A Comprehensive Survey on the Most Important IPv4aaS IPv6 Transition Technologies, their Implementations and Performance Analysis

As the central public IPv4 address pool has already been exhausted, the deployment of IPv6 has become inevitable. However, the users still require IPv4 Internet access due to some IPv4-only applications. The IPv4aaS (IPv4-as-a-Service) IPv6 transition technologies facilitate that ISPs provide IPv4 service to their customers while using only IPv6 in their access and core networks. This paper discusses the widely used IPv4aaS IPv6 transition technologies in ISP/enterprise networks; we explain their operations, advantages, properties and consider their performances. There are currently many IPv6 transition technologies, nevertheless, in this paper, the five most prominent IPv4aaS IPv6 transition technologies are discussed, namely 464XLAT, Dual-Stack Lite, Lightweight 4over6, MAP-E, and MAP-T. Moreover, the deployment and implementations of these technologies are being analysed and inspected. This paper also overviews the benchmarking methodology for IPv6 transition technologies and surveys several papers that investigated metrics and tools utilized in analysing the performance of different IPv6 transition technologies

IPv4 address sharing mechanism classification and tradeoff analysis

The growth of the Internet has made IPv4 addresses a scarce resource. Due to slow IPv6 deployment, IANA-level IPv4 address exhaustion was reached before the world could transition to an IPv6-only Internet. The continuing need for IPv4 reachability will only be supported by IPv4 address sharing. This paper reviews ISP-level address sharing mechanisms, which allow Internet service providers to connect multiple customers who share a single IPv4 address. Some mechanisms come with severe and unpredicted consequences, and all of them come with tradeoffs. We propose a novel classification, which we apply to existing mechanisms such as NAT444 and DS-Lite and proposals such as 4rd, MAP, etc. Our tradeoff analysis reveals insights into many problems including: abuse attribution, performance degradation, address and port usage efficiency, direct intercustomer communication, and availability

Migration cost optimization for service provider legacy network migration to software-defined IPv6 network

This is the peer reviewed version of the following article: Dawadi, BR, Rawat, DB, Joshi, SR, Manzoni, P, Keitsch, MM. Migration cost optimization for service provider legacy network migration to software-defined IPv6 network. Int J Network Mgmt. 2021; 31:e2145, which has been published in final form at https://doi.org/10.1002/nem.2145. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-Archiving.[EN] This paper studies a problem for seamless migration of legacy networks of Internet service providers to a software-defined networking (SDN)-based architecture along with the transition to the full adoption of the Internet protocol version 6 (IPv6) connectivity. Migration of currently running legacy IPv4 networks into such new approaches requires either upgrades or replacement of existing networking devices and technologies that are actively operating. The joint migration to SDN and IPv6 network is considered to be vital in terms of migration cost optimization, skilled human resource management, and other critical factors. In this work, we first present the approaches of SDN and IPv6 migration in service providers' networks. Then, we present the common concerns of IPv6 and SDN migration with joint transition strategies so that the cost associated with joint migration is minimized to lower than that of the individual migration. For the incremental adoption of software-defined IPv6 (SoDIP6) network with optimum migration cost, a greedy algorithm is proposed based on optimal path and the customer priority. Simulation and empirical analysis show that a unified transition planning to SoDIP6 network results in lower migration cost.U.S. National Science Foundation (NSF), Grant/Award Number: CNS 1650831 and HRD 1828811; ERASMUS+ KA107; Nepal Academy of Science and Technology (NAST); Norwegian University of Science and Technology; University Grant Commission (UGC), Nepal, Grant/Award Number: FRG/74_75/Engg-1Dawadi, BR.; Rawat, DB.; Joshi, SR.; Manzoni, P.; Keitsch, MM. (2021). Migration cost optimization for service provider legacy network migration to software-defined IPv6 network. International Journal of Network Management. 