Method And Implementation of MPLS Tunnel Selection On Nokia Metro-E Devices

Tunneling is an interconnection solution between local networks separated by remote over a public IP. The current issue does not have proper guidelines for using tunneling techniques. Tunneling selection is generally only based on the beliefs and experience of network management operators or following SOP. The brand of tunneling device is widely used by telecommunication operators in Indonesia (especially P. Java) is Nokia. In this study, implementation, testing and analysis of MPLS techniques on Nokia devices to produce recommendations when to use MPLS tunnels according to network topology appropriately. The software used in this study was FTP, Tfgen and Wireshark. FTP and Tfgen as network traffic generators and Wireshark to record throughput, delay and downtime. Analysis of MPLS on Nokia devices is conducted based on recording results for various traffic engineering scenarios including loadless conditions, and various other conditions in case of network disruption. Mpls research results when without load all went well with an average throughput of 1.08 Mbps and delay of 10 ms. When with load has a stability delay of 10 ms, when when network disruption using ICMP get 1 Request Time Out or 4s. MPLS techniques are used on established networks because it can provide alternative density lines

Multi-Link Failure Effects on MPLS Resilient Fast-Reroute Network Architectures

© 2021 IEEE.MPLS has been in the forefront of high-speed Wide Area Networks (WANs), for almost two decades [1, 12]. The performance advantages in implementing Multi-Protocol Label Switching (MPLS) are mainly its superior speed based on fast label switching and its capability to perform Fast Reroute rapidly when failure(s) occur – in theory under 50 ms [16, 17], which makes MPLS also interesting for real-time applications. We investigate the aforementioned advantages of MPLS by creating two real testbeds using actual routers that commercial Internet Service Providers (ISPs) use, one with a ring and one with a partial mesh architecture. In those two testbeds we compare the performance of MPLS channels versus normal routing, both using the Open Shortest Path First (OSPF) routing protocol. The speed of the Fast Reroute mechanism for MPLS when failures are occurring is investigated. Firstly, baseline experiments are performed consisting of MPLS versus normal routing. Results are evaluated and compared using both single and dual failure scenarios within the two architectures. Our results confirm recovery times within 50 ms

