Multi-region routing

Dissertação apresentada na Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa para a obtenção do grau de Mestre em Engenharia Electrotécnica e de ComputadoresThis thesis proposes a new inter-domain routing protocol. The Internet's inter-domain routing protocol Border Gateway Protocol (BGP) provides a reachability solution for all domains; however it is also used for purposes outside of routing. In terms of routing BGP su ers from serious problems, such as slow routing convergence and limited scalability. The proposed architecture takes into consideration the current Internet business model and structure. It bene ts from a massively multi-homed Internet to perform multipath routing. The main foundation of this thesis was based on the Dynamic Topological Information Architecture (DTIA). We propose a division of the Internet in regions to contain the network scale where DTIA's routing algorithm is applied. An inter-region routing solution was devised to connect regions; formal proofs were made in order to demonstrate the routing convergence of the protocol. An implementation of the proposed solution was made in the network simulator 2 (ns-2). Results showed that the proposed architecture achieves faster convergence than BGP. Moreover, this thesis' solution improves the algorithm's scalability at the inter-region level, compared to the single region case

Multipath inter-domain policy routing

Dissertação submetida para a obtenção do grau de Doutor em Engenharia Electrotécnica e de ComputadoresRouting can be abstracted to be a path nding problem in a graph that models the network. The problem can be modelled using an algebraic approach that describes the way routes are calculated and ranked. The shortest path problem is the most common form and consists in nding the path with the smallest cost. The inter-domain scenario introduces some new challenges to the routing problem: the routing is performed between independently con gured and managed networks; the ranking of the paths is not based on measurable metrics but on policies; and the forwarding is destination based hop-by-hop. In this thesis we departed from the Border gateway Protocol (BGP) identifying its main problems and elaborating on some ideal characteristics for a routing protocol suited for the inter-domain reality. The main areas and contributions of this work are the following: The current state of the art in algebraic modeling of routing problems is used to provide a list of possible alternative conditions for the correct operation of such protocols. For each condition the consequences in terms of optimality and network restrictions are presented. A routing architecture for the inter-domain scenario is presented. It is proven that it achieves a multipath routing solution in nite time without causing forwarding loops. We discuss its advantages and weaknesses. A tra c-engineering scheme is designed to take advantage of the proposed architecture. It works using only local information and cooperation of remote ASes to minimize congestion in the network with minimal signalling. Finally a general model of a routing protocol based on hierarchical policies is used to study how e cient is the protocol operation when the correctness conditions are met. This results in some conclusions on how the policies should be chosen and applied in order to achieve speci c goals.Portuguese Science and Technology Foundation -(FCT/MCTES)grant SFRH/BD/44476/2008; CTS multi-annual funding project PEst OE/EEI/UI0066/2011; MPSat project PTDC/EEA TEL/099074/2008; OPPORTUNISTICCR project PTDC/EEA-TEL/115981/2009; Fentocells project PTDC/EEA TEL/120666/201

Interdomain Routing Security (BGP-4)

The Border Gateway Protocol (BGP) is the most important protocol for the interconnectivity of the Internet. Although it has shown acceptable performance, there are many issues about its capability to meet the scale of the growth of the Internet, mainly because of the security issues that surround interdomain routing. The Internet is important to many organisations in various contexts. Thus, it is required to provide a highly secure protocol to keep the normal operation of the Internet. BGP suffers from many security issues. In this dissertation, we cover those issues and provide the security requirements for this protocol. We enumerate the numerous attacks that can be conducted against BGP. The aim of this study is to examine two considerably discussed protocols. Secure-BGP (S-BGP) and secure origin BGP (soBGP) have shown a revolutionary view on interdomain routing since they endeavour to providing security mechanisms at the protocol level. The objective is extended to comparing these two solutions by examining their contribution to the Border Gateway Protocol in terms of security. Moreover, we study their interoperability, efficiency, performance, and the residual vulnerabilities that each solution failed to resolve. Our findings have revealed that ultimately, the solution chosen will be dependent on the desired level of security and deployability. As is often the case with security, a compromise between security and feasibility is of a major concern and cost-effectiveness is the main driver behind deployment

Encaminamiento interdominio con calidad de servicio basado en Overlay Entities distribuidas y QBGP

