Design and implementation of the node identity internetworking architecture

The Internet Protocol (IP) has been proven very flexible, being able to accommodate all kinds of link technologies and supporting a broad range of applications. The basic principles of the original Internet architecture include end-to-end addressing, global routeability and a single namespace of IP addresses that unintentionally serves both as locators and host identifiers. The commercial success and widespread use of the Internet have lead to new requirements, which include internetworking over business boundaries, mobility and multi-homing in an untrusted environment. Our approach to satisfy these new requirements is to introduce a new internetworking layer, the node identity layer. Such a layer runs on top of the different versions of IP, but could also run directly on top of other kinds of network technologies, such as MPLS and 2G/3G PDP contexts. This approach enables connectivity across different communication technologies, supports mobility, multi-homing, and security from ground up. This paper describes the Node Identity Architecture in detail and discusses the experiences from implementing and running a prototype

Towards a Taxonomy of Inter-network Architectures

Over the past decade, research on network architecture design has intensified. However, contributions to the field have mainly been idiosyncratic and architectural descriptions remain idiomatic. This state of affairs has led to the emergence of a large body of network architecture proposals with no clear indication of their compatibility points, their cross similarities, and their differences. Thus, a taxonomy of network architectures that provides a framework for better understanding, organizing, and thinking about the complex architecture design space would be a timely contribution. This paper presents a first step in that direction by attempting a classification based on the architecture\u27s information model. The taxonomy is applied to a special network architecture highlighting its descriptive and classification powers

Identity Management and Resource Allocation in the Network Virtualization Environment

Due to the existence of multiple stakeholders with conflicting goals and policies, alterations to the existing Internet architecture are now limited to simple incremental updates; deployment of any new, radically different technology is next to impossible. To fend off this ossification, network virtualization has been propounded as a diversifying attribute of the future inter-networking paradigm. In this talk, we provide an overview of the network virtualization environment (NVE) and address two basic problems in this emerging field of networking research. The identity management problem is primarily concerned with ensuring interoperability across heterogeneous identifier spaces for locating and identifying end hosts in different virtual networks. We describe the architectural and the functional components of a novel identity management framework (iMark) that enables end-to-end connectivity across heterogeneous virtual networks in the NVE without revoking their autonomy. The virtual network embedding problem deals with the mapping of virtual nodes and links onto physical network resources. We argue that the separation of the node mapping and the link mapping phases in the existing algorithms considerably reduces the solution space and degrades embedding quality. We propose coordinated node and link mapping to devise two algorithms (D-ViNE and R-ViNE) for the online version of the problem under realistic assumptions and compare their performance with the existing heuristics

A service based approach for future internet architectures

Doktorgradsavhandling i informasjons- og kommunikasjonsteknologi, Universitetet i Agder, Grimstad, 201

Naming and discovery in networks : architecture and economics

In less than three decades, the Internet was transformed from a research network available to the academic community into an international communication infrastructure. Despite its tremendous success, there is a growing consensus in the research community that the Internet has architectural limitations that need to be addressed in a effort to design a future Internet. Among the main technical limitations are the lack of mobility support, and the lack of security and trust. The Internet, and particularly TCP/IP, identifies endpoints using a location/routing identifier, the IP address. Coupling the endpoint identifier to the location identifier hinders mobility and poorly identifies the actual endpoint. On the other hand, the lack of security has been attributed to limitations in both the network and the endpoint. Authentication for example is one of the main concerns in the architecture and is hard to implement partly due to lack of identity support. The general problem that this dissertation is concerned with is that of designing a future Internet. Towards this end, we focus on two specific sub-problems. The first problem is the lack of a framework for thinking about architectures and their design implications. It was obvious after surveying the literature that the majority of the architectural work remains idiosyncratic and descriptions of network architectures are mostly idiomatic. This has led to the overloading of architectural terms, and to the emergence of a large body of network architecture proposals with no clear understanding of their cross similarities, compatibility points, their unique properties, and architectural performance and soundness. On the other hand, the second problem concerns the limitations of traditional naming and discovery schemes in terms of service differentiation and economic incentives. One of the recurring themes in the community is the need to separate an entity\u27s identifier from its locator to enhance mobility and security. Separation of identifier and locator is a widely accepted design principle for a future Internet. Separation however requires a process to translate from the identifier to the locator when discovering a network path to some identified entity. We refer to this process as identifier-based discovery, or simply discovery, and we recognize two limitations that are inherent in the design of traditional discovery schemes. The first limitation is the homogeneity of the service where all entities are assumed to have the same discovery performance requirements. The second limitation is the inherent incentive mismatch as it relates to sharing the cost of discovery. This dissertation addresses both subproblems, the architectural framework as well as the naming and discovery limitations

