Internet Accounting

This article provides an introduction to Internet accounting and discusses the status of related work within the IETF and IRTF, as well as certain research projects. Internet accounting is different from accounting in POTS. To understand Internet accounting, it is important to answer questions like "what is being paid for" and "who is being paid". With respect to the question "what is being paid for" a distinction can be made between transport accounting and content accounting. Transport accounting is interesting since techniques like DiffServ enable the provision of different quality of service classes; each class will be charged differently to avoid all users selecting the same top-level class. The interest in content accounting finds its roots in the fast growth of commercial offerings over the Internet; examples of such offerings include remote video and software distribution. The question "who is being paid" has two possible answers: the network provider or the owner of the content. The case in which the network provider issues the bill is called provider-based accounting. Since this case will become more and more important, this article introduces a new architecture for provider-based accounting

Secure Network Access via LDAP

Networks need the ability to be access by secure accounts and users. The goal of this project is to configure and expand on LDAP configurations with considerations for AAA via TACACS+ and Radius for network equipment. This will provide adequate security for any given network in terms of access and prevent lose of access to devices which happens all to often with locally configured accounts on devices

Eri valmistajien tietoverkkokytkimien yhteensopivuus Savonia-ammattikorkeakoulun verkossa

Opinnäytetyön tavoitteena oli testata ja arvioida toisen tason Dell Networking N2048P -kytkimen yhteensopivuutta ja toimivuutta Savonia-ammattikorkeakoulun tietoverkossa. Kytkintä arvioitiin tutustumalla kytkimen teknisiin ominaisuuksiin ja yhteensopivuuteen Ciscon Inc:n valmistamien tietoverkkolaitteiden kanssa, joista Savonian-ammattikorkeakoulun tietoverkko koostuu. Työn avulla selvitettiin, tulisiko Savonian-ammattikorkeakoulun käyttää Dell N2048P -tietoverkkokytkimiä tietoverkossaan. Opinnäytetyössä keskityttiin tietoverkkokytkimiin ja niiden ominaisuuksiin. Tietoverkkokytkimet jakautuivat toisen tason ja kolmannen tason kytkimiin. Opinnäytetyössä tutustuttiin muutamiin kytkimien käyttämiin standardeihin, joita ovat VLAN, Trunking, Spanning-Tree, EtherChannel ja DHCP. Kytkimien pinottavuus ja PoE-porttien ominaisuudet olivat tärkeitä teknisiä ominaisuuksia. Dell ja Cisco -tietoverkkokytkimien välillä testattiin kytkimien yhteensopivuutta testaavia kytkentöjä, kuten VLAN, Trunking, Spanning-Tree, EtherChannel ja DHCP -kytkentöjä. Kytkentöjä tuloksia tarkastelemalla arvioitiin kytkimen yhteensopivuutta Savonia-ammattikorkeakoulun tietoverkkoon. Kytkentöjä testattiin kytkemällä Dell N2048P -kytkin Savonia-ammattikorkeakoulun Cisco-laboratoriossa käytettäviin tietoverkkokytkimiin. Opinnäytetyö oli onnistunut ja testatusta kytkimestä saaduilla tuloksilla pystyttiin arvioimaan kytkimen toimivuutta Savonia-ammattikorkeakoulun tietoverkossa. Kytkennät olivat onnistuneita ja Dell N2048P -kytkintä pystyttiin käyttämään yhdessä Ciscon tietoverkkolaitteiden kanssa, mutta pinottavuudessa laitteiden välillä olevien yhteensopivuusongelmien vuoksi Dell N2048P -kytkintä ei voida käyttää tehokkaasti tietoverkossa. Mittaustulosten mukaan Dell N2048P ei ole kannattava investointi Savonia-ammattikorkeakoululle.The aim of the thesis was to test and create an estimate of the compatibility and functionality of Dell Networking N2048P Layer 2 switches in Savonia University of Applied Sciences network. A review was conducted of the tech-nical characteristics and compatibility with Cisco Inc manufactured network devices, which are used in the Savonia University of Applied Sciences network. The thesis was done to estimate if Savonia University of Applied Sciences should use Dell N2048P network switches on their network. The thesis focused on the network switches and their features. The data network switches are divided into layer 2 and Layer 3 switches. Few standards of the switches were inspected in the thesis, such as VLAN, Trunking, Span-ning-Tree, Etherchannel and DHCP. Stacking of the switches and PoE-port capabilities were important technical fea-tures. The compatibility of switches between Dell and Cisco Networking switches was tested using configurations, such as VLAN, Trunking, Spanning-Tree, Etherchannel and DHCP. The review of the compatibility in the Savonia University of Applied Sciences network was created by surveying the configurations between devices. Configurations were carried out by connecting the Dell N2048P switch with the network devices used in the Savonia University of Applied Sciences Cisco laboratory. The thesis was successful and the results of the tested switch were used to create a summary of the switch. Con-nections were successful and the Dell N2048P switch could be used with the Cisco network device, but due to com-patibility issues with stacking between devices, the Dell N2048P switch cannot be used effectively in the network. The result of the summary is that Dell N2048P is not a worthwhile investment for the Savonia University of Applied Sciences

