Design and implementation of the node identity internetworking architecture

The Internet Protocol (IP) has been proven very flexible, being able to accommodate all kinds of link technologies and supporting a broad range of applications. The basic principles of the original Internet architecture include end-to-end addressing, global routeability and a single namespace of IP addresses that unintentionally serves both as locators and host identifiers. The commercial success and widespread use of the Internet have lead to new requirements, which include internetworking over business boundaries, mobility and multi-homing in an untrusted environment. Our approach to satisfy these new requirements is to introduce a new internetworking layer, the node identity layer. Such a layer runs on top of the different versions of IP, but could also run directly on top of other kinds of network technologies, such as MPLS and 2G/3G PDP contexts. This approach enables connectivity across different communication technologies, supports mobility, multi-homing, and security from ground up. This paper describes the Node Identity Architecture in detail and discusses the experiences from implementing and running a prototype

Utilizing ICN/CCN for service and VM migration support in virtualized LTE systems

One of the most important concepts used in mobile networks, like LTE (Long Term Evolution) is service continuity. A mobile user moving from one network to another network should not lose an on-going service. In cloud-based (virtualized) LTE systems, services are hosted on Virtual Machines (VMs) that can be moved and migrated across multiple networks to such locations where these services can be well delivered to mobile users. The migration of the (1) VMs and (2) the services running on such VMs, should happen in such a way that the disruption of an on-going service is minimized. In this paper we argue that a technology that can efficiently be used for supporting service and VM migration is the ICN/CCN (Information Centric Networking / Content Centric Networking) technology

Design and prototype of a train-to-wayside communication architecture

Telecommunication has become very important in modern society and seems to be almost omnipresent, making daily life easier, more pleasant and connecting people everywhere. It does not only connect people, but also machines, enhancing the efficiency of automated tasks and monitoring automated processes. In this context the IBBT (Interdisciplinary Institute for BroadBand Technology) project TRACK (TRain Applications over an advanced Communication networK), sets the definition and prototyping of an end-to-end train-to-wayside communication architecture as one of the main research goals. The architecture provides networking capabilities for train monitoring, personnel applications and passenger Internet services. In the context of the project a prototype framework was developed to give a complete functioning demonstrator. Every aspect: tunneling and mobility, performance enhancements, and priority and quality of service were taken into consideration. In contrast to other research in this area, which has given mostly high-level overviews, TRACK resulted in a detailed architecture with all different elements present

Heterogeneous Access: Survey and Design Considerations

As voice, multimedia, and data services are converging to IP, there is a need for a new networking architecture to support future innovations and applications. Users are consuming Internet services from multiple devices that have multiple network interfaces such as Wi-Fi, LTE, Bluetooth, and possibly wired LAN. Such diverse network connectivity can be used to increase both reliability and performance by running applications over multiple links, sequentially for seamless user experience, or in parallel for bandwidth and performance enhancements. The existing networking stack, however, offers almost no support for intelligently exploiting such network, device, and location diversity. In this work, we survey recently proposed protocols and architectures that enable heterogeneous networking support. Upon evaluation, we abstract common design patterns and propose a unified networking architecture that makes better use of a heterogeneous dynamic environment, both in terms of networks and devices. The architecture enables mobile nodes to make intelligent decisions about how and when to use each or a combination of networks, based on access policies. With this new architecture, we envision a shift from current applications, which support a single network, location, and device at a time to applications that can support multiple networks, multiple locations, and multiple devices

Design of multi-homing architecture for mobile hosts

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This thesis proposes a new multi-homing mobile architecture for future heterogeneous network environment. First, a new multi-homed mobile architecture called Multi Network Switching enabled Mobile IPv6 (MNS-MIP6) is proposed which enables a Mobile Node (MN) having multiple communication paths between itself and its Correspondent Node (CN) to take full advantage of being multi-homed. Multiple communication paths exist because MN, CN, or both are simultaneously attached to multiple access networks. A new sub layer is introduced within IP layer of the host’s protocol stack. A context is established between the MN and the CN. Through this context, additional IP addresses are exchanged between the two. Our MNS-MIP6 architecture allows one communication to smoothly switch from one interface/communication path to another. This switch remains transparent to other layers above IP. Second, to make communication more reliable in multi-homed mobile environments, a new failure detection and recovery mechanism called Mobile Reach ability Protocol (M-REAP) is designed within the proposed MNS-MIP6 architecture. The analysis shows that our new mechanism makes communication more reliable than the existing failure detection and recovery procedures in multi-homed mobile environments. Third, a new network selection mechanism is introduced in the proposed architecture which enables a multi-homed MN to choose the network best suited for particular application traffic. A Policy Engine is defined which takes parameters from iv the available networks, compares them according to application profiles and user preferences, and chooses the best network. The results show that in multi-homed mobile environment, load can be shared among different networks/interfaces through our proposed load sharing mechanism. Fourth, a seamless handover procedure is introduced in the system which enables multi-homed MN to seamlessly roam in a heterogeneous network environment. Layer 2 triggers are defined which assist in handover process. When Signal to Noise Ratio (SNR) on a currently used active interface becomes low, a switch is made to a different active interface. We show through mathematical and simulation analysis that our proposed scheme outperforms the existing popular handover management enhancement scheme in MIPv6 networks namely Fast Handover for MIPv6 (FMIPv6). Finally, a mechanism is introduced to allow legacy hosts to communicate with MNS-MIP6 MNs and gain the benefits of reliability, load sharing and seamless handover. The mechanism involves introducing middle boxes in CN’s network. These boxes are called Proxy-MNS boxes. Context is established between the middle boxes and a multi-homed MN

