IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

An Open Management and Administration Platform for IEEE 802.11 Networks

The deployment of Wireless Local Area Network (WLAN) has greatly increased in past years. Due to the large deployment of the WLAN, the immediate need of management platforms has been recognized, which has a significant impact on the performance of a WLAN. Although there are various vendor-specific and proprietary solutions available in the market to cope with the management of wireless LAN, they have problems in interoperability and compatibility. To address this issues, IETF has come up with the interoperability standard of management of WLANs devices, Control And Provisioning of Wireless Access Points (CAPWAP) protocol, which is still in the draft phase. Commercial implementation of this draft protocol from WLAN equipment vendors is rather expensive. Open source community, therefore, tried to provide free management solutions. An open source project called openCAPWAP was initiated. However, it lacks a graphic user interface that makes it hard to implement for novice network administrators or regular customers. Therefore, the researcher designed and developed a web interface framework that encapsulates openCAPWAP at the bottom to provide user-friendly management experience. This application platform was designed to work with any remote web server in the public domain through which it can connect to access points or access controllers through a secure shell to configure them. This open platform is purely open source-based. It is operating system independent: it can be implemented on any open source environment such as regular Linux operating system or embedded operation system small form factor single board computers. The platform was designed and tested in a laboratory environment and a remote system. This development contributes to network administration in both network planning and operational management of the WLAN networks

Virtual network function development for NG-PON Access Network Architecture

Dissertação de mestrado em Engenharia de Redes e Serviços TelemáticosThe access to Internet services on a large scale, high throughput and low latency has grown at a very high pace over time, with a growing demand for media content and applications increasingly oriented towards data consumption. This fact about the use of data at the edge of the network requires the Central Offices (CO) of telecommunication providers, to be pre pared to absorb these demands. COs generally offer data from various access methods, such as Passive Optical Network (PON) technologies, mobile networks, copper wired and oth ers. For each of these technologies there may be different manufacturers that support only their respective hardware and software solutions, although they all share different network resources and have management, configuration and monitoring tools (Fault, Configuration, Accounting, Performance, and Security management - FCAPS) similar, but being distinct and isolated from each other, which produces huge investment in Capital Expenditure (CAPEX) and Operational Expenditure (OPEX) and can cause barriers to innovation. Such panora mas forced the development of more flexible, scalable solutions that share platforms and net work architectures that can meet this need and enable the evolution of networks. It is then proposed the architecture of Software-Defined Network (SDN) which has in its proposal to abstract the control plane from the data plane, in addition to the virtualization of several Net work Function Virtualization (NFV). The SDN architecture allows APIs and protocols such as Openflow, NETCONF / YANG, RESTCONF, gRPC and others to be used so that there is communication between the various hardware and software elements that compose the net work and consume network resources, such as services AAA, DHCP, routing, orchestration, management or various applications that may exist in this context. This work then aims at the development of a virtualized network function, namely a VNF in the context of network security to be integrated as a component of an architecture guided by the SDN paradigm applied to broadband networks, and also adherent to the architecture OB-BAA promoted by the Broadband Forum. Such OB-BAA architecture fits into the initia tive to modernize the Information Technology (IT) components of broadband networks, more specifically the Central Offices. With such development, it was intended to explore the con cepts of network security, such as the IEEE 802.1X protocol applied in NG-PON networks for authentication and authorization of new network equipment. To achieve this goal, the development of the applications was based on the Golang language combined with gRPC programmable interfaces for communication between the various elements of the architec ture. Network emulators were initially used, and then the components were ”containerized” and inserted in the Docker and Kubernetes virtualization frameworks. Finally, performance metrics were analyzed in the usage tests, namely computational resource usage metrics (CPU, memory and network I/O), in addition to the execution time of several processes performed by the developed applications.O acesso aos serviços de Internet em larga escala, alto débito e baixa latência têm crescido em um ritmo bastante elevado ao longo dos tempos, com uma demanda crescente por conteúdos de media e aplicações cada vez mais orientadas ao consumo de dados. Tal fato acerca da uti lização de dados na periferia da rede, obriga a que os Central Offices (CO) dos provedores de telecomunicações estejam preparados para absorver estas demandas. Os CO geralmente re cebem dados de diversos métodos de acesso, como tecnologias Passive Optical Network (PON), redes móveis, cabladas em cobre, entre outros. Para cada uma destas tecnologias pode haver diferentes fabricantes que suportam somente suas respetivas soluções de hardware e software, apesar de todas compartilharem diversos recursos de rede e possuírem ferramentas de gestão, configuração e monitoração (Fault-management, Configuration, Accounting, Performance e Segurança - FCAPS) similares, mas serem distintas e isoladas entre si, o que se traduz em um enorme investimento em Capital Expenditure (CAPEX) e Operational Expenditure (OPEX) e pode causar barreiras à inovação. Tais panoramas forçaram o desenvolvimento de soluções mais flexíveis, escaláveis e que compartilhem plataformas e arquiteturas de redes que pos sam suprir tal necessidade e possibilitar a evolução das redes. Propõe-se então a arquitetura de redes definidas por software (Software-Defined Network - SDN) que tem em sua proposta abstrair o plano de controle do plano de dados, além da virtualização de diversas funções de rede (Network Function Virtualization - NFV). A arquitetura SDN possibilita que API’s e pro tocolos como Openflow, NETCONF/YANG, RESTCONF, gRPC e outros, sejam utilizados para que haja comunicação entre os diversos elementos de hardware e software que estejam a compor a rede e a consumir recursos de redes, como serviços de AAA, DHCP, roteamento, orquestração, gestão ou diversas outras aplicações que possam existir neste contexto. Este trabalho visa então o desenvolvimento de uma função de rede virtualizada nomeada mente uma (Virtual Network Function - VNF) no âmbito de segurança de redes a ser integrada como um componente de uma arquitetura orientada pelo paradigma de SDN aplicado a re des de banda larga, e aderente também à arquitetura OB-BAA promovida pelo Broadband Fo rum. Tal arquitetura OB-BAA se enquadra na iniciativa de modernização dos componentes de Tecnologia da Informação (TI) das redes de banda larga, mais especificamente dos Cen tral Offices. Com tal desenvolvimento pretende-se explorar conceitos de segurança de redes, como o protocolo IEEE 802.1X aplicado em redes NG-PON para autenticação e autorização de novos equipamentos de rede. Para atingir tal objetivo, utilizou-se desenvolvimento de aplicações baseadas na linguagem Golang aliado com interfaces programáveis gRPC para comunicação entre os diversos elementos da arquitetura. Para emular tais componentes, utilizou-se inicialmente emuladores de rede, e em um segundo momento os componentes foram ”containerizados” e inseridos nos frameworks de virtualização Docker e Kubernetes.Por fim, foram analisadas métricas de desempenho nos testes executados, nomeadamente métricas de utilização de recursos computacionais (CPU, memória e tráfego de rede), além do tempo de execução de diversos processos desempenhados pelas aplicações desenvolvidas

