Design and Implementation of ForCES Protocol

[EN] This paper proposes the design and implementation of the ForCES protocol, specifically FP logical point of the ForCES architecture, which is strictly the communication between the CE (Control Element) and the FE (Forwarding Element). It is a flexible and reprogrammable architecture that is established within the specifications issued and defined by the ForCES working group, and consists of elaboration of a protocol that carries information between both elements. In order to comprobate the correct functioning of the implemented the ForCES protocol, is we provide a network testbed scenario, which consist an application client-server. Each device has equipped with the application which based on Java language, that allows the researcher to be able to compare the typical functionality of a conventional router with a router based in architecture ForCES. It allows taking advantage of the benefits of this architecture to reprogram different and new functionalities.Gonzalez Ramirez, PL.; Lloret, J.; Martínez Cordero, S.; Trujillo Arboleda, LC. (2017). Design and Implementation of ForCES Protocol. Network Protocols and Algorithms. 9(1-2):1-27. https://doi.org/10.5296/npa.v9i1-2.10943S12791-

Diseño e implementación del protocolo ForCES

Este proyecto de grado propone la implementación del protocolo ForCES, el cual está centrado en la conexión del punto lógico FP de la arquitectura ForCES, y es estrictamente una comunicación entre el CE y el FE. Dicha estructura del protocolo está establecida dentro de las especificaciones emitidas y definidas por el grupo de trabajo ForCES, y consiste en formar un protocolo que transporte la información del plano de datos disponible en los FE y llevarlos al plano de control en el CE aprovechando la arquitectura flexible de ForCES. Este proyecto plantea la implementación del protocolo ForCES, sobre la arquitectura ForCES, a través de una simulación en Java que le permite al investigador tener la posibilidad de comparar funcionalidad típica de un enrutador convencional con el enrutador basado en la arquitectura ForCES que se plantea, y de esta manera aprovechar la ventaja de esta arquitectura para reprogramar dichas funcionalidades. Este proyecto busca que mediante un ejemplo básico de LFBs descubiertos por el CE e Informada por el FE, se pueda probar el funcionamiento del protocolo ForCES que los intercomunica, permitiendo comprobar que los datos que son enviados de un extremo a otro, bajo las condiciones expuestas en las especificaciones, son correctas y se han programado sin errores. En este programa de prueba el CE usa los diferentes tipos de topologías LFBs y construye diferentes funcionalidades con los atributos disponibles en los FEs, es importante aclarar que estas dos emulaciones están fuera del alcance de este proyecto, sin embargo las interfaces correspondientes están disponibles para continuar con su desarrollo.Magíster en Ingeniería ElectrónicaMaestrí

Diseño e implementación del protocolo ForCES

Este proyecto de grado propone la implementación del protocolo ForCES, el cual está centrado en la conexión del punto lógico FP de la arquitectura ForCES, y es estrictamente una comunicación entre el CE y el FE. Dicha estructura del protocolo está establecida dentro de las especificaciones emitidas y definidas por el grupo de trabajo ForCES, y consiste en formar un protocolo que transporte la información del plano de datos disponible en los FE y llevarlos al plano de control en el CE aprovechando la arquitectura flexible de ForCES. Este proyecto plantea la implementación del protocolo ForCES, sobre la arquitectura ForCES, a través de una simulación en Java que le permite al investigador tener la posibilidad de comparar funcionalidad típica de un enrutador convencional con el enrutador basado en la arquitectura ForCES que se plantea, y de esta manera aprovechar la ventaja de esta arquitectura para reprogramar dichas funcionalidades. Este proyecto busca que mediante un ejemplo básico de LFBs descubiertos por el CE e Informada por el FE, se pueda probar el funcionamiento del protocolo ForCES que los intercomunica, permitiendo comprobar que los datos que son enviados de un extremo a otro, bajo las condiciones expuestas en las especificaciones, son correctas y se han programado sin errores. En este programa de prueba el CE usa los diferentes tipos de topologías LFBs y construye diferentes funcionalidades con los atributos disponibles en los FEs, es importante aclarar que estas dos emulaciones están fuera del alcance de este proyecto, sin embargo las interfaces correspondientes están disponibles para continuar con su desarrollo.Magíster en Ingeniería ElectrónicaMaestrí

An Analysis and Design of the Redirection Schema in ForCES

The idea of Forwarding and Control Element Separation has widely accepted by next generation network researchers, the regain attention of IETF (The Internet Engineering Task Force) ForCES (Forwarding and Control Element Separation) is the best proof. An IP tunnel-based redirection schema was proposed to solve the problem of routing protocol messages interaction between ForCES router and the external merchant routers. The technology of network virtualization is introduced to map network interface from ForCES FE (Forwarding Element) to CE (Control Element) which collaborating with the redirect schema