Blocking DDoS attacks at the network level

Denial of service (DDoS) is a persistent and continuously growing problem. These attacks are based on methods that flood the victim with messages that it did not request, effectively exhausting its computational or bandwidth resources. The variety of attack approaches is overwhelming and the current defense mechanisms are not completely effective. In today’s internet, a multitude of DDoS attacks occur everyday, some even degrading the availability of critical or governmental services. In this dissertation, we propose a new network level DDoS mitigation protocol that iterates on previous attempts and uses proven mechanisms such as cryptographic challenges and packet-tagging. Our analysis of the previous attempts to solve this problem led to a ground-up design of the protocol with adaptability in mind, trying to minimize deployment and adoption barriers. With this work we concluded that with software changes only on the communication endpoints, it is possible to mitigate the most used DDoS attacks with results up to 25 times more favourable than standard resource rate limiting (RRL) methods

Mobility as a first class function

Seamless host mobility has been a desirable feature for a long time, but was not part of the original design of the Internet architecture or protocols. Current approaches to network-layer mobility typically require additional network-layer entities for mobility management, which add complexity to the current engineering landscape of the Internet. We present a host-based, end-to-end architecture for host mobility using the Identifier-Locator Network Protocol (ILNP). ILNP provides mobility support as a first class function, since mobility management is controlled and managed by the end-systems, and does not require additional network-layer entities. We demonstrate an instance of ILNP that is a superset of IPv6 – called ILNPv6 – that is implemented by extending the current IPv6 code in the Linux kernel. We make a direct comparison of performance of ILNPv6 and Mobile IPv6, showing the improved performance of ILNPv6.Postprin

Extending the Internet of Things to the future Internet through IPv6 Support

Emerging Internet of Things (IoT)/Machine-to-Machine (M2M) systems require a transparent access to information and services through a seamless integration into the Future Internet. This integration exploits infrastructure and services found on the Internet by the IoT. On the one hand, the so-called Web of Things aims for direct Web connectivity by pushing its technology down to devices and smart things. On the other hand, the current and Future Internet offer stable, scalable, extensive, and tested protocols for node and service discovery, mobility, security, and auto-configuration, which are also required for the IoT. In order to integrate the IoT into the Internet, this work adapts, extends, and bridges using IPv6 the existing IoT building blocks (such as solutions from IEEE 802.15.4, BT-LE, RFID) while maintaining backwards compatibility with legacy networked embedded systems from building and industrial automation. Specifically, this work presents an extended Internet stack with a set of adaptation layers from non-IP towards the IPv6-based network layer in order to enable homogeneous access for applications and services

Secure mobility at multiple granularity levels over heterogeneous datacom networks

The goal of this thesis is to define a set of changes to the TCP/IP stack that allow connections between legacy applications to be sustained in a contemporary heterogeneous datacom environment embodying multiple granularities of mobility. In particular, the thesis presents a number of solutions for flow mobility, local mobility, network mobility, and address family agility that is mobility between different IP versions. The presented mobility solutions are based on the so-called identifier-locator split approach. Due to the split, the mobile and multi-homed hosts that employ the presented solution are able to simultaneously communicate via multiple access networks, even supporting different IP versions and link layer technologies. In addition to the mobility solutions, the thesis also defines a set of weak and strong security mechanisms. They are used to protect the mobility protocols from redirection, Denial-of-Service (DoS), and privacy related attacks. The defined security mechanisms are tightly bound to the presented mobility architecture, providing alternative ways to optimize mobility management signalling. The focus is on minimizing end-to-end signalling latency, optimizing the amount of signalling and optimizing packet forwarding paths. In addition, the architecture provides identity and location privacy for hosts. The presented work defines one specific kind of engineering balance between the security, privacy, and efficient mobility signalling requirements. This thesis indicates that the added security, indirection, backwards compatibility, and inter-operable mobility solutions can overcome several of the current TCP/IP restrictions. The presented mobility architecture also provides a migration path from the existing Internet architecture to a new cryptographic-identifier-based architecture