High-speed, in-band performance measurement instrumentation for next generation IP networks

Facilitating always-on instrumentation of Internet traffic for the purposes of performance measurement is crucial in order to enable accountability of resource usage and automated network control, management and optimisation. This has proven infeasible to date due to the lack of native measurement mechanisms that can form an integral part of the network‟s main forwarding operation. However, Internet Protocol version 6 (IPv6) specification enables the efficient encoding and processing of optional per-packet information as a native part of the network layer, and this constitutes a strong reason for IPv6 to be adopted as the ubiquitous next generation Internet transport. In this paper we present a very high-speed hardware implementation of in-line measurement, a truly native traffic instrumentation mechanism for the next generation Internet, which facilitates performance measurement of the actual data-carrying traffic at small timescales between two points in the network. This system is designed to operate as part of the routers' fast path and to incur an absolutely minimal impact on the network operation even while instrumenting traffic between the edges of very high capacity links. Our results show that the implementation can be easily accommodated by current FPGA technology, and real Internet traffic traces verify that the overhead incurred by instrumenting every packet over a 10 Gb/s operational backbone link carrying a typical workload is indeed negligible

Design and Experimental Evaluation of a Route Optimisation Solution for NEMO

An important requirement for Internet protocol (IP) networks to achieve the aim of ubiquitous connectivity is network mobility (NEMO). With NEMO support we can provide Internet access from mobile platforms, such as public transportation vehicles, to normal nodes that do not need to implement any special mobility protocol. The NEMO basic support protocol has been proposed in the IETF as a first solution to this problem, but this solution has severe performance limitations. This paper presents MIRON: Mobile IPv6 route optimization for NEMO, an approach to the problem of NEMO support that overcomes the limitations of the basic solution by combining two different modes of operation: a Proxy-MR and an address delegation with built-in routing mechanisms. This paper describes the design and rationale of the solution, with an experimental validation and performance evaluation based on an implementation.Publicad

Multicast Mobility in Mobile IP Version 6 (MIPv6) : Problem Statement and Brief Survey

Publisher PD

A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results

Fixed and mobile telecom operators, enterprise network operators and cloud providers strive to face the challenging demands coming from the evolution of IP networks (e.g. huge bandwidth requirements, integration of billions of devices and millions of services in the cloud). Proposed in the early 2010s, Segment Routing (SR) architecture helps face these challenging demands, and it is currently being adopted and deployed. SR architecture is based on the concept of source routing and has interesting scalability properties, as it dramatically reduces the amount of state information to be configured in the core nodes to support complex services. SR architecture was first implemented with the MPLS dataplane and then, quite recently, with the IPv6 dataplane (SRv6). IPv6 SR architecture (SRv6) has been extended from the simple steering of packets across nodes to a general network programming approach, making it very suitable for use cases such as Service Function Chaining and Network Function Virtualization. In this paper we present a tutorial and a comprehensive survey on SR technology, analyzing standardization efforts, patents, research activities and implementation results. We start with an introduction on the motivations for Segment Routing and an overview of its evolution and standardization. Then, we provide a tutorial on Segment Routing technology, with a focus on the novel SRv6 solution. We discuss the standardization efforts and the patents providing details on the most important documents and mentioning other ongoing activities. We then thoroughly analyze research activities according to a taxonomy. We have identified 8 main categories during our analysis of the current state of play: Monitoring, Traffic Engineering, Failure Recovery, Centrally Controlled Architectures, Path Encoding, Network Programming, Performance Evaluation and Miscellaneous...Comment: SUBMITTED TO IEEE COMMUNICATIONS SURVEYS & TUTORIAL

FAIR: Forwarding Accountability for Internet Reputability

This paper presents FAIR, a forwarding accountability mechanism that incentivizes ISPs to apply stricter security policies to their customers. The Autonomous System (AS) of the receiver specifies a traffic profile that the sender AS must adhere to. Transit ASes on the path mark packets. In case of traffic profile violations, the marked packets are used as a proof of misbehavior. FAIR introduces low bandwidth overhead and requires no per-packet and no per-flow state for forwarding. We describe integration with IP and demonstrate a software switch running on commodity hardware that can switch packets at a line rate of 120 Gbps, and can forward 140M minimum-sized packets per second, limited by the hardware I/O subsystem. Moreover, this paper proposes a "suspicious bit" for packet headers - an application that builds on top of FAIR's proofs of misbehavior and flags packets to warn other entities in the network.Comment: 16 pages, 12 figure