Distributed control architecture for multiservice networks

The research focuses in devising decentralised and distributed control system architecture for the management of internetworking systems to provide improved service delivery and network control. The theoretical basis, results of simulation and implementation in a real-network are presented. It is demonstrated that better performance, utilisation and fairness can be achieved for network customers as well as network/service operators with a value based control system. A decentralised control system framework for analysing networked and shared resources is developed and demonstrated. This fits in with the fundamental principles of the Internet. It is demonstrated that distributed, multiple control loops can be run on shared resources and achieve proportional fairness in their allocation, without a central control. Some of the specific characteristic behaviours of the service and network layers are identified. The network and service layers are isolated such that each layer can evolve independently to fulfil their functions better. A common architecture pattern is devised to serve the different layers independently. The decision processes require no co-ordination between peers and hence improves scalability of the solution. The proposed architecture can readily fit into a clearinghouse mechanism for integration with business logic. This architecture can provide improved QoS and better revenue from both reservation-less and reservation-based networks. The limits on resource usage for different types of flows are analysed. A method that can sense and modify user utilities and support dynamic price offers is devised. An optimal control system (within the given conditions), automated provisioning, a packet scheduler to enforce the control and a measurement system etc are developed. The model can be extended to enhance the autonomicity of the computer communication networks in both client-server and P2P networks and can be introduced on the Internet in an incremental fashion. The ideas presented in the model built with the model-view-controller and electronic enterprise architecture frameworks are now independently developed elsewhere into common service delivery platforms for converged networks. Four US/EU patents were granted based on the work carried out for this thesis, for the cross-layer architecture, multi-layer scheme, measurement system and scheduler. Four conference papers were published and presented

Supporting Device Mobility and State Distribution through Indirection, Topological Isomorphism and Evolutionary Algorithms

The Internet of Things will result in the deployment of many billions of wireless embedded systems, creating interactive pervasive environments. These pervasive networks will provide seamless access to sensor actuators, enabling organisations and individuals to control and monitor their environment. The majority of devices attached to the Internet of Things will be static. However, it is anticipated that with the advent of body and vehicular networks, we will see many mobile Internet of Things Devices. During emergency situations, the flow of data across the Internet of Things may be disrupted, giving rise to a requirement for machine-to-machine interaction within the remaining environment. Current approaches to routing on the Internet and wireless sensor networks fail to address the requirements of mobility, isolated operation during failure or deal with the imbalance caused by either initial or failing topologies when applying geographic coordinate-based peer-to-peer storage mechanisms. The use of global and local DHT mechanisms to facilitate improved reachability and data redundancy are explored in this thesis. Resulting in the development of an Architecture to support the global reachability of static and mobile Internet of Things Devices. This is achieved through the development of a global indirection mechanism supporting position relative wireless environments. To support the distribution and preservation of device state within the wireless domain a new geospatial keying mechanism is presented, this enables a device to persist state within an overlay with certain guarantees as to its survival. The guarantees relating to geospatial storage rely on the balanced allocation of distributed information. This thesis details a mechanism to balance the address space utilising evolutionary techniques. Following the generation of an initial balanced topology, we present a protocol that applies Topological Isomorphism to provide the continued balancing and reachability of data following partial network failure. This dissertation details the analysis of the proposed protocols and their evaluation through simulation. The results show that our proposed Architecture operates within the capabilities of the devices that operate in this space. The evaluation of Geospatial Keying within the wireless domain showed that the mechanism presented provides better device state preservation than would be found in the random placement exhibited by the storage of state in overlay DHT schemes. Experiments confirm device storage imbalance when using geographic routing; however, the results provided in this thesis show that the use of genetic algorithms can provide an improved identity assignment through the application of alternating fitness between reachability and ideal key displacement. This topology, as is commonly found in geographical routing, was susceptible to imbalance following device failure. The use of topological isomorphism provided an improvement over existing geographical routing protocols to counteract the reachability and imbalance caused by failure

Dagstuhl News January - December 2006

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic

Secure mobility at multiple granularity levels over heterogeneous datacom networks

The goal of this thesis is to define a set of changes to the TCP/IP stack that allow connections between legacy applications to be sustained in a contemporary heterogeneous datacom environment embodying multiple granularities of mobility. In particular, the thesis presents a number of solutions for flow mobility, local mobility, network mobility, and address family agility that is mobility between different IP versions. The presented mobility solutions are based on the so-called identifier-locator split approach. Due to the split, the mobile and multi-homed hosts that employ the presented solution are able to simultaneously communicate via multiple access networks, even supporting different IP versions and link layer technologies. In addition to the mobility solutions, the thesis also defines a set of weak and strong security mechanisms. They are used to protect the mobility protocols from redirection, Denial-of-Service (DoS), and privacy related attacks. The defined security mechanisms are tightly bound to the presented mobility architecture, providing alternative ways to optimize mobility management signalling. The focus is on minimizing end-to-end signalling latency, optimizing the amount of signalling and optimizing packet forwarding paths. In addition, the architecture provides identity and location privacy for hosts. The presented work defines one specific kind of engineering balance between the security, privacy, and efficient mobility signalling requirements. This thesis indicates that the added security, indirection, backwards compatibility, and inter-operable mobility solutions can overcome several of the current TCP/IP restrictions. The presented mobility architecture also provides a migration path from the existing Internet architecture to a new cryptographic-identifier-based architecture

