8 research outputs found

    A survey of Virtual Private LAN Services (VPLS): Past, present and future

    Get PDF
    Virtual Private LAN services (VPLS) is a Layer 2 Virtual Private Network (L2VPN) service that has gained immense popularity due to a number of its features, such as protocol independence, multipoint-to-multipoint mesh connectivity, robust security, low operational cost (in terms of optimal resource utilization), and high scalability. In addition to the traditional VPLS architectures, novel VPLS solutions have been designed leveraging new emerging paradigms, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), to keep up with the increasing demand. These emerging solutions help in enhancing scalability, strengthening security, and optimizing resource utilization. This paper aims to conduct an in-depth survey of various VPLS architectures and highlight different characteristics through insightful comparisons. Moreover, the article discusses numerous technical aspects such as security, scalability, compatibility, tunnel management, operational issues, and complexity, along with the lessons learned. Finally, the paper outlines future research directions related to VPLS. To the best of our knowledge, this paper is the first to furnish a detailed survey of VPLS.University College DublinAcademy of Finlan

    A survey of network virtualization

    Get PDF
    a b s t r a c t Due to the existence of multiple stakeholders with conflicting goals and policies, alterations to the existing Internet architecture are now limited to simple incremental updates; deployment of any new, radically different technology is next to impossible. To fend off this ossification, network virtualization has been propounded as a diversifying attribute of the future inter-networking paradigm. By introducing a plurality of heterogeneous network architectures cohabiting on a shared physical substrate, network virtualization promotes innovations and diversified applications. In this paper, we survey the existing technologies and a wide array of past and state-of-the-art projects on network virtualization followed by a discussion of major challenges in this area