A framework to provide charging for third party composite services

Includes synopsis.Includes bibliographical references (leaves 81-87).Over the past few years the trend in the telecommunications industry has been geared towards offering new and innovative services to end users. A decade ago network operators were content with offering simple services such as voice and text messaging. However, they began to notice that these services were generating lower revenues even while the number of subscribers increased. This was a direct result of the market saturation and network operators were forced to rapidly deploy services with minimum capital investment and while maximising revenue from service usage by end users. Network operators can achieve this by exposing the network to external content and service providers. They would create interfaces that would allow these 3rd party service and content providers to offer their applications and services to users. Composing and bundling of these services will essentially create new services for the user and achieve rapid deployment of enhanced services. The concept of offering a wide range of services that are coordinated in such a way that they deliver a unique experience has sparked interest and numerous research on Service Delivery Platforms (SDP). SDP‟s will enable network operators to be able to develop and offer a wide-variety service set. Given this interest on SDP standardisation bodies such as International Telecommunications Union – Telecommunications (ITU-T), Telecoms and Internet converged Servicers and Protocols for Advanced Networks) (TISPAN), 3rd Generations Partnership Project (3GPP) and Open Mobile Alliance (OMA) are leading efforts into standardising functions and protocols to enhance service delivery by network operators. Obtaining revenue from these services requires effective accounting of service usage and requires mechanisms for billing and charging of these services. The IP Multimedia subsystem(IMS) is a Next Generation Network (NGN) architecture that provides a platform for which multimedia services can be developed and deployed by network operators. The IMS provides network operators, both fixed or mobile, with a control layer that allows them to offer services that will enable them to remain key role players within the industry. Achieving this in an environment where the network operator interacts directly with the 3rd party service providers may become complicated

