Scientific Programming 22 (2014) 173–185 173

DOI 10.3233/SPR-140382
IOS Press

The Science DMZ: A network design pattern

for data-intensive science 1
Eli Dart a,∗ , Lauren Rotman a , Brian Tierney a , Mary Hester a and Jason Zurawski b
a Energy Sciences Network, Lawrence Berkeley National Laboratory, Berkeley, CA, USA

E-mails: {eddart, lbrotman, bltierney, mchester}@lbl.gov

b Internet2, Office of the CTO, Washington DC, USA

E-mail: [email protected]

Abstract. The ever-increasing scale of scientific data has become a significant challenge for researchers that rely on networks
to interact with remote computing systems and transfer results to collaborators worldwide. Despite the availability of high-
capacity connections, scientists struggle with inadequate cyberinfrastructure that cripples data transfer performance, and impedes
scientific progress. The Science DMZ paradigm comprises a proven set of network design patterns that collectively address these
problems for scientists. We explain the Science DMZ model, including network architecture, system configuration, cybersecurity,
and performance tools, that creates an optimized network environment for science. We describe use cases from universities,
supercomputing centers and research laboratories, highlighting the effectiveness of the Science DMZ model in diverse operational
settings. In all, the Science DMZ model is a solid platform that supports any science workflow, and flexibly accommodates
emerging network technologies. As a result, the Science DMZ vastly improves collaboration, accelerating scientific discovery.
Keywords: High performance networking, perfsonar, data-intensive science, network architecture, measurement

1. Introduction by many factors including: firewalls that cannot ef-

A design pattern is a solution that can be applied to
a general class of problems. This definition, originat-
ing in the field of architecture [1,2], has been adopted
in computer science, where the idea has been used
in software designs [6] and in our case network de-
signs. The network design patterns we discuss are fo-
cused on high end-to-end network performance for
data-intensive science applications. These patterns fo-
cus on optimizing the network interactions between
wide area networks, campus networks, and computing
systems.
The Science DMZ model, as a design pattern, can
be adapted to solve performance problems on any ex-
isting network. Of these performance problems, packet
loss has proven to be the most detrimental as it causes
an observable and dramatic decrease in data through-
put for most applications. Packet loss can be caused
1 This paper received a nomination for the Best Paper Award at the
SC2013 conference and is published here with permission of ACM.
* Corresponding author: Eli Dart, Energy Sciences Network,
Lawrence Berkeley National Laboratory, Berkeley, CA 94720, USA.
E-mail:
fectively process science traffic flows; routers and
switches with inadequate burst capacity; dirty optics;
and failing network and system components. In addi-
tion, another performance problem can be the miscon-
figuration of data transfer hosts, which is often a con-
tributing factor in poor network performance.
Many of these problems are found on the local area
networks, often categorized as “general-purpose” net-
works, that are not designed to support large science
data flows. Today many scientists are relying on these
network infrastructures to share, store, and analyze
their data which is often geographically dispersed.
The Science DMZ provides a design pattern de-
veloped to specifically address these local area net-
work issues and offers research institutions a frame-
work to support data-intensive science. The Science
DMZ model has been broadly deployed and has al-
ready become indispensable to the present and future
of science workflows.
The Science DMZ provides:
• A scalable, extensible network infrastructure free
from packet loss that causes poor TCP perfor-

[email protected]. mance;

1058-9244/14/$27.50 © 2014 – IOS Press and the authors. All rights reserved
174 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
• Appropriate usage policies so that high-
performance applications are not hampered by
unnecessary constraints;
• An effective “on-ramp” for local resources to ac-
cess wide area network services; and
• Mechanisms for testing and measuring, thereby
ensuring consistent performance.
This paper will discuss the Science DMZ from its
development to its role in future technologies. First,
Section 2 will discuss the Science DMZ’s original
development in addressing the performance of TCP-
based applications. Second, Section 3 enumerates the
components of the Science DMZ model and how each
component adds to the overall paradigm. Next, Sec-
tions 4 and 5 offer some sample illustrations of net-
works that vary in size and purpose. Following, Sec-
tion 6 will discuss some examples of Science DMZ im-
plementations from the R&E community. And lastly,
Section 7 highlights some future technological ad-
vancements that will enhance the applicability of the
Science DMZ design.
2. Motivation
When developing the Science DMZ, several key
principles provided the foundation to its design. First,
these design patterns are optimized for science. This
means the components of the system – including all
the equipment, software and associated services – are
configured specifically to support data-intensive sci-
ence. Second, the model is designed to be scalable in
its ability to serve institutions ranging from large ex-
perimental facilities to supercomputing sites to multi-
disciplinary research universities to individual research
groups or scientists. The model also scales to serve a
growing number of users at those facilities with an in-
creasing and varying amount of data over time. Lastly,
the Science DMZ model was created with future inno-
vation in mind by providing the flexibility to incorpo-
rate emerging network services. For instance, advances
in virtual circuit services, 100 Gigabit Ethernet, and
the emergence of software-defined networking present
new and exciting opportunities to improve scientific
productivity. In this section, we will mostly discuss the
first principle since it is the driving mission for the Sci-
ence DMZ model.
The first principle of the model is to optimize the
network for science. To do this, there are two entities
or areas of the network that should be considered: the
wide area network and the local area networks. The
wide area networks (or WANs) are often already op-
timized and can accommodate large data flows up to
100 Gbps. However, the local area networks are still a
choke point for these large data flows.
Local area networks are usually general-purpose
networks that support multiple missions, the first of
which is to support the organization’s business op-
erations including email, procurement systems, web
browsing, and so forth. Second, these general networks
must also be built with security that protects finan-
cial and personnel data. Meanwhile, these networks
are also used for research as scientists depend on this
infrastructure to share, store, and analyze data from
many different sources. As scientists attempt to run
their applications over these general-purpose networks,
the result is often poor performance, and with the in-
crease of data set complexity and size, scientists often
wait hours, days, or weeks for their data to arrive.
Since many aspects of general-purpose networks are
difficult or impossible to change in the ways necessary
to improve their performance, the network architecture
must be adapted to accommodate the needs of science
applications without affecting mission critical business
and security operations. Some of these aspects that are
difficult to change might include the size of the mem-
ory buffers for individual interfaces; mixed traffic pat-
terns between mail and web traffic that would include
science data; and emphasis on availability vs. perfor-
mance and what can be counted on over time for net-
work availability.
The Science DMZ model has already been im-
plemented at various institutions to upgrade these
general-purpose, institutional networks. The National
Science Foundation (NSF) recognized the Science
DMZ as a proven operational best practice for univer-
sity campuses supporting data-intensive science and
specifically identified this model as eligible for fund-
ing through the Campus Cyberinfrastructure–Network
Infrastructure and Engineering Program (CC–NIE).2
This program was created in 2012 and has since been
responsible for implementing approximately 20 Sci-
ence DMZs at different locations – thereby serving the
needs of the science community. Another NSF solicita-
tion was released in 2013 and awards to fund a similar
number of new Science DMZ’s are expected.
2 NSF’s CC–NIE Program: http://www.nsf.gov/pubs/2013/
nsf13530/nsf13530.html.
 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science 175

