Multi Protocol Label Switching: Quality of Service, Traffic Engineering application, and Virtual Private Network application

This thesis discusses the QoS feature, Traffic Engineering (TE) application, and Virtual Private Network (VPN) application of the Multi Protocol Label Switching (MPLS) protocol. This thesis concentrates on comparing MPLS with other prominent technologies such as Internet Protocol (IP), Asynchronous Transfer Mode (ATM), and Frame Relay (FR). MPLS combines the flexibility of Internet Protocol (IP) with the connection oriented approach of Asynchronous Transfer Mode (ATM) or Frame Relay (FR). Section 1 lists several advantages MPLS brings over other technologies. Section 2 covers architecture and a brief description of the key components of MPLS. The information provided in Section 2 builds a background to compare MPLS with the other technologies in the rest of the sections. Since it is anticipate that MPLS will be a main core network technology, MPLS is required to work with two currently available QoS architectures: Integrated Service (IntServ) architecture and Differentiated Service (DiffServ) architecture. Even though the MPLS does not introduce a new QoS architecture or enhance the existing QoS architectures, it works seamlessly with both QoS architectures and provides proper QoS support to the customer. Section 3 provides the details of how MPLS supports various functions of the IntServ and DiffServ architectures. TE helps Internet Service Provider (ISP) optimize the use of available resources, minimize the operational costs, and maximize the revenues. MPLS provides efficient TE functions which prove to be superior to IP and ATM/FR. Section 4 discusses how MPLS supports the TE functionality and what makes MPLS superior to other competitive technologies. ATM and FR are still required as a backbone technology in some areas where converting the backbone to IP or MPLS does not make sense or customer demands simply require ATM or FR. In this case, it is important for MPLS to work with ATM and FR. Section 5 highlights the interoperability issues and solutions for MPLS while working in conjunction with ATM and FR. In section 6, various VPN tunnel types are discussed and compared with the MPLS VPN tunnel type. The MPLS VPN tunnel type is concluded as an optimal tunnel approach because it provides security, multiplexing, and the other important features that are reburied by the VPN customer and the ISP. Various MPLS layer 2 and layer 3 VPN solutions are also briefly discussed. In section 7 I conclude with the details of an actual implementation of a layer 3 MPLS VPN solution that works in conjunction with Border Gateway Protocol (BGP)

Uma solução de autenticação fim a fim para o LDP (Label Distribution Protocol)

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.Este trabalho propõe uma solução de autenticação para o protocolo LDP (Label Distribution Protocol) que tem por objetivo autenticar, em um escopo fim a fim, o estabelecimento de um LSP (Label Switching Path) entre um LSR (Label Switching Router) de Ingresso e o seu respectivo LSR de Egresso. Objetiva-se suprir a deficiência do protocolo LDP de não possuir um mecanismo de autenticação fim a fim definido, aplicável entre LSRs não-adjacentes. Conforme foi verificado pelo levantamento de trabalhos correlatos, atualmente é desconhecida uma solução de autenticação semelhante, que efetivamente atenda o propósito de autenticar num escopo fim a fim, o estabelecimento de LSPs no protocolo LDP. Dessa forma a solução deste trabalho é inédita no seu escopo de aplicação. A solução foi planejada para ambientes onde LSPs atravessam múltiplos domínios externos, não confiáveis entre si, e que por isso necessitam de um mecanismo de autenticação durante o estabelecimento dos LSPs. A solução faz uso de um mecanismo de autenticação, baseado em criptografia assimétrica (chave pública e privada), anexado a cada mensagem LDP. Este mecanismo possibilita ao LSR receptor verificar e autenticar o originador da mensagem LDP. Adicionalmente a solução provê integridade de dados através de um mecanismo de resumo de mensagens (hash) e também protege contra ataques de repetição através da inserção de um nonce às mensagens LDP

Final report for the Multiprotocol Label Switching (MPLS) control plane security LDRD project.

