Optimization of BGP Convergence and Prefix Security in IP/MPLS Networks

Multi-Protocol Label Switching-based networks are the backbone of the operation of the Internet, that communicates through the use of the Border Gateway Protocol which connects distinct networks, referred to as Autonomous Systems, together. As the technology matures, so does the challenges caused by the extreme growth rate of the Internet. The amount of BGP prefixes required to facilitate such an increase in connectivity introduces multiple new critical issues, such as with the scalability and the security of the aforementioned Border Gateway Protocol. Illustration of an implementation of an IP/MPLS core transmission network is formed through the introduction of the four main pillars of an Autonomous System: Multi-Protocol Label Switching, Border Gateway Protocol, Open Shortest Path First and the Resource Reservation Protocol. The symbiosis of these technologies is used to introduce the practicalities of operating an IP/MPLS-based ISP network with traffic engineering and fault-resilience at heart. The first research objective of this thesis is to determine whether the deployment of a new BGP feature, which is referred to as BGP Prefix Independent Convergence (PIC), within AS16086 would be a worthwhile endeavour. This BGP extension aims to reduce the convergence delay of BGP Prefixes inside of an IP/MPLS Core Transmission Network, thus improving the networks resilience against faults. Simultaneously, the second research objective was to research the available mechanisms considering the protection of BGP Prefixes, such as with the implementation of the Resource Public Key Infrastructure and the Artemis BGP Monitor for proactive and reactive security of BGP prefixes within AS16086. The future prospective deployment of BGPsec is discussed to form an outlook to the future of IP/MPLS network design. As the trust-based nature of BGP as a protocol has become a distinct vulnerability, thus necessitating the use of various technologies to secure the communications between the Autonomous Systems that form the network to end all networks, the Internet

Logical topology design for IP rerouting: ASONs versus static OTNs

IP-based backbone networks are gradually moving to a network model consisting of high-speed routers that are flexibly interconnected by a mesh of light paths set up by an optical transport network that consists of wavelength division multiplexing (WDM) links and optical cross-connects. In such a model, the generalized MPLS protocol suite could provide the IP centric control plane component that will be used to deliver rapid and dynamic circuit provisioning of end-to-end optical light paths between the routers. This is called an automatic switched optical (transport) network (ASON). An ASON enables reconfiguration of the logical IP topology by setting up and tearing down light paths. This allows to up- or downgrade link capacities during a router failure to the capacities needed by the new routing of the affected traffic. Such survivability against (single) IP router failures is cost-effective, as capacity to the IP layer can be provided flexibly when necessary. We present and investigate a logical topology optimization problem that minimizes the total amount or cost of the needed resources (interfaces, wavelengths, WDM line-systems, amplifiers, etc.) in both the IP and the optical layer. A novel optimization aspect in this problem is the possibility, as a result of the ASON, to reuse the physical resources (like interface cards and WDM line-systems) over the different network states (the failure-free and all the router failure scenarios). We devised a simple optimization strategy to investigate the cost of the ASON approach and compare it with other schemes that survive single router failures

Measurement Based Reconfigurations in Optical Ring Metro Networks

Single-hop wavelength division multiplexing (WDM) optical ring networks operating in packet mode are one of themost promising architectures for the design of innovative metropolitan network (metro) architectures. They permit a cost-effective design, with a good combination of optical and electronic technologies, while supporting features like restoration and reconfiguration that are essential in any metro scenario. In this article, we address the tunability requirements that lead to an effective resource usage and permit reconfiguration in optical WDM metros.We introduce reconfiguration algorithms that, on the basis of traffic measurements, adapt the network configuration to traffic demands to optimize performance. Using a specific network architecture as a reference case, the paper aims at the broader goal of showing which are the advantages fostered by innovative network designs exploiting the features of optical technologies