Contribución al diseño de arquitecturas distribuidas de nodos de red programable

Hoy en día, los nodos de red que forman Internet son complejos sistemas hardware/software que soportan un gran número de protocolos, servicios de red, o funcionalidades avanzadas como rewall o NAT. Sin embargo el proceso para añadir un nuevo protocolo o servicio es extremadamente largo y costoso, debido a múltiples causas, pero especialmente a que los routers siguen siendo sistemas propietarios, integrados verticalmente por los fabricantes. En este sentido, la investigación en redes programables intenta simpli car el desarrollo y el despliegue de los servicios de red mediante la de nición de interfaces abiertos entre todos los elementos que forman el router. Sin embargo hasta que los primeros diseños de nodos de red totalmente programables lleguen a comercializarse, es necesario aportar soluciones a corto y medio plazo que permitan ampliar las capacidades y servicios de los routers de alto rendimiento actuales. Esta tesis presenta una arquitectura de nodo de red programable de transici ón y bajo coste, denominada Simple Assistant-Router Architecture (SARA), que permite extender las capacidades de un router comercial delegando el procesamiento avanzado de los paquetes a un cluster de asistentes , lo que simpli ca el desarrollo y despliegue dinámico de los nuevos servicios de red. Un aspecto fundamental de esta arquitectura distribuida es la de nición de mecanismos de coordinación de los asistentes entre sí y con el router legado. Para ello se propone la utilización del Router-Assistant Protocol (RAP), un protocolo de control que permite a los asistentes con gurar el plano de datos del router, recibir eventos, así como desviar paquetes de señalización y ujos de datos para su procesamiento en los asistentes. Dada la heterogeneidad de los requisitos de las aplicaciones de red es necesario proporcionar varios mecanismos para asegurar un reparto de carga efectivo en el cluster de asistentes. Esta Tesis Doctoral propone dos algoritmos de Fast Robust Hashing que permiten la asignación equitativa y persistente de ujos a asistentes, mejorando el rendimiento de las técnicas de Robust Hashing actuales, por lo que son lo su cientemente e cientes como para ser implementados en el plano de datos de un router comercial. Además, este trabajo especi ca el eXtensible Service Discovery Framework (XSDF), un marco de trabajo sencillo y escalable, que integra en un único proceso el descubrimiento de servicios y el reparto de carga entre servidores desacoplados.Nowadays, the network nodes that build Internet are complex hardware/ software systems, that support many signalling protocols, network services, and complex functionalities such as rewalling or NAT. However adding a new capability is a long, complex and costly process, due to many causes, but specially because routers are still proprietary systems, vertically integrated by the vendors. In this sense, the research in programmable networks tries to simplify the development and deployment of network services by specifying open interfaces among all the elements that make up a router. However, before the rst programmable network nodes start being deployed, it is necessary to provide short and medium term solutions that allow current high-performance routers to add advanced capabilities and new network services. This PhD. Thesis presents a low-cost transition architecture for programmable network nodes named Simple Assistant-Router Architecture (SARA), that allows a commercial router to easily extend its capabilities by delegating the advanced packet processing to a cluster of assistants , which greatly simpli es the development and dynamic deployment of new network services. A key aspect of this distributed architecture is the need of several coordination mechanisms between the router and the assistants, and among assistant themselves. Therefore, the Router-Assistant Protocol (RAP) has been proposed, which is a control protocol based on ForCES, that allows assistants to con gure the router's data plane, to notify events, as well as to divert signalling packets and data ows to the assistants. As network application requirements could be very heterogeneous, it is necessary to provide several mechanisms in order to load-balance the assistant cluster. Thus, this Thesis presents two novel Fast Robust Hashing algorithms that provides a permanent and fair mapping of ows to assistants, and improves existing Robust Hash techniques as it is e cient enough to be implemented in the data plane of a commercial router. Moreover this research work also de - nes the eXtensible Service Discovery Framework (XSDF), which integrates in a single process: scalable service location, and load-sharing among lightly-coupled servers

Mobility management across converged IP-based heterogeneous access networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 8/2/2010.In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme

Device discovery and context registration in static context header compression networks

Due to the limited bandwidth of Low-Power Wide-Area Networks (LPWAN), the application layer is currently often tied straight above the link layer, limiting the evolution of sensor networks distributed over a large area. Consequently, the highly efficient Static Context Header Compression (SCHC) standard was introduced, where devices can compress the IPv6 and upper layer protocols down to a single byte. This approach, however, assumes that every compression context is distributed before deployment, again limiting the evolution of such networks. Therefore, this paper presents two context registration mechanisms leveraging on the SCHC adaptation layer. This is done by analyzing current registration solutions in order to find limitations and optimizations with regard to very constrained networks. Both solutions and the current State-of-The-Art (SoTA) are evaluated in a Lightweight Machine to Machine (LwM2M) environment. In such situation, both developed solutions decrease the energy consumption already after 25 transmissions, compared with the current SoTA. Furthermore, simulations show that Long Range (LoRa) devices still have a 80% chance to successfully complete the registration flow in a network with a 50% Packet Error Ratio. Briefly, the work presented in this paper delivers bootstrapping tools to constrained, SCHC-enabled networks while still being able to reduce energy consumption