296 research outputs found
Mobile IP: state of the art report
Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area
Feasible Threats By Manipulating Tunneling Packet On 6to4 Network
Tunneling mechanism becomes the most delicate transition mechanism compared to other transition mechanism, Dual Stack and Address Translation because tunneling offers easier way to start migrating from IPv4 to IPv6 and offers a smooth transition. 6to4 tunneling is automatic tunneling to conquer migration issues. In fact, tunnel transition mechanism is believed to be susceptible from several type of attacks. On 6to4 tunneling, Neighbor Discovery Protocol message becomes a potential media to exploit by attacker. It starts with deploying a controlled testbed network environment and running several scenario DoS attack by manipulating NDP message through 6to4 tunneling. The expected result is to prove that attacking methods is feasible and effective
Revealing and Characterizing MPLS Networks
The Internet is a wide network of computers in constant evolution. Each year, more and more organizations are connected to this worldwide network. Each of them has its own structure and administration that are not publicly revealed for economical, political, and security reasons. Consequently, our perception of the Internet structure, and more specifically, its topology, is incomplete. In order to balance this lack of knowledge, the research community relies on network measurements. Most of the time, they are performed based on the well-known tool traceroute. However, in practice, an operator may privilege other technologies than IP to forward packets inside its network. MultiProtocol Label Switching (MPLS) is one them. Even if it is heavily deployed by operators, it has not been really investigated by researchers. Prior to this thesis, only two studies focused on the identification of MPLS tunnels in traceroute data. Moreover, while one of them does not take all possible scenarios into account, the other lack of precision in some of its models. In addition, MPLS tunnels may hide their content to traceroute. Topologies inferred from such data may thus contain false links or nodes with an artificially high degree, leading so to biases in standard graph metrics used to model the network. Even if some researchers already tried to tackle this issue, the revelation of hidden MPLS devices in traceroute data is still an open question.
This thesis aims at characterizing MPLS in two different ways. On the one hand, at an architectural level, we will analyze in detail its deployment and use in both IPv4 and IPv6 networks in order to improve its state-of-the-art view. We will show that, in practice, more than one IPv4 trace out of two crosses at least one MPLS tunnel. We will also see that, even if this protocol can simplify the internal architecture of transit networks, it also allows some operators to perform traffic engineering in their domain. On the other hand, MPLS will be studied from a measurement point of view. We will see that routers from different manufacturers may have distinct default behaviors regarding to MPLS, and that these specific behaviors can be exploited to identify MPLS tunnels during traceroute measurements. More precisely, we will focus on new methods able to infer the presence of tunnels that are invisible in traceroute outputs, as well as on mechanisms to reveal their content. We will also show that they can be used in order to improve the inference of Internet graph properties, such as path lengths and node degrees. Finally, these techniques will be integrated into Trace the Naughty Tunnels (TNT), a traceroute extension able to identify all types of MPLS tunnels along a path towards a destination. We will prove that this tool can be used in order to get a detailed quantification of MPLS tunnels in the worldwide network. TNT is publicly available, and can therefore be part of many future studies conducted by the research community.Internet est un immense reÌseau informatique en constante eÌvolution. Chaque anneÌe, de plus en plus dâorganisations sây connectent. Chacune dâelles est geÌreÌe et administreÌe indeÌpendamment des autres. En pratique, lâarchitecture interne de leur reÌseau nâest pas rendue publique pour des raisons politiques, eÌconomiques, ou de seÌcuriteÌ. Par conseÌquent, notre perception de la structure dâInternet, et plus particulieÌrement de sa topologie, est incompleÌte. Afin de pallier ce manque de connaissance, la communauteÌ de la recherche sâappuie sur des mesures de reÌseau. La plupart du temps, elles sont reÌaliseÌes avec lâoutil traceroute. Cependant, des technologies autres que IP peuvent eÌtre privileÌgieÌes pour transfeÌrer les paquets dans un reÌseau. MultiProtocol Label Switching (MPLS) est lâune dâentre elles. MeÌme si cette technologie est largement deÌployeÌe dans Internet, elle nâest pas bien eÌtudieÌe par les chercheurs. Avant cette theÌse, seulement deux travaux se sont inteÌresseÌs aÌ lâidentification dâMPLS dans les donneÌes collecteÌes avec traceroute. Alors que le premier ne prend pas en compte tous les sceÌnarios possibles, le second propose des modeÌles qui manquent de preÌcision. De plus, les tunnels MPLS peuvent dissimuler leur contenu aÌ traceroute. Les topologies infeÌreÌes sur base de ces donneÌes peuvent donc contenir de faux liens, ou des noeuds avec un degreÌ anormalement eÌleveÌ. Les diffeÌrentes modeÌlisations dâInternet qui en reÌsultent peuvent alors eÌtre biaiseÌes. Aujourdâhui, la question de la reÌveÌlation des routeurs MPLS qui sont invisibles dans les donneÌes de mesure nâest toujours pas reÌsolue, meÌme si certains chercheurs ont deÌjaÌ proposeÌ quelques meÌthodes pour y parvenir.