Contribución al diseño de arquitecturas distribuidas de nodos de red programable

Hoy en día, los nodos de red que forman Internet son complejos sistemas hardware/software que soportan un gran número de protocolos, servicios de red, o funcionalidades avanzadas como rewall o NAT. Sin embargo el proceso para añadir un nuevo protocolo o servicio es extremadamente largo y costoso, debido a múltiples causas, pero especialmente a que los routers siguen siendo sistemas propietarios, integrados verticalmente por los fabricantes. En este sentido, la investigación en redes programables intenta simpli car el desarrollo y el despliegue de los servicios de red mediante la de nición de interfaces abiertos entre todos los elementos que forman el router. Sin embargo hasta que los primeros diseños de nodos de red totalmente programables lleguen a comercializarse, es necesario aportar soluciones a corto y medio plazo que permitan ampliar las capacidades y servicios de los routers de alto rendimiento actuales. Esta tesis presenta una arquitectura de nodo de red programable de transici ón y bajo coste, denominada Simple Assistant-Router Architecture (SARA), que permite extender las capacidades de un router comercial delegando el procesamiento avanzado de los paquetes a un cluster de asistentes , lo que simpli ca el desarrollo y despliegue dinámico de los nuevos servicios de red. Un aspecto fundamental de esta arquitectura distribuida es la de nición de mecanismos de coordinación de los asistentes entre sí y con el router legado. Para ello se propone la utilización del Router-Assistant Protocol (RAP), un protocolo de control que permite a los asistentes con gurar el plano de datos del router, recibir eventos, así como desviar paquetes de señalización y ujos de datos para su procesamiento en los asistentes. Dada la heterogeneidad de los requisitos de las aplicaciones de red es necesario proporcionar varios mecanismos para asegurar un reparto de carga efectivo en el cluster de asistentes. Esta Tesis Doctoral propone dos algoritmos de Fast Robust Hashing que permiten la asignación equitativa y persistente de ujos a asistentes, mejorando el rendimiento de las técnicas de Robust Hashing actuales, por lo que son lo su cientemente e cientes como para ser implementados en el plano de datos de un router comercial. Además, este trabajo especi ca el eXtensible Service Discovery Framework (XSDF), un marco de trabajo sencillo y escalable, que integra en un único proceso el descubrimiento de servicios y el reparto de carga entre servidores desacoplados.Nowadays, the network nodes that build Internet are complex hardware/ software systems, that support many signalling protocols, network services, and complex functionalities such as rewalling or NAT. However adding a new capability is a long, complex and costly process, due to many causes, but specially because routers are still proprietary systems, vertically integrated by the vendors. In this sense, the research in programmable networks tries to simplify the development and deployment of network services by specifying open interfaces among all the elements that make up a router. However, before the rst programmable network nodes start being deployed, it is necessary to provide short and medium term solutions that allow current high-performance routers to add advanced capabilities and new network services. This PhD. Thesis presents a low-cost transition architecture for programmable network nodes named Simple Assistant-Router Architecture (SARA), that allows a commercial router to easily extend its capabilities by delegating the advanced packet processing to a cluster of assistants , which greatly simpli es the development and dynamic deployment of new network services. A key aspect of this distributed architecture is the need of several coordination mechanisms between the router and the assistants, and among assistant themselves. Therefore, the Router-Assistant Protocol (RAP) has been proposed, which is a control protocol based on ForCES, that allows assistants to con gure the router's data plane, to notify events, as well as to divert signalling packets and data ows to the assistants. As network application requirements could be very heterogeneous, it is necessary to provide several mechanisms in order to load-balance the assistant cluster. Thus, this Thesis presents two novel Fast Robust Hashing algorithms that provides a permanent and fair mapping of ows to assistants, and improves existing Robust Hash techniques as it is e cient enough to be implemented in the data plane of a commercial router. Moreover this research work also de - nes the eXtensible Service Discovery Framework (XSDF), which integrates in a single process: scalable service location, and load-sharing among lightly-coupled servers