31(4):1-24. https://doi.org/10.1002/nem.2145S124314APNIC.IPv6 capability measurement.https://stats.labs.apnic.net/ipv6. Accessed April 22 2020.Google Incl. IPv6 user access status.https://www.google.com/intl/en/ipv6/statistics.html. Accessed February 16 2020.Rawat, D. B., & Reddy, S. R. (2017). Software Defined Networking Architecture, Security and Energy Efficiency: A Survey. IEEE Communications Surveys & Tutorials, 19(1), 325-346. doi:10.1109/comst.2016.2618874Dai, B., Xu, G., Huang, B., Qin, P., & Xu, Y. (2017). Enabling network innovation in data center networks with software defined networking: A survey. Journal of Network and Computer Applications, 94, 33-49. doi:10.1016/j.jnca.2017.07.004Kobayashi, M., Seetharaman, S., Parulkar, G., Appenzeller, G., Little, J., van Reijendam, J., … McKeown, N. (2014). Maturing of OpenFlow and Software-defined Networking through deployments. Computer Networks, 61, 151-175. doi:10.1016/j.bjp.2013.10.011Gumaste, A., Sharma, V., Kakadia, D., Yates, J., Clauberg, A., & Voltolini, M. (2017). SDN Use Cases for Service Provider Networks: Part 2. IEEE Communications Magazine, 55(4), 62-63. doi:10.1109/mcom.2017.7901478Dawadi, B. R., Rawat, D. B., & Joshi, S. R. (2019). Software Defined IPv6 Network: A New Paradigm for Future Networking. Journal of the Institute of Engineering, 15(2), 1-13. doi:10.3126/jie.v15i2.27636Shah, J. L., Bhat, H. F., & Khan, A. I. (2019). Towards IPv6 Migration and Challenges. International Journal of Technology Diffusion, 10(2), 83-96. doi:10.4018/ijtd.2019040105Rojas, E., Doriguzzi-Corin, R., Tamurejo, S., Beato, A., Schwabe, A., Phemius, K., & Guerrero, C. (2018). Are We Ready to Drive Software-Defined Networks? A Comprehensive Survey on Management Tools and Techniques. ACM Computing Surveys, 51(2), 1-35. doi:10.1145/3165290Contreras, L. M., Doolan, P., Lønsethagen, H., & López, D. R. (2015). Operational, organizational and business challenges for network operators in the context of SDN and NFV. Computer Networks, 92, 211-217. doi:10.1016/j.comnet.2015.07.016Amin, R., Reisslein, M., & Shah, N. (2018). Hybrid SDN Networks: A Survey of Existing Approaches. IEEE Communications Surveys & Tutorials, 20(4), 3259-3306. doi:10.1109/comst.2018.2837161Audi Marc Amjad A.The Advancement in Information and Communication Technologies (ICT) and Economic Development: A Panel Analysis. MPRA.https://mpra.ub.uni-muenchen.de/93476/. Published 2019. Accessed November 29 2019.Main, A., Zakaria, N. A., & Yusof, R. (2015). Organisation Readiness Factors Towards IPv6 Migration: Expert Review. Procedia - Social and Behavioral Sciences, 195, 1882-1889. doi:10.1016/j.sbspro.2015.06.427Dawadi, B. R., Rawat, D. B., Joshi, S. R., & Baral, D. S. (2019). Affordable Broadband with Software Defined IPv6 Network for Developing Rural Communities. Applied System Innovation, 3(1), 4. doi:10.3390/asi3010004Nikkhah, M. (2016). Maintaining the progress of IPv6 adoption. Computer Networks, 102, 50-69. doi:10.1016/j.comnet.2016.02.027Dell, P. (2018). On the dual-stacking transition to IPv6: A forlorn hope? Telecommunications Policy, 42(7), 575-581. doi:10.1016/j.telpol.2018.04.005GilliganRE NordmarkE GilliganRE et alBasic Transition Mechanisms for IPv6 Hosts and Routers.2000.Cui, Y., Dong, J., Wu, P., Wu, J., Metz, C., Lee, Y. L., & Durand, A. (2013). Tunnel-Based IPv6 Transition. IEEE Internet Computing, 17(2), 62-68. doi:10.1109/mic.2012.63BlanchetM ParentF.IPv6 Tunnel Broker with the Tunnel Setup Protocol (TSP).2010.HuitemaC.Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs) RFC 4380.2006.CarpenterB MooreK.Connection of IPv6 domains via IPv4 clouds.2001.JungC CarpenterBE.Transmission of IPv6 over IPv4 Domains without Explicit Tunnels.1999.CuiY WuJ LeeY WuP VautrinO.Public IPv4‐over‐IPv6 access Network2013.CuiY SunQ LeeYL TsouT FarrerI BoucadairM.Lightweight 4over6: an extension to the dual‐stack lite Architecture2015.TemplinF GleesonT TalwarM ThalerD.Intra‐Site Automatic Tunnel Addressing Protocol (ISATAP) RFC 5214.2008.DurandA DromsR WoodyattJ LeeY.RFC 6333: Dual‐Stack Lite Broadband Deployments Following IPv4 Exhaustion. IETF Aug.2011.BaoC DecW LiX TroanO MatsushimaS MurakamiT.Mapping of Address and Port with Encapsulation (MAP‐E). IETF Internet Draft.2015.TownsleyW TroanO.IPv6 Rapid Deployment on IPv4 Infrastructures (6rd)‐‐Protocol Specification.2010.ChenM ChenG JiangS LeeY DespresR PennoR.IPv4 Residual Deployment via IPv6‐A Stateless Solution (4rd).2015.WuP CuiY XuM et alPET: Prefixing encapsulation and translation for IPv4‐IPv6 coexistence. In: 2010IEEE Global Telecommunications Conference GLOBECOM2010. 2010:1–5.LiX BaoC ChenM ZhangH WuJ.IVI translation design and deployment for the IPv4/IPv6 coexistence and transition.IETF RFC6219 Internet Eng Task Force Fremont CA.2011.Bagnulo, M., Garcia-Martinez, A., & Van Beijnum, I. (2012). The NAT64/DNS64 tool suite for IPv6 transition. IEEE Communications Magazine, 50(7), 177-183. doi:10.1109/mcom.2012.6231295BagnuloM SullivanA MatthewsP VanBeijnumI.DNS64: DNS extensions for network address translation from IPv6 clients to IPv4 servers RFC 6147.2011.LiuD DengH.NAT46 Considerations.2010.MawatariM KawashimaM ByrneC.464XLAT: Combination of stateful and stateless translation. IETF Internet‐Draft.2013.PerreaultS YamagataI MiyakawaS NakagawaA.Common Requirements for Carrier‐Grade NATs (CGNs) RFC6888.2013.YamaguchiJ ShirasakiY NakagawaA AshidaH.Nat444 addressing models. Req Comments Draft Internet Eng Task Force.2012.ChenG CaoZ XieC BinetD.NAT64 Deployment Options and Experience RFC 7269.2014.LiX BaoC DecW TroanO MatsushimaS MurakamiT.Mapping of Address and Port using Translation (MAP‐T) RFC 7599. IETF Internet Draft.2013.Wu, P., Cui, Y., Wu, J., Liu, J., & Metz, C. (2013). Transition from IPv4 to IPv6: A State-of-the-Art Survey. IEEE Communications Surveys & Tutorials, 15(3), 1407-1424. doi:10.1109/surv.2012.110112.00200Hernandez-Valencia, E., Izzo, S., & Polonsky, B. (2015). How will NFV/SDN transform service provider opex? IEEE Network, 29(3), 60-67. doi:10.1109/mnet.2015.7113227BogineniK et alThe Open Networking Lab (ON.Lab). Introducing ONOS—a SDN network operating system for Service Providers.White Pap.2014;1:14.http://onosproject.org/wp-content/uploads/2014/11/Whitepaper-ONOS-final.pdfTR‐506 O ONF TR‐506.SDN Migration Considerations and Use Cases.2014.https://www.opennetworking.org/wp-content/uploads/2014/10/sb-sdn-migration-use-cases.pdfRisdiantoAC LingTC TsaiP YangC KimJ.Leveraging open‐source software for federated multisite SDN‐cloud playground. In: 2016 IEEE NetSoft Conference and Workshops (NetSoft). ;2016:423‐427.https://doi.org/10.1109/NETSOFT.2016.7502479GalizaH SchwarzM BezerraJ IbarraJ.Moving an ip network to sdn: a global use case deployment experience at amlight. In:Anais Do WPEIF2016Workshop de Pesquisa Experimental Da Internet Do Futuro: 15.LevinD CaniniM SchmidS SchaffertF Feldmann A.Panopticon: Reaping the Benefits of Incremental {SDN} Deployment in Enterprise Networks. In: 2014 {USENIX} Annual Technical Conference ({USENIX}{ATC} 14). ;2014:333–345.Vissicchio, S., Tilmans, O., Vanbever, L., & Rexford, J. (2015). Central Control Over Distributed Routing. ACM SIGCOMM Computer Communication Review, 45(4), 43-56. doi:10.1145/2829988.2787497Huang, X., Cheng, S., Cao, K., Cong, P., Wei, T., & Hu, S. (2019). A Survey of Deployment Solutions and Optimization Strategies for Hybrid SDN Networks. IEEE Communications Surveys & Tutorials, 21(2), 1483-1507. doi:10.1109/comst.2018.2871061Csikor, L., Szalay, M., Retvari, G., Pongracz, G., Pezaros, D. P., & Toka, L. (2020). Transition to SDN is HARMLESS: Hybrid Architecture for Migrating Legacy Ethernet Switches to SDN. IEEE/ACM Transactions on Networking, 28(1), 275-288. doi:10.1109/tnet.2019.2958762Dawadi, B. R., Rawat, D. B., Joshi, S. R., & Manzoni, P. (2020). Legacy Network Integration with SDN-IP Implementation towards a Multi-Domain SoDIP6 Network Environment. Electronics, 9(9), 1454. doi:10.3390/electronics9091454HongDK MaY BanerjeeS MaoZM.Incremental deployment of SDN in hybrid enterprise and ISP networks. In: Proceedings of the Symposium on SDN Research. 