23 research outputs found

    Peningkatan Konektifitas Service VPLS Redundant Path Dengan Rapid Spanning Tree Protocol

    Get PDF
    Virtual Private LAN Service is already very popular among the enterprise industry which is a point to point network or multipoint to multipoint l2VPN service, VPLS provides transparent bridge between customers connected to geographically dispersed locations delivered via MPLS backbone by utilizing features such as MPLS Fast reroute and traffic engineering. Redundant paths can be applied to the VPLS service on the access side and backbone to maintain link performance that aims to minimize down time during network fails on the VPLS service. In this research, the implementation of redundant path using RSTP to prevent forwarding loop switching network in VPLS service to protect end-to-end data traffic with VPLS mesh-pseudowire and spoke-pesudowire with RSTP is the most optimal result compared to STP and build reliable network System with high performance for use in modern industry

    Peningkatan Konektifitas Service VPLS Redundant Path dengan Rapid Spanning Tree Protocol

    Get PDF
    Virtual Private LAN Service is already very popular among the enterprise industry which is a point to point network or multipoint to multipoint l2VPN service, VPLS provides transparent bridge between customers connected to geographically dispersed locations delivered via MPLS backbone by utilizing features such as MPLS Fast reroute and traffic engineering. Redundant paths can be applied to the VPLS service on the access side and backbone to maintain link performance that aims to minimize down time during network fails on the VPLS service. In this research, the implementation of redundant path using RSTP to prevent forwarding loop switching network in VPLS service to protect end-to-end data traffic with VPLS mesh-pseudowire and spoke-pesudowire with RSTP is the most optimal result compared to STP and build reliable network System with high performance for use in modern industry

    Performance evaluation of HIP-based network security solutions

    Get PDF
    Abstract. Host Identity Protocol (HIP) is a networking technology that systematically separates the identifier and locator roles of IP addresses and introduces a Host Identity (HI) name space based on a public key security infrastructure. This modification offers a series of benefits such as mobility, multi-homing, end-to-end security, signaling, control/data plane separation, firewall security, e.t.c. Although HIP has not yet been sufficiently applied in mainstream communication networks, industry experts foresee its potential as an integral part of next generation networks. HIP can be used in various HIP-aware applications as well as in traditional IP-address-based applications and networking technologies, taking middle boxes into account. One of such applications is in Virtual Private LAN Service (VPLS), VPLS is a widely used method of providing Ethernet-based Virtual Private Network that supports the connection of geographically separated sites into a single bridged domain over an IP/MPLS network. The popularity of VPLS among commercial and defense organizations underscores the need for robust security features to protect both data and control information. After investigating the different approaches to HIP, a real world testbed is implemented. Two experiment scenarios were evaluated, one is performed on two open source Linux-based HIP implementations (HIPL and OpenHIP) and the other on two sets of enterprise equipment from two different companies (Tempered Networks and Byres Security). To account for a heterogeneous mix of network types, the Open source HIP implementations were evaluated on different network environments, namely Local Area Network (LAN), Wireless LAN (WLAN), and Wide Area Network (WAN). Each scenario is tested and evaluated for performance in terms of throughput, latency, and jitter. The measurement results confirmed the assumption that no single solution is optimal in all considered aspects and scenarios. For instance, in the open source implementations, the performance penalty of security on TCP throughput for WLAN scenario is less in HIPL than in OpenHIP, while for WAN scenario the reverse is the case. A similar outcome is observed for the UDP throughput. However, on latency, HIPL showed lower latency for all three network test scenarios. For the legacy equipment experiment, the penalty of security on TCP throughput is about 19% compared with the non-secure scenario while latency is increased by about 87%. This work therefore provides viable information for researchers and decision makers on the optimal solution to securing their VPNs based on the application scenarios and the potential performance penalties that come with each approach.HIP-pohjaisten tietoliikenneverkkojen turvallisuusratkaisujen suorituskyvyn arviointi. Tiivistelmä. Koneen identiteettiprotokolla (HIP, Host Identity Protocol) on tietoliikenneverkkoteknologia, joka käyttää erillistä kerrosta kuljetusprotokollan ja Internet-protokollan (IP) välissä TCP/IP-protokollapinossa. HIP erottaa systemaattisesti IP-osoitteen verkko- ja laite-osat, sekä käyttää koneen identiteetti (HI) -osaa perustuen julkisen avainnuksen turvallisuusrakenteeseen. Tämän hyötyjä ovat esimerkiksi mobiliteetti, moniliittyminen, päästä päähän (end-to-end) turvallisuus, kontrolli-informaation ja datan erottelu, kohtaaminen, osoitteenmuutos sekä palomuurin turvallisuus. Teollisuudessa HIP-protokolla nähdään osana seuraavan sukupolven tietoliikenneverkkoja, vaikka se ei vielä olekaan yleistynyt laajaan kaupalliseen käyttöön. HIP–protokollaa voidaan käyttää paitsi erilaisissa HIP-tietoisissa, myös perinteisissä IP-osoitteeseen perustuvissa sovelluksissa ja verkkoteknologioissa. Eräs tällainen sovellus on virtuaalinen LAN-erillisverkko (VPLS), joka on laajasti käytössä oleva menetelmä Ethernet-pohjaisen, erillisten yksikköjen ja yhden sillan välistä yhteyttä tukevan, virtuaalisen erillisverkon luomiseen IP/MPLS-verkon yli. VPLS:n yleisyys sekä kaupallisissa- että puolustusorganisaatioissa korostaa vastustuskykyisten turvallisuusominaisuuksien tarpeellisuutta tiedon ja kontrolliinformaation suojauksessa. Tässä työssä tutkitaan aluksi HIP-protokollan erilaisia lähestymistapoja. Teoreettisen tarkastelun jälkeen käytännön testejä suoritetaan itse rakennetulla testipenkillä. Tarkasteltavat skenaariot ovat verrata Linux-pohjaisia avoimen lähdekoodin HIP-implementaatioita (HIPL ja OpenHIP) sekä verrata kahden eri valmistajan laitteita (Tempered Networks ja Byres Security). HIP-implementaatiot arvioidaan eri verkkoympäristöissä, jota ovat LAN, WLAN sekä WAN. Kaikki testatut tapaukset arvioidaan tiedonsiirtonopeuden, sen vaihtelun (jitter) sekä latenssin perusteella. Mittaustulokset osoittavat, että sama ratkaisu ei ole optimaalinen kaikissa tarkastelluissa tapauksissa. Esimerkiksi WLAN-verkkoa käytettäessä turvallisuuden aiheuttama häviö tiedonsiirtonopeudessa on HIPL:n tapauksessa OpenHIP:iä pirnempi, kun taas WAN-verkon tapauksessa tilanne on toisinpäin. Samanlaista käyttäytymistä havaitaan myös UDP-tiedonsiirtonopeudessa. HIPL antaa kuitenkin pienimmän latenssin kaikissa testiskenaarioissa. Eri valmistajien laitteita vertailtaessa huomataan, että TCP-tiedonsiirtonopeus huononee 19 ja latenssi 87 prosenttia verrattuna tapaukseen, jossa turvallisuusratkaisua ei käytetä. Näin ollen tämän työn tuottama tärkeä tieto voi auttaa alan toimijoita optimaalisen verkkoturvallisuusratkaisun löytämisessä VPN-pohjaisiin sovelluksiin

