Mobile Ad Hoc Networks

Guiding readers through the basics of these rapidly emerging networks to more advanced concepts and future expectations, Mobile Ad hoc Networks: Current Status and Future Trends identifies and examines the most pressing research issues in Mobile Ad hoc Networks (MANETs). Containing the contributions of leading researchers, industry professionals, and academics, this forward-looking reference provides an authoritative perspective of the state of the art in MANETs. The book includes surveys of recent publications that investigate key areas of interest such as limited resources and the mobility of mobile nodes. It considers routing, multicast, energy, security, channel assignment, and ensuring quality of service. Also suitable as a text for graduate students, the book is organized into three sections: Fundamentals of MANET Modeling and Simulation—Describes how MANETs operate and perform through simulations and models Communication Protocols of MANETs—Presents cutting-edge research on key issues, including MAC layer issues and routing in high mobility Future Networks Inspired By MANETs—Tackles open research issues and emerging trends Illustrating the role MANETs are likely to play in future networks, this book supplies the foundation and insight you will need to make your own contributions to the field. It includes coverage of routing protocols, modeling and simulations tools, intelligent optimization techniques to multicriteria routing, security issues in FHAMIPv6, connecting moving smart objects to the Internet, underwater sensor networks, wireless mesh network architecture and protocols, adaptive routing provision using Bayesian inference, and adaptive flow control in transport layer using genetic algorithms

Performance evaluation of multicast networks and service differentiation mechanisms in IP networks

The performance of a communication network depends on how well the network is designed in terms of delivering the level of service required by a given type of traffic. The field of teletraffic theory is concerned with quantifying the three-way relationship between the network, its level of service and the traffic arriving at the network. In this thesis, we study three different problems concerning this three-way relationship and present models to assist in designing and dimensioning networks to satisfy the different quality of service demands. In the first part of the thesis, we consider service differentiation mechanisms in packet-switched IP networks implementing a Differentiated Services (DiffServ) architecture. We study how bandwidth can be divided in a weighted fair manner between persistent elastic TCP flows, and between these TCP flows and streaming real-time UDP flows. To this end, we model the traffic conditioning and scheduling mechanisms on the packet and the flow level. We also model the interaction of these DiffServ mechanisms with the TCP congestion control mechanism and present closed-loop models for the sending rate of a TCP flow that reacts to congestion signals from the network. In the second part, we concentrate on non-persistent elastic TCP traffic in IP networks and study how flows can be differentiated in terms of mean delay by giving priority to flows based on their age. We study Multi Level Processor Sharing (MLPS) disciplines, where jobs are classified into levels based on their age or attained service. Between levels, a strict priority discipline is applied; the level containing the youngest jobs has the highest priority. Inside a particular level, any scheduling discipline could be used. We present an implementation proposal of a two-level discipline, PS+PS, with the Processor Sharing discipline used inside both levels. We prove that, as long as the hazard rate of the job-size distribution is decreasing, which is the case for Internet traffic, PS+PS, and any MLPS discipline that favors young jobs, is better than PS with respect to overall mean delay. In the final part, we study distribution-type streaming traffic in a multicast network, where there is, at most, one copy of each channel transmission in each network link, and quantify the blocking probability. We derive an exact blocking probability algorithm for multicast traffic in a tree network based on the convolution and truncation algorithm for unicast traffic. We present a new convolution operation, the OR-convolution, to suit the transmission principle of multicast traffic, and a new truncation operator to take into account the case of having both unicast and multicast traffic in the network. We also consider different user models derived from the single-user model.reviewe

Mobile Ad Hoc Networks

Guiding readers through the basics of these rapidly emerging networks to more advanced concepts and future expectations, Mobile Ad hoc Networks: Current Status and Future Trends identifies and examines the most pressing research issues in Mobile Ad hoc Networks (MANETs). Containing the contributions of leading researchers, industry professionals, and academics, this forward-looking reference provides an authoritative perspective of the state of the art in MANETs. The book includes surveys of recent publications that investigate key areas of interest such as limited resources and the mobility of mobile nodes. It considers routing, multicast, energy, security, channel assignment, and ensuring quality of service. Also suitable as a text for graduate students, the book is organized into three sections: Fundamentals of MANET Modeling and Simulation—Describes how MANETs operate and perform through simulations and models Communication Protocols of MANETs—Presents cutting-edge research on key issues, including MAC layer issues and routing in high mobility Future Networks Inspired By MANETs—Tackles open research issues and emerging trends Illustrating the role MANETs are likely to play in future networks, this book supplies the foundation and insight you will need to make your own contributions to the field. It includes coverage of routing protocols, modeling and simulations tools, intelligent optimization techniques to multicriteria routing, security issues in FHAMIPv6, connecting moving smart objects to the Internet, underwater sensor networks, wireless mesh network architecture and protocols, adaptive routing provision using Bayesian inference, and adaptive flow control in transport layer using genetic algorithms

