mixed with other Congestion Avoidance Algorithms MA Dominik Scholz, Lukas Schwaighofer, Daniel Raumer
Erkin Kirdan Traffic shaping and policing with DPDK GR Paul Emmerich, Dominik Scholz, Daniel Raumer Pdf
Simon Leber Tracking down the CPU consumption for Linux Traffic Control BA Paul Emmerich, Daniel Raumer, Dominik Scholz Pdf
open Analyzing the Value of Network Monitoring Information MA Daniel Raumer, Dr. David Hock Pdf
Christoph Schwarzenberg A System for Evaluation of Network Experiments in Multiuser Testbeds IDP Daniel Raumer, Florian Wohlfart Pdf
Simon Bauer Increasing Application Performance with SR-IOV IDP Paul Emmerich, Daniel Raumer