17 research outputs found
Routing Protocols in Modern IP Networks
Τα σύγχρονα IP δίκτυα συνεχώς εξελίσσονται και μεγαλώνουν. Ο αυξανόμενος αριθμός των όλο και περισσότερο ο διασυνδεδεμένων "έξυπνων" συσκευών, υποχρεώνει τους μηχανικούς δικτύων να πρέπει να διαχειριστούν ποικίλα δίκτυα με εκατοντάδες ή χιλιάδες διασυνδεμένες συσκευές. Η δρομολόγηση του IP πρωτοκόλλου είναι ο συνδετικός κρίκος μεταξύ όλων αυτών των δικτύων. Σκοπός της παρούσας πτυχιακής εργασίας είναι να αποτελέσει ένα εργαλείο αναφοράς των πρωτόκολλων δρομολόγησης, για σπουδαστές και μηχανικούς, των οποίων κύρια δραστηριότητα είναι η διαχείριση και η εποπτεία τεχνολογιών και πρωτοκόλλων δρομολόγησης σε IP δίκτυα.Modern IP networks are continuously evolving and growing. The fact that more and more devices become “smart” and have the ability to connect to an IP network makes network engineers come across a variety of different network topologies, on a daily basis, interconnecting hundreds or thousands of different subnets. IP routing is the key link between these subnets. The purpose of this thesis is to become a reference tool for students or engineers whose main responsibility is the management or administration of core routing technologies
Equal cost multipath routing in IP networks
IP verkkojen palveluntarjoajat ja loppukäyttäjät vaativat yhä tehokkaampia ja parempilaatuisia palveluita, mikä vaatii tuotekehittäjiä tarjoamaan hienostuneempia liikennesuunnittelumenetelmiä verkon optimointia ja hallintaa varten. IS-IS ja OSPF ovat standardiratkaisut hoitamaan reititystä pienissä ja keskisuurissa pakettiverkoissa. Monipolkureititys on melko helppo ja yleispätevä tapa parantaa kuorman balansointia ja nopeaa suojausta tällaisissa yhden polun reititykseen keskittyvissä verkoissa.
Tämä diplomityö kirjoitettiin aikana, jolloin monipolkureititys toteutettiin Tellabs-nimisen yrityksen 8600-sarjan reitittimiin. Tärkeimpiä kohtia monipolkureitityksen käyttöönotossa ovat lyhyimmän polun algoritmin muokkaukseen ja reititystaulun toimintaan liittyvät muutokset ohjaustasolla sekä kuormanbalansointialgoritmin toteutus reitittimen edelleenkuljetustasolla.
Diplomityön tulokset sekä olemassa oleva kirjallisuus osoittavat, että kuormanbalansointialgoritmilla on suurin vaikutus yhtä hyvien polkujen liikenteen jakautumiseen ja että oikean algoritmin valinta on ratkaisevan tärkeää. Hajakoodaukseen perustuvat algoritmit, jotka pitävät suurimman osan liikennevuoista samalla polulla, ovat dominoivia ratkaisuja nykyisin. Tämän algoritmityypin etuna on helppo toteutettavuus ja kohtuullisen hyvä suorituskyky. Liikenne on jakautunut tasaisesti, kunhan liikennevuoiden lukumäärä on riittävän suuri.
Monipolkureititys tarjoaa yksinkertaisen ratkaisun, jota on helppo konfiguroida ja ylläpitää. Suorituskyky on parempi kuin yksipolkureititykseen perustuvat ratkaisut ja se haastaa monimutkaisemmat MPLS ratkaisut. Ainoa huolehdittava asia on linkkien painojen asettaminen sillä tavalla, että riittävästi kuormantasauspolkuja syntyy.Increasing efficiency and quality demands of services from IP network service providers and end users drive developers to offer more and more sophisticated traffic engineering methods for network optimization and control. Intermediate System to Intermediate System and Open Shortest Path First are the standard routing solutions for intra-domain networks. An easy upgrade utilizes Equal Cost Multipath (ECMP) that is one of the most general solutions for IP traffic engineering to increase load balancing and fast protection performance of single path interior gateway protocols.
This thesis was written during the implementation process of the ECMP feature of Tellabs 8600 series routers. The most important parts in adoption of ECMP are changes to shortest path first algorithm and routing table modification in the control plane and implementation of load balancing algorithm to the forwarding plane of router.