Cette theÌse a pour but de caracteÌriser MPLS de deux manieÌres diffeÌrentes. Dans un premier temps, au niveau architectural, nous analyserons en deÌtail son deÌploiement et son utilisation dans les reÌseaux IPv4 et IPv6 afin dâameÌliorer lâeÌtat de lâart. Nous montrerons quâen pratique, plus dâune trace IPv4 sur deux traverse au moins un tunnel MPLS. Nous deÌcouvrirons eÌgalement que bien que ce protocole peut eÌtre utiliseÌ pour simplifier lâarchitecture interne des reÌseaux de transit, il peut aussi eÌtre deÌployeÌ pour la mise en place de solutions dâingeÌnierie de trafic. Dans un second temps, MPLS sera eÌtudieÌ dâun point de vue mesure. Nous verrons que les comportements par deÌfaut lieÌs au protocole varient dâun fabricant de routeur aÌ lâautre, et quâils peuvent eÌtre exploiteÌs afin dâidentifier les tunnels MPLS dans les donneÌes traceroute. Plus preÌciseÌment, nous deÌcouvrirons de nouvelles meÌthodes capables dâinfeÌrer la preÌsence de tunnels invisibles avec traceroute, ainsi que de nouvelles techniques pour reÌveÌler leur contenu. Nous montrerons eÌgalement quâelles peuvent eÌtre utiliseÌes afin dâameÌliorer la modeÌlisation dâInternet. Pour terminer, ces techniques seront inteÌgreÌes aÌ Trace the Naughty Tunnels (TNT), une extension de traceroute qui permet dâidentifier tous les types de tunnels MPLS le long du chemin vers une destination. Nous prouverons que cet outil peut eÌtre utiliseÌ pour obtenir des statistiques deÌtailleÌes sur le deÌploiement dâMPLS sur Internet. TNT est disponible publiquement, et peut donc eÌtre librement exploiteÌ par la communauteÌ de la recherche pour de multiples futures eÌtudes
Interoperabilidade e mobilidade na internet do futuro
Research on Future Internet has been gaining traction in recent years,
with both evolutionary (e.g., Software Defined Networking (SDN)-
based architectures) and clean-slate network architectures (e.g., Information
Centric Networking (ICN) architectures) being proposed. With
each network architectural proposal aiming to provide better solutions
for specific Internet utilization requirements, an heterogeneous Future
Internet composed by several architectures can be expected, each targeting
and optimizing different use case scenarios. Moreover, the increasing
number of mobile devices, with increasing capabilities and
supporting different connectivity technologies, are changing the patterns
of traffic exchanged in the Internet.
As such, this thesis focuses on the study of interoperability and mobility
in Future Internet architectures, two key requirements that need to be
addressed for the widely adoption of these network architectures. The
first contribution of this thesis is an interoperability framework that,
by enabling resources to be shared among different network architectures,
avoids resources to be restricted to a given network architecture
and, at the same time, promotes the initial roll out of new network
architectures. The second contribution of this thesis consists on the
development of enhancements for SDN-based and ICN network architectures
through IEEE 802.21 mechanisms to facilitate and optimize
the handover procedures on those architectures. The last contribution
of this thesis is the definition of an inter-network architecture mobility
framework that enables MNs to move across access network supporting
different network architectures without losing the reachability to
resources being accessed. All the proposed solutions were evaluated
with results highlighting the feasibility of such solutions and the impact
on the overall communication.A Internet do Futuro tem sido alvo de vĂĄrios estudos nos Ășltimos anos,
com a proposta de arquitecturas de rede seguindo quer abordagens
evolutionĂĄrias (por exemplo, Redes Definidas por Software (SDN))
quer abordagens disruptivas (por exemplo, Redes Centradas na Informação (ICN)). Cada uma destas arquitecturas de rede visa providenciar
melhores soluçÔes relativamente a determinados requisitos de
utilização da Internet e, portanto, uma Internet do Futuro heterogénea
composta por diversas arquitecturas de rede torna-se uma possibilidade,
onde cada uma delas Ă© usada para optimizar diferentes casos
de utilização. Para alĂ©m disso, o aumento do nĂșmero de dispositivos
móveis, com especificaçÔes acrescidas e com suporte para diferentes
tecnologias de conectividade, estå a mudar os padrÔes do tråfego na
Internet.
