Multi Protocol Label Switching: Quality of Service, Traffic Engineering application, and Virtual Private Network application

This thesis discusses the QoS feature, Traffic Engineering (TE) application, and Virtual Private Network (VPN) application of the Multi Protocol Label Switching (MPLS) protocol. This thesis concentrates on comparing MPLS with other prominent technologies such as Internet Protocol (IP), Asynchronous Transfer Mode (ATM), and Frame Relay (FR). MPLS combines the flexibility of Internet Protocol (IP) with the connection oriented approach of Asynchronous Transfer Mode (ATM) or Frame Relay (FR). Section 1 lists several advantages MPLS brings over other technologies. Section 2 covers architecture and a brief description of the key components of MPLS. The information provided in Section 2 builds a background to compare MPLS with the other technologies in the rest of the sections. Since it is anticipate that MPLS will be a main core network technology, MPLS is required to work with two currently available QoS architectures: Integrated Service (IntServ) architecture and Differentiated Service (DiffServ) architecture. Even though the MPLS does not introduce a new QoS architecture or enhance the existing QoS architectures, it works seamlessly with both QoS architectures and provides proper QoS support to the customer. Section 3 provides the details of how MPLS supports various functions of the IntServ and DiffServ architectures. TE helps Internet Service Provider (ISP) optimize the use of available resources, minimize the operational costs, and maximize the revenues. MPLS provides efficient TE functions which prove to be superior to IP and ATM/FR. Section 4 discusses how MPLS supports the TE functionality and what makes MPLS superior to other competitive technologies. ATM and FR are still required as a backbone technology in some areas where converting the backbone to IP or MPLS does not make sense or customer demands simply require ATM or FR. In this case, it is important for MPLS to work with ATM and FR. Section 5 highlights the interoperability issues and solutions for MPLS while working in conjunction with ATM and FR. In section 6, various VPN tunnel types are discussed and compared with the MPLS VPN tunnel type. The MPLS VPN tunnel type is concluded as an optimal tunnel approach because it provides security, multiplexing, and the other important features that are reburied by the VPN customer and the ISP. Various MPLS layer 2 and layer 3 VPN solutions are also briefly discussed. In section 7 I conclude with the details of an actual implementation of a layer 3 MPLS VPN solution that works in conjunction with Border Gateway Protocol (BGP)

Layer 2 Ethernet Communication Tunneling Possibilities in Automation Systems

Future trends in energy generation are renewable energy sources and distributed energy generation. In control systems, these changes require higher automatization, more intelligent devices and secure and reliable communication. Another requirement is faster communication. Building a system that is able to fulfill real-time communication requirements over network layer is a hindrance to automation systems. There are multiple protocols that can manage the requirements, but many of them have limitations and requirements of their own. The limitations can be related to packet sizes, used devices or they may require a license. Tunneling protocols can bring a more general solution for the real-time problem. Tunneling Ethernet communication over network layer and letting the tunneling protocol to handle the network layer packaging instead of the communication protocol removes the need of a layer 3 protocol. Layer 2 tunneling provides a direct connection between separate local area networks. It enables a way for devices to communicate with each other over network layer using layer 2 communication protocols. Tunnel uses a pre-configured route to the destination gateway device making the routing of messages simpler and faster than with traditional IP routing. Layer 2 tunneling can be used in any communication system that utilizes layer 2 and layer 3 communication. This thesis focuses on use of tunneling in automation systems. The purpose of this thesis is to provide information and possible solutions for layer 2 Ethernet tunneling. The main focus is in suitable tunneling protocols and communication protocols, but also security and resilience solutions are studied. This thesis is composed of published studies, researches, articles and books that address the topic