An architecture for dynamic QoS management at Layer 2 for DOCSIS access networks using OpenFlow

Over the last few years, Software-Defined Networking (SDN) has emerged as one of the most disruptive and profitable novelties in networking. SDN was originally conceived to improve performance and reduce costs in Ethernet-based networks and it has been widely adopted in data center and campus networks. Similarly, thanks to the introduction of SDN concepts, access networks will benefit from the higher control, the lower maintenance costs and the better remote access to devices of SDN. However, its application to access networks is not straightforward and imposes great challenges to vendors and network operators, since current SDN technologies are not prepared to handle the provisioning of user equipment, specific port management or QoS requirements of common access networks. Most recent trends dealing with the SDN-ization of access networks advocate for the use of simple devices at the customer premises and the virtualization of the networking functionalities, requiring the provisioning of Layer 2 services in many cases. In such a scenario, this paper presents an architecture that brings SDN to common access networks using legacy equipment. In a nutshell, the architecture is based on the abstraction of the access network as a wide area OpenFlow switch where QoS-enabled pipes are dynamically created leveraging the high granularity of the OpenFlow protocol for packet classification. Furthermore, the OpenFlow protocol itself has been extended in order to support the advanced QoS requirements that are common to most access networks. The architecture has been implemented for DOCSIS access networks and it has been validated and evaluated using a real testbed deployed at our laboratory. The obtained results show that the architecture remains compliant with the ITU-T QoS recommendations and that the cost of introducing the elements required by the architecture in terms of service performance is negligible.European Commission, Seventh Framework Programme, through the ALIEN (317880) project Spanish Ministry of Economy and Competitiveness under the Secure deployment of services over SDN and NFV based networks project S&NSEC TEC2013-47960-C4-3-

Towards a reliable seamless mobility support in heterogeneous IP networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Next Generation networks (3G and beyond) are evolving towards all IP based systems with the aim to provide global coverage. For Mobility in IP based networks, Mobile IPv6 is considered as a standard by both industry and research community, but this mobility protocol has some reliability issues. There are a number of elements that can interrupt the communication between Mobile Node (MN) and Corresponding Node (CN), however the scope of this research is limited to the following issues only: • Reliability of Mobility Protocol • Home Agent Management • Handovers • Path failures between MN and CN First entity that can disrupt Mobile IPv6 based communication is the Mobility Anchor point itself, i.e. Home Agent. Reliability of Home Agent is addressed first because if this mobility agent is not reliable there would be no reliability of mobile communication. Next scenario where mobile communication can get disrupted is created by MN itself and it is due to its mobility. When a MN moves around, at some point it will be out of range of its active base station and at the same time it may enter the coverage area of another base station. In such a situation, the MN should perform a handover, which is a very slow process. This handover delay is reduced by introducing a “make before break” style handover in IP network. Another situation in which the Mobile IPv6 based communication can fail is when there is a path failure between MN and CN. This situation can be addressed by utilizing multiple interfaces of MN at the same time. One such protocol which can utilize multiple interfaces is SHIM6 but it was not designed to work on mobile node. It was designed for core networks but after some modification in the protocol , it can be deployed on mobile nodes. In this thesis, these issues related to reliability of IPv6 based mobile communication have been addressed

Scanned Wireless Network Setup Fake Access Point & its Detection

This thesis addresses the topic of development and advancement of the wireless technology. Report described about network monitoring and security issues with advancement in the increase of network bandwidth and user requirements to access the internet. This report mainly focuses on how war driving affects the security of end user. How it can solve problem for infected users who are accessing the internet. The technique is used in wireless environment where all kinds of wireless devices can access internet and can use network resources with high security and better performance. Research on this topic reveals that passive monitoring technique can be used to scan the wireless network without even letting other devices to know that scanning is going on. In this way air traffic can easily be sniffed, which raises many security risks and threats related to sniffing the air traffic in wireless network that can easily reveal the personal identity of the end user who is using the wireless network. I have considered Man-in-the-middle scenario to implement FakeAP where the end user has to compromise its security in order to gain access to the network resources. I have also developed a solution to detect the FakeAP in the network which is misusing the network resources and wrote a program to trace down its location on Google maps