Revealing and Characterizing MPLS Networks

The Internet is a wide network of computers in constant evolution. Each year, more and more organizations are connected to this worldwide network. Each of them has its own structure and administration that are not publicly revealed for economical, political, and security reasons. Consequently, our perception of the Internet structure, and more specifically, its topology, is incomplete. In order to balance this lack of knowledge, the research community relies on network measurements. Most of the time, they are performed based on the well-known tool traceroute. However, in practice, an operator may privilege other technologies than IP to forward packets inside its network. MultiProtocol Label Switching (MPLS) is one them. Even if it is heavily deployed by operators, it has not been really investigated by researchers. Prior to this thesis, only two studies focused on the identification of MPLS tunnels in traceroute data. Moreover, while one of them does not take all possible scenarios into account, the other lack of precision in some of its models. In addition, MPLS tunnels may hide their content to traceroute. Topologies inferred from such data may thus contain false links or nodes with an artificially high degree, leading so to biases in standard graph metrics used to model the network. Even if some researchers already tried to tackle this issue, the revelation of hidden MPLS devices in traceroute data is still an open question. This thesis aims at characterizing MPLS in two different ways. On the one hand, at an architectural level, we will analyze in detail its deployment and use in both IPv4 and IPv6 networks in order to improve its state-of-the-art view. We will show that, in practice, more than one IPv4 trace out of two crosses at least one MPLS tunnel. We will also see that, even if this protocol can simplify the internal architecture of transit networks, it also allows some operators to perform traffic engineering in their domain. On the other hand, MPLS will be studied from a measurement point of view. We will see that routers from different manufacturers may have distinct default behaviors regarding to MPLS, and that these specific behaviors can be exploited to identify MPLS tunnels during traceroute measurements. More precisely, we will focus on new methods able to infer the presence of tunnels that are invisible in traceroute outputs, as well as on mechanisms to reveal their content. We will also show that they can be used in order to improve the inference of Internet graph properties, such as path lengths and node degrees. Finally, these techniques will be integrated into Trace the Naughty Tunnels (TNT), a traceroute extension able to identify all types of MPLS tunnels along a path towards a destination. We will prove that this tool can be used in order to get a detailed quantification of MPLS tunnels in the worldwide network. TNT is publicly available, and can therefore be part of many future studies conducted by the research community.Internet est un immense réseau informatique en constante évolution. Chaque année, de plus en plus d’organisations s’y connectent. Chacune d’elles est gérée et administrée indépendamment des autres. En pratique, l’architecture interne de leur réseau n’est pas rendue publique pour des raisons politiques, économiques, ou de sécurité. Par conséquent, notre perception de la structure d’Internet, et plus particulièrement de sa topologie, est incomplète. Afin de pallier ce manque de connaissance, la communauté de la recherche s’appuie sur des mesures de réseau. La plupart du temps, elles sont réalisées avec l’outil traceroute. Cependant, des technologies autres que IP peuvent être privilégiées pour transférer les paquets dans un réseau. MultiProtocol Label Switching (MPLS) est l’une d’entre elles. Même si cette technologie est largement déployée dans Internet, elle n’est pas bien étudiée par les chercheurs. Avant cette thèse, seulement deux travaux se sont intéressés à l’identification d’MPLS dans les données collectées avec traceroute. Alors que le premier ne prend pas en compte tous les scénarios possibles, le second propose des modèles qui manquent de précision. De plus, les tunnels MPLS peuvent dissimuler leur contenu à traceroute. Les topologies inférées sur base de ces données peuvent donc contenir de faux liens, ou des noeuds avec un degré anormalement élevé. Les différentes modélisations d’Internet qui en résultent peuvent alors être biaisées. Aujourd’hui, la question de la révélation des routeurs MPLS qui sont invisibles dans les données de mesure n’est toujours pas résolue, même si certains chercheurs ont déjà proposé quelques méthodes pour y parvenir. Cette thèse a pour but de caractériser MPLS de deux manières différentes. Dans un premier temps, au niveau architectural, nous analyserons en détail son déploiement et son utilisation dans les réseaux IPv4 et IPv6 afin d’améliorer l’état de l’art. Nous montrerons qu’en pratique, plus d’une trace IPv4 sur deux traverse au moins un tunnel MPLS. Nous découvrirons également que bien que ce protocole peut être utilisé pour simplifier l’architecture interne des réseaux de transit, il peut aussi être déployé pour la mise en place de solutions d’ingénierie de trafic. Dans un second temps, MPLS sera étudié d’un point de vue mesure. Nous verrons que les comportements par défaut liés au protocole varient d’un fabricant de routeur à l’autre, et qu’ils peuvent être exploités afin d’identifier les tunnels MPLS dans les données traceroute. Plus précisément, nous découvrirons de nouvelles méthodes capables d’inférer la présence de tunnels invisibles avec traceroute, ainsi que de nouvelles techniques pour révéler leur contenu. Nous montrerons également qu’elles peuvent être utilisées afin d’améliorer la modélisation d’Internet. Pour terminer, ces techniques seront intégrées à Trace the Naughty Tunnels (TNT), une extension de traceroute qui permet d’identifier tous les types de tunnels MPLS le long du chemin vers une destination. Nous prouverons que cet outil peut être utilisé pour obtenir des statistiques détaillées sur le déploiement d’MPLS sur Internet. TNT est disponible publiquement, et peut donc être librement exploité par la communauté de la recherche pour de multiples futures études

Teleprotection signalling over an IP/MPLS network

Protection of electricity networks have developed to incorporate communications, referred to as protection signalling. Due to the evolution of the electricity supply system, there are many developments pending within the scope of protection signalling and protection engineering in general. This project investigates the use of current and emerging communications technologies (i.e. packetised networks) being applied and incorporated into current protection signalling schemes and technologies. The purpose of the project is to provide a more cost-effective solution to protection schemes running obsolescent hardware. While the medium-term goal of the industry is to move entirely to IEC 61850 communications, legacy teleprotection relays using non-IP communications will still exist for many years to come. For companies to be ready for an IEC 61850 rollout a fully deployed IP/MPLS network will be necessary and it can be seen that various companies worldwide are readying themselves in this way. However, in the short-term for these companies, this means maintaining their existing TDM network (which runs current teleprotection schemes) and IP/MPLS network. This is a costly business outcome that can be minimised with the migration of services from and decommissioning of TDM networks. Network channel testing was the primary testing focus of the project. The testing proved that teleprotection traffic with correct QoS markings assured the system met latency and stability requirements. Furthermore, MPLS resiliency features (secondary LSPs & Fast-reroute) were tested and proved automatic path failover was possible under fault conditions at sub-30ms speeds

