SDN Architecture and Southbound APIs for IPv6 Segment Routing Enabled Wide Area Networks

The SRv6 architecture (Segment Routing based on IPv6 data plane) is a promising solution to support services like Traffic Engineering, Service Function Chaining and Virtual Private Networks in IPv6 backbones and datacenters. The SRv6 architecture has interesting scalability properties as it reduces the amount of state information that needs to be configured in the nodes to support the network services. In this paper, we describe the advantages of complementing the SRv6 technology with an SDN based approach in backbone networks. We discuss the architecture of a SRv6 enabled network based on Linux nodes. In addition, we present the design and implementation of the Southbound API between the SDN controller and the SRv6 device. We have defined a data-model and four different implementations of the API, respectively based on gRPC, REST, NETCONF and remote Command Line Interface (CLI). Since it is important to support both the development and testing aspects we have realized an Intent based emulation system to build realistic and reproducible experiments. This collection of tools automate most of the configuration aspects relieving the experimenter from a significant effort. Finally, we have realized an evaluation of some performance aspects of our architecture and of the different variants of the Southbound APIs and we have analyzed the effects of the configuration updates in the SRv6 enabled nodes

Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results

Fixed and mobile telecom operators, enterprise network operators and cloud providers strive to face the challenging demands coming from the evolution of IP networks (e.g. huge bandwidth requirements, integration of billions of devices and millions of services in the cloud). Proposed in the early 2010s, Segment Routing (SR) architecture helps face these challenging demands, and it is currently being adopted and deployed. SR architecture is based on the concept of source routing and has interesting scalability properties, as it dramatically reduces the amount of state information to be configured in the core nodes to support complex services. SR architecture was first implemented with the MPLS dataplane and then, quite recently, with the IPv6 dataplane (SRv6). IPv6 SR architecture (SRv6) has been extended from the simple steering of packets across nodes to a general network programming approach, making it very suitable for use cases such as Service Function Chaining and Network Function Virtualization. In this paper we present a tutorial and a comprehensive survey on SR technology, analyzing standardization efforts, patents, research activities and implementation results. We start with an introduction on the motivations for Segment Routing and an overview of its evolution and standardization. Then, we provide a tutorial on Segment Routing technology, with a focus on the novel SRv6 solution. We discuss the standardization efforts and the patents providing details on the most important documents and mentioning other ongoing activities. We then thoroughly analyze research activities according to a taxonomy. We have identified 8 main categories during our analysis of the current state of play: Monitoring, Traffic Engineering, Failure Recovery, Centrally Controlled Architectures, Path Encoding, Network Programming, Performance Evaluation and Miscellaneous...Comment: SUBMITTED TO IEEE COMMUNICATIONS SURVEYS & TUTORIAL

IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks

Optimization of BGP Convergence and Prefix Security in IP/MPLS Networks

Multi-Protocol Label Switching-based networks are the backbone of the operation of the Internet, that communicates through the use of the Border Gateway Protocol which connects distinct networks, referred to as Autonomous Systems, together. As the technology matures, so does the challenges caused by the extreme growth rate of the Internet. The amount of BGP prefixes required to facilitate such an increase in connectivity introduces multiple new critical issues, such as with the scalability and the security of the aforementioned Border Gateway Protocol. Illustration of an implementation of an IP/MPLS core transmission network is formed through the introduction of the four main pillars of an Autonomous System: Multi-Protocol Label Switching, Border Gateway Protocol, Open Shortest Path First and the Resource Reservation Protocol. The symbiosis of these technologies is used to introduce the practicalities of operating an IP/MPLS-based ISP network with traffic engineering and fault-resilience at heart. The first research objective of this thesis is to determine whether the deployment of a new BGP feature, which is referred to as BGP Prefix Independent Convergence (PIC), within AS16086 would be a worthwhile endeavour. This BGP extension aims to reduce the convergence delay of BGP Prefixes inside of an IP/MPLS Core Transmission Network, thus improving the networks resilience against faults. Simultaneously, the second research objective was to research the available mechanisms considering the protection of BGP Prefixes, such as with the implementation of the Resource Public Key Infrastructure and the Artemis BGP Monitor for proactive and reactive security of BGP prefixes within AS16086. The future prospective deployment of BGPsec is discussed to form an outlook to the future of IP/MPLS network design. As the trust-based nature of BGP as a protocol has become a distinct vulnerability, thus necessitating the use of various technologies to secure the communications between the Autonomous Systems that form the network to end all networks, the Internet

Selected Issues of QoS Provision in Heterogenous Military Networks

Tactical ad-hoc networks are evolving today towards complex heterogeneous networks in terms of architecture, protocols and security. Due to the difference in network resources and reliability, end-to-end quality of service provisioning becomes very challenging. If we also take into account communication issues such as unpredictable connectivity, preferential forwarding for special traffic classes, intermittency due to node or communication link failure, the problem is further aggravated.In this article, we examine the major challenges that must be solved in order to provide efficient QoS provisioning in the heterogeneous network. Finally we describe QoS-aware mechanisms for inter-domain and intra-domain heterogeneous networks, also including real-time services provision in highly mobile environments.