Journal of Telecommunications and Information Technology, 2011, nr 2

kwartalni

Analyse de sécurité et QoS dans les réseaux à contraintes temporelles

Dans le domaine des réseaux, deux précieux objectifs doivent être atteints, à savoir la QoS et la sécurité, plus particulièrement lorsqu’il s’agit des réseaux à caractère critique et à fortes contraintes temporelles. Malheureusement, un conflit existe : tandis que la QoS œuvre à réduire les temps de traitement, les mécanismes de sécurité quant à eux requièrent d’importants temps de traitement et causent, par conséquent, des délais et dégradent la QoS. Par ailleurs, les systèmes temps réel, la QoS et la sécurité ont très souvent été étudiés séparément, par des communautés différentes. Dans le contexte des réseaux avioniques de données, de nombreux domaines et applications, de criticités différentes, échangent mutuellement des informations, souvent à travers des passerelles. Il apparaît clairement que ces informations présentent différents niveaux de sensibilité en termes de sécurité et de QoS. Tenant compte de cela, le but de cette thèse est d’accroître la robustesse des futures générations de réseaux avioniques de données en contrant les menaces de sécurité et évitant les ruptures de trafic de données. A cet effet, nous avons réalisé un état de l’art des mécanismes de sécurité, de la QoS et des applications à contraintes temporelles. Nous avons, ensuite étudié la nouvelle génération des réseaux avioniques de données. Chose qui nous a permis de déterminer correctement les différentes menaces de sécurité. Sur la base de cette étude, nous avons identifié à la fois les exigences de sécurité et de QoS de cette nouvelle génération de réseaux avioniques. Afin de les satisfaire, nous avons proposé une architecture de passerelle de sécurité tenant compte de la QoS pour protéger ces réseaux avioniques et assurer une haute disponibilité en faveur des données critiques. Pour assurer l’intégration des différentes composantes de la passerelle, nous avons développé une table de session intégrée permettant de stocker toutes les informations nécessaires relatives aux sessions et d’accélérer les traitements appliqués aux paquets (filtrage à états, les traductions d’adresses NAT, la classification QoS et le routage). Cela a donc nécessité, en premier lieu, l'étude de la structure existante de la table de session puis, en second lieu, la proposition d'une toute nouvelle structure répondant à nos objectifs. Aussi, avons-nous présenté un algorithme permettant l’accès et l’exploitation de la nouvelle table de session intégrée. En ce qui concerne le composant VPN IPSec, nous avons détecté que le trafic chiffré par le protocole ESP d’IPSec ne peut pas être classé correctement par les routeurs de bordure. Afin de surmonter ce problème, nous avons développé un protocole, Q-ESP, permettant la classification des trafics chiffrés et offrant les services de sécurité fournis par les protocoles AH et ESP combinés. Plusieurs techniques de gestion de bande passante ont été développées en vue d’optimiser la gestion du trafic réseau. Pour évaluer les performances offertes par ces techniques et identifier laquelle serait la plus appropriée dans notre cas, nous avons effectué une comparaison basée sur le critère du délai, par le biais de tests expérimentaux. En dernière étape, nous avons évalué et comparé les performances de la passerelle de sécurité que nous proposons par rapport à trois produits commerciaux offrant les fonctions de passerelle de sécurité logicielle en vue de déterminer les points forts et faibles de notre implémentation pour la développer ultérieurement. Le manuscrit s’organise en deux parties : la première est rédigée en français et représente un résumé détaillé de la deuxième partie qui est, quant à elle, rédigée en anglais. ABSTRACT : QoS and security are two precious objectives for network systems to attain, especially for critical networks with temporal constraints. Unfortunately, they often conflict; while QoS tries to minimize the processing delay, strong security protection requires more processing time and causes traffic delay and QoS degradation. Moreover, real-time systems, QoS and security have often been studied separately and by different communities. In the context of the avionic data network various domains and heterogeneous applications with different levels of criticality cooperate for the mutual exchange of information, often through gateways. It is clear that this information has different levels of sensitivity in terms of security and QoS constraints. Given this context, the major goal of this thesis is then to increase the robustness of the next generation e-enabled avionic data network with respect to security threats and ruptures in traffic characteristics. From this perspective, we surveyed the literature to establish state of the art network security, QoS and applications with time constraints. Then, we studied the next generation e-enabled avionic data network. This allowed us to draw a map of the field, and to understand security threats. Based on this study we identified both security and QoS requirements of the next generation e-enabled avionic data network. In order to satisfy these requirements we proposed the architecture of QoS capable integrated security gateway to protect the next generation e-enabled avionic data network and ensure the availability of critical traffic. To provide for a true integration between the different gateway components we built an integrated session table to store all the needed session information and to speed up the packet processing (firewall stateful inspection, NAT mapping, QoS classification and routing). This necessitates the study of the existing session table structure and the proposition of a new structure to fulfill our objective. Also, we present the necessary processing algorithms to access the new integrated session table. In IPSec VPN component we identified the problem that IPSec ESP encrypted traffic cannot be classified appropriately by QoS edge routers. To overcome this problem, we developed a Q-ESP protocol which allows the classifications of encrypted traffic and combines the security services provided by IPSec ESP and AH. To manage the network traffic wisely, a variety of bandwidth management techniques have been developed. To assess their performance and identify which bandwidth management technique is the most suitable given our context we performed a delay-based comparison using experimental tests. In the final stage, we benchmarked our implemented security gateway against three commercially available software gateways. The goal of this benchmark test is to evaluate performance and identify problems for future research work. This dissertation is divided into two parts: in French and in English respectively. Both parts follow the same structure where the first is an extended summary of the second