Security in the software defined networking infrastructure

Software Defined Networks (SDN) is a paradigm in which control and data planes of traditional networking devices are decoupled to form a distrubuted model. Communication between the separate planes requires a protocol such as OpenFlow to leverage programmable routing and forwarding decisions on the network. In this model, Application Programmable Interfaces (APIs) make it possible to inject policy and forwarding rules via the control plane or controller. The most prominent challenges resulting from the separation is link security between the separated elements through which private network data is now traversing. One main area of concern is the method of transmission with which the majority of Open-Source controllers currently communicate. The preferred practice is for a Transport Layer Security (TLS) channel initiation by an OpenFlow switch wishing to communicate with a controller. Many developers have replaced the TLS method of communication with straight Transport Control Protocol (TCP) due to handshake sequence issues caused by certificate exchange during the TLS connection phase. This thesis and the subsequent research will ask questions on security around the controller to device links that pass flow tables , network abstractions and multi-layer information to multiple controlled network elements. The main objective of this research is to develop testing procedures that allow for accurate and repeatable experiments. Therefore, in researching security vulnerabilities between controllers and forwarding devices, benchmarking performed on secure links tests the capability of authentication mechanisms to function properly under load. The outcomes of this research include a series of quality industry standard tests to benchmark typical SDN controllers and forwarding devices. A critical analysis of typical devices at low, medium and high loads. An SDN security taxonomy is presented to help with future categorising of device testing in context of SDN architecture

Protocol security for third generation telecommunication systems

In this thesis, a novel protocol stack architecture is presented. The Future Core Networks System (FCNS) forms a secure reference model for use in packet-switched structures, with its applicability ranging from computer to telecommunication networks. An insight on currently used network protocol systems is given, analysing standardised sets of communication rules with respect to the security they afford to the messages exchanged. The lack of protection schemes for the internal protocol stack messages and the implementation pitfalls of their security architectures are described, in relation to the effects they have on the communication process. The OSI security model is also considered, with disadvantages identified in the placement of security functionality and its management. The drawbacks depicted for currently used systems form the motivation behind this work. The analysis of the FCNS follows, which is composed of three parts. In the first part, the FCNS communication layers are examined, with respect to the mechanisms used to establish, maintain and tear down a connection between peer entities. In the second part, the security mechanisms of the proposed reference architecture are given, including details on the FCNS keystream generator used for the security of the internal FCNS messages. Finally, the FCNS Error Protocol is depicted, illustrating the modes of operation and advantages it exhibits over currently used systems. The work then moves into presenting details of the software FCNS implementation, followed by the presentation of the results and measurements obtained by the case studies created. Comparisons are given in relation to the TCP/IP suite, to provide the means of identifying the FCNS applicability in various network environments. The work is concluded by presenting the FCNS functionality in delivering information for the UMTS, together with further work that may enhance the flexibility and use of the proposed architecture

Protocol security for third generation telecommunication systems

In this thesis, a novel protocol stack architecture is presented. The Future Core Networks System (FCNS) forms a secure reference model for use in packet-switched structures, with its applicability ranging from computer to telecommunication networks. An insight on currently used network protocol systems is given, analysing standardised sets of communication rules with respect to the security they afford to the messages exchanged. The lack of protection schemes for the internal protocol stack messages and the implementation pitfalls of their security architectures are described, in relation to the effects they have on the communication process. The OSI security model is also considered, with disadvantages identified in the placement of security functionality and its management. The drawbacks depicted for currently used systems form the motivation behind this work. The analysis of the FCNS follows, which is composed of three parts. In the first part, the FCNS communication layers are examined, with respect to the mechanisms used to establish, maintain and tear down a connection between peer entities. In the second part, the security mechanisms of the proposed reference architecture are given, including details on the FCNS keystream generator used for the security of the internal FCNS messages. Finally, the FCNS Error Protocol is depicted, illustrating the modes of operation and advantages it exhibits over currently used systems. The work then moves into presenting details of the software FCNS implementation, followed by the presentation of the results and measurements obtained by the case studies created. Comparisons are given in relation to the TCP/IP suite, to provide the means of identifying the FCNS applicability in various network environments. The work is concluded by presenting the FCNS functionality in delivering information for the UMTS, together with further work that may enhance the flexibility and use of the proposed architecture.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Forwarding and Control Element Separation (ForCES)

Forwarding and Control Element Separation (ForCES) defines an architectural framework and associated protocols to standardize information exchange between the control plane and the forwarding plane in a ForCES network element (ForCES NE). RFC 3654 has defined the ForCES requirements, and RFC 3746 has defined the ForCES framework. This document is an implementation report for the ForCES Protocol, Model, and the Stream Control Transmission Protocol-based Transport Mapping Layer (SCTP TML) documents, and includes a report on interoperability testing and the current state of ForCES implementations. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Interne