Major: Electronics and Communication Engineering

Today, information technology is strategically important to the goals and aspirations of the business enterprises, government and high-level education institutions – university. Universities are facing new challenges with the emerging global economy characterized by the importance of providing faster communication services and improving the productivity and effectiveness of individuals. New challenges such as provides an information network that supports the demands and diversification of university issues. A new network architecture, which is a set of design principles for build a network, is one of the pillar bases. It is the cornerstone that enables the university’s faculty, researchers, students, administrators, and staff to discover, learn, reach out, and serve society. This thesis focuses on the network architecture definitions and fundamental components. Three most important characteristics of high-quality architecture are that: it’s open network architecture; it’s service-oriented characteristics and is an IP network based on packets. There are four important components in the architecture, which are: Services and Network Management, Network Control, Core Switching and Edge Access. The theoretical contribution of this study is a reference model Architecture of University Campus Network that can be followed or adapted to build a robust yet flexible network that respond next generation requirements. The results found are relevant to provide an important complete reference guide to the process of building campus network which nowadays play a very important role. Respectively, the research gives university networks a structured modular model that is reliable, robust and can easily grow

Guía práctica para la administración de redes de computadoras

En este trabajo se tratan algunos de los métodos con los que los administradores de redes pueden llevar a cabo de manera eficiente su labor. También se proporciona información de como defender las redes de los principales ataques de seguridad existentes. Para esto se empieza estudiando el departamento de sistemas en su totalidad, es decir, se describen los cargos, la forma de estructurar un buen departamento de sistemas y los perfiles que deben tener sus miembros. Esto se realiza con la intención de proporcionar al lector una idea del perfil de las personas que rodean al administrador de red para que con base a esto se conozca las fortalezas y capacidades que debe tener un buen administrador de red. Después se describe una metodología de administración de redes, empezando por su definición, y luego detallando todos los componentes que tienen que ver con la administración de redes: protocolos, aplicaciones de gestión, conceptos de seguridad y herramientas de control que verifican la integridad de los sistemas basados en Unix y en Windows. Por último se facilitan dos prácticas de laboratorio que ayudan a asimilar de una mejor manera los temas tratados en el documento. La primera trata sobre el protocolo SNMP, en ella se incluyen configuraciones, detalles técnicos y mecanismos de gestión en una topología de red que contiene routers Cisco. La segunda es una implementación RADIUS y TACACS+, los cuales son unos protocolos que proveen seguridad en los equipos de red Cisco. Entre las razones que motivaron la elaboración de este documento está que un buen porcentaje de los administradores de redes, no tienen respaldado de manera correcta y eficiente de sus sistemas. Dando con ello entrada para que usuarios con un mínimo de experiencia, o un aprendiz de hacker pueda vulnerar su sistema. Además en la actualidad son pocos los administradores que hacen un uso correcto de los programas de gestión de redes que existen, bien sea por falta de presupuesto, negligencia o carencia de información sobre su uso. Por último solo queda por esperar que este trabajo sea de gran ayuda, tanto a la comunidad académica de la Universidad Tecnológica de Bolívar como a cualquier otra persona que necesite de un trabajo de investigación que trate sobre la administración de redes de computadoras