Path signalling in a wireless back-haul network integrating unidirectional broadcast technologies

The black-haul infrastructures of today's wireless operators must support the triple-play services demanded by the market or regulatory bodies. To cope with increasing capacity demand, in our previous work, we have developed a cost-effective heterogeneous layer 2.5 wireless back-haul (WiBACK) architecture, which leverages the native multicast capabilities of broadcast technologies such as DVB to off-load high-bandwidth broadcast content delivery. Furthermore, our architecture provides support for unidirectional technologies on the data and the control plane. This adopts a centralized coordinator approach, in which coordinator nodes install so-called management and data pipes. No routing state is kept at plain WiBACK nodes, which merely store QoS-aware pipe forwarding state. Consequently, the architecture requires a reliable protocol to push resource allocation and pipe forwarding state into the network, considering possibly unidirectional connectivity. Such a protocol, whose task is related to MPLS label distribution, is essential during the initial forming of WiBACK topologies and during regular network operations to reliably manage the data pipes. In this paper, we present a novel approach to extend our IEEE 802.21-inspired WiBACK TransportService and, based upon this, the design of an RSVP-TE-style pipe signalling protocol using nested hop-by-hop request/response MIH transactions that supports signalling over unidirectional technologies. A thorough evaluation and successful testbed deployments show that this protocol reliably signals pipe state even under high loss conditions

Concepção e implementação de experiências laboratoriais sobre MPLS

Mestrado em Engenharia Electrónica e TelecomunicaçõesO Multiprotocol Label Switching (MPLS) é um mecanismo de transporte de dados, sob a forma de um protocolo agnóstico, com grande potencial de crescimento e adequação. Opera na “Camada 2.5” do modelo OSI e constitui um mecanismo de alto desempenho utilizado nas redes de núcleo para transportar dados de um nó da rede para outro. O sucesso do MPLS resulta do facto de permitir que a rede transporte todos os tipos de dados, desde tráfego IP a tráfego da camada de ligação de dados, devido ao encapsulamento dos pacotes dos diversos protocolos, permitindo a criação de “links virtuais” entre nós distantes. O MPLS pertence à família das “redes de comutação de pacotes”, sendo os pacotes de dados associados a “etiquetas” que determinam o seu encaminhamento, sem necessidade de examinar o conteúdo dos próprios pacotes. Isto permite a criação de circuitos “extremo-aextremo” através de qualquer tipo de rede de transporte e independentemente do protocolo de encaminhamento que é utilizado. O projecto do MPLS considera múltiplas tecnologias no sentido de prestar um serviço único de transporte de dados, tentando simultaneamente proporcionar capacidades de engenharia de tráfego e controlo “out-of-band”, uma característica muito atraente para uma implementação em grande escala. No fundo, o MPLS é uma forma de consolidar muitas redes IP dentro de uma única rede. Dada a importância desta tecnologia, é urgente desenvolver ferramentas que permitam entender melhor a sua complexidade. O MPLS corre normalmente nas redes de núcleo dos ISPs. No sentido de tornar o seu estudo viável, recorreu-se nesta dissertação à emulação para implementar cenários de complexidade adequada. Existem actualmente boas ferramentas disponíveis que permitem a recriação em laboratório de cenários bastante complicados. Contudo, a exigência computacional da emulação é proporcional à complexidade do projecto em questão, tornando-se rapidamente impossível de realizar numa única máquina. A computação distribuída ou a “Cloud Computing” são actualmente as abordagens mais adequadas e inovadoras apara a resolução deste problema. Esta dissertação tem como objectivo criar algumas experiências em laboratório que evidenciam aspectos relevantes da tecnologia MPLS, usando para esse efeito um emulador computacional, o Dynamips, impulsionado por generosas fontes computacionais disponibilizadas pela Amazon ec2. A utilização destas ferramentas de emulação permite testar cenários de rede e serviços reais em ambiente controlado, efectuando o debugging das suas configurações e optimizando o seu desempenho, antes de os colocar em funcionamento nas redes em operação.The Multiprotocol Label Switching (MPLS) is a highly scalable and agnostic protocol to carry network data. Operating at "Layer 2.5" of the OSI model, MPLS is an highperformance mechanism that is used at the network backbone for conveying data from one network node to the next. The success of MPLS results from the fact that it enables the network to carry all kinds of traffic, ranging from IP to layer 2 traffic, since it encapsulates the packets of the diverse network protocols, allowing the creation of "virtual links" between distant nodes. MPLS belongs to the family of packet switched networks, where labels are assigned to data packets that are forwarded based on decisions that rely only on the label contents, without the need to examine the packets contents. This allows the creation of end-to-end circuits across any type of transport medium, using any protocol. The MPLS design takes multiform transport technologies into account to provide a unified data-carrying service, attempting simultaneously to preserve traffic engineering and out-of-band control, a very attractive characteristic for large-scale deployment. MPLS is the way to consolidate many IP networks into a single one. Due to this obvious potential, it is urgent to develop means and tools to better understand its functioning and complexity. MPLS normally runs at the backbone of Service Providers networks, being deployed across an extensive set of expensive equipment. In order to turn the study of MPLS feasible, emulation was considered as the best solution. Currently, there are very good available tools to recreate, in a lab environment, quite complicated scenarios. However, the computational demand of the emulation is proportional to the complexity of the project, becoming quickly unfeasible in a single machine. Fortunately, distributed computing or Cloud computing are suitable and novel approaches to solve this computation problem. So, this work aims to create some lab experiments that can illustrate/demonstrate relevant aspects of the MPLS technology, using the Dynamips emulator driven by the computational resources that were made available by the Amazon ec2 cloud computing facilities. The utilization of these emulation tools allows testing real networks and service scenarios in a controlled environment, being able to debug their configurations and optimize their performance before deploying them in real operating networks