The results of the thesis and existing literature prove, that the load balancing algorithm has the largest affect on traffic distribution of equal cost paths and the selection of the correct algorithm is crucial. Hash-based algorithms, that keep the traffic flows in the same path, are the dominating solutions currently. They provide simple implementation and moderate performance. Traffic is distributed evenly, when the number of flows is large enough.
ECMP provides a simple solution that is easy to configure and maintain. It outperforms single path solutions and competes with more complex MPLS solutions. The only thing to take care of is the adjustment of link weights of the network in order to create enough load balancing paths
MPLS AND ITS APPLICATION
Real-time and multimedia applications have grown enormously during the last few years. Such applications require guaranteed bandwidth in a packet switched networks.
Moreover, these applications require that the guaranteed bandwidth remains available
when a node or a link in the network fails. Multiprotocol Label Switching (MPLS)
networks cater to these requirements without compromising scalability. Guaranteed
service and protection against failures in an MPLS network requires backup paths to be
present in the network. Such backup paths are computed and installed at the same time a
primary is provisioned. This thesis explains the single-layer restoration routing by placing primary as well as backup paths in MPLS networks. Our focus will be on computing and establishing backup paths, and bandwidth sharing along such backup paths. We will start by providing a quick overview of MPLS routing. We will identify the elements and quantities that are significant to the understanding of MPLS restoration routing. To this end, we will introduce the information locally stored at MPLS nodes and information propagated through routing protocols, in order to assist in efficient restoration routing. L2VPNs and VPLS will also be covered in the end of this thesis. In the end SDN (software defined networks) will be introduced
Recommended from our members
Integration of unidirectional technologies into wireless back-haul architecture
This thesis was submitted for the degree of Docter of Philosophy and awarded by Brunel University.Back-haul infrastructures of today's wireless operators must support the triple-play services demanded by the market or regulatory bodies. To cope with increasing capacity demand, the EU FP7 project CARMEN has developed a cost-effective heterogeneous
multi-radio wireless back-haul architecture, which may also leverage the native multicast
capabilities of broadcast technologies such as DVB-T to off-load high-bandwidth broadcast
content delivery. However, the integration of such unidirectional technologies into a packet-switched architecture requires careful considerations. The contribution of this thesis is the investigation, design and evaluation of protocols and mechanisms facilitating the integration of such unidirectional technologies into the wireless
back-haul architecture so that they can be configured and utilized by the spectrum and
capacity optimization modules. This integration mainly concerns the control plane and, in particular, the aspects related to resource and capability descriptions, neighborhood, link and Multi Protocol Label Switching (MPLS) Label-Switched Path (LSP) monitoring, unicast and multicast LSP signalling as well as topology forming and maintenance. During the course of this study we have analyzed the problem space, proposed solutions to the resulting research questions and evaluated our approach. Our results show that the now Unidirectional Technology (UDT)-aware architecture can readily consider
Unidirectional Technologies (UDTs) to distribute, for example, broadcast content
Performance evaluation of HIP-based network security solutions
Abstract. Host Identity Protocol (HIP) is a networking technology that systematically separates the identifier and locator roles of IP addresses and introduces a Host Identity (HI) name space based on a public key security infrastructure. This modification offers a series of benefits such as mobility, multi-homing, end-to-end security, signaling, control/data plane separation, firewall security, e.t.c. Although HIP has not yet been sufficiently applied in mainstream communication networks, industry experts foresee its potential as an integral part of next generation networks.
HIP can be used in various HIP-aware applications as well as in traditional IP-address-based applications and networking technologies, taking middle boxes into account. One of such applications is in Virtual Private LAN Service (VPLS), VPLS is a widely used method of providing Ethernet-based Virtual Private Network that supports the connection of geographically separated sites into a single bridged domain over an IP/MPLS network. The popularity of VPLS among commercial and defense organizations underscores the need for robust security features to protect both data and control information.
After investigating the different approaches to HIP, a real world testbed is implemented. Two experiment scenarios were evaluated, one is performed on two open source Linux-based HIP implementations (HIPL and OpenHIP) and the other on two sets of enterprise equipment from two different companies (Tempered Networks and Byres Security). To account for a heterogeneous mix of network types, the Open source HIP implementations were evaluated on different network environments, namely Local Area Network (LAN), Wireless LAN (WLAN), and Wide Area Network (WAN). Each scenario is tested and evaluated for performance in terms of throughput, latency, and jitter.