Web Services For The New Internet: Discussion And Evaluation Of The Provisioning Of Interdomain Services

In these last few years, the Internet as it is today has put some limitations on the evolution of new services. Problems such as address space scarcity, mobility, sensor networks and VoIP are becoming common requirements now and will be more frequent in future. However, the current Internet architecture does not support this evolution. In 2003, Jon Crowcroft [1] discussed the problems of the Internet Architecture. In January 2005, a report from NSF [2] addressed the barriers that need to be faced in order to overcome limitations towards a new internetworking architecture. In this paper, we discuss how Web services can be useful in solving some interdomain problems. The strong interaction between ISPs already exists and will be more necessary as new services appear. We believe that the Web services solution is a facilitator in this path. Our discussion is supported by the CANARIE [3] research point of view that everything is a service. We use this idea in the context of interdomain interactions where each domain is then seen as a service. We developed an architecture to support these interactions and evaluated the prototype in terms of time and bandwidth consumption to provide interdomain services. © 2006 IEEE.279284J. C. et al., Plutarch: An Argument for Network Pluralism, ACM SIGCOMM, August 2003Overcoming Barriers to Disruptive Innovation in Networking (2005) Report of NSF Workshop, , NSF ReportArnaud, B., CA*net 4 Research Program Update - UCLP Roadmap. Web Services Workflow for Connecting Research Instruments and Sensors to Networks (2004) Draft, , DecemberD. C. et al., Making the world (of communications) a different place, Report of a working session of the End-to-End Research Group - Internet Research Task Force, January 2005L. X. et al., Advertising Interdomain Qos Routing, IEEE Journal on Selected Areas in Communications. 22. No. 10, pp. 1949-1964, December 2004de Souza, V., Cardozo, E., A Service Oriented Architecture for Deploying and Managing Network Services (2005) Proceedings of the 3rd International Conference on Service Oriented Computing (ICSOC'05), LNCS-Springer-Verlag, pp. 465-477. , DecemberAnderson, T., Overcoming the Internet Impasse Through Virtualization (2005) IEEE Computer, pp. 34-41. , AprilMartini, B., Baroncelli, F., Castoldi, P., A Novel Service Oriented Framework for Automatically Switched Transport Network (2005) IFIP/IEEE International Symposium on Integrated Network Management (IM 2005), , MayC. C. et al., The IP/MPLS Over ASON/GMPLS Test Bed of the IST Project LION, IEEE Journal of Lightwave Technology, 21, No. 11, pp. 2791-2803, November 2003OIF Intra-Carrier E-NNI 01.0 Signaling SpecificationM. P. H. et al., Provisioning for Interdomain Quality of Service: the MESCAL Approach, IEEE Communications Magazine, 43, no. 6, pp. 129-137, June 2005A solution for providing inter-as mpls-based qos tunnels (2005), IETF draft, MayFang, L., Bita, N., Roux, J., Miles, J., Interprovider IP-MPLS Services: Requirements, Implementations, and Challenges (2005) IEEE Communications Magazine, 43 (6), pp. 119-128. , JuneFarrel, A., Vasseur, J.-F., Ash, J., Path Computation Element (PCE) Architecture (2004) IETF draft, , work in progress, SeptemberVerdi, F.L., Carvalho, C., Madeira, E., Magalhães, M., Policy-based Grooming in Optical Networks (2005) 4th IEEE Latin American Network Operations and Management Symposium (LANOMS 2005), pp. 125-136. , AugustCarvalho, C., Verdi, F.L., Madeira, E., Magalhães, M., Policy-based Fault Management for Integrating IP over Optical Networks (2005) The 5th IEEE International Workshop on IP Operations & Management (IPOM'05), LNCS-Springer-Verlag, 3751, pp. 88-97. , OctoberF. L. V. et al., Web Services-based Provisioning of Connections in GMPLS Optical Networks. The Brazilian Symposium on Computer Networks (SBRC 2005). Fortaleza, Brazil, May 2005Farrel, A., Vasseur, J.-F., Ayyangar, A., A Framework for Inter-Domain MPLS Traffic Engineering (2005) IETF draft, , work in progress, JulyJ. P. et al., Scalability Analysis of the TurfNet Naming and Routing Architecture, First International ACM Workshop on Dynamic Interconnection of Networks, pp. 28-32, September 200