Assim, esta tese foca-se no estudo de aspectos de interoperabilidade e
mobilidade em arquitecturas de rede da Internet do Futuro, dois importantes
requisitos que necessitam de ser satisfeitos para que a adopção
destas arquitecturas de rede seja considerada. A primeira contribuição
desta tese é uma solução de interoperabilidade que, uma vez que permite
que recursos possam ser partilhados por diferentes arquitecturas
de rede, evita que os recursos estejam restringidos a uma determinada
arquitectura de rede e, ao mesmo tempo, promove a adopção de novas
arquitecturas de rede. A segunda contribuição desta tese consiste
no desenvolvimento de extensÔes para arquitecturas de rede baseadas
em SDN ou ICN através dos mecanismos propostos na norma IEEE
802.21 com o objectivo de facilitar e optimizar os processos de mobilidade
nessas arquitecturas de rede. Finalmente, a terceira contribuição
desta tese é a definição de uma solução de mobilidade envolvendo diferentes
arquitecturas de rede que permite a mobilidade de dispositivos
mĂłveis entre redes de acesso que suportam diferentes arquitecturas de
rede sem que estes percam o acesso aos recursos que estĂŁo a ser acedidos.
Todas as soluçÔes propostas foram avaliadas com os resultados
a demonstrar a viabilidade de cada uma das soluçÔes e o impacto que
tĂȘm na comunicação.Programa Doutoral em InformĂĄtic
Deliverable JRA1.1: Evaluation of current network control and management planes for multi-domain network infrastructure
This deliverable includes a compilation and evaluation of available control and management architectures and protocols applicable to a multilayer infrastructure in a multi-domain Virtual Network environment.The scope of this deliverable is mainly focused on the virtualisation of the resources within a network and at processing nodes. The virtualization of the FEDERICA infrastructure allows the provisioning of its available resources to users by means of FEDERICA slices. A slice is seen by the user as a real physical network under his/her domain, however it maps to a logical partition (a virtual instance) of the physical FEDERICA resources. A slice is built to exhibit to the highest degree all the principles applicable to a physical network (isolation, reproducibility, manageability, ...). Currently, there are no standard definitions available for network virtualization or its associated architectures. Therefore, this deliverable proposes the Virtual Network layer architecture and evaluates a set of Management- and Control Planes that can be used for the partitioning and virtualization of the FEDERICA network resources. This evaluation has been performed taking into account an initial set of FEDERICA requirements; a possible extension of the selected tools will be evaluated in future deliverables. The studies described in this deliverable define the virtual architecture of the FEDERICA infrastructure. During this activity, the need has been recognised to establish a new set of basic definitions (taxonomy) for the building blocks that compose the so-called slice, i.e. the virtual network instantiation (which is virtual with regard to the abstracted view made of the building blocks of the FEDERICA infrastructure) and its architectural plane representation. These definitions will be established as a common nomenclature for the FEDERICA project. Other important aspects when defining a new architecture are the user requirements. It is crucial that the resulting architecture fits the demands that users may have. Since this deliverable has been produced at the same time as the contact process with users, made by the project activities related to the Use Case definitions, JRA1 has proposed a set of basic Use Cases to be considered as starting point for its internal studies. When researchers want to experiment with their developments, they need not only network resources on their slices, but also a slice of the processing resources. These processing slice resources are understood as virtual machine instances that users can use to make them behave as software routers or end nodes, on which to download the software protocols or applications they have produced and want to assess in a realistic environment. Hence, this deliverable also studies the APIs of several virtual machine management software products in order to identify which best suits FEDERICAâs needs.Postprint (published version
- âŠ