Topics on modelling and simulation of wireless networking protocols

The use of computer simulation to study complex systems has grown significantly over the past several decades. This is especially true with regard to computer networks, where simulation has become a widespread tool used in academic, commercial and military applications. Computer model representations of communication protocol stacks are used to replicate and predict the behavior of real world counterparts to solve a variety of problems.The performance of simulators, measured in both accuracy of results and run time, is a constant concern to simulation users. The running time for high delity simulation of large-scale mobile ad hoc networks can be prohibitively high. The execution time of propagation e ects calculations for a single transmission alone can grow unmanageable to account for all potential receivers. Discrete event simulators can also su er from excessive generation and processing of events, both due to network size and model complexity. In this thesis, three levels of abstracting the Institute of Electrical and Electronics Engineers (IEEE) 802.11 Request to Send/Clear to Send (RTS/CTS) channel access mechanism are presented. In the process of assessing the abstractions' ability to mitigate runtimecost while retaining comparable results to that of a commercially available simulator, OPNET, the abstractions were found to be better suited to collecting one metric over another.Performance issues aside, simulation is an ideal choice for use in prototyping and developing protocols. The costs of simulation are orders of magnitude smaller than that of network testbeds, especially after factoring in the logistics, maintenance, and space required to test live networks. For instance, Internet Protocol version 6 (IPv6) stateless address autocon guration protocols have yet to be convincingly shown to cope with the dynamic, infrastructure-free environment of Mobile Ad hoc Networks (MANETs). This thesis provides a literature survey of autocon guration schemes designed for MANETs, with particular focus on a stateless autocon guration scheme by Jelger andNoel (SECON 2005). The selected scheme provides globally routable IPv6 pre xes to a MANET attached to the Internet via gateways. Using OPNET simulation, the Jelger-Noel scheme is examined with new cluster mobility models, added gateway mobility, and varied network sizes. Performance of the Jelger-Noel scheme, derived from overhead, autocon gura ion time and pre x stability metrics, was found to be highly dependent on network density, and suggested further re nement before deployment.Finally, in cases where a network testbed is used to test protocols, it is still advantageous to run simulations in parallel. While testbeds can help expose design aws due to code or hardware di erences, discrete event simulation environments can o er extensive debugging capabilities andevent control. The two tools provide independent methods of validating the performance of protocols, as well as providing useful feedback on correct protocol implementation and con guration. This thesis presents the Open Shortest Path First (OSPF) routing protocol and its MANET extensions as candidate protocols to test in simulated and emulated MANETs. The measured OSPF overhead from both environments was used as a benchmark to construct equivalent MANET representations and protocol con guration, made particularly challenging due to the wired nature of the emulation testbed. While attempting to duplicate and validate results of a previous OSPF study, limitations of the simulated implementation of OSPF were revealed.M.S., Electrical Engineering -- Drexel University, 200

Routing Protocols in Modern IP Networks

Τα σύγχρονα IP δίκτυα συνεχώς εξελίσσονται και μεγαλώνουν. Ο αυξανόμενος αριθμός των όλο και περισσότερο ο διασυνδεδεμένων "έξυπνων" συσκευών, υποχρεώνει τους μηχανικούς δικτύων να πρέπει να διαχειριστούν ποικίλα δίκτυα με εκατοντάδες ή χιλιάδες διασυνδεμένες συσκευές. Η δρομολόγηση του IP πρωτοκόλλου είναι ο συνδετικός κρίκος μεταξύ όλων αυτών των δικτύων. Σκοπός της παρούσας πτυχιακής εργασίας είναι να αποτελέσει ένα εργαλείο αναφοράς των πρωτόκολλων δρομολόγησης, για σπουδαστές και μηχανικούς, των οποίων κύρια δραστηριότητα είναι η διαχείριση και η εποπτεία τεχνολογιών και πρωτοκόλλων δρομολόγησης σε IP δίκτυα.Modern IP networks are continuously evolving and growing. The fact that more and more devices become “smart” and have the ability to connect to an IP network makes network engineers come across a variety of different network topologies, on a daily basis, interconnecting hundreds or thousands of different subnets. IP routing is the key link between these subnets. The purpose of this thesis is to become a reference tool for students or engineers whose main responsibility is the management or administration of core routing technologies