Fig. 1. Graph shows the TCP throughput vs. round-trip time (latency) with packet loss between 10 Gbps connected hosts, as predicted by the
Mathis Equation. The topmost line (shown in purple) shows the throughput for TCP in a loss-free environment. (The colors are visible in the
online version of the article; http://dx.doi.org/10.3233/SPR-140382.)

2.1. TCP performance
The Transmission Control Protocol (TCP) [15] of
the TCP/IP protocol suite is the primary transport pro-
tocol used for the reliable transfer of data between ap-
plications. TCP is used for email, web browsing, and
similar applications. Most science applications are also
built on TCP, so it is important that the networks are
able to work with these applications (and TCP) to op-
timize the network for science.
TCP is robust in many respects – in particular it has
sophisticated capabilities for providing reliable data
delivery in the face of packet loss, network outages,
and network congestion. However, the very mecha-
nisms that make TCP so reliable also make it per-
form poorly when network conditions are not ideal. In
particular, TCP interprets packet loss as network con-
gestion, and reduces its sending rate when loss is de-
tected. In practice, even a tiny amount of packet loss is
enough to dramatically reduce TCP performance, and
thus increase the overall data transfer time. When ap-
plied to large tasks, this can mean the difference be-
tween a scientist completing a transfer in days rather
than hours or minutes. Therefore, networks that sup-
port data-intensive science must provide TCP-based
applications with loss-free service if TCP-based appli-
cations are to perform well in the general case.
As an example of TCP’s sensitivity, consider the fol-
lowing case. In 2012, Department of Energy’s (DOE)
Energy Sciences Network (ESnet) had a failing 10
Gbps router line card that was dropping 1 out of 22,000
packets, or 0.0046% of all traffic. Assuming the line
card was working at peak efficiency, or 812,744 regu-
lar sized frames per second,3 37 packets were lost each
3 Performance Metrics, http://www.cisco.com/web/about/security/
intelligence/network_performance_metrics.html.
second due to the loss rate. While this only resulted
in an overall drop of throughput of 450 Kbps (on the
device itself), it reduced the end-to-end TCP perfor-
mance far more dramatically as demonstrated in Fig. 1.
This packet loss was not being reported by the router’s
internal error monitoring, and was only noticed using
the owamp active packet loss monitoring tool, which is
part of the perfSONAR Toolkit.4
Because TCP interprets the loss as network conges-
tion, it reacts by rapidly reducing the overall sending
rate. The sending rate then slowly recovers due to the
dynamic behavior of the control algorithms. Network
performance can be negatively impacted at any point
during the data transfer due to changing conditions in
the network. This problem is exacerbated as the la-
tency increases between communicating hosts. This is
often the case when research collaborations sharing
data are geographically distributed. In addition, feed-
back regarding the degraded performance takes longer
to propagate between the communicating hosts.
The relationship between latency, data loss, and net-
work capability was described by Mathis et al. as a
mechanism to predict overall throughput [12]. The
“Mathis Equation” states that maximum TCP through-
put is at most:
maximum segment size 1
×√ .
round-trip time packet loss rate
(1)
Figure 1 shows the theoretical rate predicted by the
Mathis Equation, along with the measured rate for both
TCP-Reno and TCP-Hamilton across ESnet. These
4 perfSONAR Toolkit: http://psps.perfsonar.net.
176 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
tests are between 10 Gbps connected hosts configured
to use 9 KByte (“Jumbo Frame”) Maximum Transmis-
sion Units (MTUs).
This example is indicative of the current opera-
tional reality in science networks. TCP is used for
the vast majority of high-performance science applica-
tions. Since TCP is so sensitive to loss, a science net-
work must provide TCP with a loss-free environment,
end-to-end. This requirement, in turn, drives a set of
design decisions that are key components of the Sci-
ence DMZ model.
3. The science DMZ design pattern
The overall design pattern or paradigm of the Sci-
ence DMZ is comprised of four sub-patterns. Each of
these sub-patterns offers repeatable solutions for four
different areas of concern: proper location (in network
terms) of devices and connections; dedicated systems;
performance measurement; and appropriate security
policies. These four sub-patterns will be discussed in
the following subsections.
3.1. Proper location to reduce complexity
The physical location of the Science DMZ (or “lo-
cation design pattern") is important to consider during
the deployment process. The Science DMZ is typically
deployed at or near the network perimeter of the in-
stitution. The reason for this is that it is important to
involve as few network devices as reasonably possible
in the data path between the experiment at a science
facility, the Science DMZ, and the WAN.
Network communication between applications run-
ning on two hosts traverses, by definition, the hosts
themselves and the entire network infrastructure be-
tween the hosts. Given the sensitivity of TCP to packet
loss (as discussed in Section 2.1), it is important to en-
sure that all the components of the network path be-
tween the hosts are functioning properly and config-
ured correctly. Wide area science networks are typi-
cally engineered to perform well for science applica-
tions, and in fact the Science DMZ model assumes that
the wide area network is doing its job. However, the
local network is often complex, and burdened with the
compromises inherent in supporting multiple compet-
ing missions. The location design pattern accomplishes
two things. The first is separation from the rest of the
general network, and the second is reduced complexity.
There are several reasons to separate the high-
performance science traffic from the rest of the net-
work. The support of high-performance applications
can involve the deployment of highly capable equip-
ment that would be too expensive to use throughout the
general-purpose network but that has necessary fea-
tures such as high-performance filtering capabilities,
sufficient buffering for burst capacity, and the ability to
accurately account for packets that traverse the device.
In some cases, the configuration of the network devices
must be changed to support high-speed data flows – an
example might be conflict between quality of service
settings for the support of enterprise telephony and the
burst capacity necessary to support long-distance high-
performance data flows. In addition, the location pat-
tern makes the application of the appropriate security
pattern significantly easier (see Section 3.4).
The location design pattern can also significantly
reduce the complexity of the portion of the network
used for science applications. Troubleshooting is time-
consuming, and there is a large difference in opera-
tional cost and time-to-resolution between verifying
the correct operation of a small number of routers and
switches and tracing the science flow through a large
number of network devices in the general-purpose net-
work of a college campus. For this reason, the Sci-
ence DMZ is typically located as close to the network
perimeter as possible, i.e. close to or directly connected
to the border router that connects the research institu-
tion’s network to the wide area science network.
3.2. Dedicated systems: The Data Transfer Node
(DTN)
Systems used for wide area science data transfers
perform far better if they are purpose-built for and ded-
icated to this function. These systems, which we call
data transfer nodes (DTNs), are typically PC-based
Linux servers constructed with high quality compo-
nents and configured specifically for wide area data
transfer. The DTN also has access to storage resources,
whether it is a local high-speed disk subsystem, a con-
nection to a local storage infrastructure, such as a stor-
age area network (SAN), or the direct mount of a high-
speed parallel file system such as Lustre5 or GPFS.6
The DTN runs the software tools used for high-speed
data transfer to remote systems. Some typical software
packages include GridFTP7 [3] and its service-oriented
5 Lustre, http//www.lustre.org/.
6 GPFS, http://www.ibm.com/systems/software/gpfs/.
7 GridFTP, http://www.globus.org/datagrid/gridftp.html.
 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
front-end Globus Online8 [4], discipline-specific tools
