Optimization of BGP Convergence and Prefix Security in IP/MPLS Networks

Multi-Protocol Label Switching-based networks are the backbone of the operation of the Internet, that communicates through the use of the Border Gateway Protocol which connects distinct networks, referred to as Autonomous Systems, together. As the technology matures, so does the challenges caused by the extreme growth rate of the Internet. The amount of BGP prefixes required to facilitate such an increase in connectivity introduces multiple new critical issues, such as with the scalability and the security of the aforementioned Border Gateway Protocol. Illustration of an implementation of an IP/MPLS core transmission network is formed through the introduction of the four main pillars of an Autonomous System: Multi-Protocol Label Switching, Border Gateway Protocol, Open Shortest Path First and the Resource Reservation Protocol. The symbiosis of these technologies is used to introduce the practicalities of operating an IP/MPLS-based ISP network with traffic engineering and fault-resilience at heart. The first research objective of this thesis is to determine whether the deployment of a new BGP feature, which is referred to as BGP Prefix Independent Convergence (PIC), within AS16086 would be a worthwhile endeavour. This BGP extension aims to reduce the convergence delay of BGP Prefixes inside of an IP/MPLS Core Transmission Network, thus improving the networks resilience against faults. Simultaneously, the second research objective was to research the available mechanisms considering the protection of BGP Prefixes, such as with the implementation of the Resource Public Key Infrastructure and the Artemis BGP Monitor for proactive and reactive security of BGP prefixes within AS16086. The future prospective deployment of BGPsec is discussed to form an outlook to the future of IP/MPLS network design. As the trust-based nature of BGP as a protocol has become a distinct vulnerability, thus necessitating the use of various technologies to secure the communications between the Autonomous Systems that form the network to end all networks, the Internet

MPLS & QoS in Virtual Environments

The rise of high performance computing has seen a shift of services from locally managed Data Centers, to centralized globally redundant Data Centers (Cloud Computing). The scale of operation and churn required for cloud computing has in turn led to the rise of faster and programmable network pathing, via SDN & NFV. Cloud compute resources are accessible to individual researchers, as well as larger organizations. Cloud computing relies heavily on virtualization and abstraction of resources. The interconnect between these resources is more complex than ever, due to the need to seamlessly move from virtual to physical to hybrid networks and resources. MPLS as a technology is robust and has been used as transport for decades with a good track record. QoS has been available within most protocols to ensure service levels are maintained. The integration of MPLS, QoS and virtual environments is a space of increasing interest. It would allow for the seamless movement of traffic from end to end without the need for specialized hardware or vendor lock-in. In this thesis, the performance gains of IP/MPLS networks utilizing QoS on commercially available virtual environments has been investigated and studied. Latency was captured via round trip time metrics and tabulated for voice, video and data, with QoS and congestion as the primary differentiators. The study discusses the approach taken, the common thinking, and finally analyzes the results of a simulation, in order to show that MPLS & QoS benefits are viable in virtualized environments

Virtual Private Networks Using IPv6 Protocol

Cílem diplomové práce je návrh, realizace a testování technologie VPN v síti založené na protokolu IPv6 v laboratorním prostředí a s využitím směrovačů Huawei a Cisco.V této diplomové práci jsou zastoupeny technologie GRE VPN, IPsec VPN a MPLS L3 VPN. Práce se dále zabývá návrhem, realizací a ověřením funkčnosti těchto technologií v sítích používajících protokol IPv6, ale také zjištěním, jak se liší tato řešení VPN v internetových protokolech různých verzí, konkrétně IPv4 a IPv6The aim of this thesis is to design, implement and test VPN technology in an IPv6-based network in a laboratory environment using Huawei and Cisco routers. GRE VPN, IPsec VPN and MPLS L3 VPN technologies are represented in this thesis. The thesis also looks at the design, implementation and verification of the functionality of these technologies in networks using IPv6, but also to see how these VPN solutions differ in the different internet protocols, namely IPv4 and IPv6.440 - Katedra telekomunikační technikydobř