As rapid Internet growth continues, global communications becomes more dependent on Internet availability for information transfer. Recently, the Internet Engineering Task Force (IETF) introduced a new protocol, Multiple Protocol Label Switching (MPLS), to provide high-performance data flows within the Internet. MPLS emulates two major aspects of the Asynchronous Transfer Mode (ATM) technology. First, each initial IP packet is 'routed' to its destination based on previously known delay and congestion avoidance mechanisms. This allows for effective distribution of network resources and reduces the probability of congestion. Second, after route selection each subsequent packet is assigned a label at each hop, which determines the output port for the packet to reach its final destination. These labels guide the forwarding of each packet at routing nodes more efficiently and with more control than traditional IP forwarding (based on complete address information in each packet) for high-performance data flows. Label assignment is critical in the prompt and accurate delivery of user data. However, the protocols for label distribution were not adequately secured. Thus, if an adversary compromises a node by intercepting and modifying, or more simply injecting false labels into the packet-forwarding engine, the propagation of improperly labeled data flows could create instability in the entire network. In addition, some Virtual Private Network (VPN) solutions take advantage of this 'virtual channel' configuration to eliminate the need for user data encryption to provide privacy. VPN's relying on MPLS require accurate label assignment to maintain user data protection. This research developed a working distributive trust model that demonstrated how to deploy confidentiality, authentication, and non-repudiation in the global network label switching control plane. Simulation models and laboratory testbed implementations that demonstrated this concept were developed, and results from this research were transferred to industry via standards in the Optical Internetworking Forum (OIF)

Loop detection and prevention mechanism in multiprotocol label switching

The extended color thread algorithm is based on running a thread hop by hop before the labels are distributed inside a MPLS Cloud Since the path for the data packets is set beforehand, the loop formation occurs at the control path. The shortest paths between selected source and destination have been calculated using Dijkstra\u27s shortest path algorithm and threads are allowed to extend through the routers. With the passage of each next hop, a distributed procedure is executed within the thread, generating a unique color at nodes. This keeps a track on router\u27s control path and at the same time ensures that no loop formation occurs. In loop prevention mode, a router transmits a label mapping, when it rewinds the thread for that particular LSP. Likewise, if a router operates in loop detection mode, it returns a label-mapping message without a thread object, after receiving a colored thread. The scheme is a loop prevention scheme, thus, ensuring loop detection and loop mitigation. The same algorithm is then extended to a proposed MPLS environment with global label space. (Abstract shortened by UMI.)