The measurement results confirmed the assumption that no single solution is optimal in all considered aspects and scenarios. For instance, in the open source implementations, the performance penalty of security on TCP throughput for WLAN scenario is less in HIPL than in OpenHIP, while for WAN scenario the reverse is the case. A similar outcome is observed for the UDP throughput. However, on latency, HIPL showed lower latency for all three network test scenarios. For the legacy equipment experiment, the penalty of security on TCP throughput is about 19% compared with the non-secure scenario while latency is increased by about 87%. This work therefore provides viable information for researchers and decision makers on the optimal solution to securing their VPNs based on the application scenarios and the potential performance penalties that come with each approach.HIP-pohjaisten tietoliikenneverkkojen turvallisuusratkaisujen suorituskyvyn arviointi. Tiivistelmä. Koneen identiteettiprotokolla (HIP, Host Identity Protocol) on tietoliikenneverkkoteknologia, joka käyttää erillistä kerrosta kuljetusprotokollan ja Internet-protokollan (IP) välissä TCP/IP-protokollapinossa. HIP erottaa systemaattisesti IP-osoitteen verkko- ja laite-osat, sekä käyttää koneen identiteetti (HI) -osaa perustuen julkisen avainnuksen turvallisuusrakenteeseen. Tämän hyötyjä ovat esimerkiksi mobiliteetti, moniliittyminen, päästä päähän (end-to-end) turvallisuus, kontrolli-informaation ja datan erottelu, kohtaaminen, osoitteenmuutos sekä palomuurin turvallisuus. Teollisuudessa HIP-protokolla nähdään osana seuraavan sukupolven tietoliikenneverkkoja, vaikka se ei vielä olekaan yleistynyt laajaan kaupalliseen käyttöön.
HIP–protokollaa voidaan käyttää paitsi erilaisissa HIP-tietoisissa, myös perinteisissä IP-osoitteeseen perustuvissa sovelluksissa ja verkkoteknologioissa. Eräs tällainen sovellus on virtuaalinen LAN-erillisverkko (VPLS), joka on laajasti käytössä oleva menetelmä Ethernet-pohjaisen, erillisten yksikköjen ja yhden sillan välistä yhteyttä tukevan, virtuaalisen erillisverkon luomiseen IP/MPLS-verkon yli. VPLS:n yleisyys sekä kaupallisissa- että puolustusorganisaatioissa korostaa vastustuskykyisten turvallisuusominaisuuksien tarpeellisuutta tiedon ja kontrolliinformaation suojauksessa.
Tässä työssä tutkitaan aluksi HIP-protokollan erilaisia lähestymistapoja. Teoreettisen tarkastelun jälkeen käytännön testejä suoritetaan itse rakennetulla testipenkillä. Tarkasteltavat skenaariot ovat verrata Linux-pohjaisia avoimen lähdekoodin HIP-implementaatioita (HIPL ja OpenHIP) sekä verrata kahden eri valmistajan laitteita (Tempered Networks ja Byres Security). HIP-implementaatiot arvioidaan eri verkkoympäristöissä, jota ovat LAN, WLAN sekä WAN. Kaikki testatut tapaukset arvioidaan tiedonsiirtonopeuden, sen vaihtelun (jitter) sekä latenssin perusteella.