such as XRootD,9 and versions of default toolsets such
as SSH/SCP with high-performance patches10 applied.
DTNs are widely applicable in diverse science en-
vironments. For example, DTNs are deployed to sup-
port Beamline 8.3.2 at Berkeley Lab’s Advanced Light
Source,11 and as a means of transferring data to and
from a departmental cluster. On a larger scale, sets
of DTNs are deployed at supercomputer centers (for
example at the DOE’s Argonne Leadership Comput-
ing Facility,12 the National Energy Research Scientific
Computing Center,13 and Oak Ridge Leadership Com-
puting Facility14 ) to facilitate high-performance trans-
fer of data both within the centers and to remote sites.
At even larger scales, large clusters of DTNs provide
data service to the Large Hadron Collider (LHC)15 col-
laborations. The Tier-116 centers deploy large numbers
of DTNs to support thousands of scientists. These are
systems dedicated to the task of data transfers so that
they provide reliable, high-performance service to sci-
ence applications.17
DTNs typically have high-speed network interfaces,
but the key is to match the DTN to the capabilities of
the wide area network infrastructure. For example, if
the network connection from the site to the WAN is
1 Gigabit Ethernet, a 10 Gigabit Ethernet interface on
the DTN may be counterproductive. The reason for this
is that a high-performance DTN can overwhelm the
slower wide area link causing packet loss.
The set of applications that run on a DTN is typi-
cally limited to parallel data transfer applications like
GridFTP or FDT.18 In particular, user-agent applica-
tions associated with general-purpose computing and
business productivity (e.g., email clients, document ed-
itors, media players) are not installed. This is for two
reasons. First, the dedication of the DTN to data trans-
fer applications produces more consistent behavior and
avoids engineering trade-offs that might be part of sup-
porting a larger application set. Second, data transfer
applications are relatively simple from a network secu-
8 Globus Online, https://www.globusonline.org/.
9 XRootD, http://xrootd.slac.stanford.edu/.
10 HPN-SSH, http://www.psc.edu/networking/projects/hpn-ssh/.
11 LBNL ALS, http://www-als.lbl.gov.
12 ALCF, https://www.alcf.anl.gov.
13 NERSC, http://www.nersc.gov.
14 OLCF, http://www.olcf.ornl.gov/.
15 LHC, http://lhc.web.cern.ch/lhc/.
16 US/LHC, http://www.uslhc.us/The_US_and_the_LHC/
Computing.
17 LHCOPN, http://lhcopn.web.cern.ch/lhcopn/.
18 FTD, http://monalisa.cern.ch/FDT/.
177
rity perspective, and this makes the appropriate secu-
rity policy easier to apply (see Section 3.4).
Because the design and tuning of a DTN can be
time-consuming for small research groups, ESnet has
a DTN Tuning guide19 and a Reference DTN Imple-
mentation guide.20 The typical engineering trade-offs
between cost, redundancy, performance and so on. ap-
ply when deciding on what hardware to use for a DTN.
In general, it is recommended that DTNs be procured
and deployed such that they can be expanded to meet
future storage requirements.
3.3. Performance monitoring
Performance monitoring is critical to the discov-
ery and elimination of so-called “soft failures” in the
network. Soft failures are problems that do not cause
a complete failure that prevents data from flowing
(like a fiber cut), but causes poor performance. Ex-
amples of soft failures include packet loss due to fail-
ing components; dirty fiber optics; routers forward-
ing packets using the management CPU rather than
the high-performance forwarding hardware; and inad-
equate hardware configuration. Soft failures often go
undetected for many months or longer, since most net-
work management and error reporting systems are op-
timized for reporting “hard failures”, such as loss of
a link or device. Also, many scientists do not know
what level of performance to expect, and so they do not
know when to alert knowledgeable staff about a poten-
tial problem.
A perfSONAR host [16] helps with fault diagno-
sis on the Science DMZ. It offers end-to-end testing
with collaborating sites that have perfSONAR tools in-
stalled, which allows for multi-domain troubleshoot-
ing. perfSONAR is a network monitoring software
suite designed to conduct both active and passive net-
work measurements, convert these to a standard for-
mat, and then publish the data so it is publicly acces-
sible. The perfSONAR host can run continuous checks
for latency changes and packet loss using OWAMP,21
as well as periodic “throughput” tests (a measure of
available network bandwidth) using BWCTL.22 If a
problem arises that requires a network engineer to
troubleshoot the routing and switching infrastructure,
19 DTN Tuning, http://fasterdata.es.net/science-dmz/DTN/
tuning/.
20 Reference DTN, http://fasterdata.es.net/science-dmz/data-
transfer-node-reference-implementation/.
21 OWAMP, http://www.internet2.edu/performance/owamp/.
22 BWCTL, http://www.internet2.edu/performance/bwctl/.
178 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
Fig. 2. Regular perfSONAR monitoring of the ESnet infrastructure.
The color scales denote the “degree” of throughput for the data path.
Each square is halved to show the traffic rate in each direction be-
tween test hosts. (Colors are visible in the online version of the arti-
cle; http://dx.doi.org/10.3233/SPR-140382.)
the tools necessary to work the problem are already
deployed – they need not be installed before trou-
bleshooting can begin.
By deploying a perfSONAR host as part of the Sci-
ence DMZ architecture, regular active network testing
can be used to alert network administers when packet
loss rates increase, or throughput rates decrease. This
is demonstrated by “dashboard” applications, as seen
in Fig. 2. Timely alerts and effective troubleshooting
tools significantly reduce the time and effort required
to isolate the problem and resolve it. This makes high
performance the norm for science infrastructure, and
provides significant productivity advantages for data-
intensive science experiments.
3.4. Appropriate security
Network and computer security are of critical im-
portance for many organizations. Science infrastruc-
tures are no different than any other information infras-
tructure. They must be secured and defended. The Na-
tional Institute for Standards and Technology (NIST)
framework for security uses the CIA concepts – Confi-
dentiality, Integrity, and Availability.23 Data-intensive
science adds another dimension – performance. If the
science applications cannot achieve adequate perfor-
mance, the science mission of the infrastructure has
failed. Many of the tools in the traditional network se-
curity toolbox do not perform well enough for use in
high-performance science environments. Rather than
compromise security or compromise performance, the
23 FIPS-199, http://csrc.nist.gov/publications/PubsFIPS.html.
Science DMZ model addresses security using a multi-
pronged approach.
The appropriate security pattern is heavily depen-
dent on the location and the dedicated systems pat-
terns. By deploying the Science DMZ in a separate lo-
cation in the network topology, the traffic in the Sci-
ence DMZ is separated from the traffic on the rest of
the network (i.e., email, etc.), and security policy and
tools can be applied specifically to the science-only
traffic on the Science DMZ. The use of dedicated sys-
tems limits the application set deployed on the Science
DMZ, and also reduces the attack surface.
A comprehensive network security capability uses
many tools and technologies, including network and
host intrusion detection systems, firewall appliances,
flow analysis tools, host-based firewalls, router access
control lists (ACLs), and other tools as needed. Appro-
priate security policies and enforcement mechanisms
are designed based on the risk levels associated with
high-performance science environments and built us-
ing components that scale to the data rates required
without causing performance problems. Security for a
data-intensive science environment can be tailored for
the data transfer systems on the Science DMZ.
Science DMZ resources are designed to interact
with external systems, and are isolated from (or have
carefully managed access to) internal systems. This
means the security policy for the Science DMZ can be
tailored for this purpose. Users at the local site who ac-
cess resources on their local Science DMZ through the
lab or campus perimeter firewall will typically get rea-
sonable performance, since the latency between the lo-
cal users and the local Science DMZ is low (even if the
firewall causes some loss), TCP can recover quickly.
4. Sample designs
As a network design paradigm, the individual pat-
