Teleprotection signalling over an IP/MPLS network

Protection of electricity networks have developed to incorporate communications, referred to as protection signalling. Due to the evolution of the electricity supply system, there are many developments pending within the scope of protection signalling and protection engineering in general. This project investigates the use of current and emerging communications technologies (i.e. packetised networks) being applied and incorporated into current protection signalling schemes and technologies. The purpose of the project is to provide a more cost-effective solution to protection schemes running obsolescent hardware. While the medium-term goal of the industry is to move entirely to IEC 61850 communications, legacy teleprotection relays using non-IP communications will still exist for many years to come. For companies to be ready for an IEC 61850 rollout a fully deployed IP/MPLS network will be necessary and it can be seen that various companies worldwide are readying themselves in this way. However, in the short-term for these companies, this means maintaining their existing TDM network (which runs current teleprotection schemes) and IP/MPLS network. This is a costly business outcome that can be minimised with the migration of services from and decommissioning of TDM networks. Network channel testing was the primary testing focus of the project. The testing proved that teleprotection traffic with correct QoS markings assured the system met latency and stability requirements. Furthermore, MPLS resiliency features (secondary LSPs & Fast-reroute) were tested and proved automatic path failover was possible under fault conditions at sub-30ms speeds

Performance evaluation of HIP-based network security solutions

Abstract. Host Identity Protocol (HIP) is a networking technology that systematically separates the identifier and locator roles of IP addresses and introduces a Host Identity (HI) name space based on a public key security infrastructure. This modification offers a series of benefits such as mobility, multi-homing, end-to-end security, signaling, control/data plane separation, firewall security, e.t.c. Although HIP has not yet been sufficiently applied in mainstream communication networks, industry experts foresee its potential as an integral part of next generation networks. HIP can be used in various HIP-aware applications as well as in traditional IP-address-based applications and networking technologies, taking middle boxes into account. One of such applications is in Virtual Private LAN Service (VPLS), VPLS is a widely used method of providing Ethernet-based Virtual Private Network that supports the connection of geographically separated sites into a single bridged domain over an IP/MPLS network. The popularity of VPLS among commercial and defense organizations underscores the need for robust security features to protect both data and control information. After investigating the different approaches to HIP, a real world testbed is implemented. Two experiment scenarios were evaluated, one is performed on two open source Linux-based HIP implementations (HIPL and OpenHIP) and the other on two sets of enterprise equipment from two different companies (Tempered Networks and Byres Security). To account for a heterogeneous mix of network types, the Open source HIP implementations were evaluated on different network environments, namely Local Area Network (LAN), Wireless LAN (WLAN), and Wide Area Network (WAN). Each scenario is tested and evaluated for performance in terms of throughput, latency, and jitter. The measurement results confirmed the assumption that no single solution is optimal in all considered aspects and scenarios. For instance, in the open source implementations, the performance penalty of security on TCP throughput for WLAN scenario is less in HIPL than in OpenHIP, while for WAN scenario the reverse is the case. A similar outcome is observed for the UDP throughput. However, on latency, HIPL showed lower latency for all three network test scenarios. For the legacy equipment experiment, the penalty of security on TCP throughput is about 19% compared with the non-secure scenario while latency is increased by about 87%. This work therefore provides