Building mobile L2TP/IPsec tunnels

Wireless networks introduce a whole range of challenges to the traditional TCP/IP network, especially Virtual Private Network (VPN). Changing IP address is a difficult issue for VPNs in wireless networks because IP addresses are used as one of the identifiers of a VPN connection and the change of IP addresses will break the original connection. The current solution to this problem is to run VPN tunnels over Mobile IP (MIP). However, Mobile IP itself has significant problems in performance and security and that solution is inefficient due to double tunneling. This thesis proposes and implements a new and novel solution on simulators and real devices to solve the mobility problem in a VPN. The new solution adds mobility support to existing L2TP/IPsec (Layer 2 Tunneling Protocol/IP Security) tunnels. The new solution tunnels Layer 2 packets between VPN clients and a VPN server without using Mobile IP, without incurring tunnel-re-establishment at handoff, without losing packets during handoff, achieves better security than current mobility solutions for VPN, and supports fast handoff in IPv4 networks. Experimental results on a VMware simulation showed the handoff time for the VPN tunnel to be 0.08 seconds, much better than the current method which requires a new tunnel establishment at a cost of 1.56 seconds. Experimental results with a real network of computers showed the handoff time for the VPN tunnel to be 4.8 seconds. This delay was mainly caused by getting an IP address from DHCP servers via wireless access points (4.6 seconds). The time for VPN negotiation was only 0.2 seconds. The experimental result proves that the proposed mobility solution greatly reduces the VPN negotiation time but getting an IP address from DHCP servers is a large delay which obstructs the real world application. This problem can be solved by introducing fast DHCP or supplying an IP address from a new wireless access point with a strong signal while the current Internet connection is weak. Currently, there is little work on fast DHCP and this may open a range of new research opportunities

IP-based virtual private networks and proportional quality of service differentiation

IP-based virtual private networks (VPNs) have the potential of delivering cost-effective, secure, and private network-like services. Having surveyed current enabling techniques, an overall picture of IP VPN implementations is presented. In order to provision the equivalent quality of service (QoS) of legacy connection-oriented layer 2 VPNs (e.g., Frame Relay and ATM), IP VPNs have to overcome the intrinsically best effort characteristics of the Internet. Subsequently, a hierarchical QoS guarantee framework for IP VPNs is proposed, stitching together development progresses from recent research and engineering work. To differentiate IP VPN QoS, the proportional QoS differentiation model, whose QoS specification granularity compromises that of IntServ and Diffserv, emerges as a potential solution. The investigation of its claimed capability of providing the predictable and controllable QoS differentiation is then conducted. With respect to the loss rate differentiation, the packet shortage phenomenon shown in two classical proportional loss rate (PLR) dropping schemes is studied. On the pursuit of a feasible solution, the potential of compromising the system resource, that is, the buffer, is ruled out; instead, an enhanced debt-aware mechanism is suggested to relieve the negative effects of packet shortage. Simulation results show that debt-aware partially curbs the biased loss rate ratios, and improves the queueing delay performance as well. With respect to the delay differentiation, the dynamic behavior of the average delay difference between successive classes is first analyzed, aiming to gain insights of system dynamics. Then, two classical delay differentiation mechanisms, that is,proportional average delay (PAD) and waiting time priority (WTP), are simulated and discussed. Based on observations on their differentiation performances over both short and long time periods, a combined delay differentiation (CDD) scheme is introduced. Simulations are utilized to validate this method. Both loss and delay differentiations are based on a series of differentiation parameters. Though previous work on the selection of delay differentiation parameters has been presented, that of loss differentiation parameters mostly relied on network operators\u27 experience. A quantitative guideline, based on the principles of queueing and optimization, is then proposed to compute loss differentiation parameters. Aside from analysis, the new approach is substantiated by numerical results