terns of the Science DMZ can be combined in many
different ways. The following examples of the overall
Science DMZ model are presented as illustrations of
the concepts using notional network diagrams of vary-
ing size and functionality.
4.1. Simple Science DMZ
A simple Science DMZ has several essential
components. These include dedicated access to high-
performance wide area networks, high-performance
network equipment, DTNs, and monitoring infrastruc-
 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
Fig. 3. Example of the simple Science DMZ. Shows the data path
through the border router and to the DTN (shown in green). The
campus site access to the Science DMZ resources is shown in red.
(The colors are visible in the online version of the article; http://
dx.doi.org/10.3233/SPR-140382.)
ture provided by perfSONAR. These components are
organized in an abstract diagram with data paths in
Fig. 3.
The DTN is connected directly to a high-
performance Science DMZ switch or router, which is
attached to the border router. By attaching the Science
DMZ to the border router, it is much easier to guar-
antee a packet loss free path to the DTN, and to cre-
ate virtual circuits that extend all the way to the end
host. The DTN’s job is to efficiently and effectively
move science data between the local environment and
remote sites and facilities. The security policy enforce-
ment for the DTN is done using access control lists
(ACLs) on the Science DMZ switch or router, not on a
separate firewall. The ability to create a virtual circuit
all the way to the host also provides an additional layer
of security. This design is suitable for the deployment
of DTNs that serve individual research projects or to
support one particular science application. An exam-
ple use case of the simple Science DMZ is discussed
in Sections 6.1 and 6.2.
4.2. Supercomputer center network
The notional diagram shown in Fig. 4 illustrates a
simplified supercomputer center network. While this
may not look much like the simple Science DMZ dia-
gram in Fig. 3, the same principles are used in its de-
sign.
Many supercomputer centers already use the Sci-
ence DMZ model. Their networks are built to handle
179
Fig. 4. Example supercomputer center built as a Science DMZ. (Col-
ors are visible in the online version of the article; http://dx.doi.org/
10.3233/SPR-140382.)
high-rate data flows without packet loss, and designed
to allow easy troubleshooting and fault isolation. Test
and measurement systems are integrated into the in-
frastructure from the beginning, so that problems can
be located and resolved quickly, regardless of whether
the local infrastructure is at fault. Note also that access
to the parallel filesystem by wide area data transfers
is via data transfer nodes that are dedicated to wide
area data transfer tasks. When data sets are transferred
to the DTN and written to the parallel filesystem, the
data sets are immediately available on the supercom-
puter resources without the need for double-copying
the data. Furthermore, all the advantages of a DTN –
i.e., dedicated hosts, proper tools, and correct config-
uration – are preserved. This is also an advantage in
that the login nodes for a supercomputer need not have
their configurations modified to support wide area data
transfers to the supercomputer itself. Data arrives from
outside the center via the DTNs and is written to the
central filesystem. The supercomputer login nodes do
not need to replicate the DTN functionality in order
to facilitate data ingestion. A use case is described in
Section 6.4.
4.3. Big data site
For sites that handle very large data volumes (e.g.,
for large-scale experiments such as the LHC), individ-
ual data transfer nodes are not enough. These sites de-
ploy data transfer “clusters”, and these groups of ma-
chines serve data from multi-petabyte data storage sys-
tems. Still, the principles of the Science DMZ apply.
Dedicated systems are still used for data transfer, and
the path to the wide area is clean, simple, and easy to
180 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
Fig. 5. Example of an extreme data cluster. The wide area data path
covers the entire network front-end, similar to the supercomputer
center model. (Colors are visible in the online version of the article;
http://dx.doi.org/10.3233/SPR-140382.)
troubleshoot. Test and measurement systems are inte-
grated in multiple locations to enable fault isolation.
This network is similar to the supercomputer center ex-
ample in that the wide area data path covers the entire
network front-end, as shown in Fig. 5.
This network has redundant connections to the re-
search network backbone, each of which is capable
of both routed IP and virtual circuit services. The en-
terprise portion of the network takes advantage of the
high-capacity redundant infrastructure deployed for
serving science data, and deploys redundant firewalls
to ensure uptime. However, the science data flows do
not traverse these devices. Appropriate security con-
trols for the data service are implemented in the rout-
ing and switching plane. This is done both to keep the
firewalls from causing performance problems and be-
cause the extremely high data rates are typically be-
yond the capacity of firewall hardware. More discus-
sion about the LHC high-volume data infrastructure
can be found in Johnston et al.’s paper presented at the
2013 TERENA Networking Conference [9].
5. Network components
When choosing the network components for a Sci-
ence DMZ, it is important to carefully select network-
ing hardware that can efficiently handle the high band-
width requirements. The most important factor is to
deploy routers and switches that have enough queue
buffer space to handle “fan-in” issues, and are prop-
erly configured to use this buffer space, as the default
settings are often not optimized for bulk data transfers.
(The fan-in issue is described in detail at the end of this
section.) One should also look for devices that have
flexible, high-performance ACL (Access Control List)
support so that the router or switch can provide ade-
quate filtering to eliminate the need for firewall appli-
ances. Note that some care must be taken in reading
the documentation supplied by vendors. For example,
Juniper Network’s high-performance router ACLs are
actually called “firewall filters” in the documentation
and the device configuration. In general, it is impor-
tant to ask vendors for specifics about packet filtering,
interface queues, and other capabilities.
As discussed, two very common causes of packet
loss are firewalls and aggregation devices with inad-
equate buffering. In order to understand these prob-
lems, it is important to remember that a TCP-based
flow rarely runs at its overall “average” speed. When
observed closely, it is apparent that most high-speed
TCP flows are composed of bursts and pauses. These
bursts are often very close to the maximum data rate
for the sending host’s interface. This is important, be-
cause it means that a 200 Mbps TCP flow between
hosts with Gigabit Ethernet interfaces is actually com-
posed of short bursts at or close to 1 Gbps with pauses
in between.
Firewalls are often built with an internal architec-
ture that aggregates a set of lower-speed processors to
achieve an aggregate throughput that is equal to the
speed of the network interfaces of the firewall. This ar-
chitecture works well when the traffic traversing the
firewall is composed of a large number of low-speed
flows (e.g., a typical business network traffic profile).
However, this causes a problem when a host with a net-
work interface that is faster than the firewall’s internal
processors emerges. Since the firewall must buffer the
traffic bursts sent by the data transfer host until it can
process all the packets in the burst, input buffer size
is critical. Firewalls often have small input buffers be-
cause that is typically adequate for the traffic profile of
a business network. If the firewall’s input buffers are
too small to hold the bursts from the science data trans-
fer host, the user will suffer severe performance prob-
lems caused by packet loss.
Given all the problems with firewalls, one might ask
what value they provide. If the application set is lim-
ited to data transfer applications running on a DTN, the
answer is that firewalls provide very little value. When
a firewall administrator is collecting the information
necessary to allow a data transfer application such as
GridFTP to traverse the firewall, the firewall adminis-
trator does not configure the firewall to use a special-
ized protocol analyzer that provides deep inspection of
 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science 181

