Analysis of Effects of BGP Black Hole Routing on a Network like the NIPRNET

The Department of Defense (DoD) relies heavily on the Non-secure Internet Protocol Router Network (NIPRNET) to exchange information freely between departments, services, bases, posts, and ships. The NIPRNET is vulnerable to various attacks, to include physical and cyber attacks. One of the most frequently used cyber attacks by criminally motivated hackers is a Distributed Denial of Service (DDoS) attack. DDoS attacks can be used to exhaust network bandwidth and router processing capabilities, and as a leveraging tool for extortion. Border Gateway Protocol (BGP) black hole routing is a responsive defensive network technique for mitigating DDoS attacks. BGP black hole routing directs traffic destined to an Internet address under attack to a null address, essentially stopping the DDoS attack by dropping all traffic to the targeted system. This research examines the ability of BGP black hole routing to effectively defend a network like the NIPRNET from a DDoS attack, as well as examining two different techniques for triggering BGP black hole routing during a DDoS attack. This thesis presents experiments with three different DDoS attack scenarios to determine the effectiveness of BGP black hole routing. Remote-triggered black hole routing is then compared against customer-triggered black hole routing to examine how well each technique reacts under a DDoS attack. The results from this study show BGP black hole routing to be highly successful. It also shows that remote-triggered black hole routing is much more effective than customer-triggered

QuLa: service selection and forwarding table population in service-centric networking using real-life topologies

The amount of services located in the network has drastically increased over the last decade which is why more and more datacenters are located at the network edge, closer to the users. In the current Internet it is up to the client to select a destination using a resolution service (Domain Name System, Content Delivery Networks ...). In the last few years, research on Information-Centric Networking (ICN) suggests to put this selection responsibility at the network components; routers find the closest copy of a content object using the content name as input. We extend the principle of ICN to services; service routers forward requests to service instances located in datacenters spread across the network edge. To solve this problem, we first present a service selection algorithm based on both server and network metrics. Next, we describe a method to reduce the state required in service routers while minimizing the performance loss caused by this data reduction. Simulation results based on real-life networks show that we are able to find a near-optimal load distribution with only minimal state required in the service routers

Packet level measurement over wireless access

PhDPerformance Measurement of the IP packet networks mainly comprise of monitoring the network performance in terms of packet losses and delays. If used appropriately, these network parameters (i.e. delay, loss and bandwidth etc) can indicate the performance status of the network and they can be used in fault and performance monitoring, network provisioning, and traffic engineering. Globally, there is a growing need for accurate network measurement to support the commercial use of IP networks. In wireless networks, transmission losses and communication delays strongly affect the performance of the network. Compared to wired networks, wireless networks experience higher levels of data dropouts, and corruption due to issues of channel fading, noise, interference and mobility. Performance monitoring is a vital element in the commercial future of broadband packet networking and the ability to guarantee quality of service in such networks is implicit in Service Level Agreements. Active measurements are performed by injecting probes, and this is widely used to determine the end to end performance. End to end delay in wired networks has been extensively investigated, and in this thesis we report on the accuracy achieved by probing for end to end delay over a wireless scenario. We have compared two probing techniques i.e. Periodic and Poisson probing, and estimated the absolute error for both. The simulations have been performed for single hop and multi- hop wireless networks. In addition to end to end latency, Active measurements have also been performed for packet loss rate. The simulation based analysis has been tried under different traffic scenarios using Poisson Traffic Models. We have sampled the user traffic using Periodic probing at different rates for single hop and multiple hop wireless scenarios. 5 Active probing becomes critical at higher values of load forcing the network to saturation much earlier. We have evaluated the impact of monitoring overheads on the user traffic, and show that even small amount of probing overhead in a wireless medium can cause large degradation in network performance. Although probing at high rate provides a good estimation of delay distribution of user traffic with large variance yet there is a critical tradeoff between the accuracy of measurement and the packet probing overhead. Our results suggest that active probing is highly affected by probe size, rate, pattern, traffic load, and nature of shared medium, available bandwidth and the burstiness of the traffic