Planning tools for MPLS networks

Verkot, joissa MPLS-tekniikkaa (Multi Protocol Label Switching) käytetään pakettien reitittämiseen, kasvavat jatkuvasti yhä suuremmiksi ja toiminnallisuus, jota verkoissa tarvitaan, monipuolistuu koko ajan. Tämän syyn vuoksi verkon suunnittelija tarvitsee yhä parempia apuvälineitä, jotta suunnittelu olisi onnistunutta, optimaalista ja tuottaisi halutun tuloksen. Tämän diplomityön tarkoitus on selvittää tärkeimmät toiminnallisuudet ja ominaisuudet, joita MPLS-verkkojen suunnitteluun laadittu työkalu vaatii. Diplomityö on jaettu kolmeen osaan. Ensimmäisessä osassa valotetaan MPLS-verkkojen käyttämää tekniikkaa. Tuossa osiossa käydään läpi tekniikat ja protokollat, joita MPLS-verkot käyttävät erinäisiin tehtäviin. Ensin käydään läpi yleisesti miksi MPLS-tekniikkaa ylipäätään tarvitaan ja miksi sitä käytetään verkkojen reitittämiseen. Tämän jälkeen tarkastellaan MPLS-protokollan otsikkokenttää ja sen osien käyttötarkoitukset selitetään. Sitten tarkastellaan MPLS-verkon rakennetta ja siihen kuuluvia laitteita. Seuraavaksi siirrytään osioon, joka selvittää kaikki yleisesti MPLS-polkujen rakentamiseen käytettävät protokollat ja miten ne eroavat toisistaan. Tämän jälkeen kerrotaan MPLS-vuonohjauksesta Differentiated Services-tekniikan avulla ja siitä miten se auttaa erilaisten liikenneluokkien erittelyssä MPLS-liikenteessä. Viimeinen kohta tässä osassa listaa erilaiset VPN-yhteydet, jotka ovat mahdollisia MPLS-tekniikkaa käytettäessä. Osio selventää näiden tekniikoiden eroavaisuudet ja mahdollisuudet, joita nämä MPLS-tekniikan avulla toteutettavat VPN-yhteydet suovat verrattuna aiempiin VPN-toteutuksiin. Toinen osa tässä diplomityössä kertoo verkon suunnittelusta. Ensin käydään läpi verkon suunnittelua yleisellä tasolla. Tämä osa sisältää verkon suunnittelun eri vaiheet pääosittain: erilaiset ennustusmallit esitellään ja selvitetään mitoituksen ja vuonohjauksen rooli verkkosuunnittelussa. Näiden jälkeen siirrytään yleisestä verkonsunnittelusta osioihin, joita käytetään MPLS-verkon suunnittelussa ja joiden yleisesti oletetaan tai halutaan löytyvän MPLS-verkkoihin tarkoitetusta suunnittelutyökalusta. Viimeinen kohta kertoo toiminnallisuus- ja skaalautuvuushaasteista, joihin MPLS:n on tekniikkana vastattava nykypäivänä. Kolmannessa osiossa tarkastellaan kahta eri suunnittelutyökalua, jotka on laadittu MPLS-verkkojen suunnitelua varten: WANDL-yhtiön julkaisemaa IP/MPLSView:ta ja Aria Networks Oy:n julkaisemaa iVNT:ta. Tässä osiossa käydään läpi näiden työkalujen toiminnallisuutta kertomalla erilaisista simulaatiomahdollisuuksista, joita kumpikin työkalu tarjoaa. Lisäksi kerrotaan mitä toimintoja ja protokollia näihin työkaluihin on mallinnettu, miten hyvin työkalut skaalautuvat kaupallisten MPLS-verkkojen tarpeisiin ja minkälaisita moduuleista työkalut on rakennettu. Työn lopussa on pohdittu näiden kolmen osion perusteella, että mitkä ominaisuudet tulisi ottaa huomioon MPLS-verkon suunnittelutyökalua laadittaessa ja millä tavalla nämä ominaisuudet tulisi toteuttaa työkalussa. Näiden jälkeen on työhön vielä tehty loppuyhteenveto, joka kertoo työ tuloksista ja mahdollisista jatkokehitysmahdollisuuksista. MPLS-verkon suunnittelu koostuu monesta eri vaiheesta, ja jokainen vaihe sisältää suuren määrän toiminnallisuusvaatimuksia. Nämä toiminnallisuusvaatimukset on mallinnettava MPLS-verkkojen suunnitteluun laaditussa työkalussa, jos halutaan että työkalu pystyy mallintamaan koko verkon suunnitteluprosessin alusta loppuun. Tärkeimmät toiminnallisuudet, jotka MPLS-verkon suunnittelutyökalun tulee omata ovat simulointimahdollisuudet MPLS-poluille (LSP:t), MPLS-TE:lle, eri VPN-tyypeille ja DiffServ-liikenteelle, sillä nämä ovat tärkeimmät toiminnallisuudet MPLS-verkoissa tänä päivänä. Jos edellä mainittu toiminnallisuus on toteutettu ja mallinnettu suunnittelutyökalussa ja työkalu osaa optimoida liikennettä hyvin saadaan verkon pääoma- ja operaationaaliset kulut laskemaan. MPLS-verkon suunnittelutyökalua laadittaessa on myös tärkeää ottaa huomioon työkalun skaalautuvuusominaisuudet. Runkoverkot voivat koostua tänä päivänä tuhansista solmuista ja sadoista tuhansista liikennevirroista, joten suunnitelutyökalun tulisi omata toiminnallisuutta joka automatisoi joitain vaiheita verkonsuunnittelussa, mikä mahdollistaa tämän kokoluokan verkkojen suunnittelun. Tällainen toiminnallisuus voisi esimerkiksi olla automatisoitu vuonohjaus ja verkkojen topologiakokonaisuuden vienti ja tuonti suunnittelutyökaluun ja siitä ulos. /Kir1

A study into scalable transport networks for IoT deployment

The growth of the internet towards the Internet of Things (IoT) has impacted the way we live. Intelligent (smart) devices which can act autonomously has resulted in new applications for example industrial automation, smart healthcare systems, autonomous transportation to name just a few. These applications have dramatically improved the way we live as citizens. While the internet is continuing to grow at an unprecedented rate, this has also been coupled with the growing demands for new services e.g. machine-to machine (M2M) communications, smart metering etc. Transmission Control Protocol/Internet Protocol (TCP/IP) architecture was developed decades ago and was not prepared nor designed to meet these exponential demands. This has led to the complexity of the internet coupled with its inflexible and a rigid state. The challenges of reliability, scalability, interoperability, inflexibility and vendor lock-in amongst the many challenges still remain a concern over the existing (traditional) networks. In this study, an evolutionary approach into implementing a "Scalable IoT Data Transmission Network" (S-IoT-N) is proposed while leveraging on existing transport networks. Most Importantly, the proposed evolutionary approach attempts to address the above challenges by using open (existing) standards and by leveraging on the (traditional/existing) transport networks. The Proof-of-Concept (PoC) of the proposed S-IoT-N is attempted on a physical network testbed and is demonstrated along with basic network connectivity services over it. Finally, the results are validated by an experimental performance evaluation of the PoC physical network testbed along with the recommendations for improvement and future work