the application’s traffic. The firewall administrator asks
for the IP addresses of the communicating hosts, and
the TCP ports that will be used by the hosts to commu-
nicate. Armed with that information, the firewall ad-
ministrator configures the firewall to permit the traf-
fic. Filtering based on IP address and TCP port num-
ber can be done on the Science DMZ switch or router
with ACLs. When done with ACLs on a modern switch
or router, the traffic does not need to traverse a fire-
wall at all. This is a key point: by running a limited set
of applications on the Science DMZ DTNs, the appli-
cation profile is such that the Science DMZ can typ-
ically be defended well without incurring the perfor-
mance penalties of a firewall. This is especially true if
the ACLs are used in combination with intrusion de-
tection systems or other advanced security tools. How-
ever, an intrusion detection system should be used even
if a firewall is present.
Aggregation (“fan-in”) problems are related to the
firewall problem in that they too result from the com-
bination of the burstiness of TCP traffic and small
buffers on network devices. However, the fan-in prob-
lem arises when multiple traffic flows entering a switch
or router from different ingress interfaces are destined
for a common egress interface. If the speed of the sum
of the bursts arriving at the switch is greater than the
speed of the device’s egress interface, the device must
buffer the extra traffic or drop it. If the device does
not have sufficient buffer space, it must drop some of
the traffic, causing TCP performance problems. This
situation is particularly common in inexpensive LAN
switches. Since high-speed packet memory is expen-
sive, cheap switches often do not have enough buffer
space to handle anything except LAN traffic. Note that
the fan-in problem is not unique to coincident bursts. If
a burst from a single flow arrives at a rate greater than
the rate available on the egress interface due to existing
non-bursty traffic flows, the same problem exists.
6.1. University of Colorado, Boulder
The University of Colorado, Boulder campus was an
early adopter of Science DMZ technologies. Their core
network features an immediate split into a protected
campus infrastructure (beyond a firewall), as well as
a research network (RCNet) that delivers unprotected
functionality directly to campus consumers. Figure 6
shows the basic breakdown of this network, along with
the placement of measurement tools provided by perf-
SONAR.
The physics department, a participant in the Com-
pact Muon Solenoid (CMS)24 experiment affiliated
with the LHC project, is a heavy user of campus net-
work resources. It is common to have multiple streams
of traffic approaching an aggregate of 5 Gbps affiliated
with this research group. As demand for resources in-
creased, the physics group connected additional com-
putation and storage to their local network. Figure 7
shows these additional 1 Gbps connections as they en-
tered into the portion of the RCNet on campus.
Despite the initial care in the design of the network,
overall performance began to suffer during heavy use
times on the campus. Passive and active perfSONAR
monitoring alerted that there was low throughput to
Fig. 6. University of Colorado campus network, showing RCNet
connected at the perimeter as a Science DMZ. (Colors are visi-
ble in the online version of the article; http://dx.doi.org/10.3233/
SPR-140382.)

