Mobile IP: state of the art report

Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area

Feasible Threats By Manipulating Tunneling Packet On 6to4 Network

Tunneling mechanism becomes the most delicate transition mechanism compared to other transition mechanism, Dual Stack and Address Translation because tunneling offers easier way to start migrating from IPv4 to IPv6 and offers a smooth transition. 6to4 tunneling is automatic tunneling to conquer migration issues. In fact, tunnel transition mechanism is believed to be susceptible from several type of attacks. On 6to4 tunneling, Neighbor Discovery Protocol message becomes a potential media to exploit by attacker. It starts with deploying a controlled testbed network environment and running several scenario DoS attack by manipulating NDP message through 6to4 tunneling. The expected result is to prove that attacking methods is feasible and effective

Revealing and Characterizing MPLS Networks

The Internet is a wide network of computers in constant evolution. Each year, more and more organizations are connected to this worldwide network. Each of them has its own structure and administration that are not publicly revealed for economical, political, and security reasons. Consequently, our perception of the Internet structure, and more specifically, its topology, is incomplete. In order to balance this lack of knowledge, the research community relies on network measurements. Most of the time, they are performed based on the well-known tool traceroute. However, in practice, an operator may privilege other technologies than IP to forward packets inside its network. MultiProtocol Label Switching (MPLS) is one them. Even if it is heavily deployed by operators, it has not been really investigated by researchers. Prior to this thesis, only two studies focused on the identification of MPLS tunnels in traceroute data. Moreover, while one of them does not take all possible scenarios into account, the other lack of precision in some of its models. In addition, MPLS tunnels may hide their content to traceroute. Topologies inferred from such data may thus contain false links or nodes with an artificially high degree, leading so to biases in standard graph metrics used to model the network. Even if some researchers already tried to tackle this issue, the revelation of hidden MPLS devices in traceroute data is still an open question. This thesis aims at characterizing MPLS in two different ways. On the one hand, at an architectural level, we will analyze in detail its deployment and use in both IPv4 and IPv6 networks in order to improve its state-of-the-art view. We will show that, in practice, more than one IPv4 trace out of two crosses at least one MPLS tunnel. We will also see that, even if this protocol can simplify the internal architecture of transit networks, it also allows some operators to perform traffic engineering in their domain. On the other hand, MPLS will be studied from a measurement point of view. We will see that routers from different manufacturers may have distinct default behaviors regarding to MPLS, and that these specific behaviors can be exploited to identify MPLS tunnels during traceroute measurements. More precisely, we will focus on new methods able to infer the presence of tunnels that are invisible in traceroute outputs, as well as on mechanisms to reveal their content. We will also show that they can be used in order to improve the inference of Internet graph properties, such as path lengths and node degrees. Finally, these techniques will be integrated into Trace the Naughty Tunnels (TNT), a