Optimization of BGP Convergence and Prefix Security in IP/MPLS Networks

Multi-Protocol Label Switching-based networks are the backbone of the operation of the Internet, that communicates through the use of the Border Gateway Protocol which connects distinct networks, referred to as Autonomous Systems, together. As the technology matures, so does the challenges caused by the extreme growth rate of the Internet. The amount of BGP prefixes required to facilitate such an increase in connectivity introduces multiple new critical issues, such as with the scalability and the security of the aforementioned Border Gateway Protocol. Illustration of an implementation of an IP/MPLS core transmission network is formed through the introduction of the four main pillars of an Autonomous System: Multi-Protocol Label Switching, Border Gateway Protocol, Open Shortest Path First and the Resource Reservation Protocol. The symbiosis of these technologies is used to introduce the practicalities of operating an IP/MPLS-based ISP network with traffic engineering and fault-resilience at heart. The first research objective of this thesis is to determine whether the deployment of a new BGP feature, which is referred to as BGP Prefix Independent Convergence (PIC), within AS16086 would be a worthwhile endeavour. This BGP extension aims to reduce the convergence delay of BGP Prefixes inside of an IP/MPLS Core Transmission Network, thus improving the networks resilience against faults. Simultaneously, the second research objective was to research the available mechanisms considering the protection of BGP Prefixes, such as with the implementation of the Resource Public Key Infrastructure and the Artemis BGP Monitor for proactive and reactive security of BGP prefixes within AS16086. The future prospective deployment of BGPsec is discussed to form an outlook to the future of IP/MPLS network design. As the trust-based nature of BGP as a protocol has become a distinct vulnerability, thus necessitating the use of various technologies to secure the communications between the Autonomous Systems that form the network to end all networks, the Internet

Fast emergency paths schema to overcome transient link failures in ospf routing

A reliable network infrastructure must be able to sustain traffic flows, even when a failure occurs and changes the network topology. During the occurrence of a failure, routing protocols, like OSPF, take from hundreds of milliseconds to various seconds in order to converge. During this convergence period, packets might traverse a longer path or even a loop. An even worse transient behaviour is that packets are dropped even though destinations are reachable. In this context, this paper describes a proactive fast rerouting approach, named Fast Emergency Paths Schema (FEP-S), to overcome problems originating from transient link failures in OSPF routing. Extensive experiments were done using several network topologies with different dimensionality degrees. Results show that the recovery paths, obtained by FEPS, are shorter than those from other rerouting approaches and can improve the network reliability by reducing the packet loss rate during the routing protocols convergence caused by a failure.Comment: 18 page

Access and metro network convergence for flexible end-to-end network design

This paper reports on the architectural, protocol, physical layer, and integrated testbed demonstrations carried out by the DISCUS FP7 consortium in the area of access - metro network convergence. Our architecture modeling results show the vast potential for cost and power savings that node consolidation can bring. The architecture, however, also recognizes the limits of long-reach transmission for low-latency 5G services and proposes ways to address such shortcomings in future projects. The testbed results, which have been conducted end-to-end, across access - metro and core, and have targeted all the layers of the network from the application down to the physical layer, show the practical feasibility of the concepts proposed in the project

Avoiding Loops and Packet Losses in ISP Networks

Even in well managed Large ISP networks failures of links and routers are common Due to these failures the routers update their routing tables Transient loops can occur in the networks when the routers adapt their forwarding tables In this paper a new approach is proposed that lets the network converge to its optimal state without loops and the related packet lossless The mechanism OUTFC-Ordered Updating Technique with Fast Convergence is based on an ordering of the updates of the forwarding tables of the routers and fast convergence Typically we have chosen a Network consisting of routers and Link costs for simulation Link failures are simulated Avoiding transient loops in each case is demonstrated by constructing a Reverse Shortest PathTree RSP

It bends but would it break?:topological analysis of BGP infrastructures in Europe

The Internet is often thought to be a model of resilience, due to a decentralised, organically-grown architecture. This paper puts this perception into perspective through the results of a security analysis of the Border Gateway Protocol (BGP) routing infrastructure. BGP is a fundamental Internet protocol and its intrinsic fragilities have been highlighted extensively in the literature. A seldom studied aspect is how robust the BGP infrastructure actually is as a result of nearly three decades of perpetual growth. Although global black-outs seem unlikely, local security events raise growing concerns on the robustness of the backbone. In order to better protect this critical infrastructure, it is crucial to understand its topology in the context of the weaknesses of BGP and to identify possible security scenarios. Firstly, we establish a comprehensive threat model that classifies main attack vectors, including but non limited to BGP vulnerabilities. We then construct maps of the European BGP backbone based on publicly available routing data. We analyse the topology of the backbone and establish several disruption scenarios that highlight the possible consequences of different types of attacks, for different attack capabilities. We also discuss existing mitigation and recovery strategies, and we propose improvements to enhance the robustness and resilience of the backbone. To our knowledge, this study is the first to combine a comprehensive threat analysis of BGP infrastructures withadvanced network topology considerations. We find that the BGP infrastructure is at higher risk than already understood, due to topologies that remain vulnerable to certain targeted attacks as a result of organic deployment over the years. Significant parts of the system are still uncharted territory, which warrants further investigation in this direction