Equal cost multipath routing in IP networks

IP verkkojen palveluntarjoajat ja loppukäyttäjät vaativat yhä tehokkaampia ja parempilaatuisia palveluita, mikä vaatii tuotekehittäjiä tarjoamaan hienostuneempia liikennesuunnittelumenetelmiä verkon optimointia ja hallintaa varten. IS-IS ja OSPF ovat standardiratkaisut hoitamaan reititystä pienissä ja keskisuurissa pakettiverkoissa. Monipolkureititys on melko helppo ja yleispätevä tapa parantaa kuorman balansointia ja nopeaa suojausta tällaisissa yhden polun reititykseen keskittyvissä verkoissa. Tämä diplomityö kirjoitettiin aikana, jolloin monipolkureititys toteutettiin Tellabs-nimisen yrityksen 8600-sarjan reitittimiin. Tärkeimpiä kohtia monipolkureitityksen käyttöönotossa ovat lyhyimmän polun algoritmin muokkaukseen ja reititystaulun toimintaan liittyvät muutokset ohjaustasolla sekä kuormanbalansointialgoritmin toteutus reitittimen edelleenkuljetustasolla. Diplomityön tulokset sekä olemassa oleva kirjallisuus osoittavat, että kuormanbalansointialgoritmilla on suurin vaikutus yhtä hyvien polkujen liikenteen jakautumiseen ja että oikean algoritmin valinta on ratkaisevan tärkeää. Hajakoodaukseen perustuvat algoritmit, jotka pitävät suurimman osan liikennevuoista samalla polulla, ovat dominoivia ratkaisuja nykyisin. Tämän algoritmityypin etuna on helppo toteutettavuus ja kohtuullisen hyvä suorituskyky. Liikenne on jakautunut tasaisesti, kunhan liikennevuoiden lukumäärä on riittävän suuri. Monipolkureititys tarjoaa yksinkertaisen ratkaisun, jota on helppo konfiguroida ja ylläpitää. Suorituskyky on parempi kuin yksipolkureititykseen perustuvat ratkaisut ja se haastaa monimutkaisemmat MPLS ratkaisut. Ainoa huolehdittava asia on linkkien painojen asettaminen sillä tavalla, että riittävästi kuormantasauspolkuja syntyy.Increasing efficiency and quality demands of services from IP network service providers and end users drive developers to offer more and more sophisticated traffic engineering methods for network optimization and control. Intermediate System to Intermediate System and Open Shortest Path First are the standard routing solutions for intra-domain networks. An easy upgrade utilizes Equal Cost Multipath (ECMP) that is one of the most general solutions for IP traffic engineering to increase load balancing and fast protection performance of single path interior gateway protocols. This thesis was written during the implementation process of the ECMP feature of Tellabs 8600 series routers. The most important parts in adoption of ECMP are changes to shortest path first algorithm and routing table modification in the control plane and implementation of load balancing algorithm to the forwarding plane of router. The results of the thesis and existing literature prove, that the load balancing algorithm has the largest affect on traffic distribution of equal cost paths and the selection of the correct algorithm is crucial. Hash-based algorithms, that keep the traffic flows in the same path, are the dominating solutions currently. They provide simple implementation and moderate performance. Traffic is distributed evenly, when the number of flows is large enough. ECMP provides a simple solution that is easy to configure and maintain. It outperforms single path solutions and competes with more complex MPLS solutions. The only thing to take care of is the adjustment of link weights of the network in order to create enough load balancing paths

Design and performance evaluation of Wireless Multi-Protocol Label Switching (WMPLS)

Scope and Method of Study: The research presented in this document focuses on the design of a new protocol for high-speed wireless data communications. The primary goal of this new design is to overcome the limitations of its predecessors, while minimizing the needed resources and maximizing throughput and efficiency in its operations. Another important goal of the study is to provide a homogeneous protocol for wired and wireless networks in order to provide complete interoperability for overlay models and other protocols that can be designed on the basis of this work. The performance evaluation part of this document shows the areas in which improvement has been achieved over previous protocol implementations, and it also shows the areas in which further research is needed in order to improve the performance at least to the levels set by previous protocols.Findings and Conclusions: This study shows that a native wireless design and implementation of the Multi-Protocol Label Switching (MPLS) protocol provides improvements in the field of wireless data communications, providing a homogeneous platform for voice and data communication networks. The research is open for further improvements and modifications for services not contemplated in this document, and continuous developments should be conducted in order to obtain a working prototype of this proposal