traceroute extension able to identify all types of MPLS tunnels along a path towards a destination. We will prove that this tool can be used in order to get a detailed quantification of MPLS tunnels in the worldwide network. TNT is publicly available, and can therefore be part of many future studies conducted by the research community.Internet est un immense réseau informatique en constante évolution. Chaque année, de plus en plus d’organisations s’y connectent. Chacune d’elles est gérée et administrée indépendamment des autres. En pratique, l’architecture interne de leur réseau n’est pas rendue publique pour des raisons politiques, économiques, ou de sécurité. Par conséquent, notre perception de la structure d’Internet, et plus particulièrement de sa topologie, est incomplète. Afin de pallier ce manque de connaissance, la communauté de la recherche s’appuie sur des mesures de réseau. La plupart du temps, elles sont réalisées avec l’outil traceroute. Cependant, des technologies autres que IP peuvent être privilégiées pour transférer les paquets dans un réseau. MultiProtocol Label Switching (MPLS) est l’une d’entre elles. Même si cette technologie est largement déployée dans Internet, elle n’est pas bien étudiée par les chercheurs. Avant cette thèse, seulement deux travaux se sont intéressés à l’identification d’MPLS dans les données collectées avec traceroute. Alors que le premier ne prend pas en compte tous les scénarios possibles, le second propose des modèles qui manquent de précision. De plus, les tunnels MPLS peuvent dissimuler leur contenu à traceroute. Les topologies inférées sur base de ces données peuvent donc contenir de faux liens, ou des noeuds avec un degré anormalement élevé. Les différentes modélisations d’Internet qui en résultent peuvent alors être biaisées. Aujourd’hui, la question de la révélation des routeurs MPLS qui sont invisibles dans les données de mesure n’est toujours pas résolue, même si certains chercheurs ont déjà proposé quelques méthodes pour y parvenir. Cette thèse a pour but de caractériser MPLS de deux manières différentes. Dans un premier temps, au niveau architectural, nous analyserons en détail son déploiement et son utilisation dans les réseaux IPv4 et IPv6 afin d’améliorer l’état de l’art. Nous montrerons qu’en pratique, plus d’une trace IPv4 sur deux traverse au moins un tunnel MPLS. Nous découvrirons également que bien que ce protocole peut être utilisé pour simplifier l’architecture interne des réseaux de transit, il peut aussi être déployé pour la mise en place de solutions d’ingénierie de trafic. Dans un second temps, MPLS sera étudié d’un point de vue mesure. Nous verrons que les comportements par défaut liés au protocole varient d’un fabricant de routeur à l’autre, et qu’ils peuvent être exploités afin d’identifier les tunnels MPLS dans les données traceroute. Plus précisément, nous découvrirons de nouvelles méthodes capables d’inférer la présence de tunnels invisibles avec traceroute, ainsi que de nouvelles techniques pour révéler leur contenu. Nous montrerons également qu’elles peuvent être utilisées afin d’améliorer la modélisation d’Internet. Pour terminer, ces techniques seront intégrées à Trace the Naughty Tunnels (TNT), une extension de traceroute qui permet d’identifier tous les types de tunnels MPLS le long du chemin vers une destination. Nous prouverons que cet outil peut être utilisé pour obtenir des statistiques détaillées sur le déploiement d’MPLS sur Internet. TNT est disponible publiquement, et peut donc être librement exploité par la communauté de la recherche pour de multiples futures études