IPv6 Deployment in a Service Provider's Data Center Network

Tämä diplomityö on tehty toimeksiantona Capgemini Finland Oy:lle (myöh. Capgemini). Sen tavoitteena on ottaa IPv6-protokolla käyttöön Capgeminin konesaliverkossa niin, että se on saavutettavissa Internetistä IPv4-protokollan lisäksi myös IPv6-protokollalla. Työn ensimmäisessä luvussa kerrotaan lyhyesti siitä, mitkä tämän työn taustat ja tavoitteet ovat sekä minkä ongelman ja osaongelmat se ratkaisee. Toisessa luvussa kerrotaan, mitkä IPv4-protokollan ongelmat ovat ja miksi IPv6-protokolla lopulta korvaa sen. Kolmannessa luvussa esitellään IPv6-protokollaa ja sen tukiprotokollia IETF:n (Internet Engineering Task Force) RFC-dokumenttien (Request For Comments) ja kirjallisuuden pohjalta. Neljännessä luvussa perehdytään lyhyesti IPv6-protokollan tietoturvaan IPv6-käyttöönottoon liittyen ja kerrotaan, millaisia IPv6-transitiomekanismeja on olemassa. Viidennessä luvussa näytetään ensin tyypillinen palvelinkeskuksen konesaliverkon verkkotopologia ja esitellään sen jälkeen Capgeminin konesaliverkon rakenne. Kuudennessa luvussa yhdistetään Capgeminin konesaliverkko Internetiin IPv6-protokollalla ja rakennetaan Capeminin laboratorioon IPv6-testiverkko. Luvussa kehitetään myös konsepti, jolla voidaan provisioida IPv6-protokollalla toimiva www-palvelu Capgeminin konesaliverkossa mahdollisimman helposti ja kustannustehokkaasti. Lopuksi seitsemännessä luvussa käydään läpi IPv6-käyttöönoton tulokset, seuraukset ja siinä esiintyneet haasteet sekä tehdään suunnitelma siitä, mitkä ovat seuraavat askeleet IPv6-protokollan laajemmalle käyttöönotolle Capgeminin konesaliverkossa.This Master's thesis was done for Capgemini Finland Oy (later referred to as Capgemini). The objective of the thesis is to deploy the IPv6 protocol in Capgemini's data center network so that it is reachable from the Internet also via IPv6 in addition to IPv4. In the first chapter of the thesis the background and objectives of the thesis in addition to the problem it solves are discussed. In the second chapter the inadequacy of the IPv4 protocol and the reasons why IPv6 will eventually replace it are explained. In the third chapter the IPv6 base protocol and its supporting protocols are presented based on RFC (Request For Comments) documents published by the IETF (Internet Engineering Task Force) and literature. In the fourth chapter IPv6 security with respect to the IPv6 deployment and IPv6 transition mechanisms are introduced. In the fifth chapter, a typical data center network topology is first shown after which the Capgemini data center network is showcased. In the sixth chapter the Capgemini data center network is connected to the Internet via IPv6 and an IPv6 test network is set up in the Capgemini laboratory. A proof of concept to provision an IPv6 web service in the Capgemini data center network with minimal capital and operational expenditure is also developed. Finally, in the seventh chapter the results, consequences and challenges of the IPv6 deployment are reviewed and a plan is made as to what the next steps for a more comprehensive IPv6 deployment in the Capgemini data center network are

Protocols Analysis of CISCO Networks

ABSTRAKT Bc.Karlík, Martin Ústav telekomunikací, Fakulta elektrotechniky a komunikačních technologií, Vysoké učení technické v Brně. Rozbor protokolov CISCO sietí Táto semestrálna práca je venovaná CISCO sieťam a protokolom ako MPLS, BGP, IPv4, IPv6, Multicast – sparse / dense mode. Úlohou bolo preštudovať tieto porotokoly a vo voľne dostupnom simulačnom prostredí GNS3 navrhnúť a realizovať laboratórnu úlohu zo zameraním sa na jeden z vyššie uvedených protokolov. Navrhnutá laboratórna úloha sa venuje protokolu MPLS. V práci je použitý CISCO smerovač 3745.ABSTRACT Bc.Karlík, Martin Department of Telecommunications, Faculty of Electrical Engineering and Communication, Brno University of Technology. Analysis of CISCO networking protocols This semestral thesis is focused on CISCO networks and protocols like MPLS, BGP, Ipv4, Ipv6, Multicast – sprase / dense mode. The task was study of those protocols and design and implement lab excercise with one of those protocols by using free network simulator GNS3. In this excercise is used CISCO router 3745.

Diseño y solución de red para la integración de Centros de Datos

El presente proyecto contempla el diseño de una solución de interconexión de dos centros de procesado de datos (CPDs) con el objetivo de fusionar dos empresas a nivel de red, a las que llamaremos empresa C y empresa G. Se trata de dos entidades bancarias que por motivos políticos y económicos han acordado unirse dando lugar a una sola entidad. Para que esto sea posible las dos empresas, mediante mutuo acuerdo, han contratado a un grupo de ingenieros integradores de redes expertos en el campo y capaces de ofrecer una solución totalmente transparente para el cliente. El integrador ofrece en esta memoria una solución técnica cuyo objetivo es unir los núcleos de la red de forma que los usuarios de una empresa tengan acceso a los recursos y/o servicios de la otra empresa, y viceversa. De esta manera, se logra unir ambas empresas como si fuese una sola. Aprovechando esta solución de red, el integrador resolverá problemas presentes en las dos empresas ofreciendo mejores alternativas para garantizar mayor seguridad, escalabilidad y eficiencia en la red. Paralelamente se aprovecharán mejor los recursos existentes, como el equipamiento y las tecnologías, para el mismo objetivo; ofrecer una solución altamente potente y escalable tanto a corto como a largo plazo. Tanto la definición como la solución de este proyecto han sido ideados por la autora del mismo, no habiéndose basado para ello en ningún escenario real.This project involves the design of a solution for interconnection of two data centers (CPDs) in order to merge the network of the two companies, called company C and company G. Both companies are two financial entities that for political and economic reasons have agreed together resulting in a single entity. To make this merger possible, both companies have hired a group of expert network integrators who are able to provide a fully transparent solution for the customer. The integrator provides in this project a technical solution which aims to unite the Core of the network so that users have access to company resources and / or services of the other company, and vice versa. Thus, it is possible to unite the two companies as if it were a single. Taking advantage of this network solution, the integrator will solve actual problems in both companies offering better alternatives to ensure greater security, scalability and network efficiency. In parallel, existing resources will be taken on advantage, such as equipment and technologies, and all of that for the same purpose; to offer a powerful and highly scalable solution. Both the definition and the solution of this project have been designed by the author himself, without basing herself on any real scenario.Ingeniería Técnica en Sonido e Image

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Journal of Telecommunications and Information Technology, nr 3

kwartalni