IP without IP addresses

D. Phoomikiattisak was funded by the Thai Government. B. Simpson was funded by Cisco Systems under a University Research Programme (URP) grant award.We discuss a key engineering challenge in implementing the Identifier- Locator Network Protocol (ILNP), as described in IRTF Experimental RFCs 6740-6748: enabling legacy applications that use the C sockets API. We have built the first two OS kernel implementations of ILNPv6 (ILNP as a superset of IPv6), in both the Linux OS kernel and the FreeBSD OS kernel. Our evaluation is in comparison with IPv6, in the context of a topical and challenging scenario: host mobility implemented as a purely end-to-end function. Our experiments show that ILNPv6 has excellent potential for deployment using existing IPv6 infrastructure, whilst offering the new properties and functionality of ILNP.Postprin

Heterogeneous Access: Survey and Design Considerations

As voice, multimedia, and data services are converging to IP, there is a need for a new networking architecture to support future innovations and applications. Users are consuming Internet services from multiple devices that have multiple network interfaces such as Wi-Fi, LTE, Bluetooth, and possibly wired LAN. Such diverse network connectivity can be used to increase both reliability and performance by running applications over multiple links, sequentially for seamless user experience, or in parallel for bandwidth and performance enhancements. The existing networking stack, however, offers almost no support for intelligently exploiting such network, device, and location diversity. In this work, we survey recently proposed protocols and architectures that enable heterogeneous networking support. Upon evaluation, we abstract common design patterns and propose a unified networking architecture that makes better use of a heterogeneous dynamic environment, both in terms of networks and devices. The architecture enables mobile nodes to make intelligent decisions about how and when to use each or a combination of networks, based on access policies. With this new architecture, we envision a shift from current applications, which support a single network, location, and device at a time to applications that can support multiple networks, multiple locations, and multiple devices

Seamless Internet connectivity for ubiquitous communication

The direct and flexible use of any network connectivity that is available within an urban scenario is essential for the successful operation of ubiquitous systems. We demonstrate seamless communication across different networks without the use of middleware, proxies, tunnels, or address translation, with minimal (near-zero) packet loss to communication flows as handoff occurs between networks. Our solution does not require any new functions in existing networks, will work on existing infrastructure, and does not require applications to be re-designed or re-engineered. Our solution requires only modifications to the end-systems involved in communication, so can be deployed incrementally only for those end-systems that require the functionality. We describe our approach and its design, based on the use of the Identifier-Locator Network Protocol (ILNP), which can be realised directly on IPv6. We demonstrate the efficacy of our solution with testbed experiments based on modifications to the Linux kernel v4.9 LTS, operating directly over IPv6, and using unmodified binary applications utilising directly the standard socket(2) POSIX.1-2008 API, and standard C library calls. As our approach is 'end-to-end', we also describe how to maintain packet-level secrecy and identity privacy for the communication flow as part of our approach.Postprin

End-to-end mobility for the internet using ILNP

This work was partially funded by the Government of Thailand through a PhD scholarship for Dr Phoomikiattisak.As the use of mobile devices and methods of wireless connectivity continue to increase, seamless mobility becomes more desirable and important. The current IETF Mobile IP standard relies on additional network entities for mobility management, can have poor performance, and has seen little deployment in real networks. We present a host-based mobility solution with a true end-to-end architecture using the Identifier-Locator Network Protocol (ILNP). We show how the TCP code in the Linux kernel can be extended allowing legacy TCP applications that use the standard C sockets API to operate over ILNP without requiring changes or recompilation. Our direct testbed performance comparison shows that ILNP provides better host mobility support than Mobile IPv6 in terms of session continuity, packet loss, and handoff delay for TCP.Publisher PDFPeer reviewe

Multihoming with ILNP in FreeBSD

Multihoming allows nodes to be multiply connected to the network. It forms the basis of features which can improve network responsiveness and robustness; e.g. load balancing and fail-over, which can be considered as a choice between network locations. However, IP today assumes that IP addresses specify both network location and node identity. Therefore, these features must be implemented at routers. This dissertation considers an alternative based on the multihoming approach of the Identifier Locator Network Protocol (ILNP). ILNP is one of many proposals for a split between network location and node identity. However, unlike other proposals, ILNP removes the use of IP addresses as they are used today. To date, ILNP has not been implemented within an operating system stack. I produce the first implementation of ILNP in FreeBSD, based on a superset of IPv6 – ILNPv6 – and demonstrate a key feature of ILNP: multihoming as a first class function of the operating system, rather than being implemented as a routing function as it is today. To evaluate the multihoming capability, I demonstrate one important application of multihoming – load distribution – at three levels of network hierarchy including individual hosts, a singleton Site Border Router (SBR), and a novel, dynamically instantiated, distributed SBR (dSBR). For each level, I present empirical results from a hardware testbed; metrics include latency, throughput, loss and reordering. I compare performance with unmodified IPv6 and NPTv6. Finally, I evaluate the feasibility of dSBR-ILNPv6 as an alternative to existing multihoming approaches, based on measurements of the dSBR’s responsiveness to changes in site connectivity. We find that multihoming can be implemented by individual hosts and/or SBRs, without requiring additional routing state as is the case today, and without any significant additional load or overhead compared to unicast IPv6