Interoperabilidade e mobilidade na internet do futuro

Research on Future Internet has been gaining traction in recent years, with both evolutionary (e.g., Software Defined Networking (SDN)- based architectures) and clean-slate network architectures (e.g., Information Centric Networking (ICN) architectures) being proposed. With each network architectural proposal aiming to provide better solutions for specific Internet utilization requirements, an heterogeneous Future Internet composed by several architectures can be expected, each targeting and optimizing different use case scenarios. Moreover, the increasing number of mobile devices, with increasing capabilities and supporting different connectivity technologies, are changing the patterns of traffic exchanged in the Internet. As such, this thesis focuses on the study of interoperability and mobility in Future Internet architectures, two key requirements that need to be addressed for the widely adoption of these network architectures. The first contribution of this thesis is an interoperability framework that, by enabling resources to be shared among different network architectures, avoids resources to be restricted to a given network architecture and, at the same time, promotes the initial roll out of new network architectures. The second contribution of this thesis consists on the development of enhancements for SDN-based and ICN network architectures through IEEE 802.21 mechanisms to facilitate and optimize the handover procedures on those architectures. The last contribution of this thesis is the definition of an inter-network architecture mobility framework that enables MNs to move across access network supporting different network architectures without losing the reachability to resources being accessed. All the proposed solutions were evaluated with results highlighting the feasibility of such solutions and the impact on the overall communication.A Internet do Futuro tem sido alvo de vários estudos nos últimos anos, com a proposta de arquitecturas de rede seguindo quer abordagens evolutionárias (por exemplo, Redes Definidas por Software (SDN)) quer abordagens disruptivas (por exemplo, Redes Centradas na Informação (ICN)). Cada uma destas arquitecturas de rede visa providenciar melhores soluções relativamente a determinados requisitos de utilização da Internet e, portanto, uma Internet do Futuro heterogénea composta por diversas arquitecturas de rede torna-se uma possibilidade, onde cada uma delas é usada para optimizar diferentes casos de utilização. Para além disso, o aumento do número de dispositivos móveis, com especificações acrescidas e com suporte para diferentes tecnologias de conectividade, está a mudar os padrões do tráfego na Internet. Assim, esta tese foca-se no estudo de aspectos de interoperabilidade e mobilidade em arquitecturas de rede da Internet do Futuro, dois importantes requisitos que necessitam de ser satisfeitos para que a adopção destas arquitecturas de rede seja considerada. A primeira contribuição desta tese é uma solução de interoperabilidade que, uma vez que permite que recursos possam ser partilhados por diferentes arquitecturas de rede, evita que os recursos estejam restringidos a uma determinada arquitectura de rede e, ao mesmo tempo, promove a adopção de novas arquitecturas de rede. A segunda contribuição desta tese consiste no desenvolvimento de extensões para arquitecturas de rede baseadas em SDN ou ICN através dos mecanismos propostos na norma IEEE 802.21 com o objectivo de facilitar e optimizar os processos de mobilidade nessas arquitecturas de rede. Finalmente, a terceira contribuição desta tese é a definição de uma solução de mobilidade envolvendo diferentes arquitecturas de rede que permite a mobilidade de dispositivos móveis entre redes de acesso que suportam diferentes arquitecturas de rede sem que estes percam o acesso aos recursos que estão a ser acedidos. Todas as soluções propostas foram avaliadas com os resultados a demonstrar a viabilidade de cada uma das soluções e o impacto que têm na comunicação.Programa Doutoral em Informátic

Deliverable JRA1.1: Evaluation of current network control and management planes for multi-domain network infrastructure

This deliverable includes a compilation and evaluation of available control and management architectures and protocols applicable to a multilayer infrastructure in a multi-domain Virtual Network environment.The scope of this deliverable is mainly focused on the virtualisation of the resources within a network and at processing nodes. The virtualization of the FEDERICA infrastructure allows the provisioning of its available resources to users by means of FEDERICA slices. A slice is seen by the user as a real physical network under his/her domain, however it maps to a logical partition (a virtual instance) of the physical FEDERICA resources. A slice is built to exhibit to the highest degree all the principles applicable to a physical network (isolation, reproducibility, manageability, ...). Currently, there are no standard definitions available for network virtualization or its associated architectures. Therefore, this deliverable proposes the Virtual Network layer architecture and evaluates a set of Management- and Control Planes that can be used for the partitioning and virtualization of the FEDERICA network resources. This evaluation has been performed taking into account an initial set of FEDERICA requirements; a possible extension of the selected tools will be evaluated in future deliverables. The studies described in this deliverable define the virtual architecture of the FEDERICA infrastructure. During this activity, the need has been recognised to establish a new set of basic definitions (taxonomy) for the building blocks that compose the so-called slice, i.e. the virtual network instantiation (which is virtual with regard to the abstracted view made of the building blocks of the FEDERICA infrastructure) and its architectural plane representation. These definitions will be established as a common nomenclature for the FEDERICA project. Other important aspects when defining a new architecture are the user requirements. It is crucial that the resulting architecture fits the demands that users may have. Since this deliverable has been produced at the same time as the contact process with users, made by the project activities related to the Use Case definitions, JRA1 has proposed a set of basic Use Cases to be considered as starting point for its internal studies. When researchers want to experiment with their developments, they need not only network resources on their slices, but also a slice of the processing resources. These processing slice resources are understood as virtual machine instances that users can use to make them behave as software routers or end nodes, on which to download the software protocols or applications they have produced and want to assess in a realistic environment. Hence, this deliverable also studies the APIs of several virtual machine management software products in order to identify which best suits FEDERICA’s needs.Postprint (published version