2016:1‐7.Karakus, M., & Durresi, A. (2018). Economic Viability of Software Defined Networking (SDN). Computer Networks, 135, 81-95. doi:10.1016/j.comnet.2018.02.015Rizvi, S. N., Raumer, D., Wohlfart, F., & Carle, G. (2015). Towards carrier grade SDNs. Computer Networks, 92, 218-226. doi:10.1016/j.comnet.2015.09.029Sezer, S., Scott-Hayward, S., Chouhan, P., Fraser, B., Lake, D., Finnegan, J., … Rao, N. (2013). Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine, 51(7), 36-43. doi:10.1109/mcom.2013.6553676Raza, M. H., Sivakumar, S. C., Nafarieh, A., & Robertson, B. (2014). A Comparison of Software Defined Network (SDN) Implementation Strategies. Procedia Computer Science, 32, 1050-1055. doi:10.1016/j.procs.2014.05.532Goransson, P., & Black, C. (2014). SDN in the Data Center. Software Defined Networks, 145-167. doi:10.1016/b978-0-12-416675-2.00007-3AT & T.Introducing the “User Defined Network Cloud”.https://about.att.com/newsroom/introducing_the_user_defined_network_cloud.html. Published 2014. Accessed August 12 2018.CsikorL TokaL SzalayM PongráczG PezarosDP RétváriG.HARMLESS: Cost‐effective transitioning to SDN for small enterprises. In: 2018 IFIP Networking Conference (IFIP Networking) and Workshops. ; 2018:1–9.ON.LAB.Driving SDN Adoption in Service Provider Networks.2014.http://onosproject.org/wp-content/uploads/2014/11/Whitepaper-Service-Provider-SDN-final.pdfBabikerH NikolovaI ChittimaneniKKK.Deploying IPv6 in the Google Enterprise Network. Lessons learned. In:LISA'11 Proceedings of the 25th International Conference on Large Installation System Administration 2011:10.ParkHW HwangISLS LeeJR.Study on the sustainable migration to software defined network for nation‐wide R&E network.Proc—201610th Int Conf Innov Mob Internet Serv Ubiquitous Comput IMIS2016.2016:392‐396.https://doi.org/10.1109/IMIS.2016.117CariaM JukanA HoffmannM.A performance study of network migration to SDN‐enabled traffic engineering. In:2013 IEEE Global Communications Conference (GLOBECOM); 2013:1391‐1396.Sandhya, Sinha, Y., & Haribabu, K. (2017). A survey: Hybrid SDN. Journal of Network and Computer Applications, 100, 35-55. doi:10.1016/j.jnca.2017.10.003LENCSE, G., & KADOBAYASHI, Y. (2019). Comprehensive Survey of IPv6 Transition Technologies: A Subjective Classification for Security Analysis. IEICE Transactions on Communications, E102.B(10), 2021-2035. doi:10.1587/transcom.2018ebr0002NIST.Technical and Economic Assessment of Internet Protocol Verson 6 9IPv6.2006.https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=912231NIST.IPv6 Economic Impact Assessment. NY;2005.https://www.nist.gov/system/files/documents/director/planning/report05-2.pdfDasT CariaM JukanA HoffmannM.A Techno‐economic Analysis of Network Migration to Software‐Defined Networking.2013.http://arxiv.org/abs/1310.0216Das, T., Drogon, M., Jukan, A., & Hoffmann, M. (2014). Study of Network Migration to New Technologies Using Agent-Based Modeling Techniques. Journal of Network and Systems Management, 23(4), 920-949. doi:10.1007/s10922-014-9327-3Yuan, T., Huang, X., Ma, M., & Zhang, P. (2017). Migration to software-defined networks: The customers’ view. China Communications, 14(10), 1-11. doi:10.1109/cc.2017.8107628TürkS LiuY RadekeR LehnertR.Network migration optimization using genetic algorithms. In: Meeting of the European Network of Universities and Companies in Information and Communication Engineering. 2012:112–123.Türk, S. (2014). Network migration optimization using meta-heuristics. AEU - International Journal of Electronics and Communications, 68(7), 584-586. doi:10.1016/j.aeue.2014.04.005TürkS RadekeR LehnertR.Network migration using ant colony optimization. In:2010 9th Conference of Telecommunication Media and Internet; 2010:1–6.TurkS LiuH RadekeR LehnertR.Improving network migration optimization utilizing memetic algorithms. In: Global Information Infrastructure Symposium—GIIS 2013. 