Targeted Attack through Network Fingerprinting

peer reviewedNowadays, simple tools such as traceroute can be used by attackers to acquire topology knowledge remotely. Worse still, attackers can use a lightweight fingerprinting technique, based on traceroute and ping, to retrieve the routers brand, and use that knowledge to launch targeted attacks. In this paper, we show that the hardware ecosystem of network operators can greatly vary from one to another, with all potential security implications it brings. Indeed, depending on the autonomous system (AS), not all brands play the same role in terms of network connectivity and network usage (MPLS vs. standard traffic). An attacker could find an interest in targeting a specific hardware vendor in a particular AS, if known defects are present in this hardware, and if the AS relies heavily on it for forwarding its traffic

System architecture and hardware implementations for a reconfigurable MPLS router

With extremely wide bandwidth and good channel properties, optical fibers have brought fast and reliable data transmission to today’s data communications. However, to handle heavy traffic flowing through optical physical links, much faster processing speed is required or else congestion can take place at network nodes. Also, to provide people with voice, data and all categories of multimedia services, distinguishing between different data flows is a requirement. To address these router performance, Quality of Service /Class of Service and traffic engineering issues, Multi-Protocol Label Switching (MPLS) was proposed for IP-based Internetworks. In addition, routers flexible in hardware architecture in order to support ever-evolving protocols and services without causing big infrastructure modification or replacement are also desirable. Therefore, reconfigurable hardware implementation of MPLS was proposed in this project to obtain the overall fast processing speed at network nodes. The long-term goal of this project is to develop a reconfigurable MPLS router, which uniquely integrates the best features of operations being conducted in software and in run-time-reconfigurable hardware. The scope of this thesis includes system architecture and service algorithm considerations, Verilog coding and testing for an actual device. The hardware and software co-design technique was used to partition and schedule the protocol code for execution on both a general-purpose processor and stream-based hardware. A novel RPS scheme that is practically easy to build and can realize pipelined packet-by-packet data transfer at each output was proposed to take the place of the traditional crossbar switching. In RPS, packets with variable lengths can be switched intelligently without performing packet segmentation and reassembly. Primary theoretical analysis of queuing issues was discussed and an improved multiple queue service scheduling policy UD-WRR was proposed, which can reduce packet-waiting time without sacrificing the performance. In order to have the tests carried out appropriately, dedicated circuitry for the MPLS functional block to interface a specific MAC chip was implemented as well. The hardware designs for all functions were realized with a single Field Programmable Gate Array (FPGA) device in this project. The main result presented in this thesis was the MPLS function implementation realizing a major part of layer three routing at the reconfigurable hardware level, which advanced a great step towards the goal of building a router that is both fast and flexible