Research of MPLS-based virtual private networks. –Manuscript.

Дипломну роботу магістра присвячено аналізу та проектуванню віртуальних приватних мереж на базі технології MPLS. Зроблено загальний огляд принципів побудови сучасних глобальних мереж зв’язку, що застосовуються для організації VPN-мереж з встановленням та без встановлення з’єднання. Детально досліджено технологію MPLS VPN та її принципи роботи. Здійснено порівняння з іншими VPN-технологіями, встановлено переваги. Спроектовано модель мережі для міжобласного провайдера на базі технології IP/MPLS, яка підтримує віртуальні приватні мережі, а також забезпечує функції якості обслуговування. Здійснено конфігурування спроектованої мережі. Досліджено характеристики роботи побудованої моделі VPN-мережі.Master’s Thesis is dedicated to the analysis and designing of virtual private networks based on MPLS technology. A general overview of principles of modern global communication networks construction were made. They are used for the organization of VPNs with connection establishment and without it. Analysis of MPLS VPN technology and its principles were examined. A comparison with other VPN technology was performed and the benefits were established. An IP/MPLS-based interregional provider’s network model was designed. It supports virtual private networks and provides Quality of Service features. Configuration of designed network was carried out. The characteristics of constructed VPN model were investigated

Deliverable JRA1.1: Evaluation of current network control and management planes for multi-domain network infrastructure

This deliverable includes a compilation and evaluation of available control and management architectures and protocols applicable to a multilayer infrastructure in a multi-domain Virtual Network environment.The scope of this deliverable is mainly focused on the virtualisation of the resources within a network and at processing nodes. The virtualization of the FEDERICA infrastructure allows the provisioning of its available resources to users by means of FEDERICA slices. A slice is seen by the user as a real physical network under his/her domain, however it maps to a logical partition (a virtual instance) of the physical FEDERICA resources. A slice is built to exhibit to the highest degree all the principles applicable to a physical network (isolation, reproducibility, manageability, ...). Currently, there are no standard definitions available for network virtualization or its associated architectures. Therefore, this deliverable proposes the Virtual Network layer architecture and evaluates a set of Management- and Control Planes that can be used for the partitioning and virtualization of the FEDERICA network resources. This evaluation has been performed taking into account an initial set of FEDERICA requirements; a possible extension of the selected tools will be evaluated in future deliverables. The studies described in this deliverable define the virtual architecture of the FEDERICA infrastructure. During this activity, the need has been recognised to establish a new set of basic definitions (taxonomy) for the building blocks that compose the so-called slice, i.e. the virtual network instantiation (which is virtual with regard to the abstracted view made of the building blocks of the FEDERICA infrastructure) and its architectural plane representation. These definitions will be established as a common nomenclature for the FEDERICA project. Other important aspects when defining a new architecture are the user requirements. It is crucial that the resulting architecture fits the demands that users may have. Since this deliverable has been produced at the same time as the contact process with users, made by the project activities related to the Use Case definitions, JRA1 has proposed a set of basic Use Cases to be considered as starting point for its internal studies. When researchers want to experiment with their developments, they need not only network resources on their slices, but also a slice of the processing resources. These processing slice resources are understood as virtual machine instances that users can use to make them behave as software routers or end nodes, on which to download the software protocols or applications they have produced and want to assess in a realistic environment. Hence, this deliverable also studies the APIs of several virtual machine management software products in order to identify which best suits FEDERICA’s needs.Postprint (published version

QUALITY OF SERVICE ARCHITECTURES APPLICABILITY IN AN INTRANET NETWORK

The quality of service (QoS) concept, which appeared initially as a necessity to improve Internet users perception, deals actually with new valences along with information society maturation. At the organisation’s level, the Intranet network shall assure in a similar manner as the Internet all kinds of services, which are useful to the organisation’s users. Starting from the traditional QoS architectural models, network administrators shall plan and design a QoS architecture, which will map on the organisation’s requirements, having at disposal not only own network elements but also communication services provided by other operators. The aim of this paper is to present, starting from the general QoS models, a comparative study of main advantages and drawbacks in implementing a specific Intranet QoS architecture taking into consideration all kind of aspects (material, financial, human resources), which impact on a good Intranet QoS management.QoS, IntServ, DiffServ, IntServ over DiffServ, VPN-MPLS, Intranet network

Аналіз принципів побудови сервісу VPN

Мета роботи - огляд сучасних технологій щодо надання сервісу побудови віртуальних приватних мереж, аналіз технічних рішень технології VPN на прикладі організації приватної віртуальної мережі на основі мережі MPLS. В дипломній роботі проведено аналіз та порівняння існуючих підходів побудови віртуальних приватних мереж. Розглядається принцип формування та класифікація VPN, основні концепції організації віртуальної приватної мережі. Розроблені критерії порівняння та здійснено аналіз та порівняння по розробленим критеріям розглянутих технологій. Приведено приклад організації сервісу VPN для корпоративних клієнтів.The purpose of the work is to provide an overview of modern technologies for the provision of virtual private network services, analysis of technical solutions for VPN technology, for example, for the organization of a private virtual network based on the MPLS network. In a thesis work the analysis and comparison of existing approaches of construction of virtual private networks is carried out. The principle of formation and classification of VPN, the basic concepts of organization of virtual private network is considered. The criteria of comparison have been developed and the analysis and comparison on the developed criteria of the considered technologies has been carried out. An example of a VPN service for corporate clients is provided

A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results

Fixed and mobile telecom operators, enterprise network operators and cloud providers strive to face the challenging demands coming from the evolution of IP networks (e.g. huge bandwidth requirements, integration of billions of devices and millions of services in the cloud). Proposed in the early 2010s, Segment Routing (SR) architecture helps face these challenging demands, and it is currently being adopted and deployed. SR architecture is based on the concept of source routing and has interesting scalability properties, as it dramatically reduces the amount of state information to be configured in the core nodes to support complex services. SR architecture was first implemented with the MPLS dataplane and then, quite recently, with the IPv6 dataplane (SRv6). IPv6 SR architecture (SRv6) has been extended from the simple steering of packets across nodes to a general network programming approach, making it very suitable for use cases such as Service Function Chaining and Network Function Virtualization. In this paper we present a tutorial and a comprehensive survey on SR technology, analyzing standardization efforts, patents, research activities and implementation results. We start with an introduction on the motivations for Segment Routing and an overview of its evolution and standardization. Then, we provide a tutorial on Segment Routing technology, with a focus on the novel SRv6 solution. We discuss the standardization efforts and the patents providing details on the most important documents and mentioning other ongoing activities. We then thoroughly analyze research activities according to a taxonomy. We have identified 8 main categories during our analysis of the current state of play: Monitoring, Traffic Engineering, Failure Recovery, Centrally Controlled Architectures, Path Encoding, Network Programming, Performance Evaluation and Miscellaneous...Comment: SUBMITTED TO IEEE COMMUNICATIONS SURVEYS & TUTORIAL

Multicast traffic aggregation in MPLS-based VPN networks

This article gives an overview of the current practical approaches under study for a scalable implementation of multicast in layer 2 and 3 VPNs over an IP-MPLS multiservice network. These proposals are based on a well-known technique: the aggregation of traffic into shared trees to manage the forwarding state vs. bandwidth saving trade-off. This sort of traffic engineering mechanism requires methods to estimate the resources needed to set up a multicast shared tree for a set of VPNs. The methodology proposed in this article consists of studying the effect of aggregation obtained by random shared tree allocation on a reference model of a representative network scenario.Publicad