2013:1‐8.https://doi.org/10.1109/GIIS.2013.6684345ShayaniD Mas MachucaC JagerM GladischA.Cost analysis of the service migration problem between communication platforms. In: NOMS 2008–2008 IEEE Network Operations and Management Symposium. 2008:734‐737.https://doi.org/10.1109/NOMS.2008.4575201Shayani, D., Mas Machuca, C., & Jager, M. (2010). A techno-economic approach to telecommunications: the case of service migration. IEEE Transactions on Network and Service Management, 7(2), 96-106. doi:10.1109/tnsm.2010.06.i8p0297Naudts, B., Kind, M., Verbrugge, S., Colle, D., & Pickavet, M. (2015). How can a mobile service provider reduce costs with software-defined networking? International Journal of Network Management, 26(1), 56-72. doi:10.1002/nem.1919Dawadi, B. R., Rawat, D. B., & Joshi, S. R. (2019). Evolutionary Dynamics of Service Provider Legacy Network Migration to Software Defined IPv6 Network. Advances in Intelligent Systems and Computing, 245-257. doi:10.1007/978-3-030-19861-9_24BezrukVM ChebotarovaD V KaliuzhniyNM QiangG YuZ.Optimization and mathematical modeling of communication networks.Monogr—Open Electron Arch Kharkov Natl Univ Radio Electron.2019.http://openarchive.nure.ua/handle/document/10121Omantek. Open‐AudIT: Device Information Management System.https://www.open-audit.org/about.phpNet. Inventory Advisor.Network Inventory Software.https://www.network-inventory-advisor.com/. Accessed December 3 2019.OCS‐Inventory. OCSING: Open Inventory Next Generation.https://ocsinventory-ng.org/?lang=en. Accessed December 3 2019.Group MW. Migration Use Cases and Methods Migration Working Group Open Networking Foundation Use Cases and Migration Methods 2.www.opennetworking.orgSohn, S. Y., & Kim, Y. (2011). Economic Evaluation Model for International Standardization of Correlated Technologies. IEEE Transactions on Engineering Management, 58(2), 189-198. doi:10.1109/tem.2010.2058853ONF TS‐006.OpenFlow 1.3 Switch Specification.2012.https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-spec-v1.3.0.pdfMahlooM MontiP ChenJ WosinskaL.Cost modeling of backhaul for mobile networks. In: 2014 IEEE International Conference on Communications Workshops (ICC). 2014:397–402.https://doi.org/10.1109/ICCW.2014.6881230DawadiBR RawatDB JoshiSR KeitschMM.Joint cost estimation approach for service provider legacy network migration to unified software defined IPv6 network. In: Proceedings—4th IEEE International Conference on Collaboration and Internet Computing CIC 2018.2018.https://doi.org/10.1109/CIC.2018.00056FengT BiJ.OpenRouteFlow: Enable legacy router as a software‐defined routing service for hybrid SDN. In: 2015 24th International Conference on Computer Communication and Networks (ICCCN).2015:1–8.MachucaCM EberspaecherJ JägerM GladischA.Service migration cost modeling. In: 2007 ITG Symposium on Photonic Networks. ; 2007:1–5.Poularakis, K., Iosifidis, G., Smaragdakis, G., & Tassiulas, L. (2019). Optimizing Gradual SDN Upgrades in ISP Networks. IEEE/ACM Transactions on Networking, 27(1), 288-301. doi:10.1109/tnet.2018.2890248Galán-Jiménez, J. (2017). Legacy IP-upgraded SDN nodes tradeoff in energy-efficient hybrid IP/SDN networks. Computer Communications, 114, 106-123. doi:10.1016/j.comcom.2017.10.010Vizarreta, P., Trivedi, K., Helvik, B., Heegaard, P., Blenk, A., Kellerer, W., & Mas Machuca, C. (2018). Assessing the Maturity of SDN Controllers With Software Reliability Growth Models. IEEE Transactions on Network and Service Management, 15(3), 1090-1104. doi:10.1109/tnsm.2018.2848105Salsano, S., Ventre, P. L., Lombardo, F., Siracusano, G., Gerola, M., Salvadori, E., … Prete, L. (2016). Hybrid IP/SDN Networking: Open Implementation and Experiment Management Tools. IEEE Transactions on Network and Service Management, 13(1), 138-153. doi:10.1109/tnsm.2015.2507622DasT GurusamyM.Resilient Controller Placement in Hybrid SDN/Legacy Networks. In: 2018 IEEE Global Communications Conference (GLOBECOM). 2018:1–7.DasT GurusamyM.INCEPT: INcremental ControllEr PlacemenT in software defined networks. In: 2018 27th International Conference on Computer Communication and Networks (ICCCN). 2018:1–6