Scale-free networks and scalable interdomain routing

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia InformáticaThe exponential growth of the Internet, due to its tremendous success, has brought to light some limitations of the current design at the routing and arquitectural level, such as scalability and convergence as well as the lack of support for traffic engineering, mobility, route differentiation and security. Some of these issues arise from the design of the current architecture, while others are caused by the interdomain routing scheme - BGP. Since it would be quite difficult to add support for the aforementioned issues, both in the interdomain architecture and in the in the routing scheme, various researchers believe that a solution can only achieved via a new architecture and (possibly) a new routing scheme. A new routing strategy has emerged from the studies regarding large-scale networks, which is suitable for a special type of large-scale networks which characteristics are independent of network size: scale-free networks. Using the greedy routing strategy a node routes a message to a given destination using only the information regarding the destination and its neighbours, choosing the one which is closest to the destination. This routing strategy ensures the following remarkable properties: routing state in the order of the number of neighbours; no requirements on nodes to exchange messages in order to perform routing; chosen paths are the shortest ones. This dissertation aims at: studying the aforementioned problems, studying the Internet configuration as a scale-free network, and defining a preliminary path onto the definition of a greedy routing scheme for interdomain routing

Traffic Control in Packet Switched Networks

This thesis examines traffic control options available in two existing routing solutions in packet-switched networks. The first solution is the shortest path hop-by-hop routing deployed with the OSPF or IS-IS routing protocol and the IP forwarding protocol. This is the initially deployed and still the most popular routing solution in the Internet. The second solution is explicit routing implemented with the RSVP-TE or CR-LDP signalling protocol and the MPLS forwarding protocol. This is the latest solution to have become widely deployed in the Internet. The thesis analyses the limitations of the two routing solutions as tools for traffic control and yields new insights that can guide the analysis and design of protocols involved in the process. A set of recommendations for modifications of the existing protocols is provided which would allow for a range of new traffic control approaches to be deployed in packet-switched networks. For future routing solutions which comply with the proposed recommendations two new algorithms are presented in the thesis. They are called the Link Mask Topology (LMT) algorithm, and the Link Cost Topology (LCT) algorithm. The two algorithms define a set of routing topologies and assign network traffic to routes available in these topologies aiming to simultaneously achieve high network throughput and fair resource allocation. While there are similarities in the operation of the two algorithms, their applicability is different as they allocate resources to multiple paths between two network nodes which are available in the defined routing topologies according to a different rule set. The LMT algorithm directs traffic sent between any pair of network nodes to a single route. The LCT algorithm directs traffic sent between a pair of network nodes to a number of routes. The performance of the two proposed algorithms is evaluated in the thesis with calculations comparing them to the shortest path routing algorithm in a number of test cases. The test results demonstrate the potentials of the two proposed algorithms in improving the performance of networks which employ shortest path routing

A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

The geopolitics behind the routes data travels: a case study of Iran

The global expansion of the Internet has brought many challenges to geopolitics. Cyberspace is a space of strategic priority for many states. Understanding and representing its geography remains an ongoing challenge. Nevertheless, we need to comprehend Cyberspace as a space organized by humans to analyse the strategies of the actors. This geography requires a multidisciplinary dialogue associating geopolitics, computer science and mathematics. Cyberspace is represented as three superposed and interacting layers: the physical, logical, and informational layers. This paper focuses on the logical layer through an analysis of the structure of connectivity and the Border Gateway Protocol (BGP). This protocol determines the routes taken by the data. It has been leveraged by countries to control the flow of information, and to block the access to contents (going up to full disruption of the internet) or for active strategic purposes such as hijacking traffic or attacking infrastructures. Several countries have opted for a BGP strategy. The goal of this study is to characterize these strategies, to link them to current architectures and to understand their resilience in times of crisis. Our hypothesis is that there are connections between the network architecture shaped through BGP, and strategy of stakeholders at a national level. We chose to focus on the case of Iran because, Iran presents an interesting BGP architecture and holds a central position in the connectivity of the Middle East. Moreover, Iran is at the center of several ongoing geopolitical rifts. Our observations make it possible to infer three ways in which Iran could have used BGP to achieve its strategic goals: the pursuit of a self-sustaining national Internet with controlled borders; the will to set up an Iranian Intranet to facilitate censorship; and the leverage of connectivity as a tool of regional influence