A Model for User Based IP Traffic Accounting

Nowadays, accounting, charging and billing users' network resource consumption are commonly used for the purpose of facilitating reasonable network usage, controlling congestion, allocating cost, gaining revenue, etc. In traditional IP traffic accounting systems, IP addresses are used to identify the corresponding consumers of the network resources. However, there are some situations in which IP addresses cannot be used to identify users uniquely, for example, in multi-user systems. In these cases, network resource consumption can only be ascribed to the owners of these hosts instead of corresponding real users who have consumed the network resources. Therefore, accurate accountability in these systems is practically impossible. This is a flaw of the traditional IP address based IP traffic accounting technique. This dissertation proposes a user based IP traffic accounting model which can facilitate collecting network resource usage information on the basis of users. With user based IP traffic accounting, IP traffic can be distinguished not only by IP addresses but also by users. In this dissertation, three different schemes, which can achieve the user based IP traffic accounting mechanism, are discussed in detail. The inband scheme utilizes the IP header to convey the user information of the corresponding IP packet. The Accounting Agent residing in the measured host intercepts IP packets passing through it. Then it identifies the users of these IP packets and inserts user information into the IP packets. With this mechanism, a meter located in a key position of the network can intercept the IP packets tagged with user information, extract not only statistic information, but also IP addresses and user information from the IP packets to generate accounting records with user information. The out-of-band scheme is a contrast scheme to the in-band scheme. It also uses an Accounting Agent to intercept IP packets and identify the users of IP traffic. However, the user information is transferred through a separated channel, which is different from the corresponding IP packets' transmission. The Multi-IP scheme provides a different solution for identifying users of IP traffic. It assigns each user in a measured host a unique IP address. Through that, an IP address can be used to identify a user uniquely without ambiguity. This way, traditional IP address based accounting techniques can be applied to achieve the goal of user based IP traffic accounting. In this dissertation, a user based IP traffic accounting prototype system developed according to the out-of-band scheme is also introduced. The application of user based IP traffic accounting model in the distributed computing environment is also discussed.Ein Modell für Nutzerbasiertes IP-Verkehr Accountin

Tietoverkkojen valvonnan yhdenmukaistaminen

As the modern society is increasingly dependant on computer networks especially as the Internet of Things gaining popularity, a need to monitor computer networks along with associated devices increases. Additionally, the amount of cyber attacks is increasing and certain malware such as Mirai target especially network devices. In order to effectively monitor computer networks and devices, effective solutions are required for collecting and storing the information. This thesis designs and implements a novel network monitoring system. The presented system is capable of utilizing state-of-the-art network monitoring protocols and harmonizing the collected information using a common data model. This design allows effective queries and further processing on the collected information. The presented system is evaluated by comparing the system against the requirements imposed on the system, by assessing the amount of harmonized information using several protocols and by assessing the suitability of the chosen data model. Additionally, the protocol overheads of the used network monitoring protocols are evaluated. The presented system was found to fulfil the imposed requirements. Approximately 21% of the information provided by the chosen network monitoring protocols could be harmonized into the chosen data model format. The result is sufficient for effective querying and combining the information, as well as for processing the information further. The result can be improved by extending the data model and improving the information processing. Additionally, the chosen data model was shown to be suitable for the use case presented in this thesis.Yhteiskunnan ollessa jatkuvasti verkottuneempi erityisesti Esineiden Internetin kasvattaessa suosiotaan, tarve seurata sekä verkon että siihen liitettyjen laitteiden tilaa ja mahdollisia poikkeustilanteita kasvaa. Lisäksi tietoverkkohyökkäysten määrä on kasvamassa ja erinäiset haittaohjelmat kuten Mirai, ovat suunnattu erityisesti verkkolaitteita kohtaan. Jotta verkkoa ja sen laitteiden tilaa voidaan seurata, tarvitaan tehokkaita ratkaisuja tiedon keräämiseen sekä säilöntään. Tässä diplomityössä suunnitellaan ja toteutetaan verkonvalvontajärjestelmä, joka mahdollistaa moninaisten verkonvalvontaprotokollien hyödyntämisen tiedonkeräykseen. Lisäksi järjestelmä säilöö kerätyn tiedon käyttäen yhtenäistä tietomallia. Yhtenäisen tietomallin käyttö mahdollistaa tiedon tehokkaan jatkojalostamisen sekä haut tietosisältöihin. Diplomityössä esiteltävän järjestelmän ominaisuuksia arvioidaan tarkastelemalla, minkälaisia osuuksia eri verkonvalvontaprotokollien tarjoamasta informaatiosta voidaan yhdenmukaistaa tietomalliin, onko valittu tietomalli soveltuva verkonvalvontaan sekä varmistetaan esiteltävän järjestelmän täyttävän sille asetetut vaatimukset. Lisäksi työssä arvioidaan käytettävien verkonvalvontaprotokollien siirtämisen kiinteitä kustannuksia kuten otsakkeita. Työssä esitellyn järjestelmän todettiin täyttävän sille asetetut vaatimukset. Eri verkonvalvontaprotokollien tarjoamasta informaatiosta keskimäärin 21% voitiin harmonisoida tietomalliin. Saavutettu osuus on riittävä, jotta eri laitteista saatavaa informaatiota voidaan yhdistellä ja hakea tehokkaasti. Lukemaa voidaan jatkossa parantaa laajentamalla tietomallia sekä kehittämällä kerätyn informaation prosessointia. Lisäksi valittu tietomalli todettiin soveltuvaksi tämän diplomityön käyttötarkoitukseen