A Survey of Clock Synchronization Over Packet-Switched Networks

Clock synchronization is a prerequisite for the realization of emerging applications in various domains such as industrial automation and the intelligent power grid. This paper surveys the standardized protocols and technologies for providing synchronization of devices connected by packet-switched networks. A review of synchronization impairments and the state-of-the-art mechanisms to improve the synchronization accuracy is then presented. Providing microsecond to sub-microsecond synchronization accuracy under the presence of asymmetric delays in a cost-effective manner is a challenging problem, and still an open issue in many application scenarios. Further, security is of significant importance for systems where timing is critical. The security threats and solutions to protect exchanged synchronization messages are also discussed

Alternate marking-based network telemetry for industrial WSNs

For continuous, persistent and problem-free operation of Industrial Wireless Sensor Networks (IWSN), it is critical to have visibility and awareness into what is happening on the network at any one time. Especially, for the use cases with strong needs for deterministic and real-time network services with latency and reliability guarantees, it is vital to monitor network devices continuously to guarantee their functioning, detect and isolate relevant problems and verify if all system requirements are being met simultaneously. In this context, this article investigates a light-weight telemetry solution for IWSNs, which enables the collection of accurate and continuous flowbased telemetry information, while adding no overhead on the monitored packets. The proposed monitoring solution adopts the recent Alternate Marking Performance Monitoring (AMPM) concept and mainly targets measuring end-to-end and hopby-hop reliability and delay performance in critical application flows. Besides, the technical capabilities and characteristics of the proposed solution are evaluated via a real-life implementation and practical experiments, validating its suitability for IWSNs

Towards Internet QoS Provisioning Based on Generic Distributed QoS Adaptive Routing Engine

Increasing efficiency and quality demands of modern Internet technologies drive today’s network engineers to seek to provide quality of service (QoS). Internet QoS provisioning gives rise to several challenging issues. This paper introduces a generic distributed QoS adaptive routing engine (DQARE) architecture based on OSPFxQoS. The innovation of the proposed work in this paper is its undependability on the used QoS architectures and, moreover, splitting of the control strategy from data forwarding mechanisms, so we guarantee a set of absolute stable mechanisms on top of which Internet QoS can be built. DQARE architecture is furnished with three relevant traffic control schemes, namely, service differentiation, QoS routing, and traffic engineering. The main objective of this paper is to (i) provide a general configuration guideline for service differentiation, (ii) formalize the theoretical properties of different QoS routing algorithms and then introduce a QoS routing algorithm (QOPRA) based on dynamic programming technique, and (iii) propose QoS multipath forwarding (QMPF) model for paths diversity exploitation. NS2-based simulations proved the DQARE superiority in terms of delay, packet delivery ratio, throughput, and control overhead. Moreover, extensive simulations are used to compare the proposed QOPRA algorithm and QMPF model with their counterparts in the literature

Modeling and estimation techniques for understanding heterogeneous traffic behavior

The majority of current internet traffic is based on TCP. With the emergence of new applications, especially new multimedia applications, however, UDP-based traffic is expected to increase. Furthermore, multimedia applications have sparkled the development of protocols responding to congestion while behaving differently from TCP. As a result, network traffc is expected to become more and more diverse. The increasing link capacity further stimulates new applications utilizing higher bandwidths of future. Besides the traffic diversity, the network is also evolving around new technologies. These trends in the Internet motivate our research work. In this dissertation, modeling and estimation techniques of heterogeneous traffic at a router are presented. The idea of the presented techniques is that if the observed queue length and packet drop probability do not match the predictions from a model of responsive (TCP) traffic, then the error must come from non-responsive traffic; it can then be used for estimating the proportion of non-responsive traffic. The proposed scheme is based on the queue length history, packet drop history, expected TCP and queue dynamics. The effectiveness of the proposed techniques over a wide range of traffic scenarios is corroborated using NS-2 based simulations. Possible applications based on the estimation technique are discussed. The implementation of the estimation technique in the Linux kernel is presented in order to validate our estimation technique in a realistic network environment