Mittaustulokset osoittavat, että sama ratkaisu ei ole optimaalinen kaikissa tarkastelluissa tapauksissa. Esimerkiksi WLAN-verkkoa käytettäessä turvallisuuden aiheuttama häviö tiedonsiirtonopeudessa on HIPL:n tapauksessa OpenHIP:iä pirnempi, kun taas WAN-verkon tapauksessa tilanne on toisinpäin. Samanlaista käyttäytymistä havaitaan myös UDP-tiedonsiirtonopeudessa. HIPL antaa kuitenkin pienimmän latenssin kaikissa testiskenaarioissa. Eri valmistajien laitteita vertailtaessa huomataan, että TCP-tiedonsiirtonopeus huononee 19 ja latenssi 87 prosenttia verrattuna tapaukseen, jossa turvallisuusratkaisua ei käytetä. Näin ollen tämän työn tuottama tärkeä tieto voi auttaa alan toimijoita optimaalisen verkkoturvallisuusratkaisun löytämisessä VPN-pohjaisiin sovelluksiin
Enabling architectures for QoS provisioning
Nowadays, new multimedia services have been deployed with stringent requirements for Quality of Service (QoS). The QoS provisioning is faced with the heterogeneity of system components. This thesis presents two research: on architectures for QoS management at the application layer, fulfilled mainly by software components; and on distributed software architectures for routing devices providing desired QoS at the underlying communication layer. At the application layer, the QoS architecture we propose, based on the Quality Driven Delivery (QDD) framework, deals with the increasing amount of QoS information of a distributed system. Based on various QoS information models we define for key actors of a distributed system, a QoS information base is generated using QoS information collecting and analysis tools. To translate QoS information among different components, we propose mechanisms to build QoS mapping rules from statistical data. Experiments demonstrate that efficient QoS decisions can be made effectively regarding the contribution of all system components with the help of the QoS information management system. At the underlying layer, we investigate distributed and scalable software architectures for QoS-enabled devices. Due to the huge volume of traffic to be switched, the traditional software model used for current generation routers, where the control card of the router performs all the processing tasks, is no longer appropriate in the near future. We propose a new scalable and distributed architecture to fully exploit the hardware platforms of the next generation routers, and to improve the quality of routers, particularly with respect to scalability and to a lesser extent to resiliency and availability. Our proposal is a distributed software framework where control tasks are shared among the control and line cards of the router. Specific architectures for routing, signaling protocols and routing table management are developed. We investigate the challenges for such distributed architectures and proposed various solutions to overcome them. Based on a general distributed software framework, an efficient scalable distributed architecture for MPLS/LDP and different scalable distributed schemes for the routing table manager (RTM) are developed. We also evaluate the performance of proposed distributed schemes and discuss where to deploy these architectures depending on the type of routers (i.e., their hardware capacity
Intelligent Network Infrastructures: New Functional Perspectives on Leveraging Future Internet Services
The Internet experience of the 21st century is by far very different from that of the early '80s. The Internet has adapted itself to become what it really is today, a very successful business platform of global scale. As every highly successful technology, the Internet has suffered from a natural process of ossification. Over the last 30 years, the technical solutions adopted to leverage emerging applications can be divided in two categories. First, the addition of new functionalities either patching existing protocols or adding new upper layers. Second, accommodating traffic grow with higher bandwidth links. Unfortunately, this approach is not suitable to provide the proper ground for a wide gamma of new applications. To be deployed, these future Internet applications require from the network layer advanced capabilities that the TCP/IP stack and its derived protocols can not provide by design in a robust, scalable fashion. NGNs (Next Generation Networks) on top of intelligent telecommunication infrastructures are being envisioned to support future Internet Services. This thesis contributes with three proposals to achieve this ambitious goal.
The first proposal presents a preliminary architecture to allow NGNs to seamlessly request advanced services from layer 1 transport networks, such as QoS guaranteed point-to-multipoint circuits. This architecture is based on virtualization techniques applied to layer 1 networks, and hides from NGNs all complexities of interdomain provisioning. Moreover, the economic aspects involved were also considered, making the architecture attractive to carriers. The second contribution regards a framework to develop DiffServ-MPLS capable networks based exclusively on open source software and commodity PCs. The developed DiffServ-MPLS flexible software router was designed to allow NGN prototyping, that make use of pseudo virtual circuits and assured QoS as a starting point of development. The third proposal presents a state of the art routing and wavelength assignment algorithm for photonic networks. This algorithm considers physical layer impairments to 100% guarantee the requested QoS profile, even in case of single network failures. A number of novel techniques were applied to offer lower blocking probability when compared with recent proposed algorithms, without impacting on setup delay time
Management of Carrier Grade Intra-Domain Ethernet
Internet ei ole enää pelkkä tiedonlähde, vaan enenevässä määrin kriittisempi osa yhteiskunnan infrastruktuuria. Nykyiset Internet-palveluja tuottavat teknologiat - IPv4 osoitteistuksessa, MPLS siirtoalustana ja SDH fyysisenä välitysteknologiana - ovat alkaneet menettää valta-asemaansa samalla kun kaikille tuttu verkkoteknologia, Ethernet, on laajentunut lähiverkoista runkoverkkoihin. Maailmassa on miljoonia Ethernet-lähiverkkoja. Olisi kustannustehokaampaa toteuttaa myös näiden lähiverkkojen väliset siirtoyhteydet Ethernetillä.