6. Use cases

In this section we give some examples of how ele-

ments of the Science DMZ model have been put into
practice. While a full implementation of recommen-
dations is always encouraged, many factors influence
what can and cannot be installed at a given location due
to existing architectural limitations and policy. These Fig. 7. University of Colorado Network showing physics group con-
use cases highlight the positive outcomes of the design nectivity. (Colors are visible in the online version of the article;
methodology, and show that the Science DMZ model http://dx.doi.org/10.3233/SPR-140382.)
is able to please both administrative and scientific con-
stituencies. 24 CMS, http://cms.web.cern.ch.
182 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
downstream facilities, as well as the presence of
dropped packets on several network devices. Further
investigation was able to correlate the dropped packets
to three main factors:
• Increased number of connected hosts,
• Increased network demand per host,
• Lack of tunable memory on certain network de-
vices in the path.
Replacement hardware was installed to alleviate this
bottleneck in the network, but the problem remained
upon initial observation. After additional investigation
by the vendor and performance engineers, it was re-
vealed that the unique operating environment (e.g.,
high “fan-out” that featured multiple 1 Gbps connec-
tions feeding a single 10 Gbps connection) was con-
tributing to the problem. Under high load, the switch
changed from cut-through mode to store-and-forward
mode, and the cut-through switch was unable to pro-
vide loss-free service in store-and-forward mode.
After a fix was implemented by the vendor and ad-
ditional changes to the architecture were implemented,
performance returned to near line rate for each member
of the physics computation cluster.
6.2. The Pennsylvania State University & Virginia
Tech Transportation Institute
The Pennsylvania State University’s College of En-
gineering (CoE) collaborates with many partners on
jointly funded activities. The Virginia Tech Transporta-
tion Institute (VTTI), housed at Virginia Polytech-
nic Institute and State University, is one such part-
ner. VTTI chooses to collocate computing and storage
resources at Penn State, whose network security and
management is implemented by local staff. However,
due to policy requirements for collocated equipment,
a security mechanism in the form of a firewall was re-
quired to protect both the campus and VTTI equip-
ment. Shortly after collocation, VTTI users noticed
that performance for hosts connected by 1 Gbps lo-
cal connections were limited to around 50 Mbps over-
all; this observation was true in either direction of data
flow.
Using perfSONAR, network engineers discovered
that the size of the TCP window was not growing be-
yond the default value of 64 KB, despite the fact that
hosts involved in data transfer and measurement test-
ing were configured to use auto-tuning – a mechanism
that would allow this value to grow as time, capacity,
and demand dictated. To find the correct window size
Fig. 8. Penn State College of Engineering network utilization, col-
lected passively from SNMP data. (Colors are visible in the online
version of the article; http://dx.doi.org/10.3233/SPR-140382.)
needed to achieve network speeds close to 1 Gbps, the
sites were measured at 10 ms away in terms of round-
trip latency, which yielded a window size of:
1000 Mb/s 1s
∗ 10 ms ∗ = 1.25 MB. (2)
8 B/b 1000 ms
This theoretical value was 20 times less than the re-
quired size. Further investigation into the behavior of
the network revealed that there was no packet loss
observed along the path, and other perfSONAR test
servers on campus showed performance to VTTI that
exceeded 900 Mbps. From some continued perfor-
mance monitoring, the investigation began to center on
the performance of the CoE firewall.
A review of the firewall configuration revealed that
a setting on the firewall, TCP flow sequence checking,
modifies the TCP header field that specifies window
size (e.g., a clear violation of tcp_window_scaling, set
forth in RFC 1323 [8]). Disabling this firewall setting
increased inbound performance by nearly 5 times, and
outbound performance by close to 12 times the original
observations. Figure 8 is a capture of overall network
utilization to CoE, and shows an immediate increase in
performance after the change to the firewall setting.
Because CoE and VTTI were able to utilize the Sci-
ence DMZ resources, like perfSONAR, engineers were
able to locate and resolve the major network perfor-
mance problem. Figure 8 also shows that numerous
users, not just VTTI, were impacted by this abnormal-
ity. The alteration in behavior allowed TCP to reach
higher levels of throughput, and allowed flows to com-
plete in a shorter time than with a limited window.
6.3. The National Oceanic and Atmospheric
Administration
The National Oceanic and Atmospheric Administra-
tion (NOAA) in Boulder houses the Earth System Re-
search Lab, which supports a “reforecasting” project.
The initiative involves running several decades of his-
 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
torical weather forecasts with the same current version
of NOAA’s Global Ensemble Forecast System (GEFS).
Among the advantages associated with a long refore-
cast data set, model forecast errors can be diagnosed
from the past forecasts and corrected, thereby dramat-
ically increasing the forecast skill, especially in fore-
casts of relatively rare events and longer-lead forecast.
In 2010, the NOAA team received an allocation
of 14.5 million processor hours at NERSC to per-
form this work. In all, the 1984–2012 historical GEFS
dataset totaled over 800 TB, stored on the NERSC
HPSS archival system. Of the 800 TB at NERSC, the
NOAA team sought to bring about 170 TB back to
NOAA Boulder for further processing and to make it
more readily available to other researchers. When the
NOAA team tried to use an FTP server located behind
NOAA’s firewall for the transfers, they discovered that
data trickled in at about 1–2 MB/s.
Working with ESnet and NERSC, the NOAA team
leveraged the Science DMZ design pattern to set up a
new dedicated transfer node enabled with Globus On-
line to create a data path unencumbered by legacy fire-
walls. Immediately the team saw a throughput increase
of nearly 200 times. The team was able to transfer 273
files with a total size of 239.5 GB to the NOAA DTN
in just over 10 minutes – approximately 395 MB/s.
6.4. National Energy Research Scientific Computing
Center