Stateful Data Plane Abstractions for Software-Defined Networks and Their Applications

RESUMÉ Le Software-Defined Networking (SDN) permet la programmation du réseau. Malheureusement, la technologie SDN actuelle limite la programmabilité uniquement au plan de contrôle. Les opérateurs ne peuvent pas programmer des algorithmes du plan de données tels que l’équilibrage de charge, le contrôle de congestion, la détection de pannes, etc. Ces fonctions sont implémentées à l’aide d’hardware dédié, car elles doivent fonctionner au taux de ligne, c’est-à-dire 10-100 Gbit/s sur 10-100 ports. Dans ce travail, nous présentons deux abstractions de plan de données pour le traitement de paquets à états (stateful), OpenState et OPP. OpenState est une extension d’OpenFlow qui permet la définition des règles de flux en tant que machines à états finis. OPP est une abstraction plus flexible qui généralise OpenState en ajoutant des capacités de calcul, permettant la programmation d’algorithmes de plan de données plus avancés. OpenState et OPP sont à la fois disponibles pour les implémentations d’haute performance en utilisant des composants de commutateurs hardware courants. Cependant, les deux abstractions sont basées sur un choix de design problématique : l’utilisation d’une boucle de rétroaction dans le pipeline de traitement des paquets. Cette boucle, si elle n’est pas correctement contrôlée, peut nuire à la cohérence des opérations d’état. Les approches de verrouillage de la mémoire peuvent être utilisées pour éviter les incohérences, au détriment du débit. Nous présentons des résultats de simulations sur des traces de trafic réelles, montrant que les boucles de rétroaction de plusieurs cycles d’horloge peuvent être supportées avec peu ou pas de dégradation des performances, même avec les charges de travail des plus défavorables. Pour mieux prouver les avantages d’un plan de données programmables, nous présentons deux nouvelles applications : Spider et FDPA. Spider permet de détecter et de réagir aux pannes de réseau aux échelles temporelles du plan de données (i.e., micro/nanosecondes), également dans le cas de pannes à distance. En utilisant OpenState, Spider fournit des fonctionnalités équivalentes aux protocoles de plans de contrôle anciens tels que BFD et MPLS Fast Reroute, mais sans nécessiter un plan de contrôle.---------- ABSTRACT Software-Defined Networking (SDN) enables programmability in the network. Unfortunately, current SDN limits programmability only to the control plane. Operators cannot program data plane algorithms such as load balancing, congestion control, failure detection, etc. These capabilities are usually baked in the switch via dedicated hardware, as they need to run at line rate, i.e. 10-100 Gbit/s on 10-100 ports. In this work, we present two data plane abstractions for stateful packet processing, namely OpenState and OPP. These abstractions allow operators to program data plane tasks that involve stateful processing. OpenState is an extension to OpenFlow that permits the definition of forwarding rules as finite state machines. OPP is a more flexible abstraction that generalizes OpenState by adding computational capabilities, opening for the programming of more advanced data plane algorithms. Both OpenState and OPP are amenable for highperformance hardware implementations by using commodity hardware switch components. However, both abstractions are based on a problematic design choice: to use a feedback-loop in the processing pipeline. This loop, if not adequately controlled, can represent a harm for the consistency of the state operations. Memory locking approaches can be used to prevent inconsistencies, at the expense of throughput. We present simulation results on real traffic traces showing that feedback-loops of several clock cycles can be supported with little or no performance degradation, even with near-worst case traffic workloads. To further prove the benefits of a stateful programmable data plane, we present two novel applications: Spider and FDPA. Spider permits to detect and react to network failures at data plane timescales, i.e. micro/nanoseconds, also in the case of distant failures. By using OpenState, Spider provides functionalities equivalent to legacy control plane protocols such as BFD and MPLS Fast Reroute, but without the need of a control plane. That is, both detection and rerouting happen entirely in the data plane. FDPA allows a switch to enforce approximate fair bandwidth sharing among many TCP-like senders. Most of the mechanisms to solve this problem are based on complex scheduling algorithms, whose feasibility becomes very expensive with today’s line rate requirements. FDPA, which is based on OPP, trades scheduling complexity with per-user state. FDPA works by dynamically assigning users to few (3-4) priority queues, where the priority is chosen based on the sending rate history of a user