Signalling of Point to Multipoint Trees in Metro Ethernet and Core Networks

Diplomityössä tutustuttiin IPTV-kanavien siirtoon Core-verkosta MetroEthernet-verkon asiakasta lähinnä olevalle laidalle. Tavoitteena oli kehittää nopeampi ratkaisu monilähetyspuiden konfigurointiin laitevalmistajan toteuttamilla protokollilla. Nykyinen ratkaisu, jossa käytetään Resource reSerVation Protocol:ia MultiProtocol Label Switching-tunneleiden signaloimiseen, Internet Group Management Protocol Snooping:ia halukkaiden vastaanottajien kartoittamiseen sekä Protocol Independent Multicast-Source Specific Multicast:ia runkoverkon monilähetykseen on liian työläs. Uudet ratkaisut, joissa yhdistellään RSVP:tä, point-to-multipoint RSVP:tä, Fast ReRoutea ja PIM-SSM:ia testataan TeliaSoneran tietoverkkolaboratoriossa. Tulosten perusteella ei voida sanoa paljoa varmasti, mutta FRR ME-verkossa vaikuttaa helppokäyttöiseltä ja toimivalta ratkaisulta. Lisäksi P2MP RSVP-TE herätti toiveita nopeammin vikatilanteista toipuvasta monilähetysratkaisusta runkoverkosta, kunhan ilmenneiden vikojen syyt saadaan selville.This master's thesis studies the distribution of IPTV channels from a core network to the edges of a MetroEthernet network. The goal is to find a faster solution for configuring multicast trees using protocols implemented by vendors. The current solution which uses Resource reSerVation Protocol for signalling MultiProtocol Label Switched tunnels, Internet Group Management Protocol Snooping for mapping receivers and Protocol Independent Multicast-Source Specific Multicast for core multicast creates too much work. The new solutions combine RSVP, point-to-multipoint RSVP, Fast ReRoute and PIM-SSM and they are tested in the TeliaSonera networking laboratory. Based on test results there is not much certainty about many things but it can be said that FRR seems to be working well and it is easy to use. Furthermore, P2MP RSVP seemed promising for the core network with faster convergence times in failure cases than PIM-SSM. However, there are few problems to be solved before the protocol is ready for use in the production network

Intelligent based Packet Scheduling Scheme using Internet Protocol/Multi-Protocol Label Switching (IP/MPLS) Technology for 5G. Design and Investigation of Bandwidth Management Technique for Service-Aware Traffic Engineering using Internet Protocol/Multi-Protocol Label Switching (IP/MPLS) for 5G

Multi-Protocol Label Switching (MPLS) makes use of traffic engineering (TE) techniques and a variety of protocols to establish pre-determined highly efficient routes in Wide Area Network (WAN). Unlike IP networks in which routing decision has to be made through header analysis on a hop-by-hop basis, MPLS makes use of a short bit sequence that indicates the forwarding equivalence class (FEC) of a packet and utilises a predefined routing table to handle packets of a specific FEC type. Thus header analysis of packets is not required, resulting in lower latency. In addition, packets of similar characteristics can be routed in a consistent manner. For example, packets carrying real-time information can be routed to low latency paths across the networks. Thus the key success to MPLS is to efficiently control and distribute the bandwidth available between applications across the networks. A lot of research effort on bandwidth management in MPLS networks has already been devoted in the past. However, with the imminent roll out of 5G, MPLS is seen as a key technology for mobile backhaul. To cope with the 5G demands of rich, context aware and multimedia-based user applications, more efficient bandwidth management solutions need to be derived. This thesis focuses on the design of bandwidth management algorithms, more specifically QoS scheduling, in MPLS network for 5G mobile backhaul. The aim is to ensure the reliability and the speed of packet transfer across the network. As 5G is expected to greatly improve the user experience with innovative and high quality services, users’ perceived quality of service (QoS) needs to be taken into account when deriving such bandwidth management solutions. QoS expectation from users are often subjective and vague. Thus this thesis proposes the use of fuzzy logic based solution to provide service aware and user-centric bandwidth management in order to satisfy requirements imposed by the network and users. Unfortunately, the disadvantage of fuzzy logic is scalability since dependable fuzzy rules and membership functions increase when the complexity of being modelled increases. To resolve this issue, this thesis proposes the use of neuro-fuzzy to solicit interpretable IF-THEN rules.The algorithms are implemented and tested through NS2 and Matlab simulations. The performance of the algorithms are evaluated and compared with other conventional algorithms in terms of average throughput, delay, reliability, cost, packet loss ratio, and utilization rate. Simulation results show that the neuro-fuzzy based algorithm perform better than fuzzy and other conventional packet scheduling algorithms using IP and IP over MPLS technologies.Tertiary Education Trust Fund (TETFUND