PERANCANGAN DAN IMPLEMENTASI MANAJEMEN USER DAN BANDWIDTH DENGAN USER MANAGER PADA MIKROTIK RB-951Ui-2HND ( STUDI KASUS : LABORATORIUM KELAS TEKNIK KOMPUTER DAN JARINGAN SEKOLAH MENENGAH KEJURUAN NEGERI 7 JAKARTA )

Tujuan dari penelitian ini yaitu untuk membuat sistem menejemen user dan bandwidth pada jaringan internet hotspot untuk guru, siswa dan tamu pada laboratorium kelas Teknik Komputer dan Jaringan Sekolah Menengah Kejuruan Negeri 7 Jakarta menggunakan tools User Manager. Menejemen user yang dimaksud adalah pemberian batasan pada kuota download, upload dan jam akses per hari untuk user. Sedangkan menejemen bandwidth yang dimaksud adalah pemberian batasan kecepatan maksimal data download dan upload pada user. Metode penelitian yang digunakan adalah metode Research and Development dengan model pengembangan ADDIE (Analysis, Design, Development, Implementation, dan Evaluation). Proses pengumpulan data dilakukan dengan teknik wawancara untuk mendapatkan data awal penelitian dan kuesioner kepada responden untuk mendapatkan penilaian kelayakan hasil penelitian. Hasil uji sistem pada user didapatkan hasil yang sesuai pada tiap instrumen yang diuji. Hasil ini kemudian dinilai oleh responden guru TKJ dan mendapatkan nilai sangat baik dengan persentase sebesar 93.3%. The purpose of this research is to make the system user and bandwidth management on internet hotspot for teachers, students and guests at a laboratory class of Computer Engineering and Networks Vocational High School 7 Jakarta using the User Manager tools. User management in question is the provision of quota limits on downloads, uploads and time for access in daily to the user. While bandwidth management in question is the provision of maximum speed limit download and upload the data to the user. The method used is the method of Research and Development with the development model ADDIE (Analysis, Design, Development, Implementation, and Evaluation). The process of data collection was done by interview to get the preliminary data research and questionnaire to get the appropriateness from the respondents then analyzed by quantitative descriptive techniques. Test results on the user system obtained the correct result in each instrument being tested. These results are then rated by respondents Computer Engineering and Networks teachers and get a very good grade with a percentage of 93.3%

IP-based virtual private networks and proportional quality of service differentiation

IP-based virtual private networks (VPNs) have the potential of delivering cost-effective, secure, and private network-like services. Having surveyed current enabling techniques, an overall picture of IP VPN implementations is presented. In order to provision the equivalent quality of service (QoS) of legacy connection-oriented layer 2 VPNs (e.g., Frame Relay and ATM), IP VPNs have to overcome the intrinsically best effort characteristics of the Internet. Subsequently, a hierarchical QoS guarantee framework for IP VPNs is proposed, stitching together development progresses from recent research and engineering work. To differentiate IP VPN QoS, the proportional QoS differentiation model, whose QoS specification granularity compromises that of IntServ and Diffserv, emerges as a potential solution. The investigation of its claimed capability of providing the predictable and controllable QoS differentiation is then conducted. With respect to the loss rate differentiation, the packet shortage phenomenon shown in two classical proportional loss rate (PLR) dropping schemes is studied. On the pursuit of a feasible solution, the potential of compromising the system resource, that is, the buffer, is ruled out; instead, an enhanced debt-aware mechanism is suggested to relieve the negative effects of packet shortage. Simulation results show that debt-aware partially curbs the biased loss rate ratios, and improves the queueing delay performance as well. With respect to the delay differentiation, the dynamic behavior of the average delay difference between successive classes is first analyzed, aiming to gain insights of system dynamics. Then, two classical delay differentiation mechanisms, that is,proportional average delay (PAD) and waiting time priority (WTP), are simulated and discussed. Based on observations on their differentiation performances over both short and long time periods, a combined delay differentiation (CDD) scheme is introduced. Simulations are utilized to validate this method. Both loss and delay differentiations are based on a series of differentiation parameters. Though previous work on the selection of delay differentiation parameters has been presented, that of loss differentiation parameters mostly relied on network operators\u27 experience. A quantitative guideline, based on the principles of queueing and optimization, is then proposed to compute loss differentiation parameters. Aside from analysis, the new approach is substantiated by numerical results