Optical IP switching a solution to dynamic lightpath establishment in disaggregated network architectures

The landscape of the telecommunications environment is constantly evolving; in terms of architecture and increasing data-rate. Ensuring that routing decisions are taken at the lowest possible layer offers the possibility of greatest data throughput. We propose using wavelengths in a DWDM scheme as dedicated channels that bypass the routing lookup in a router. The future trend of telecommunications industry is, however, toward larger numbers of interlinked competing operator networks. This in turn means there is a lack of a unified control plane to allow current networks to dynamically provision optical paths. This paper will report on the concept of optical IP switching. This concept seeks to address optical control plane issues in disaggregated networks while providing a means to dynamically provision optical paths to cater for large data flows

QUALITY OF SERVICE ARCHITECTURES APPLICABILITY IN AN INTRANET NETWORK

The quality of service (QoS) concept, which appeared initially as a necessity to improve Internet users perception, deals actually with new valences along with information society maturation. At the organisation’s level, the Intranet network shall assure in a similar manner as the Internet all kinds of services, which are useful to the organisation’s users. Starting from the traditional QoS architectural models, network administrators shall plan and design a QoS architecture, which will map on the organisation’s requirements, having at disposal not only own network elements but also communication services provided by other operators. The aim of this paper is to present, starting from the general QoS models, a comparative study of main advantages and drawbacks in implementing a specific Intranet QoS architecture taking into consideration all kind of aspects (material, financial, human resources), which impact on a good Intranet QoS management.QoS, IntServ, DiffServ, IntServ over DiffServ, VPN-MPLS, Intranet network

Traffic engineering in multihomed sites

It is expected that IPv6 multihomed sites will obtain as many global prefixes as direct providers they have, so traffic engineering techniques currently used in IPv4 multihomed sites is no longer suitable. However, traffic engineering is required for several reasons, and in particular, for being able to properly support multimedia communications. In this paper we present a framework for traffic engineering in IPv6 multihomed sites with multiple global prefixes. Within this framework, we have included several tools such as DNS record manipulation and proper configuration of the policy table defined in RFC 3484. To provide automation in the management of traffic engineering, we analyzed the usage of two mechanisms to configure the policy table.This work has been partly supported by the European Union under the E-Next Project FP6-506869 and by the OPTINET6 project TIC-2003-09042-C03-01.Publicad

Learning to Customize Network Security Rules

Security is a major concern for organizations who wish to leverage cloud computing. In order to reduce security vulnerabilities, public cloud providers offer firewall functionalities. When properly configured, a firewall protects cloud networks from cyber-attacks. However, proper firewall configuration requires intimate knowledge of the protected system, high expertise and on-going maintenance. As a result, many organizations do not use firewalls effectively, leaving their cloud resources vulnerable. In this paper, we present a novel supervised learning method, and prototype, which compute recommendations for firewall rules. Recommendations are based on sampled network traffic meta-data (NetFlow) collected from a public cloud provider. Labels are extracted from firewall configurations deemed to be authored by experts. NetFlow is collected from network routers, avoiding expensive collection from cloud VMs, as well as relieving privacy concerns. The proposed method captures network routines and dependencies between resources and firewall configuration. The method predicts IPs to be allowed by the firewall. A grouping algorithm is subsequently used to generate a manageable number of IP ranges. Each range is a parameter for a firewall rule. We present results of experiments on real data, showing ROC AUC of 0.92, compared to 0.58 for an unsupervised baseline. The results prove the hypothesis that firewall rules can be automatically generated based on router data, and that an automated method can be effective in blocking a high percentage of malicious traffic.Comment: 5 pages, 5 figures, one tabl