viable information for researchers and decision makers on the optimal solution to securing their VPNs based on the application scenarios and the potential performance penalties that come with each approach.HIP-pohjaisten tietoliikenneverkkojen turvallisuusratkaisujen suorituskyvyn arviointi. Tiivistelmä. Koneen identiteettiprotokolla (HIP, Host Identity Protocol) on tietoliikenneverkkoteknologia, joka käyttää erillistä kerrosta kuljetusprotokollan ja Internet-protokollan (IP) välissä TCP/IP-protokollapinossa. HIP erottaa systemaattisesti IP-osoitteen verkko- ja laite-osat, sekä käyttää koneen identiteetti (HI) -osaa perustuen julkisen avainnuksen turvallisuusrakenteeseen. Tämän hyötyjä ovat esimerkiksi mobiliteetti, moniliittyminen, päästä päähän (end-to-end) turvallisuus, kontrolli-informaation ja datan erottelu, kohtaaminen, osoitteenmuutos sekä palomuurin turvallisuus. Teollisuudessa HIP-protokolla nähdään osana seuraavan sukupolven tietoliikenneverkkoja, vaikka se ei vielä olekaan yleistynyt laajaan kaupalliseen käyttöön. HIP–protokollaa voidaan käyttää paitsi erilaisissa HIP-tietoisissa, myös perinteisissä IP-osoitteeseen perustuvissa sovelluksissa ja verkkoteknologioissa. Eräs tällainen sovellus on virtuaalinen LAN-erillisverkko (VPLS), joka on laajasti käytössä oleva menetelmä Ethernet-pohjaisen, erillisten yksikköjen ja yhden sillan välistä yhteyttä tukevan, virtuaalisen erillisverkon luomiseen IP/MPLS-verkon yli. VPLS:n yleisyys sekä kaupallisissa- että puolustusorganisaatioissa korostaa vastustuskykyisten turvallisuusominaisuuksien tarpeellisuutta tiedon ja kontrolliinformaation suojauksessa. Tässä työssä tutkitaan aluksi HIP-protokollan erilaisia lähestymistapoja. Teoreettisen tarkastelun jälkeen käytännön testejä suoritetaan itse rakennetulla testipenkillä. Tarkasteltavat skenaariot ovat verrata Linux-pohjaisia avoimen lähdekoodin HIP-implementaatioita (HIPL ja OpenHIP) sekä verrata kahden eri valmistajan laitteita (Tempered Networks ja Byres Security). HIP-implementaatiot arvioidaan eri verkkoympäristöissä, jota ovat LAN, WLAN sekä WAN. Kaikki testatut tapaukset arvioidaan tiedonsiirtonopeuden, sen vaihtelun (jitter) sekä latenssin perusteella. Mittaustulokset osoittavat, että sama ratkaisu ei ole optimaalinen kaikissa tarkastelluissa tapauksissa. Esimerkiksi WLAN-verkkoa käytettäessä turvallisuuden aiheuttama häviö tiedonsiirtonopeudessa on HIPL:n tapauksessa OpenHIP:iä pirnempi, kun taas WAN-verkon tapauksessa tilanne on toisinpäin. Samanlaista käyttäytymistä havaitaan myös UDP-tiedonsiirtonopeudessa. HIPL antaa kuitenkin pienimmän latenssin kaikissa testiskenaarioissa. Eri valmistajien laitteita vertailtaessa huomataan, että TCP-tiedonsiirtonopeus huononee 19 ja latenssi 87 prosenttia verrattuna tapaukseen, jossa turvallisuusratkaisua ei käytetä. Näin ollen tämän työn tuottama tärkeä tieto voi auttaa alan toimijoita optimaalisen verkkoturvallisuusratkaisun löytämisessä VPN-pohjaisiin sovelluksiin

On the resource abstraction, partitioning and composition for virtual GMPLS-controlled multi-layer optical networks

Virtual optical networking supports the dynamic provisioning of dedicated networks over the same network infrastructure, which has received a lot of attention by network providers. The stringent network requirements (e.g., Quality of Service -QoS-, Service Level Agreement -SLA-, dynamicity) of the emerging high bandwidth and dynamic applications such as high-definition video streaming (e.g., telepresence, television, remote surgery, etc.), and cloud computing (e.g., real-time data backup, remote desktop, etc.) can be supported by the deployment of dynamic infrastructure services to build ad-hoc Virtual Optical Networks (VON), which is known as Infrastructure as a Service (IaaS). Future Internet should support two separate entities: infrastructure providers (who manage the physical infrastructure) and service providers (who deploy network protocols and offer end-to-end services). Thus, network service providers shall request, on a per-need basis, a dedicated and application-specific VON and have full control over it. Optical network virtualization technologies allow the partitioning/composition of the network infrastructure (i.e., physical optical nodes and links) into independent