3 research outputs found
An anycast based feedback aggregation scheme for efficient network transparency in cross-layer design
To ensure Quality of Service for multimedia data sessions in next generation mobile telecommunication systems, jointly-optimized cross-layer architectures were introduced recently. Such shemes usually require an adaptive media source which is able to modify the main parameters of ongoing connections by transferring control and feedback information via the network and through different protocol layers from application layer to physical layer and vice versa, according to the actual state of the path between peer nodes. This concept of transmitting cross-layer information is referred as network transparency in the literature, meaning that the underlying infrastructure is almost invisible to all the entities involved in joint optimization due to the continuous conveyance of cross-layer feedbacks. In this paper we introduce and evaluate a possible solution for reducing the network overhead caused by this volume of information exchange. Our soulution is based on the anycasting communication paradigm and creates a hierarchical data aggregation scheme allowing to adapt each entity of the multimedia transmission chain based on frequent feedbacks and even so in a low-bandwitdh manner
Uma soluĆ§Ć£o IPSec para comunicaƧƵes seguras Anycast em redes IPv6
DissertaĆ§Ć£o de mestrado em Engenharia de ComunicaƧƵesEsta dissertaĆ§Ć£o tem como objectivos a anĆ”lise das tecnologias IPSec e Anycast, o teste de implementaƧƵes
em cenĆ”rios reais, e o desenvolvimento duma soluĆ§Ć£o que permita aliar o balanceamento
de carga com a seguranƧa: o balanceamento de carga Ʃ obtido utilizando o Anycast e
a seguranƧa atravĆ©s do IPsec. Esta soluĆ§Ć£o foi testada num cenĆ”rio prĆ”tico e concluiu-se sobre
os seus resultados. A soluĆ§Ć£o foi implementada utilizando o protocolo de Internet IPv6.
Inicialmente Ć© efectuado um levantamento do estado de arte das tecnologias que assumem
maior relevĆ¢ncia: (1) IPv6; (2) balanceamento de carga; (3) IPSec; (4) e o Anycast. De seguida,
testam-se as implementaƧƵes existentes das tecnologias Anycast e IPSec. Inicialmente testam-se
ambas as tecnologias em separado, e depois conjuntamente em cenƔrios reais. Relativamente ao
modelo de comunicaĆ§Ć£o Anycast, foi verificado: (1) suporte em termos de SOs; (2) comportamento
com os protocolos TCP e ICMPv6; (3) balanceamento de carga; (4) e redireccionamento
em caso de falha. Em termos de IPSec, foi verficado: (1) suporte em termos de SOs; (2) ferramentas
existentes para a sua configuraĆ§Ć£o; (3) e ainda diferentes modos de configuraĆ§Ć£o do
IPSec. ApĆ³s estes testes foram ainda implementadas as tecnologias Anycast e IPSec em simultĆ¢neo.
AtravĆ©s destes testes, observou-se que sem alteraƧƵes Ć s tecnologias existentes o IPSec nĆ£o
pode ser utilizado conjuntamente com o Anycast se for configurado atravƩs do IKE, funcionando
apenas caso o IPSec fosse configurado manualmente.
Nesta dissertaĆ§Ć£o propƵe-se uma soluĆ§Ć£o capaz de permitir comunicaƧƵes seguras entre um
cliente e um conjunto de servidores com um mesmo endereƧo Anycast. A soluĆ§Ć£o proposta Ć©
totalmente baseada no IPSec e a sua utilizaĆ§Ć£o nĆ£o implica nenhuma alteraĆ§Ć£o Ć s tecnologias
utilizadas. Visto nĆ£o ser possĆvel a utilizaĆ§Ć£o do IKE com o Anycast, a soluĆ§Ć£o implementada
utiliza o modo de configuraĆ§Ć£o manual do IPSec para fornecer a seguranƧa Ć s comunicaƧƵes.
No entanto, o modo de configuraĆ§Ć£o manual introduz sĆ©rios problemas de seguranƧa no momento
da troca das chaves secretas entre os dois extremos de uma conexĆ£o. Como tal, a soluĆ§Ć£o
desenvolvida implementa um mecanismo de troca das chaves secretas de um modo seguro. A
seguranƧa deste mecanismo Ć© conseguida atravĆ©s de criptografia assimĆ©trica. A soluĆ§Ć£o consiste em duas aplicaƧƵes: cliente e servidor. As aplicaƧƵes foram desenvolvidas
na linguagem de programaĆ§Ć£o JAVA. A aplicaĆ§Ć£o cliente oferece ainda um GUI para
a configuraĆ§Ć£o dos parĆ¢metros pretendidos para a conexĆ£o IPSec.This thesis aims to analyze the IPSec and Anycast, testing implementations in real scenarios,
and developing a solution that will combine load balancing with security: the load balancing
is achieved using the Anycast and security through IPsec. This solution was tested in a practical
setting and found out about their results. The solution was implemented using the Internet
protocol IPv6.