MP-CFM: MPTCP-Based communication functional module for next generation ERTMS

184 p. El contenido de los capítulos 4,5,6,7,8 y 9 está sujeto a confidencialidadEl Sistema Europeo de Gestión del Tráfico Ferroviario (ERTMS, por sus siglasen inglés), fue originalmente diseñado para los ferrocarriles europeos. Sinembargo, a lo largo de las dos últimas décadas, este sistema se ha convertidoen el estándar de-facto para los servicios de Alta Velocidad en la mayoría depaíses desarrollados.El sistema ERTMS se compone de tres subsistemas principales: 1) el Sistemade Control Ferroviario Europeo (ETCS, por sus siglas en inglés), que actúacomo aplicación de señalización; 2) el sistema Euroradio, que a su vez estádividido en dos subsistemas, el Módulo de Seguridad Funcional (SFM, porsus siglas en inglés), y el Módulo de Comunicación Funcional (CFM, porsus siglas en inglés); y 3) el sistema de comunicaciones subyacente, GSM-R,que transporta la información intercambiada entre el sistema embarcado enel tren (OBU, por sus siglas en inglés) y el Centro de Bloqueo por Radio(RBC, por sus siglas en inglés). El sistema de señalización ETCS soporta tresniveles dependiendo del nivel de prestaciones soportadas. En el nivel 3 seintroduce la posibilidad de trabajar con bloques móviles en lugar de bloquesfijos definidos en la vía. Esto implica que la distancia de avance entre dos trenesconsecutivos puede ser reducida a una distancia mínima en la que se garanticela seguridad del servicio, aumentando por tanto la capacidad del corredorferroviario. Esta distancia de seguridad viene determinada por la combinaciónde la distancia de frenado del tren y el retraso de las comunicaciones deseñalización. Por lo tanto, se puede afirmar que existe una relación directaentre los retrasos y la confiabilidad de las transmisiones de las aplicaciones deseñalización y la capacidad operacional de un corredor ferroviario. Así pues,el estudio y mejora de los sistemas de comunicaciones utilizados en ERTMSjuegan un papel clave en la evolución del sistema ERTMS. Asimismo, unaoperatividad segura en ERTMS, desde el punto de vista de las comunicacionesimplicadas en la misma, viene determinada por la confiabilidad de lascomunicaciones, la disponibilidad de sus canales de comunicación, el retrasode las comunicaciones y la seguridad de sus mensajes.Unido este hecho, la industria ferroviaria ha venido trabajando en ladigitalización y la transición al protocolo IP de la mayor parte de los sistemasde señalización. Alineado con esta tendencia, el consorcio industrial UNISIGha publicado recientemente un nuevo modelo de comunicaciones para ERTMSque incluye la posibilidad, no solo de operar con el sistema tradicional,basado en tecnología de conmutación de circuitos, sino también con un nuevosistema basado en IP. Esta tesis está alineada con el contexto de migraciónactual y pretende contribuir a mejorar la disponibilidad, confiabilidad yseguridad de las comunicaciones, tomando como eje fundamental los tiemposde transmisión de los mensajes, con el horizonte puesto en la definición deuna próxima generación de ERTMS, definida en esta tesis como NGERTMS.En este contexto, se han detectado tres retos principales para reforzar laresiliencia de la arquitectura de comunicaciones del NGERTMS: 1) mejorarla supervivencia de las comunicaciones ante disrupciones; 2) superar laslimitaciones actuales de ERTMS para enviar mensajes de alta prioridad sobretecnología de conmutación de paquetes, dotando a estos mensajes de un mayorgrado de resiliencia y menor latencia respecto a los mensajes ordinarios; y3) el aumento de la seguridad de las comunicaciones y el incremento de ladisponibilidad sin que esto conlleve un incremento en la latencia.Considerando los desafíos previamente descritos, en esta tesis se proponeuna arquitectura de comunicaciones basada en el protocolo MPTCP, llamadaMP-CFM, que permite superar dichos desafíos, a la par que mantener laretrocompatibilidad con el sistema de comunicaciones basado en conmutaciónde paquetes recientemente propuesto por UNISIG. Hasta el momento, esta esla primera vez que se propone una arquitectura de comunicaciones completacapaz de abordar los desafíos mencionados anteriormente. Esta arquitecturaimplementa cuatro tipos de clase de servicio, los cuales son utilizados porlos paquetes ordinarios y de alta prioridad para dos escenarios distintos; unescenario en el que ambos extremos, el sistema embarcado o OBU y el RBC,disponen de múltiples interfaces de red; y otro escenario transicional en el cualel RBC sí tiene múltiples interfaces de red pero el OBU solo dispone de unaúnica interfaz. La arquitectura de comunicaciones propuesta para el entornoferroviario ha sido validada mediante un entorno de simulación desarrolladopara tal efecto. Es más, dichas simulaciones demuestran que la arquitecturapropuesta, ante disrupciones de canal, supera con creces en términos derobustez el sistema diseñado por UNISIG. Como conclusión, se puede afirmarque en esta tesis se demuestra que una arquitectura de comunicaciones basadade MPTCP cumple con los exigentes requisitos establecidos para el NGERTMSy por tanto dicha propuesta supone un avance en la evolución del sistema deseñalización ferroviario europeo