virtual resources, adopting the same functionality as the physical resource. The composition of these virtual resources (i.e., virtual optical nodes and links) allows the deployment of multiple VONs. A VON must be composed of not only a virtual transport plane but also of a virtual control plane, with the purpose of providing the required independent and full control functionalities (i.e., automated connection provisioning and recovery (protection/restauration), traffic engineering (e.g., QoS, SLA), etc.). This PhD Thesis focuses on optical network virtualization, with three main objectives. The first objective consists on the design, implementation and evaluation of an architecture and the necessary protocols and interfaces for the virtualization of a Generalized Multi-Protocol Label Switching (GMPLS) controlled Wavelength Switched Optical Network (WSON) and the introduction of a resource broker for dynamic virtual GMPLS-controlled WSON infrastructure services, whose task is to dynamically deploy VONs from service provider requests. The introduction of a resource broker implies the need for virtual resource management and allocation algorithms for optimal usage of the shared physical infrastructure. Also, the deployment of independent virtual GMPLS control plane on top of each VON shall be performed by the resource broker. This objective also includes the introduction of optical network virtualization for Elastic Optical Networks (EON). The second objective is to design, implement and experimentally evaluate a system architecture for deploying virtual GMPLS-controlled Multi-Protocol Label Switching Transport Profile (MPLS-TP) networks over a shared WSON. With this purpose, this PhD Thesis also focuses on the design and development of MPLS-TP nodes which are deployed on the WSON of the ADRENALINE Testbed at CTTC premises. Finally, the third objective is the composition of multiple virtual optical networks with heterogeneous control domains (e.g., GMPLS, OpenFlow). A multi-domain resource broker has been designed, implemented and evaluated.La gestió de xarxes òptiques virtuals permet la provisió dinàmica de xarxes dedicades a sobre la mateixa infraestructura de xarxa i ha cridat molt l’atenció als proveïdors de xarxes. Els requisits de xarxa (per exemple la qualitat de servei, els acords de nivell de servei o la dinamicitat) són cada cop més astringents per a les aplicacions emergents d'elevat ample de banda i dinàmiques, que inclouen per exemple la reproducció en temps real de vídeo d'alta definició (telepresència, televisió, telemedicina) i serveis d’informàtica en núvol (còpies de seguretat en temps real, escriptori remot). Aquests requisits poden ser assolits a través del desplegament de serveis de infraestructura dinàmics per construir xarxes òptiques virtuals (VON, en anglès), fet que és conegut com a infraestructura com a servei (IaaS). La internet del futur hauria de suportar dos entitats diferenciades: els proveïdors d'infraestructures (responsables de gestionar la infraestructura física), i els proveïdors de serveis (responsables dels protocols de xarxa i d'oferir els serveis finals). D'aquesta forma els proveïdors de serveis podrien sol•licitar i gestionar en funció de les necessitats xarxes òptiques virtuals dedicades i específiques per les aplicacions. Les tecnologies de virtualització de xarxes òptiques virtuals permeten la partició i composició de infraestructura de xarxa (nodes i enllaços òptics) en recursos virtuals independents que adopten les mateixes funcionalitats que els recursos físics. La composició d'aquests recursos virtuals (nodes i enllaços òptics virtuals) permet el desplegament de múltiples VONs. Una VON no sols està composada per un pla de transport virtual, sinó també per un pla de control virtual, amb l'objectiu d'incorporar les funcionalitats necessàries a la VON (provisió de connexions automàtiques i recuperació (protecció/restauració), enginyeria de tràfic, etc.). Aquesta tesis es centra en la virtualització de xarxes òptiques amb tres objectius principals. El primer objectiu consisteix en el disseny, implementació i avaluació de l'arquitectura i els protocols i interfícies necessaris per la virtualització de xarxes encaminades a través de la longitud d'ona i controlades