Initially a survey is made about the state of the art of the technologies that assume greater
importance: (1) IPv6; (2) load balancing; (3) IPSec; (4) and Anycast. Then, we test existing implementations
of the technologies Anycast and IPSec. First we test both technologies separately,
and then together in real scenarios. For the Anycast communication model, was checked: (1) OS
support; (2) behavior with TCP and ICMPv6 protocols; (3) load balancing; (4) and redirecting
on failure. In terms of IPSec was checked: (1) OS support; (2) existing tools for configuration;
(3) and about different ways to configure the IPSec. After these tests were also implemented
simultaneously the Anycast and IPSec technologies. Through these tests, we found that with
no changes to existing technologies IPSec can not be used in conjunction with the Anycast if
configured via IKE. IPSec only works if it was manually configured.
Here, we propose a solution that can provide secure communications between a client and
a set of servers with the same Anycast address. The proposed solution is completely based on
IPSec and its use does not require any change to the technology used. Since it is not possible
to use IKE with Anycast, the solution implemented uses the manual setting of IPSec to provide
security to communications. However, the mode of manual configuration introduces serious
security problems at the time of exchange of secret keys between two ends of a connection.
As such, the solution developed implements a mechanism for the exchange of secret keys in a
secure way. The security of this mechanism is achieved through asymmetric encryption.
The solution consists of two applications: cliente and servidor. The applications were
developed in the JAVA programming language. The application cliente also offers a GUI for
setting the desired parameters for the IPSec connection
Encaminhamento Anycast em redes IPv6
DissertaĆ§Ć£o de mestrado integrado em Engenharia de ComunicaƧƵesO aparecimento do protocolo de comunicaĆ§Ć£o Internet Protocol version 6 (IPv6) introduziu
um novo paradigma de comunicaĆ§Ć£o, denominado anycast (um-para-um-de-muitos). Este novo
paradigma, utiliza o conceito de grupo, Ć semelhanƧa do que acontece com o multicast, mas em
oposiĆ§Ć£o a este, a informaĆ§Ć£o Ć© enviada apenas para um dos membros do grupo (tipicamente
o mais prĆ³ximo) e nĆ£o para todos. Embora jĆ” se tenham passado alguns anos desde o seu
aparecimento, o anycast tem sofrido uma lenta evoluĆ§Ć£o, contribuindo para esta situaĆ§Ć£o o
facto de nĆ£o existir ainda um protocolo normalizado, que permita Ć s aplicaƧƵes usar de forma
generalizada este paradigma de comunicaĆ§Ć£o.
Tradicionalmente as soluƧƵes para o problema de encaminhamento anycast sĆ£o simplesmente
baseadas no encaminhamento unicast sem alteraƧƵes. No entanto, e tratando-se de um paradigma
que usa o conceito de grupo, Ć© de esperar que os protocolos de encaminhamento multicast,
ou alguma variante destes, possam vir a constituir uma boa soluĆ§Ć£o para a implementaĆ§Ć£o do
anycast ao nĆvel da rede. A presente dissertaĆ§Ć£o apresenta um levantamento de propostas relacionadas
com o tema e propƵe um novo protocolo de encaminhamento anycast baseado no
protocolo Protocol Independent Multicast - Sparse Mode (PIM-SM), denominado Tree-based
Anycast Protocol (TAP). As alteraƧƵes propostas ao protocolo PIM-SM sĆ£o apresentadas na
especificaĆ§Ć£o do sistema, tendo sido o seu correto funcionamento aferido recorrendo ao Network
Simulator 2 (ns-2.35).The introduction of the new Internet Protocol version 6 (IPv6), came with a new communication
paradigm, named anycast. This new paradigm, uses the group as a concept, similar to
what happens with multicast, but in opposition to this, the information is sent only for one of
the members on the group (usually the closest one) and not for all. Although some years have
passed since its appearance, anycast had a slow development, being the main reason the fact
that it doesn't have a standard protocol that allows applications to use widely this communication
paradigm.
The solutions for the anycast routing problem, traditionally, are based on unicast routing
without any changes. However, and being this a paradigm that uses the group concept, it's
expected that multicast routing protocols, or some kind of variant, would be a good solution
to implement an anycast network-based protocol. This dissertation presents a survey of proposed
anycast protocols and suggests a new routing protocol based on Protocol Independent
Multicast - Sparse Mode (PIM-SM), designated as Tree-based Anycast Protocol (TAP). The
chapter of the system specification introduce the changes to the protocol PIM-SM, and the
correct behaviour measured using the Network Simulator 2 (ns-2.35)