Virtualización de redes en la empresa

Las empresas disponen de distintos grupos de usuarios con necesidades específicas. Muchas de las diferencias entre ellos se traducen en requerimientos específicos de “networking”. Dentro de la misma empresa, estos requerimientos suelen ser tan diferentes, que los diferentes grupos deben ser tratados como clientes distintos por el departamento de TI. A medida que el número de grupos aumenta, mantenerlos separados y seguros es un gran desafío. El término virtualización es usado en varios contextos tales como virtualización de servidores, aplicaciones, dispositivos de almacenamiento e infraestructura de redes. La virtualización de redes delinea la virtualización de arquitecturas, tecnologías y técnicas correspondientes a la infraestructura de las mismas. La virtualización de redes en la empresa apunta a resolver situaciones que aseguren una óptima utilización de los recursos existentes, tales como Reducción de costos. Simplificación de tareas operativas, de administración y gerenciamiento. Alta disponibilidad Creación de nuevos modelos de negocios. Instalación de parques industriales con múltiples clientes. Organización de Datacenters virtualizados. En este sentido se debe proveer guías de diseño para las redes empresariales virtualizadas teniendo en cuenta las distintas tecnologías y los requerimientos de negocio a los cuales debe atender. Asimismo, un aspecto fundamental a considerar es la interacción con el Proveedor de Servicio de conectividad, a los efectos de garantizar tanto el Nivel de Servicio (especificado en mediante Niveles de Servicio – SLA, OLA) como el nivel de seguridad apropiado. A lo largo del presente documento se estudia el estado del arte de la virtualización de redes, realizando un desglose de las diferentes tecnologías utilizadas para su implementación. Tanto en las tecnologías tradicionales de “networking” como en las nuevas tendencias, se pude observar una mezcla bastante compleja, donde existen muchas opciones disponibles para el diseñador / implementador de redes virtualizadas. Uno de los objetivos que se cubre en este trabajo es intentar plantear escenarios concretos junto con las tecnologías y técnicas que se entienden las más apropiadas para resolverlos. En ese sentido se proveen como forma de resumen, tablas que pueden utilizarse como guías para poder resolver un escenario particular. Estas son utilizadas en el caso de estudio donde se aplican técnicas de virtualización de redes para resolver un escenario dado con ciertas restricciones

A survey of Virtual Private LAN Services (VPLS): Past, present and future

Virtual Private LAN services (VPLS) is a Layer 2 Virtual Private Network (L2VPN) service that has gained immense popularity due to a number of its features, such as protocol independence, multipoint-to-multipoint mesh connectivity, robust security, low operational cost (in terms of optimal resource utilization), and high scalability. In addition to the traditional VPLS architectures, novel VPLS solutions have been designed leveraging new emerging paradigms, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), to keep up with the increasing demand. These emerging solutions help in enhancing scalability, strengthening security, and optimizing resource utilization. This paper aims to conduct an in-depth survey of various VPLS architectures and highlight different characteristics through insightful comparisons. Moreover, the article discusses numerous technical aspects such as security, scalability, compatibility, tunnel management, operational issues, and complexity, along with the lessons learned. Finally, the paper outlines future research directions related to VPLS. To the best of our knowledge, this paper is the first to furnish a detailed survey of VPLS.University College DublinAcademy of Finlan

Secure network solutions for cloud services

Securing a cloud network is an important challenge for delivering cloud services to cloud users. There are a number of secure network protocols, such as VPN protocols, currently available to provide different secure network solutions for enterprise clouds. For example, PPTP, L2TP, GRE, IPsec and SSL/TLS are the most widely used VPN protocols in today’s securing network solutions. However, there are some significant challenges in the implementation stage. For example, which VPN solution is easy to deploy in delivering cloud services? Which solution can provide the best network throughput in delivering the cloud services? Which solution can provide the lowest network latency in delivering the cloud services? This thesis addresses these issues by implementing different VPNs in a test bed environment set up by the Cisco routers. Open source measurement tools will be utilized to acquire the results. This thesis also reviews cloud computing and cloud services and look at their relationships. It also explores the benefits and the weaknesses of each securing network solution. The results can not only provide experimental evidence, but also facilitate the network implementers in development and deployment of secure network solutions for cloud services.Master of Computing (Research

Redes Metro ethernet: estudo de caso Mundivox Telecomunicações

Presents a recent technology in the Brazilian market and how it was chosen and implemented in a telecommunications company. The market increasingly seek low cost solutions and what guarantee quality of service, providing interconnectivity between geographically distributed enterprise networks and the Internet. Metro Ethernet Networks have been an obvious choice for offering simple administration, low cost and good granularity of bandwidth.Apresenta uma tecnologia recente no mercado brasileiro e o modo como foi escolhida e implementada em uma empresa de telecomunicações. O mercado busca cada vez mais soluções de baixo custo e que garantam qualidade de serviço, proporcionando interconexão entre as redes corporativas geograficamente distribuídas assim como a Internet. As redes Metro Ethernet têm se mostrado uma escolha óbvia por oferecer simples administração, baixo custo e boa granularidade de banda