Este documento propone un nuevo enfoque al tema de encaminamiento inter-domino con Calidad de Servicio(QoS). Nuestro enfoque consiste en proporcionar una arquitectura overlay completamente distribuida así como una nueva capa de encaminamiento para el aprovisionamiento dinámico de QoS, pero haciendo uso de las extensiones de QoS y las capacidades de Ingeniería de Tráfico (TE) de la subyacente capa BGP para el aprovisionamiento estático de QoS. Nuestro objetivo radica principalmente en influenciar como se intercambia el tráfico entre Sistemas Autónomos(Ases) remotos y con múltiples conexiones a Internet, basados en parámetros específicos y preestablecidos de QoS. Proporcionamos un conjunto de resultados obtenidos mediante simulación los cuales avalan la factibilidad de nuestra propuesta.Postprint (published version

Vers une utilisation de la diversité de chemins dans l'internet

In this thesis we consider a new service where carriers offer additional routes to their customers (w.r.t. to the BGP default route) as a free or value-added service. These alternate routes can be used by customers to optimize their communications, by bypassing some congested points in the Internet (e.g. a “tussled” peeringpoints), to help them to meet their traffic engineering objectives (better delays etc.) or just for robustness purposes (e.g, shift to a disjoint alternate route if needed). First we propose a simple architecture that allows a network service provider to benefit from the diversity it currently receives. Then we extend this architecture in order to make the propagation of the Internet path diversity possible, not only to direct neighbors but also to their neighbors and so on. We take advantage of this advance to relax the route selection processes of autonomous systems in order to make them be able to set up new routing paradigms. Nevertheless announcing additional paths can lead to scalability issues, so each carrier could receive more paths than what it could manage. We quantify this issue and we underline easy adaptations and small path filterings which make the number of paths drop to a manageable amount. Last but not least we set up an auction-type route allocation framework, which gives to network service providers the opportunities first to propagate to their neighbors only the paths the said neighbors are interested in and second to leverage a new routing selection paradigm based on commercial agreements and negotiationsNous considérons, dans cette thèse, un nouveau service par lequel les opérateurs de télécommunications offrent des routes supplémentaires à leurs clients (en plus de la route par défaut) comme un service gratuit ou à valeur ajoutée. Ces routes supplémentaires peuvent être utilisées par des clients afin d’optimiser leurs communications, en outrepassant des points de congestion d’Internet, ou les aider à atteindre leurs objectifs d’ingénierie de trafic (meilleurs délais etc.) ou dans un but de robustesse. Nous proposons d’abord une architecture simple permettant à un opérateur de télécommunication de bénéficier de la diversité de chemin qu’il reçoit déjà. Nous étendons ensuite cette architecture afin de rendre possible la propagation de cette diversité de chemin, non seulement aux voisins directs mais aussi, de proche en proche, aux autres domaines. Nous profitons de cette occasion pour relaxer la sélection des routes des différents domaines afin de leur permettre de mettre en place de nouveaux paradigmes de routage. Néanmoins, annoncer des chemins additionnels peut entrainer des problèmes de passage à l’échelle car chaque opérateur peut potentiellement recevoir plus de chemins que ce qu’il peut gérer. Nous quantifions ce problème et mettons en avant des modifications et filtrages simples permettant de réduire ce nombre à un niveau acceptable. En dernier, nous proposons un processus, inspiré des ventes aux enchères, permettant aux opérateurs de propager aux domaines voisins seulement les chemins qui intéressent les dits voisins. De plus, ce processus permet de mettre en avant un nouveau paradigme de propagation de routes, basé sur des négociations et accords commerciau

Flight Safety Assessment and Management.