Towards a cloud enabler : from an optical network resource provisioning system to a generalized architecture for dynamic infrastructure services provisioning

This work was developed during a period where most of the optical management and provisioning system where manual and proprietary. This work contributed to the evolution of the state of the art of optical networks with new architectures and advanced virtual infrastructure services. The evolution of optical networks, and internet globally, have been very promising during the last decade. The impact of mobile technology, grid, cloud computing, HDTV, augmented reality and big data, among many others, have driven the evolution of optical networks towards current service technologies, mostly based on SDN (Software Defined Networking) architectures and NFV(Network Functions Virtualisation). Moreover, the convergence of IP/Optical networks and IT services, and the evolution of the internet and optical infrastructures, have generated novel service orchestrators and open source frameworks. In fact, technology has evolved that fast that none could foresee how important Internet is for our current lives. Said in other words, technology was forced to evolve in a way that network architectures became much more transparent, dynamic and flexible to the end users (applications, user interfaces or simple APIs). This Thesis exposes the work done on defining new architectures for Service Oriented Networks and the contribution to the state of the art. The research work is divided into three topics. It describes the evolution from a Network Resource Provisioning System to an advanced Service Plane, and ends with a new architecture that virtualized the optical infrastructure in order to provide coordinated, on-demand and dynamic services between the application and the network infrastructure layer, becoming an enabler for the new generation of cloud network infrastructures. The work done on defining a Network Resource Provisioning System established the first bases for future work on network infrastructure virtualization. The UCLP (User Light Path Provisioning) technology was the first attempt for Customer Empowered Networks and Articulated Private Networks. It empowered the users and brought virtualization and partitioning functionalities into the optical data plane, with new interfaces for dynamic service provisioning. The work done within the development of a new Service Plane allowed the provisioning of on-demand connectivity services from the application, and in a multi-domain and multi-technology scenario based on a virtual network infrastructure composed of resources from different infrastructure providers. This Service Plane facilitated the deployment of applications consuming large amounts of data under deterministic conditions, so allowing the networks behave as a Grid-class resource. It became the first on-demand provisioning system that at lower levels allowed the creation of one virtual domain composed from resources of different providers. The last research topic presents an architecture that consolidated the work done in virtualisation while enhancing the capabilities to upper layers, so fully integrating the optical network infrastructure into the cloud environment, and so providing an architecture that enabled cloud services by integrating the request of optical network and IT infrastructure services together at the same level. It set up a new trend into the research community and evolved towards the technology we use today based on SDN and NFV. Summing up, the work presented is focused on the provisioning of virtual infrastructures from the architectural point of view of optical networks and IT infrastructures, together with the design and definition of novel service layers. It means, architectures that enabled the creation of virtual infrastructures composed of optical networks and IT resources, isolated and provisioned on-demand and in advance with infrastructure re-planning functionalities, and a new set of interfaces to open up those services to applications or third parties.Aquesta tesi es va desenvolupar durant un període on la majoria de sistemes de gestió de xarxa òptica eren manuals i basats en sistemes propietaris. En aquest sentit, la feina presentada va contribuir a l'evolució de l'estat de l'art de les xarxes òptiques tant a nivell d’arquitectures com de provisió d’infraestructures virtuals. L'evolució de les xarxes òptiques, i d'Internet a nivell mundial, han estat molt prometedores durant l'última dècada. L'impacte de la tecnologia mòbil, la computació al