Interoperabilidade e mobilidade na internet do futuro

Research on Future Internet has been gaining traction in recent years, with both evolutionary (e.g., Software Defined Networking (SDN)- based architectures) and clean-slate network architectures (e.g., Information Centric Networking (ICN) architectures) being proposed. With each network architectural proposal aiming to provide better solutions for specific Internet utilization requirements, an heterogeneous Future Internet composed by several architectures can be expected, each targeting and optimizing different use case scenarios. Moreover, the increasing number of mobile devices, with increasing capabilities and supporting different connectivity technologies, are changing the patterns of traffic exchanged in the Internet. As such, this thesis focuses on the study of interoperability and mobility in Future Internet architectures, two key requirements that need to be addressed for the widely adoption of these network architectures. The first contribution of this thesis is an interoperability framework that, by enabling resources to be shared among different network architectures, avoids resources to be restricted to a given network architecture and, at the same time, promotes the initial roll out of new network architectures. The second contribution of this thesis consists on the development of enhancements for SDN-based and ICN network architectures through IEEE 802.21 mechanisms to facilitate and optimize the handover procedures on those architectures. The last contribution of this thesis is the definition of an inter-network architecture mobility framework that enables MNs to move across access network supporting different network architectures without losing the reachability to resources being accessed. All the proposed solutions were evaluated with results highlighting the feasibility of such solutions and the impact on the overall communication.A Internet do Futuro tem sido alvo de vários estudos nos últimos anos, com a proposta de arquitecturas de rede seguindo quer abordagens evolutionárias (por exemplo, Redes Definidas por Software (SDN)) quer abordagens disruptivas (por exemplo, Redes Centradas na Informação (ICN)). Cada uma destas arquitecturas de rede visa providenciar melhores soluções relativamente a determinados requisitos de utilização da Internet e, portanto, uma Internet do Futuro heterogénea composta por diversas arquitecturas de rede torna-se uma possibilidade, onde cada uma delas é usada para optimizar diferentes casos de utilização. Para além disso, o aumento do número de dispositivos móveis, com especificações acrescidas e com suporte para diferentes tecnologias de conectividade, está a mudar os padrões do tráfego na Internet. Assim, esta tese foca-se no estudo de aspectos de interoperabilidade e mobilidade em arquitecturas de rede da Internet do Futuro, dois importantes requisitos que necessitam de ser satisfeitos para que a adopção destas arquitecturas de rede seja considerada. A primeira contribuição desta tese é uma solução de interoperabilidade que, uma vez que permite que recursos possam ser partilhados por diferentes arquitecturas de rede, evita que os recursos estejam restringidos a uma determinada arquitectura de rede e, ao mesmo tempo, promove a adopção de novas arquitecturas de rede. A segunda contribuição desta tese consiste no desenvolvimento de extensões para arquitecturas de rede baseadas em SDN ou ICN através dos mecanismos propostos na norma IEEE 802.21 com o objectivo de facilitar e optimizar os processos de mobilidade nessas arquitecturas de rede. Finalmente, a terceira contribuição desta tese é a definição de uma solução de mobilidade envolvendo diferentes arquitecturas de rede que permite a mobilidade de dispositivos móveis entre redes de acesso que suportam diferentes arquitecturas de rede sem que estes percam o acesso aos recursos que estão a ser acedidos. Todas as soluções propostas foram avaliadas com os resultados a demonstrar a viabilidade de cada uma das soluções e o impacto que têm na comunicação.Programa Doutoral em Informátic