Combined Intra- and Inter-domain Traffic Engineering using Hot-Potato Aware Link Weights Optimization

A well-known approach to intradomain traffic engineering consists in finding the set of link weights that minimizes a network-wide objective function for a given intradomain traffic matrix. This approach is inadequate because it ignores a potential impact on interdomain routing. Indeed, the resulting set of link weights may trigger BGP to change the BGP next hop for some destination prefixes, to enforce hot-potato routing policies. In turn, this results in changes in the intradomain traffic matrix that have not been anticipated by the link weights optimizer, possibly leading to degraded network performance. We propose a BGP-aware link weights optimization method that takes these effects into account, and even turns them into an advantage. This method uses the interdomain traffic matrix and other available BGP data, to extend the intradomain topology with external virtual nodes and links, on which all the well-tuned heuristics of a classical link weights optimizer can be applied. A key innovative asset of our method is its ability to also optimize the traffic on the interdomain peering links. We show, using an operational network as a case study, that our approach does so efficiently at almost no extra computational cost.Comment: 12 pages, Short version to be published in ACM SIGMETRICS 2008, International Conference on Measurement and Modeling of Computer Systems, June 2-6, 2008, Annapolis, Maryland, US

Integration of utilities infrastructures in a future internet enabled smart city framework

Improving efficiency of city services and facilitating a more sustainable development of cities are the main drivers of the smart city concept. Information and Communication Technologies (ICT) play a crucial role in making cities smarter, more accessible and more open. In this paper we present a novel architecture exploiting major concepts from the Future Internet (FI) paradigm addressing the challenges that need to be overcome when creating smarter cities. This architecture takes advantage of both the critical communications infrastructures already in place and owned by the utilities as well as of the infrastructure belonging to the city municipalities to accelerate efficient provision of existing and new city services. The paper highlights how FI technologies create the necessary glue and logic that allows the integration of current vertical and isolated city services into a holistic solution, which enables a huge forward leap for the efficiency and sustainability of our cities. Moreover, the paper describes a real-world prototype, that instantiates the aforementioned architecture, deployed in one of the parks of the city of Santander providing an autonomous public street lighting adaptation service. This prototype is a showcase on how added-value services can be seamlessly created on top of the proposed architecture.The work described in this paper has been carried out under the framework of the OUTSMART project which has been partially funded by the European Commission under the contract number FP7-ICT-28503

The Beginnings and Prospective Ending of “End-to-End”: An Evolutionary Perspective On the Internet’s Architecture

The technology of “the Internet” is not static. Although its “end-to- end” architecture has made this “connection-less” communications system readily “extensible,” and highly encouraging to innovation both in hardware and software applications, there are strong pressures for engineering changes. Some of these are wanted to support novel transport services (e.g. voice telephony, real-time video); others would address drawbacks that appeared with opening of the Internet to public and commercial traffic - e.g., the difficulties of blocking delivery of offensive content, suppressing malicious actions (e.g. “denial of service” attacks), pricing bandwidth usage to reduce congestion. The expected gains from making “improvements” in the core of the network should be weighed against the loss of the social and economic benefits that derive from the “end-to-end” architectural design. Even where technological “fixes” can be placed at the networks’ edges, the option remains to search for alternative, institutional mechanisms of governing conduct in cyberspace.

The role of communication systems in smart grids: Architectures, technical solutions and research challenges

The purpose of this survey is to present a critical overview of smart grid concepts, with a special focus on the role that communication, networking and middleware technologies will have in the transformation of existing electric power systems into smart grids. First of all we elaborate on the key technological, economical and societal drivers for the development of smart grids. By adopting a data-centric perspective we present a conceptual model of communication systems for smart grids, and we identify functional components, technologies, network topologies and communication services that are needed to support smart grid communications. Then, we introduce the fundamental research challenges in this field including communication reliability and timeliness, QoS support, data management services, and autonomic behaviors. Finally, we discuss the main solutions proposed in the literature for each of them, and we identify possible future research directions