Multicast Network Performance using Multiprotocol Label Switching Together with Signaling Standards

Este artículo expone los resultados de una evaluación del sistema de conmutación de etiquetas multiprotocolo (MPLS) como tecnología multidifusión (envío de datos desde una fuente a varios usuarios) utilizando el protocolo de reserva de recursos con extensiones de ingeniería de tráfico (RSVP-TE). Para determinar las ventajas de ésta implementación, el sistema se compara con el funcionamiento de una red de transmisión de data-gramas IP basada en el estándar independiente multienvío en modo denso (PIM-DM). Las simulaciones son realizadas utilizando los paquetes de software OPNET y GNS-3. Se concluye que la conmutación de etiquetas MPLS utilizando RSVP-TE posee ventajas muy superiores a otras arquitecturas. Dichas ventajas incluyen una respuesta más rápida ante fallas en los enlaces, menor retardo y fluctuación y la posibilidad de reservar ancho de banda para tráfico con prioridad. The present article shows the results of the evaluation of Multiprotocol Label Switching (MPLS) as a technology for the transfer of multicast traffic (sending data from one source to several users) through the use of signaling protocols such as RSVP-TE. To identify the advantages of such an implementation, the setup in this work is compared to a multicast IP network based on the PIM-DM protocol. Simulations were carried out using software packages such as OPNET and GNS-3. It was found that MPLS+RSVP-TE offers greater advantages over other architectures. Some of these advantages include quicker link-failure response, shorter delays and less jitter, and also the possibility to reserve bandwidth for priority traffic. Document type: Articl

Participant access control in IP multicasting

IP multicast is best-known for its bandwidth conservation and lower resource utilization. The classical multicast model makes it impossible to restrict access to authorized End Users (EU) or paying receivers and to forward data originated by an authorized sender(s) only. Without an effective participant (i.e., receivers and sender(s)) access control, an adversary may exploit the existing IP multicast model, where a host can join or send any multicast group without prior authentication and authorization. The Authentication, Authorization and Accounting (AAA) protocols are being used successfully, in unicast communication, to control access to network resources. AAA protocols can be used for multicast applications in a similar way. In this thesis, a novel architecture is presented for the use of AAA protocols to manage IP multicast group access control, which enforces authentication, authorization and accounting of group participants. The AAA framework has been deployed by implementing the Network Access Server (NAS) functionalities inside the Access Router (AR). The proposed architecture relates access control with e-commerce communications and policy enforcement. The Internet Group Management Protocol with Access Control (IGMP-AC), an extended version of the IGMPv3, has been developed for receiver access control. The IGMP-AC, which encapsulates Extensible Authentication Protocol (EAP) packets, has been modeled in PROMELA, and has also been verified using SPIN. Finally, the security properties of an EAP method, EAP Internet Key Exchange, have been validated using AVISPA. Protocol for Carrying Authentication for Network Access, a link-layer agnostic protocol that encapsulates EAP packets, has been deployed to authenticate a sender that establishes an IPsec Security Association between the sender and the AR to cryptographically authenticate each packet. Next, a policy framework has been designed for specifying and enforcing the access control policy for multicast group participants. The access control architecture has been extended to support inter-domain multicast groups by deploying Diameter agents that discover network entities located in remote domains and securely transport inter-domain AAA information. Furthermore, the inter-domain data distribution tree has been protected from several attacks generated by a compromised network entity (e.g., router, host) by deploying a Multicast Security Association. Finally, the scope of receiver access control architecture and IGMP-AC has been broadened by demonstrating the usability of IGMP-AC in wireless networks for mobile receiver (or EU) access control. In addition, using the EAP Re-authentication Protocol (ERP), a secured and fast handoff procedure of mobile EUs in wireless networks has been develope