Halu kustannustehokkuuteen ja teknologian konsolidointiin on tuonut esille tarpeen ns. operaattorikestoisille Ethernet-palveluille. Koska Ethernetistä puuttuu määrättyjä ominaisuuksia joita ilman on mahdotonta toteuttaa siirtoverkkopalveluja, näitä operaattori-Ethernet-palveluja on tuotettu toistaiseksi olemassa olevilla tekniikoilla, kuten MPLS:llä. Tulevaisuudessa todellinen haaste on luoda operaattoritasoinen, Ethernet-pohjainen siirtoverkkoteknologia, joka kykenee tuottamaan Ethernet-palvelujen lisäksi mitä tahansa muita tietoliikennepalveluja.
Tämä diplomityö käsittelee operaattoritasoisen Ethernetin hallintaa yhden runkoverkkoalueen sisällä. Työssä käydään läpi standardoidut operaattorikestoiset Ethernet-palvelut, teknologiat joilla palveluja tällä hetkellä tuotetaan, ehdokkaat tulevaisuuden Ethernet-siirtoverkkoteknologioiksi sekä keskeisimmät verkonhallintaan liittyvät standardit. Työn jälkimmäisessä puoliskossa esitellään Euroopan Unionin 7th Framework ETNA -projektia varten kehitetty verkonhallintajärjestelmä. Hallintajärjestelmä tarjoaa rajapinnan jonka kautta on mahdollista provisioida suojattuja Ethernet-palveluja kahden asiakasliityntäpisteen välillä, ja lisäksi lähetyspuita joissa kohteina on useampi asiakaspiste. Hallintajärjestelmältä tilatut palvelut viestitetään Ben Gurionin yliopiston toteuttaman, verkkoprosessoreilla toimivan välityskerroksen välitystauluihin.Internet is evolving from its role as a mere information provider to an ubiquitous infrastructure crucial to society. The current technologies running the majority of global Internet - IPv4 in addressing, MPLS as core transport and SDH as the physical transfer technology - have been long-lived. However, their dominance has started to diminish because a network technology common to all, Ethernet, has started to expand from local to metropolitan and wide area networks. Most enterprises and home users already use Ethernet in their LAN. Connecting these sites to MAN or WAN with the same technology is the logical next step in technology consolidation.
This has raised the demand for Carrier Ethernet services. However, internally they are still mostly provided with non-Ethernet technologies such as MPLS or SDH, because currently Ethernet lacks the necessary service assurance components. The real challenge in future internetworking is creating a Carrier Ethernet Transport (CET). With CET, any imaginable telecommunication service is delivered with a purely Ethernet based technology. When we have Ethernet in transport networks, it is no more a long stretch to a global, routed end-to-end Ethernet.
This thesis covers management of an intra-domain CET control plane. First, Carrier Ethernet services and technologies currently producing these services are analyzed. Second, requirements imposed to CET and current CET candidates are discussed. Third, network management standards and their alignment to carrier business is studied. After the background has been discussed, a control plane management system developed for the EU 7th framework ETNA project is introduced. The management system is capable of provisioning point-to-point and multipoint services and is controlled via a web-service -based northbound interface. The control plane is able to install the services as forwarding entries in a network processor -driven data plane developed at Ben Gurion University
Monitoring Changes in the Stability of Networks Using Eigenvector Centrality
Monitoring networks for anomalies is a typical duty of network operators. The conventional
monitoring tools available today tend to almost ignore the topological characteristics
of the whole network. This thesis takes a different approach from the conventional
monitoring tools, by employing the principle of Eigenvector Centrality. Traditionally,
this principle is used to analyse vulnerability and social aspects of networks.
The proposed model reveals that topological characteristics of a network can be used
to improve the conventional unreliability predictors, and to give a better indicator
of its potential weaknesses. An effective expected adjacency matrix, k, is introduced in
this work to be used with centrality calculations, and it reflects the factors which affect
the reliability of a network, for e.g. link downtimes, link metrics, packet loss,
etc. Using these calculations, all network backbone routers are assigned values which
correspond to the importance of those routers in comparison to the rest of the network
nodes. Furthermore, to observe how vulnerable each node could be, nodes are
ranked according to the importance values, where the nodes with high ranking values
are more vulnerable. This model is able to analyse temporal stability of the network,
observing and comparing the rate of change in node ranking values and connectivity
caused by the network link failures. The results show that the proposed model is
dynamic, and changes according to the dynamics of the topology of the network, i.e.
upgrading, link failures, etc.Master i nettverks- og systemadministrasjo