núvol, la televisió d'alta definició, la realitat augmentada i el big data, entre molts altres, han impulsat l'evolució cap a xarxes d’altes prestacions amb nous serveis basats en SDN (Software Defined Networking) i NFV (Funcions de xarxa La virtualització). D'altra banda, la convergència de xarxes òptiques i els serveis IT, junt amb l'evolució d'Internet i de les infraestructures òptiques, han generat nous orquestradors de serveis i frameworks basats en codi obert. La tecnologia ha evolucionat a una velocitat on ningú podria haver predit la importància que Internet està tenint en el nostre dia a dia. Dit en altres paraules, la tecnologia es va veure obligada a evolucionar d'una manera on les arquitectures de xarxa es fessin més transparent, dinàmiques i flexibles vers als usuaris finals (aplicacions, interfícies d'usuari o APIs simples). Aquesta Tesi presenta noves arquitectures de xarxa òptica orientades a serveis. El treball de recerca es divideix en tres temes. Es presenta un sistema de virtualització i aprovisionament de recursos de xarxa i la seva evolució a un pla de servei avançat, per acabar presentant el disseny d’una nova arquitectura capaç de virtualitzar la infraestructura òptica i IT i proporcionar serveis de forma coordinada, i sota demanda, entre l'aplicació i la capa d'infraestructura de xarxa òptica. Tot esdevenint un facilitador per a la nova generació d'infraestructures de xarxa en el núvol. El treball realitzat en la definició del sistema de virtualització de recursos va establir les primeres bases sobre la virtualització de la infraestructura de xarxa òptica en el marc de les “Customer Empowered Networks” i “Articulated Private Networks”. Amb l’objectiu de virtualitzar el pla de dades òptic, i oferir noves interfícies per a la provisió de serveis dinàmics de xarxa. En quant al pla de serveis presentat, aquest va facilitat la provisió de serveis de connectivitat sota demanda per part de l'aplicació, tant en entorns multi-domini, com en entorns amb múltiples tecnologies. Aquest pla de servei, anomenat Harmony, va facilitar el desplegament de noves aplicacions que consumien grans quantitats de dades en condicions deterministes. En aquest sentit, va permetre que les xarxes es comportessin com un recurs Grid, i per tant, va esdevenir el primer sistema d'aprovisionament sota demanda que permetia la creació de dominis virtuals de xarxa composts a partir de recursos de diferents proveïdors. Finalment, es presenta l’evolució d’un pla de servei cap una arquitectura global que consolida el treball realitzat a nivell de convergència d’infraestructures (òptica + IT) i millora les capacitats de les capes superiors. Aquesta arquitectura va facilitar la plena integració de la infraestructura de xarxa òptica a l'entorn del núvol. En aquest sentit, aquest resultats van evolucionar cap a les tendències actuals de SDN i NFV. En resum, el treball presentat es centra en la provisió d'infraestructures virtuals des del punt de vista d’arquitectures de xarxa òptiques i les infraestructures IT, juntament amb el disseny i definició de nous serveis de xarxa avançats, tal i com ho va ser el servei de re-planificació dinàmicaPostprint (published version

Secure and Distributed Multicast Address Allocation on IPv6 Networks

Address allocation has been a limiting factor in the deployment of multicast solutions, and, as other multicast technologies advance, a general solution to this problem becomes more urgent. This study examines the current state of address allocation and finds impediments in many of the proposed solutions. A number of the weaknesses can be traced back to the rapidly ageing Internet Protocol version 4, and therefore it was decided that a new approach is required. A central part of this work relies on the newer Internet Protocol version 6, specifically the Unicast prefix based multicast address format. The primary aim of this study was to develop an architecture for secure distributed IPv6 multicast address allocation. The architecture should be usable by client applications to retrieve addresses which are globally unique. The product of this work was the Distributed Allocation Of Multicast Addresses Protocol, or DAOMAP. It is a system whichcan be deployed on nodes which wish to take part in multicast address allocation and an implementation was developed. Analysis and simulations determined that the devised model fitted the stated requirements, and security testing determinedthat DAOMAP was safe from a series of attacks.Dissertation (MSc (Computer Science))--University of Pretoria, 2006.Computer Scienceunrestricte