per GMPLS. També inclou la introducció d'un gestor de recursos per desplegar xarxes òptiques virtuals de forma dinàmica. La introducció d'aquest gestor de recursos implica la necessitat d'una gestió dels recursos virtuals i d’algoritmes d’assignació de recursos per a la utilització òptima dels recursos físics. A més el gestor de recursos ha de ser capaç del desplegament dels recursos assignats, incloent un pla de control GMPLS virtual independent per a cada VON desplegada. Finalment, aquest objectiu inclou la introducció de mecanismes de virtualització per a xarxes elàstiques òptiques (EON, en anglès). El segon objectiu és el disseny, la implementació i l’avaluació experimental d'una arquitectura de sistema per oferir xarxes MPLS-TP virtuals controlades per GMPLS sobre una infraestructura i WSON compartida. Per això, aquesta tesis també es centra en el disseny i desenvolupament d'un node MPLS-TP que ha estat desplegat al demostrador ADRENALINE, al CTTC. Finalment, el tercer objectiu és la composició de múltiples xarxes òptiques virtuals en dominis de control heterogenis (GMPLS i OpenFlow). Un gestor de recursos multi-domini ha estat dissenyat, implementat i avaluat.La gestión de redes ópticas virtuales permite la provisión dinámica de redes dedicadas encima la misma infraestructura de red y ha llamado mucho la atención a los proveedores de redes. Los requisitos de red (por ejemplo la calidad de servicio, los acuerdos de nivel de servicio o la dinamicidad) son cada vez más estringentes para las aplicaciones emergentes de elevado ancho de banda y dinámicas, que incluyen por ejemplo la reproducción en tiempo real de vídeo de alta definición (telepresencia, televisión, telemedicina) y servicios de computación en la nube (copias de seguridad en tiempo real, escritorio remoto). Estos requisitos pueden ser logrados a través del despliegue de servicios de infraestructura dinámicos para construir redes ópticas virtuales (VON, en inglés), hecho que es conocido como infraestructura como servicio (IaaS). La internet del futuro tendrá que soportar dos entidades diferenciadas: los proveedores de infraestructuras (responsables de gestionar la infraestructura física), y los proveedores de servicios (responsables de los protocolos de red y de ofrecer los servicios finales). De esta forma los proveedores de servicios podrán solicitar y gestionar en función de las necesitados redes ópticas virtuales dedicadas y específicas por las aplicaciones. Las tecnologías de virtualización de redes ópticas virtuales permiten la partición y composición de infraestructura de red (nodos y enlaces ópticos) en recursos virtuales independientes que adoptan las mismas funcionalidades que los recursos físicos. La composición de estos recursos virtuales (nodos y enlaces ópticos virtuales) permite el despliegue de múltiples VONs. Una VON no sólo está compuesta por un plan de transporte virtual, sino también por un plan de control virtual, con el objetivo de incorporar las funcionalidades necesarias a la VON (provisión de conexiones automáticas y recuperación (protección/restauración), ingeniería de tráfico, etc.). Esta tesis se centra en la virtualización de redes ópticas con tres objetivos principales. El primer objetivo consiste en el diseño, implementación y evaluación de la arquitectura y los protocolos e interfaces necesarios por la virtualización de redes encaminadas a través de la longitud de ola y controladas por GMPLS. También incluye la introducción de un gestor de recursos para desplegar redes ópticas virtuales de forma dinámica. La introducción de este gestor de recursos implica la necesidad de una gestión de los recursos virtuales y de algoritmos de asignación de recursos para la utilización óptima de los recursos físicos. Además el gestor de recursos tiene que ser capaz del despliegue de los recursos asignados, incluyendo un plan de control GMPLS virtual independiente para cada VON desplegada. Finalmente, este objetivo incluye la introducción de mecanismos de virtualización para redes elásticas ópticas (EON, en inglés). El segundo objetivo es el diseño, la implementación y la evaluación experimental de una arquitectura de sistema para ofrecer redes MPLS-TP virtuales controladas por GMPLS sobre una infraestructura WSON compartida. Por eso, esta tesis también se centra en el diseño y desarrollo de un nodo MPLS-TP que ha sido desplegado al demostrador ADRENALINE, en el CTTC. Finalmente, el tercer objetivo es la composición de múltiples redes ópticas virtuales en dominios de control heterogéneos (GMPLS y OpenFlow). Un gestor de recursos multi-dominio ha sido diseñado, implementado y evaluado