In 2009, both NERSC and OLCF installed DTNs to
enable researchers who use their computing resources
to move large data sets between each facility’s mass
storage systems. As a result, WAN transfers between
NERSC and OLCF increased by at least a factor of
20 for many collaborations. As an example, a com-
putational scientist in the OLCF Scientific Comput-
ing Group who was researching the fundamental nu-
clear properties of carbon-14, in collaboration with
scientists from Lawrence Livermore National Labora-
tory (LLNL) and Iowa State University, had previously
waited more than an entire workday for a single 33 GB
input file to transfer – just one of the 20 files of sim-
ilar size that needed to be moved between the sites.
With the improved infrastructure, those researchers
were immediately able to improve their transfer rate
to 200 MB/s enabling them to move all 40 TB of data
between NERSC and OLCF in less than three days.
Since 2009, several science collaborations includ-
ing those in astrophysics, climate, photon science, ge-
nomics and others have benefitted from the Science
183
DMZ architecture at NERSC. Most recently, it has
enabled high-speed multi-terabyte transfers between
SLAC Linear Accelerator National Lab’s Linac Co-
herent Light Source and NERSC to support protein
crystallography experiments as well as transfers be-
tween Beamline 8.3.2 at Berkeley Lab’s Advanced
Light Source and NERSC in support of X-ray tomog-
raphy experiments.
7. Future technologies
In addition to solving today’s network performance
problems, the Science DMZ model also makes it easier
to experiment and integrate with tomorrow’s technolo-
gies. Technologies such as dynamic “virtual circuits”,
software-defined networking (SDN), and 40/100 Gbps
ethernet can be deployed in the Science DMZ, elimi-
nating the need to deploy these technologies deep in-
side campus infrastructure.
7.1. Virtual circuits
Virtual circuit services, such as the ESnet-developed
On-demand Secure Circuits and Reservation System,
or OSCARS platform [7,14], can be used to connect
wide area layer-2 circuits directly to DTNs, allow-
ing the DTNs to receive the benefits of the bandwidth
reservation, quality of service guarantees, and traf-
fic engineering capabilities. The campus or lab “inter-
domain” controller (IDC)25 can provision the local
switch and initiate multi-domain wide area virtual cir-
cuit connectivity to provide guaranteed bandwidth be-
tween DTN’s at multiple institutions. An example of
this configuration is the NSF-funded Development of
Dynamic Network System (DYNES) [17] project that
is supporting a deployment of approximately 60 uni-
versity campuses and regional networks across the US.
Virtual circuits also enable the use of new data transfer
protocols such as RDMA (remote direct memory ac-
cess) over Converge Ethernet (RoCE) [5] on the Sci-
ence DMZ DTNs. RoCE has been demonstrated to
work well over a wide area network, but only on a guar-
anteed bandwidth virtual circuit with minimal com-
peting traffic [11]. Kissel et al. show that RoCE can
achieve the same performance as TCP (39.5 Gbps for
a single flow on a 40GE host), but with 50 times less
CPU utilization.
25 IDC, http://www.controlplane.net/.
184 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
7.2. 100-Gigabit Ethernet
100 Gigabit Ethernet (GE) technology is being de-
ployed by research networks around the world, to sup-
port data-intensive science. The NSF CC–NIE pro-
gram is increasing the rate of 100GE deployment at US
campuses with solicitations offered in 2012 and 2013.
While 100GE promises the ability to support next-
generation instruments and facilities, and to conduct
scientific analysis of distributed data sets at unprece-
dented scale, 100GE technology poses significant chal-
lenges for the general-purpose networks at research
institutions. Once a site is connected to a 100GE back-
bone, it would be very costly to distribute this new in-
creased bandwidth across internal campus infrastruc-
ture. With the Science DMZ model, all hosts need-
ing the increased bandwidth are near the border router,
making it much easier to benefit from the 100GE con-
nection.
7.3. Software-defined networking
Testing and deploying software defined networking,
particularly the use of OpenFlow as a platform [13],
is a timely example of how the Science DMZ model
could be used for exploring and hardening new tech-
nologies.
Software-defined networking concepts and produc-
tion uses of OpenFlow are still in their early stages
of adoption by the community. Many innovative ap-
proaches are still being investigated to develop best
practices for the deployment and integration of these
services in production environments. ESnet and its col-
laborators at Indiana University have demonstrated an
OpenFlow-based Science DMZ architecture that inter-
operates with a virtual circuit service like OSCARS. It
is easy to set up an OSCARS virtual circuit across the
WAN, but plumbing the circuit all the way to the end
host must be done by hand. OpenFlow simplifies this
process.
Another promising use of OpenFlow is as a mech-
anism to dynamically modify the security policy for
large flows between trusted sites. Multiple groups have
demonstrated the use of OpenFlow to dynamically by-
pass the firewall (e.g., Kissel et al.’s research on SDN
with XSP [10]). Further, one could also use OpenFlow
along with an intrusion detection system (IDS) to send
the connection setup traffic to the IDS for analysis, and
then once the connection is verified allow the flow to
bypass the firewall and the IDS.
8. Conclusion
The Science DMZ model has its roots in opera-
tional practices developed over years of experience,
and incorporates aspects of network architecture, net-
work security, performance tuning, system design, and
application selection. The Science DMZ, as a design
pattern, has already been successfully deployed at mul-
tiple sites across the US, and many through NSF fund-
ing. The Science DMZ model and its contributing tech-
nologies are well-tested and have been effectively used
at supercomputer centers, national laboratories, and
universities as well as in large-scale scientific experi-
ments.
The Science DMZ model provides a conceptual
framework for the deployment of networks and
network-enabled tools and systems for the effective
support of data-intensive science. With many science
collaborations moving to large-scale or distributed ex-
periments, the purpose of sharing best practices is be-
coming more important. This paper shares our work
in developing the Science DMZ for the larger science
community.