    Performance evaluation of HIP-based network security solutions

    Get PDF
    Abstract. Host Identity Protocol (HIP) is a networking technology that systematically separates the identifier and locator roles of IP addresses and introduces a Host Identity (HI) name space based on a public key security infrastructure. This modification offers a series of benefits such as mobility, multi-homing, end-to-end security, signaling, control/data plane separation, firewall security, e.t.c. Although HIP has not yet been sufficiently applied in mainstream communication networks, industry experts foresee its potential as an integral part of next generation networks. HIP can be used in various HIP-aware applications as well as in traditional IP-address-based applications and networking technologies, taking middle boxes into account. One of such applications is in Virtual Private LAN Service (VPLS), VPLS is a widely used method of providing Ethernet-based Virtual Private Network that supports the connection of geographically separated sites into a single bridged domain over an IP/MPLS network. The popularity of VPLS among commercial and defense organizations underscores the need for robust security features to protect both data and control information. After investigating the different approaches to HIP, a real world testbed is implemented. Two experiment scenarios were evaluated, one is performed on two open source Linux-based HIP implementations (HIPL and OpenHIP) and the other on two sets of enterprise equipment from two different companies (Tempered Networks and Byres Security). To account for a heterogeneous mix of network types, the Open source HIP implementations were evaluated on different network environments, namely Local Area Network (LAN), Wireless LAN (WLAN), and Wide Area Network (WAN). Each scenario is tested and evaluated for performance in terms of throughput, latency, and jitter. The measurement results confirmed the assumption that no single solution is optimal in all considered aspects and scenarios. For instance, in the open source implementations, the performance penalty of security on TCP throughput for WLAN scenario is less in HIPL than in OpenHIP, while for WAN scenario the reverse is the case. A similar outcome is observed for the UDP throughput. However, on latency, HIPL showed lower latency for all three network test scenarios. For the legacy equipment experiment, the penalty of security on TCP throughput is about 19% compared with the non-secure scenario while latency is increased by about 87%. This work therefore provides viable information for researchers and decision makers on the optimal solution to securing their VPNs based on the application scenarios and the potential performance penalties that come with each approach.HIP-pohjaisten tietoliikenneverkkojen turvallisuusratkaisujen suorituskyvyn arviointi. Tiivistelmä. Koneen identiteettiprotokolla (HIP, Host Identity Protocol) on tietoliikenneverkkoteknologia, joka käyttää erillistä kerrosta kuljetusprotokollan ja Internet-protokollan (IP) välissä TCP/IP-protokollapinossa. HIP erottaa systemaattisesti IP-osoitteen verkko- ja laite-osat, sekä käyttää koneen identiteetti (HI) -osaa perustuen julkisen avainnuksen turvallisuusrakenteeseen. Tämän hyötyjä ovat esimerkiksi mobiliteetti, moniliittyminen, päästä päähän (end-to-end) turvallisuus, kontrolli-informaation ja datan erottelu, kohtaaminen, osoitteenmuutos sekä palomuurin turvallisuus. Teollisuudessa HIP-protokolla nähdään osana seuraavan sukupolven tietoliikenneverkkoja, vaikka se ei vielä olekaan yleistynyt laajaan kaupalliseen käyttöön. HIP–protokollaa voidaan käyttää paitsi erilaisissa HIP-tietoisissa, myös perinteisissä IP-osoitteeseen perustuvissa sovelluksissa ja verkkoteknologioissa. Eräs tällainen sovellus on virtuaalinen LAN-erillisverkko (VPLS), joka on laajasti käytössä oleva menetelmä Ethernet-pohjaisen, erillisten yksikköjen ja yhden sillan välistä yhteyttä tukevan, virtuaalisen erillisverkon luomiseen IP/MPLS-verkon yli. VPLS:n yleisyys sekä kaupallisissa- että puolustusorganisaatioissa korostaa vastustuskykyisten turvallisuusominaisuuksien tarpeellisuutta tiedon ja kontrolliinformaation suojauksessa. Tässä työssä tutkitaan aluksi HIP-protokollan erilaisia lähestymistapoja. Teoreettisen tarkastelun jälkeen käytännön testejä suoritetaan itse rakennetulla testipenkillä. Tarkasteltavat skenaariot ovat verrata Linux-pohjaisia avoimen lähdekoodin HIP-implementaatioita (HIPL ja OpenHIP) sekä verrata kahden eri valmistajan laitteita (Tempered Networks ja Byres Security). HIP-implementaatiot arvioidaan eri verkkoympäristöissä, jota ovat LAN, WLAN sekä WAN. Kaikki testatut tapaukset arvioidaan tiedonsiirtonopeuden, sen vaihtelun (jitter) sekä latenssin perusteella. Mittaustulokset osoittavat, että sama ratkaisu ei ole optimaalinen kaikissa tarkastelluissa tapauksissa. Esimerkiksi WLAN-verkkoa käytettäessä turvallisuuden aiheuttama häviö tiedonsiirtonopeudessa on HIPL:n tapauksessa OpenHIP:iä pirnempi, kun taas WAN-verkon tapauksessa tilanne on toisinpäin. Samanlaista käyttäytymistä havaitaan myös UDP-tiedonsiirtonopeudessa. HIPL antaa kuitenkin pienimmän latenssin kaikissa testiskenaarioissa. Eri valmistajien laitteita vertailtaessa huomataan, että TCP-tiedonsiirtonopeus huononee 19 ja latenssi 87 prosenttia verrattuna tapaukseen, jossa turvallisuusratkaisua ei käytetä. Näin ollen tämän työn tuottama tärkeä tieto voi auttaa alan toimijoita optimaalisen verkkoturvallisuusratkaisun löytämisessä VPN-pohjaisiin sovelluksiin

    Comparing Interconnecting Methods for Multiprotocol Label Switched Virtual Private Networks

