IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Affordable Dial-up PPP Internet Connection for School Classroom Local Area Networks

A software package is presented that provides a simple and low cost solution for schools to connect their classroom Local Area Networks (LAN) to Internet and to use Internet services. The main component of the package is NOS4S (NOS for Schools), a DOS program based on JNOS with some substantial extensions necessary for the intended use. Besides acting as an on-demand TCP/IP router over dial-up Public Switched Telephone Network (PSTN) or ISDN lines, the program also serves as a local e-mail (on-demand SMTP / POP3), FTP and WWW server. Although relatively low cost commercial routers for connecting an LAN to Internet can be found on the market, it is generally difficult for schools to afford them due to their limited financial resources. In contrast, the NOS4S solution is essentially free. On the one hand, NOS4S is publicly available and free. On the other hand, because the classroom computers must be periodically replaced with newer ones to be able to run current versions of MS Windows, some older and abandoned computer suitable to run NOS4S can usually be found in a school

Mobile IP: state of the art report

Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area

Managing Access Control in Virtual Private Networks

Virtual Private Network technology allows remote network users to benefit from resources on a private network as if their host machines actually resided on the network. However, each resource on a network may also have its own access control policies, which may be completely unrelated to network access. Thus users� access to a network (even by VPN technology) does not guarantee their access to the sought resources. With the introduction of more complicated access privileges, such as delegated access, it is conceivable for a scenario to arise where a user can access a network remotely (because of direct permissions from the network administrator or by delegated permission) but cannot access any resources on the network. There is, therefore, a need for a network access control mechanism that understands the privileges of each remote network user on one hand, and the access control policies of various network resources on the other hand, and so can aid a remote user in accessing these resources based on the user\u27s privileges. This research presents a software solution in the form of a centralized access control framework called an Access Control Service (ACS), that can grant remote users network presence and simultaneously aid them in accessing various network resources with varying access control policies. At the same time, the ACS provides a centralized framework for administrators to manage access to their resources. The ACS achieves these objectives using VPN technology, network address translation and by proxying various authentication protocols on behalf of remote users

Context transfer support for mobility management in all-IP networks.

This thesis is a description of the research undertaken in the course of the PhD and evolves around a context transfer protocol which aims to complement and support mobility management in next generation mobile networks. Based on the literature review, it was identified that there is more to mobility management than handover management and the successful change of routing paths. Supportive mechanisms like fast handover, candidate access router discovery and context transfer can significantly contribute towards achieving seamless handover which is especially important in the case of real time services. The work focused on context transfer motivated by the fact that it could offer great benefits to session re-establishment during the handover operation of a mobile user and preliminary testbed observations illustrated the need for achieving this. Context transfer aims to minimize the impact of certain transport, routing, security-related services on the handover performance. When a mobile node (MN) moves to a new subnet it needs to continue such services that have already been established at the previous subnet. Examples of such services include AAA profile, IPsec state, header compression, QoS policy etc. Re-establishing these services at the new subnet will require a considerable amount of time for the protocol exchanges and as a result time- sensitive real-time traffic will suffer during this time. By transferring state to the new domain candidate services will be quickly re-established. This would also contribute to the seamless operation of application streams and could reduce susceptibility to errors. Furthermore, re-initiation to and from the mobile node will be avoided hence wireless bandwidth efficiency will be conserved. In this research an extension to mobility protocols was proposed for supporting state forwarding capabilities. The idea of forwarding states was also explored for remotely reconfiguring middleboxes to avoid any interruption of a mobile users' sessions or services. Finally a context transfer module was proposed to facilitate the integration of such a mechanism in next generation architectures. The proposals were evaluated analytically, via simulations or via testbed implementation depending on the scenario investigated. The results demonstrated that the proposed solutions can minimize the impact of security services like authentication, authorization and firewalls on a mobile user's multimedia sessions and thus improving the overall handover performance

IETF standardization in the field of the Internet of Things (IoT): a survey

Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there have been many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. In this paper, we will briefly review the history of integrating constrained devices into the Internet, followed by an extensive overview of IETF standardization work in the 6LoWPAN, ROLL and CoRE working groups. This is complemented with a broad overview of related research results that illustrate how this work can be extended or used to tackle other problems and with a discussion on open issues and challenges. As such the aim of this paper is twofold: apart from giving readers solid insights in IETF standardization work on the Internet of Things, it also aims to encourage readers to further explore the world of Internet-connected objects, pointing to future research opportunities

Wireless backhaul in future cellular communication

Abstract. In 5G technology, huge number of connected devices are needed to be considered where the expected throughput is also very ambitious. Capacity is needed and thus used frequencies are expected to get higher (above 6 GHz even up to 80 GHz), the Cell size getting smaller and number of cells arising significantly. Therefore, it is expected that wireless backhaul will be one option for Network operators to deliver capacity and coverage for high subscriber density areas with reduced cost. Wireless backhaul optimization, performance and scalability will be on the critical path on such cellular system. This master’s thesis work includes connecting a base station by using the wireless backhaul by introducing a VPN in the proposed network. We find the bottleneck and its solution. The network is using 3.5 GHz wireless link instead of LAN wire for backhaul link between the EnodeB and the core network (OpenEPC). LTE TDD band 42 acting as a Wireless Backhaul (Link between EnodeB and Band 42 CPE Router). The status and attachment procedure are observed from different nodes of the openEPC and from the VPN machine. Step by step we have established a tunnel between the CPE device and the VPN server using PPTP and L2TP with IPSec tunneling protocol. The progression towards the final implementation brings in step by step all difficulties and bottlenecks are documented in the study

Performance evaluation of multicast routing on IPv4 and IPv6 networks

Even though the transition from IPv4 to IPv6 has not been realized at the pace that it was anticipated, eventually with the depletion of IPv4 address space and the ever-growing demands of the Internet, the transition is inevitable. In the rapidly evolving world of technology, multimedia applications and voice/video conferencing are fast finding their ways into the Internet and corporate networks. Multicast routing protocols run over unicast routing protocols to provide efficient routing of such applications. This thesis was aimed at understanding how the transition from IPv4 to IPv6 would impact multicast routing. The multicast routing protocol Protocol Independent Multicast-Sparse Mode (PIM-SM) was used over both IPv4 and IPv6 networks and a mixed IPv4-IPv6 network. Parameters such as protocol overheads, throughput and jitter were evaluated in a lab environment using jperf