Acknowledgements
The authors would like to thank NOAA, NERSC,
the Pennsylvania State University, and the University
of Colorado, Boulder, for their contributions to this
work.
The authors wish to acknowledge the vision of the
National Science Foundation for its support of the CC–
NIE program.
This manuscript has been authored by an author at
Lawrence Berkeley National Laboratory under Con-
tract No. DE-AC02-05CH11231 with the U.S. Depart-
ment of Energy. The U.S. Government retains, and
the publisher, by accepting the article for publica-
tion, acknowledges, that the U.S. Government retains
a non-exclusive, paid-up, irrevocable, world-wide li-
cense to publish or reproduce the published form of
this manuscript, or allow others to do so, for U.S. Gov-
ernment purposes.
Disclaimer
This document was prepared as an account of work
sponsored by the United States Government. While
this document is believed to contain correct informa-
 E. Dart et al. / The Science DMZ: A network design pattern for data-intensive science
tion, neither the United States Government nor any
agency thereof, nor the Regents of the University of
California, nor any of their employees, makes any war-
ranty, express or implied, or assumes any legal respon-
sibility for the accuracy, completeness, or usefulness
of any information, apparatus, product, or process dis-
closed, or represents that its use would not infringe pri-
vately owned rights. Reference herein to any specific
commercial product, process, or service by its trade
name, trademark, manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, rec-
ommendation, or favoring by the United States Gov-
ernment or any agency thereof, or the Regents of the
University of California. The views and opinions of
authors expressed herein do not necessarily state or
reflect those of the United States Government or any
agency thereof or the Regents of the University of Cal-
ifornia.
References
[1] C. Alexander, The Timeless Way of Building, Oxford Univ.
Press, New York, 1979.
[2] C. Alexander, S. Ishikawa and M. Silverstein, A Pattern Lan-
guage: Towns, Buildings, Construction, Oxford Univ. Press,
New York, 1977.
[3] W. Allcock, J. Bresnahan, R. Kettimuthu, M. Link, C. Du-
mitrescu, I. Raicu and I. Foster, The globus striped GridFTP
framework and server, in: Proceedings of the 2005 ACM/IEEE
Conference on Supercomputing, SC’05, IEEE Computer Soci-
ety, Washington, DC, USA, 2005, p. 54.
[4] B. Allen, J. Bresnahan, L. Childers, I. Foster, G. Kandaswamy,
R. Kettimuthu, J. Kordas, M. Link, S. Martin, K. Pickett et al.,
Software as a service for data scientists, Communications of
the ACM 55(2) (2012), 81–88.
[5] I.T. Association, InfiniBand. Architecture Specification Re-
lease 1.2.1 Annex A16: RoCE, 2010.
[6] E. Gamma, R. Helm, R. Johnson and J. Vlissides, Design
Patterns: Elements of Reusable Object-Oriented Software,
Addison-Wesley Longman Publishing, Boston, MA, USA,
1995.
185
[7] C. Guok, D. Robertson, M. Thompson, J. Lee, B. Tierney and
W. Johnston, Intra and interdomain circuit provisioning us-
ing the OSCARS reservation system, in: Third International
Conference on Broadband Communications Networks and Sys-
tems, IEEE/ICST, October 2006.
[8] V. Jacobson, R. Braden and D. Borman, TCP Extensions for
High Performance, RFC 1323 (Proposed Standard), May 1992.
[9] W.E. Johnston, E. Dart, M. Ernst and B. Tierney, Enabling high
throughput in widely distributed data management and analy-
sis systems: Lessons from the LHC, in: TERENA Networking
Conference (TNC) 2013, June 2013.
[10] E. Kissel, G. Fernandes, M. Jaffee, M. Swany and M. Zhang,
Driving software defined networks with XSP, in: Workshop on
Software Defined Networks (SDN’12), International Confer-
ence on Communications (ICC), IEEE, June 2012.
[11] E. Kissel, B. Tierney, M. Swany and E. Pouyoul, Efficient data
transfer protocols for big data, in: Proceedings of the 8th Inter-
national Conference on eScience, IEEE, July 2012.
[12] M. Mathis, J. Semke, J. Mahdavi and T. Ott, The macro-
scopic behavior of the tcp congestion avoidance algorithm,
SIGCOMM Comput. Commun. Rev. 27(3) (1997), 67–82.
[13] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar,
L. Peterson, J. Rexford, S. Shenker and J. Turner, Openflow:
enabling innovation in campus networks, SIGCOMM Comput.
Commun. Rev. 38(2) (2008), 69–74.
[14] I. Monga, C. Guok, W.E. Johnston and B. Tierney, Hybrid net-
works: Lessons learned and future challenges based on ESnet4
experience, IEEE Communications Magazine, May 2011.
[15] J. Postel, Transmission Control Protocol, Request for Com-
ments (Standard) 793, Internet Engineering Task Force,
September 1981.
[16] B. Tierney, J. Boote, E. Boyd, A. Brown, M. Grigoriev, J. Met-
zger, M. Swany, M. Zekauskas and J. Zurawski, perfSONAR:
Instantiating a global network measurement framework, in:
SOSP Workshop on Real Overlays and Distributed Systems
(ROADS’09), Big Sky, MT, USA, ACM, October 2009.
[17] J. Zurawski, R. Ball, A. Barczyk, M. Binkley, J. Boote,
E. Boyd, A. Brown, R. Brown, T. Lehman, S. McKee,
B. Meekhof, A. Mughal, H. Newman, S. Rozsa, P. Sheldon,
A. Tackett, R. Voicu, S. Wolff and X. Yang, The dynes instru-
ment: A description and overview, Journal of Physics: Confer-
ence Series 396(4) (2012), 042065.
 Advances in Journal of
Industrial Engineering
Multimedia
Applied
Computational
Intelligence and Soft
Computing
The Scientific International Journal of
Distributed
Hindawi Publishing Corporation
World Journal
Hindawi Publishing Corporation
Sensor Networks
Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014

Advances in

Fuzzy
Systems
Modelling &
Simulation
in Engineering
Hindawi Publishing Corporation
Hindawi Publishing Corporation Volume 2014 http://www.hindawi.com Volume 2014
http://www.hindawi.com

Submit your manuscripts at

Journal of
http://www.hindawi.com
Computer Networks
and Communications Advances in
Artificial
Intelligence
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014

International Journal of Advances in

Biomedical Imaging Artificial
Neural Systems

International Journal of
Advances in Computer Games Advances in
Computer Engineering Technology Software Engineering
Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014

International Journal of
Reconfigurable
Computing

Advances in Computational Journal of

Journal of Human-Computer Intelligence and Electrical and Computer
Robotics
Hindawi Publishing Corporation
Interaction
Hindawi Publishing Corporation
Neuroscience
Hindawi Publishing Corporation Hindawi Publishing Corporation
Engineering
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014