    Get PDF
    Operaattorit tarjoavat leimakytkentää hyödyntäviä virtuaaliverkkopalveluita asiakkailleen. Lisäksi operaattorit hyödyntävät niitä omien palveluidensa tuottamisessa. Sekä leimakytkentä että sitä hyödyntävät virtuaaliverkkopalvelut on määritelty toimiviksi yhden autonomisen alueen sisällä. Tässä työssä vertaillaan neljää erilaista tapaa liittää virtuaaliverkot toimimaan yli AS-rajojen. Vertailu tehdään tietoturvallisuuden näkökulmasta. Työssä paneudutaan kolmeen eri virtuaaliverkkopalveluun ja siihen, miten näiden toteutustekniikat vaikuttavat yhteenliittämiseen. Vertailu on pyritty tekemään niin, että se on sovellettavissa kaikille palveluille. Kaikilta osilta näin ei ole, sillä palveluiden toteutustavat poikkeavat liikaa toisistaan. Vertailu paljasti, että yhteenliittämistavoilla on erilaisia vahvuuksia tietoturvan suhteen. Yhteenliittämistapaa valitessa operaattorin tulee määritellä, mitä tietoturvauhkia painottaa. Osa tietoturvauhista johtuu laitevalmistajien toteutuksien heikkouksista, mutta osa on standardeille ominaisia. Tietoturvariskit tiedostaen, ja ottamalla huomioon yhteenliittämisen aiheuttamat lisäriskit tietoturvalle, operaattorin on mahdollista tarjota tietoturvallisia leimakytkentäisiä virtuaaliverkkopalveluita, jotka kattavat useamman autonomisen alueen.Telecommunication operators offer Multiprotocol Label Switched Virtual Private Networks to their customers. Also, MPLS VPN technologies can be used for operators' internal purposes, to enable them to offer wider range of services in single infrastructure. Both MPLS and MPLS based VPNs are defined to be used inside single autonomous system, AS. The aim of this thesis is to compare four different interconnection methods for MPLS VPNs in different AS's. The focus is on security. Three different MPLS VPN services are looked into closely. Each service's technology's effect on interconnection is of interest. The comparison tries to incorporate all three services. But, since the services differ from each other, not all criteria concern all services. The comparison revealed that the interconnection methods have different strengths concerning security. When choosing the interconnection method, an operator needs to define what areas of security it finds relevant. A portion of security issues are implementation specific, but some come directly from the standards. When operator is aware of the security issues related to chosen interconnection method, it is safe to offer MPLS VPNs that cover multiple autonomous systems

    Identity Management and Resource Allocation in the Network Virtualization Environment

    Get PDF
    Due to the existence of multiple stakeholders with conflicting goals and policies, alterations to the existing Internet architecture are now limited to simple incremental updates; deployment of any new, radically different technology is next to impossible. To fend off this ossification, network virtualization has been propounded as a diversifying attribute of the future inter-networking paradigm. In this talk, we provide an overview of the network virtualization environment (NVE) and address two basic problems in this emerging field of networking research. The identity management problem is primarily concerned with ensuring interoperability across heterogeneous identifier spaces for locating and identifying end hosts in different virtual networks. We describe the architectural and the functional components of a novel identity management framework (iMark) that enables end-to-end connectivity across heterogeneous virtual networks in the NVE without revoking their autonomy. The virtual network embedding problem deals with the mapping of virtual nodes and links onto physical network resources. We argue that the separation of the node mapping and the link mapping phases in the existing algorithms considerably reduces the solution space and degrades embedding quality. We propose coordinated node and link mapping to devise two algorithms (D-ViNE and R-ViNE) for the online version of the problem under realistic assumptions and compare their performance with the existing heuristics

    MPLS AND ITS APPLICATION

    Get PDF
    Real-time and multimedia applications have grown enormously during the last few years. Such applications require guaranteed bandwidth in a packet switched networks. Moreover, these applications require that the guaranteed bandwidth remains available when a node or a link in the network fails. Multiprotocol Label Switching (MPLS) networks cater to these requirements without compromising scalability. Guaranteed service and protection against failures in an MPLS network requires backup paths to be present in the network. Such backup paths are computed and installed at the same time a primary is provisioned. This thesis explains the single-layer restoration routing by placing primary as well as backup paths in MPLS networks. Our focus will be on computing and establishing backup paths, and bandwidth sharing along such backup paths. We will start by providing a quick overview of MPLS routing. We will identify the elements and quantities that are significant to the understanding of MPLS restoration routing. To this end, we will introduce the information locally stored at MPLS nodes and information propagated through routing protocols, in order to assist in efficient restoration routing. L2VPNs and VPLS will also be covered in the end of this thesis. In the end SDN (software defined networks) will be introduced

    Estudo e implementação de uma infraestrutura de FCAPS na rede da Universidade do Porto

    Get PDF
    A dimensão dos recursos aplicacionais suportados pelas redes de comunicação desencadeia dificuldades de resposta que se traduzem no controlo, administração e monitorização, de modo a proporcionar elevados níveis de disponibilidade e qualidade dos serviços prestados. Assim, nos dias de hoje, torna-se cada vez mais importante reduzir os desafios operacionais, os quais, do ponto de vista da gestão e manutenção de uma rede de dados, compreendem a diminuição do tempo de inatividade desta, pois o contrário resultará em perdas de produtividade. Nesta circunstância, a gestão de rede proficiente e de alto desempenho, caracteriza-se num fator diferenciador crítico para todos os utilizadores de rede.N/
    corecore