Mobile Oriented Future Internet (MOFI)

This Special Issue consists of seven papers that discuss how to enhance mobility management and its associated performance in the mobile-oriented future Internet (MOFI) environment. The first two papers deal with the architectural design and experimentation of mobility management schemes, in which new schemes are proposed and real-world testbed experimentations are performed. The subsequent three papers focus on the use of software-defined networks (SDN) for effective service provisioning in the MOFI environment, together with real-world practices and testbed experimentations. The remaining two papers discuss the network engineering issues in newly emerging mobile networks, such as flying ad-hoc networks (FANET) and connected vehicular networks

Defence against Denial of Service (DoS) attacks using Identifier-Locator Network Protocol (ILNP) and Domain Name System (DNS)

This research considered a novel approach to network security by combining a new networking architecture based on the Identifier-Locator Network Protocol (ILNP) and the existing Domain Name System (DNS). Specifically, the investigations considered the mitigation of network-level and transport-level based Denial of Service (DoS) attacks. The solutions presented for DoS are applicable to secure servers that are visible externally from an enterprise network. DoS was chosen as an area of concern because in recent years DoS has become the most common and hard to defend against attacks. The novelty of this approach was to consider the way the DNS and ILNP can work together, transparently to the application, within an enterprise scenario. This was achieved by the introduction of a new application-level access control function - the Capability Management System (CMS) - which applies configuration at the application level (DNS data) and network level (ILNP namespaces). CMS provides dynamic, ephemeral identity and location information to clients and servers, in order to effectively partition legitimate traffic from attack traffic. This was achieved without modifying existing network components such as switches and routers and making standard use of existing functions, such as access control lists, and DNS servers, all within a single trust domain that is under the control of the enterprise. The prime objectives of this research were: • to defend against DoS attacks with the use of naming and DNS within an enterprise scenario. • to increase the attacker’s effort in launching a successful DoS attack. • to reduce the visibility of vulnerabilities that can be discovered by an attacker by active probing approaches. • to practically demonstrate the effectiveness of ILNP and DNS working together to provide a solution for DoS mitigation. The solution methodology is based on the use of network and transport level capabilities, dynamic changes to DNS data, and a Moving Target Defence (MTD) paradigm. There are three solutions presented which use ILNP namespaces. These solutions are referred to as identifier-based, locator-based, and combined identifier-locator based solutions, respectively. ILNP-based node identity values were used to provide transport-level per-client server capabilities, thereby providing per-client isolation of traffic. ILNP locator values were used to allow a provision of network-level traffic separation for externally accessible enterprise services. Then, the identifier and locator solutions were combined, showing the possibility of protecting the services, with per-client traffic control and topological traffic path separation. All solutions were site-based solutions and did not require any modification in the core/external network, or the active cooperation of an ISP, therefore limiting the trust domain to the enterprise itself. Experiments were conducted to evaluate all the solutions on a test-bed consisting of off-the-shelf hardware, open-source software, an implementation of the CMS written in C, all running on Linux. The discussion includes considering the efficacy of the solutions, comparisons with existing methods, the performance of each solution, and critical analysis highlighting future improvements that could be made