Developing an Advanced IPv6 Evasion Attack Detection Framework

Internet Protocol Version 6 (IPv6) is the most recent generation of Internet protocol. The transition from the current Internet Version 4 (IPv4) to IPv6 raised new issues and the most crucial issue is security vulnerabilities. Most vulnerabilities are common between IPv4 and IPv6, e.g. Evasion attack, Distributed Denial of Service (DDOS) and Fragmentation attack. According to the IPv6 RFC (Request for Comment) recommendations, there are potential attacks against various Operating Systems. Discrepancies between the behaviour of several Operating Systems can lead to Intrusion Detection System (IDS) evasion, Firewall evasion, Operating System fingerprint, Network Mapping, DoS/DDoS attack and Remote code execution attack. We investigated some of the security issues on IPv6 by reviewing existing solutions and methods and performed tests on two open source Network Intrusion Detection Systems (NIDSs) which are Snort and Suricata against some of IPv6 evasions and attack methods. The results show that both NIDSs are unable to detect most of the methods that are used to evade detection. This thesis presents a detection framework specifically developed for IPv6 network to detect evasion, insertion and DoS attacks when using IPv6 Extension Headers and Fragmentation. We implemented the proposed theoretical solution into a proposed framework for evaluation tests. To develop the framework, “dpkt” module is employed to capture and decode the packet. During the development phase, a bug on the module used to parse/decode packets has been found and a patch provided for the module to decode the IPv6 packet correctly. The standard unpack function included in the “ip6” section of the “dpkt” package follows extension headers which means following its parsing, one has no access to all the extension headers in their original order. By defining, a new field called all_extension_headers and adding each header to it before it is moved along allows us to have access to all the extension headers while keeping the original parse speed of the framework virtually untouched. The extra memory footprint from this is also negligible as it will be a linear fraction of the size of the whole set of packet. By decoding the packet, extracting data from packet and evaluating the data with user-defined value, the proposed framework is able to detect IPv6 Evasion, Insertion and DoS attacks. The proposed framework consists of four layers. The first layer captures the network traffic and passes it to second layer for packet decoding which is the most important part of the detection process. It is because, if NIDS could not decode and extract the packet content, it would not be able to pass correct information into the Detection Engine process for detection. Once the packet has been decoded by the decoding process, the decoded packet will be sent to the third layer which is the brain of the proposed solution to make a decision by evaluating the information with the defined value to see whether the packet is threatened or not. This layer is called the Detection Engine. Once the packet(s) has been examined by detection processes, the result will be sent to output layer. If the packet matches with a type or signature that system admin chose, it raises an alarm and automatically logs all details of the packet and saves it for system admin for further investigation. We evaluated the proposed framework and its subsequent process via numerous experiments. The results of these conclude that the proposed framework, called NOPO framework, is able to offer better detection in terms of accuracy, with a more accurate packet decoding process, and reduced resources usage compared to both exciting NIDs