This dissertation develops a Flight Safety Assessment and Management (FSAM) system to mitigate aircraft loss of control risk. FSAM enables switching between the pilot/nominal autopilot system and a complex flight control system that can potentially recover from high risk situations but can be hard to certify. FSAM monitors flight conditions for high risk situations and selects the appropriate control authority to prevent or recover from loss of control. The pilot/nominal autopilot system is overridden only when necessary to avoid loss of control. FSAM development is pursued using two approaches. First, finite state machines are manually prescribed to manage control mode switching. Constructing finite state machines for FSAM requires careful consideration of possible exception events, but provides a computationally-tractable and verifiable means of realizing FSAM. The second approach poses FSAM as an uncertain reasoning based decision theoretic problem using Markov Decision Processes (MDP), offering a less tedious knowledge engineering process at the cost of computational overhead. Traditional and constrained MDP formulations are presented. Sparse sampling approaches are also explored to obtain suboptimal solutions to FSAM MDPs. MDPs for takeoff and icing-related loss of control events are developed and evaluated. Finally, this dissertation applies verification techniques to ensure that finite state machine or MDP policies satisfy system requirements. Counterexamples obtained from verification techniques aid in FSAM refinement. Real world aviation accidents are used as case studies to evaluate FSAM formulations. This thesis contributes decision making and verification frameworks to realize flight safety assessment and management capabilities. Novel flight envelopes and state abstractions are prescribed to aid decision making.PhDAerospace EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/133348/1/swee_1.pd

A pragmatic approach toward securing inter-domain routing

Internet security poses complex challenges at different levels, where even the basic requirement of availability of Internet connectivity becomes a conundrum sometimes. Recent Internet service disruption events have made the vulnerability of the Internet apparent, and exposed the current limitations of Internet security measures as well. Usually, the main cause of such incidents, even in the presence of the security measures proposed so far, is the unintended or intended exploitation of the loop holes in the protocols that govern the Internet. In this thesis, we focus on the security of two different protocols that were conceived with little or no security mechanisms but play a key role both in the present and the future of the Internet, namely the Border Gateway Protocol (BGP) and the Locator Identifier Separation Protocol (LISP). The BGP protocol, being the de-facto inter-domain routing protocol in the Internet, plays a crucial role in current communications. Due to lack of any intrinsic security mechanism, it is prone to a number of vulnerabilities that can result in partial paralysis of the Internet. In light of this, numerous security strategies were proposed but none of them were pragmatic enough to be widely accepted and only minor security tweaks have found the pathway to be adopted. Even the recent IETF Secure Inter-Domain Routing (SIDR) Working Group (WG) efforts including, the Resource Public Key Infrastructure (RPKI), Route Origin authorizations (ROAs), and BGP Security (BGPSEC) do not address the policy related security issues, such as Route Leaks (RL). Route leaks occur due to violation of the export routing policies among the Autonomous Systems (ASes). Route leaks not only have the potential to cause large scale Internet service disruptions but can result in traffic hijacking as well. In this part of the thesis, we examine the route leak problem and propose pragmatic security methodologies which a) require no changes to the BGP protocol, b) are neither dependent on third party information nor on third party security infrastructure, and c) are self-beneficial regardless of their adoption by other players. Our main contributions in this part of the thesis include a) a theoretical framework, which, under realistic assumptions, enables a domain to autonomously determine if a particular received route advertisement corresponds to a route leak, and b) three incremental detection techniques, namely Cross-Path (CP), Benign Fool Back (BFB), and Reverse Benign Fool Back (R-BFB). Our strength resides in the fact that these detection techniques solely require the analytical usage of in-house control-plane, data-plane and direct neighbor relationships information. We evaluate the performance of the three proposed route leak detection techniques both through real-time experiments as well as using simulations at large scale. Our results show that the proposed detection techniques achieve high success rates for countering route leaks in different scenarios. The motivation behind LISP protocol has shifted over time from solving routing scalability issues in the core Internet to a set of vital use cases for which LISP stands as a technology enabler. The IETF's LISP WG has recently started to work toward securing LISP, but the protocol still lacks end-to-end mechanisms for securing the overall registration process on the mapping system ensuring RLOC authorization and EID authorization. As a result LISP is unprotected against different attacks, such as RLOC spoofing, which can cripple even its basic functionality. For that purpose, in this part of the thesis we address the above mentioned issues and propose practical solutions that counter them. Our solutions take advantage of the low technological inertia of the LISP protocol. The changes proposed for the LISP protocol and the utilization of existing security infrastructure in our solutions enable resource authorizations and lay the foundation for the needed end-to-end security

Recent Progress in Some Aircraft Technologies

The book describes the recent progress in some engine technologies and active flow control and morphing technologies and in topics related to aeroacoustics and aircraft controllers. Both the researchers and students should find the material useful in their work