Optimizing total cost of ownership (TCO) for 5G multi-tenant mobile backhaul (MBH) optical transport networks

Legacy network elements are reaching end-of-life and packet-based transport networks are not efficiently optimized. In particular, high density cell architecture in future 5G networks will face big technical and financial challenges due to avalanche of traffic volume and massive growth in connected devices. Raising density and ever-increasing traffic demand within future 5G Heterogeneous Networks (HetNets) will result in huge deployment, expansion and operating costs for upcoming Mobile BackHaul (MBH) networks with flat revenue generation. Thus, the goal of this dissertation is to provide an efficient physical network planning mechanism and an optimized resource engineering tool in order to reduce the Total Cost of Ownership (TCO) and increase the generated revenues. This will help Service Providers (SPs) and Mobile Network Operators (MNOs) to improve their network scalability and maintain positive Project Profit Margins (PPM). In order to meet this goal, three key issues are required to be addressed in our framework and are summarized as follows: i) how to design and migrate to a scalable and reliable MBH network in an optimal cost?, ii) how to control the deployment and activation of the network resources in such MBH based on required traffic demand in an efficient and cost-effective way?, and iii) how to enhance the resource sharing in such network and maximize the profit margins in an efficient way? As part of our contributions to address the first issue highlighted above and to plan the MBH with reduced network TCO and improved scalability, we propose a comprehensive migration plan towards an End-to-End Integrated-Optical-Packet-Network (E2-IOPN) for SP optical transport networks. We review various empirical challenges faced by a real SP during the transformation process towards E2-IOPN as well as the implementation of an as-built plan and a high-level design (HLD) for migrating towards lower cost-per-bit GPON, MPLS-TP, OTN and next-generation DWDM technologies. Then, we propose a longer-term strategy based on SDN and NFV approach that will offer rapid end-to-end service provisioning with costefficient centralized network control. We define CapEx and OpEx cost models and drive a cost comparative study that shows the benefit and financial impact of introducing new low-cost packet-based technologies to carry traffic from legacy and new services. To address the second issue, we first introduce an algorithm based on a stochastic geometry model (Voronoi Tessellation) to more precisely define MBH zones within a geographical area and more accurately calculate required traffic demands and related MBH infrastructure. In order to optimize the deployment and activation of the network resources in the MBH in an efficient and cost-effective way, we propose a novel method called BackHauling-as-a-Service (BHaaS) for network planning and Total Cost of Ownership (TCO) analysis based on required traffic demand and a "You-pay-only-for-what-you-use" approach. Furthermore, we enhance BHaaS performance by introducing a more service-aware method called Traffic-Profile-asa- Service (TPaaS) to further drive down the costs based on yearly activated traffic profiles. Results show that BHaaS and TPaaS may enhance by 22% the project benefit compared to traditional TCO model. Finally, we introduce a new cost (CapEx and OpEx) models for 5G multi-tenant Virtualized MBH (V-MBH) as part of our contribution to address the third issue. In fact, in order to enhance the resource sharing and maximize the network profits, we drive a novel pay-as-yougrow and optimization model for the V-MBH called Virtual-Backhaul-as-a-Service (VBaaS). VBaaS can serve as a planning tool to optimize the Project Profit Margin (PPM) while considering the TCO and the yearly generated Return-on-Investment (ROI). We formulate an MNO Pricing Game (MPG) for TCO optimization to calculate the optimal Pareto-Equilibrium pricing strategy for offered Tenant Service Instances (TSI). Then, we compare CapEx, OpEx, TCO, ROI and PPM for a specific use-case known in the industry as CORD project using Traditional MBH (T-MBH) versus Virtualized MBH (V-MBH) as well as using randomized versus Pareto-Equilibrium pricing strategies. The results of our framework offer SPs and MNOs a more precise estimation of traffic demand, an optimized infrastructure planning and yearly resource deployment as well as an optimized TCO analysis (CapEx and OpEx) with enhanced pricing strategy and generated ROI. Numerical results show more than three times increase in network profitability using our proposed solutions compared with Traditional MBH (T-MBH) methods

Equal cost multipath routing in IP networks

IP verkkojen palveluntarjoajat ja loppukäyttäjät vaativat yhä tehokkaampia ja parempilaatuisia palveluita, mikä vaatii tuotekehittäjiä tarjoamaan hienostuneempia liikennesuunnittelumenetelmiä verkon optimointia ja hallintaa varten. IS-IS ja OSPF ovat standardiratkaisut hoitamaan reititystä pienissä ja keskisuurissa pakettiverkoissa. Monipolkureititys on melko helppo ja yleispätevä tapa parantaa kuorman balansointia ja nopeaa suojausta tällaisissa yhden polun reititykseen keskittyvissä verkoissa. Tämä diplomityö kirjoitettiin aikana, jolloin monipolkureititys toteutettiin Tellabs-nimisen yrityksen 8600-sarjan reitittimiin. Tärkeimpiä kohtia monipolkureitityksen käyttöönotossa ovat lyhyimmän polun algoritmin muokkaukseen ja reititystaulun toimintaan liittyvät muutokset ohjaustasolla sekä kuormanbalansointialgoritmin toteutus reitittimen edelleenkuljetustasolla. Diplomityön tulokset sekä olemassa oleva kirjallisuus osoittavat, että kuormanbalansointialgoritmilla on suurin vaikutus yhtä hyvien polkujen liikenteen jakautumiseen ja että oikean algoritmin valinta on ratkaisevan tärkeää. Hajakoodaukseen perustuvat algoritmit, jotka pitävät suurimman osan liikennevuoista samalla polulla, ovat dominoivia ratkaisuja nykyisin. Tämän algoritmityypin etuna on helppo toteutettavuus ja kohtuullisen hyvä suorituskyky. Liikenne on jakautunut tasaisesti, kunhan liikennevuoiden lukumäärä on riittävän suuri. Monipolkureititys tarjoaa yksinkertaisen ratkaisun, jota on helppo konfiguroida ja ylläpitää. Suorituskyky on parempi kuin yksipolkureititykseen perustuvat ratkaisut ja se haastaa monimutkaisemmat MPLS ratkaisut. Ainoa huolehdittava asia on linkkien painojen asettaminen sillä tavalla, että riittävästi kuormantasauspolkuja syntyy.Increasing efficiency and quality demands of services from IP network service providers and end users drive developers to offer more and more sophisticated traffic engineering methods for network optimization and control. Intermediate System to Intermediate System and Open Shortest Path First are the standard routing solutions for intra-domain networks. An easy upgrade utilizes Equal Cost Multipath (ECMP) that is one of the most general solutions for IP traffic engineering to increase load balancing and fast protection performance of single path interior gateway protocols. This thesis was written during the implementation process of the ECMP feature of Tellabs 8600 series routers. The most important parts in adoption of ECMP are changes to shortest path first algorithm and routing table modification in the control plane and implementation of load balancing algorithm to the forwarding plane of router. The results of the thesis and existing literature prove, that the load balancing algorithm has the largest affect on traffic distribution of equal cost paths and the selection of the correct algorithm is crucial. Hash-based algorithms, that keep the traffic flows in the same path, are the dominating solutions currently. They provide simple implementation and moderate performance. Traffic is distributed evenly, when the number of flows is large enough. ECMP provides a simple solution that is easy to configure and maintain. It outperforms single path solutions and competes with more complex MPLS solutions. The only thing to take care of is the adjustment of link weights of the network in order to create enough load balancing paths