    Hybrid IP/SDN networking: open implementation and experiment management tools

    Full text link
    The introduction of SDN in large-scale IP provider networks is still an open issue and different solutions have been suggested so far. In this paper we propose a hybrid approach that allows the coexistence of traditional IP routing with SDN based forwarding within the same provider domain. The solution is called OSHI - Open Source Hybrid IP/SDN networking as we have fully implemented it combining and extending Open Source software. We discuss the OSHI system architecture and the design and implementation of advanced services like Pseudo Wires and Virtual Switches. In addition, we describe a set of Open Source management tools for the emulation of the proposed solution using either the Mininet emulator or distributed physical testbeds. We refer to this suite of tools as Mantoo (Management tools). Mantoo includes an extensible web-based graphical topology designer, which provides different layered network "views" (e.g. from physical links to service relationships among nodes). The suite can validate an input topology, automatically deploy it over a Mininet emulator or a distributed SDN testbed and allows access to emulated nodes by opening consoles in the web GUI. Mantoo provides also tools to evaluate the performance of the deployed nodes.Comment: Accepted for publication in IEEE Transaction of Network and Service Management - December 2015 http://dx.doi.org/10.1109/TNSM.2015.250762

    A study into scalable transport networks for IoT deployment

    Get PDF
    The growth of the internet towards the Internet of Things (IoT) has impacted the way we live. Intelligent (smart) devices which can act autonomously has resulted in new applications for example industrial automation, smart healthcare systems, autonomous transportation to name just a few. These applications have dramatically improved the way we live as citizens. While the internet is continuing to grow at an unprecedented rate, this has also been coupled with the growing demands for new services e.g. machine-to machine (M2M) communications, smart metering etc. Transmission Control Protocol/Internet Protocol (TCP/IP) architecture was developed decades ago and was not prepared nor designed to meet these exponential demands. This has led to the complexity of the internet coupled with its inflexible and a rigid state. The challenges of reliability, scalability, interoperability, inflexibility and vendor lock-in amongst the many challenges still remain a concern over the existing (traditional) networks. In this study, an evolutionary approach into implementing a "Scalable IoT Data Transmission Network" (S-IoT-N) is proposed while leveraging on existing transport networks. Most Importantly, the proposed evolutionary approach attempts to address the above challenges by using open (existing) standards and by leveraging on the (traditional/existing) transport networks. The Proof-of-Concept (PoC) of the proposed S-IoT-N is attempted on a physical network testbed and is demonstrated along with basic network connectivity services over it. Finally, the results are validated by an experimental performance evaluation of the PoC physical network testbed along with the recommendations for improvement and future work

    Solution strategies of service fulfilment Operation Support Systems for Next Generation Networks

    Get PDF
    Suomalainen operatiivisten tukijärjestelmien toimittaja tarjoaa ratkaisuja palvelujen aktivointiin, verkkoresurssien hallintaan ja laskutustietojen keruuseen. Nämä ratkaisut ovat pääosin käytössä langattomissa verkoissa. Tässä tutkimuksessa arvioidaan kyseisten ratkaisujen soveltuvuutta palvelutoimitusprosessien automatisointiin tulevaisuuden verkkoympäristöissä. Tarkastelun kohteena ovat runko- ja pääsyverkkojen kiinteät teknologiat, joiden suosio saavuttaa huippunsa seuraavan 5-10 vuoden aikana. Näissä verkoissa palvelujen, kuten yritys-VPN:n tai kuluttajan laajakaistan, aktivointi vaatii monimutkaisen toimitusprosessin, jonka tueksi tarvitaan ensiluokkaista tukijärjestelmää. Teknologiakatsauksen jälkeen tutkimuksessa verrataan viitteellistä tuoteportfoliota saatavilla oleviin operatiivisten tukijärjestelmien arkkitehtuurisiin viitekehyksiin, ja analysoidaan sen soveltuvuus tulevaisuuden verkkoympäristöjen palvelutoimitusprosessin automatisointiin. Myös palvelutoimitusprosessien automatisointiin soveltuvien tukijärjestelmien markkinatilanne arvioidaan, ja tämän perusteella tutkitaan optimaalisinta sovellusstrategiaa. Lopulta voidaan päätellä, että tuoteportfoliolle parhaiten soveltuvin sovellusalue on kuluttajan laajakaistan, ja siihen liittyvien kehittyneempien IP-palveluiden palvelutoimitusprosessien automatisointi.A Finnish Operation Support Systems (OSS) vendor provides solutions for service activation, network inventory and event mediation. These solutions have mostly been deployed in mobile environments. In this thesis it will be studied how feasible it is to use similar solutions for service fulfilment in Next Generation Networks (NGN). NGN is a broad term that describes some key architectural evolutions in telecommunication core and access networks that will be deployed over the next 5 to 10 years. In these networks service, e.g. Triple Play or Virtual Private Network (VPN), activations require an extensive service fulfilment process that must be supported by first-class OSS. After introducing the NGN technologies, the research compares a reference product portfolio to available service fulfilment frameworks and evaluates the applicability. The study analyses the current state of service fulfilment OSS markets and evaluates various solution strategies. Eventually it will be concluded that the most interesting and adequate solution scenario is residential broadband, including value-added IP services

    Foutbestendige toekomstige internetarchitecturen

    Get PDF

    Implementing Soak Testing for an Access Network Solution

    Get PDF
    Tietoliikennelaitteiden ohjelmistojen toiminnalle asetetaan erittäin kovat laatuvaatimukset. Operaattoreilla on yleensä asiakkaiden kanssa SLA sopimukset, joiden rikkomisesta operaattorit saattavat joutua maksamaan suuriakin korvauksia. Lisäksi jokainen hetki, jolloin laite ei ole toimintavalmis, tuottaa operaattorille kustannuksia menetettyjen tulojen muodossa. Tämän vuoksi on erittäin tärkeää, että laitteet ovat jatkuvasti toimintakunnossa eikä palvelukatkoksia tule. Tämän diplomityön tavoitteena oli kehittää automatisoitu pitkän ajan testausjärjestelmä IP/MPLS pohjaiselle Tellabs 8600 reititinperheelle. Testattava järjestelmä koostuu useista verkkoelementeistä sekä graafisesta Tellabs 8000 verkonhallintajärjestelmästä. Tämän testausympäristön tavoitteena on paljastaa ongelmia, jotka eivät tule esiin normaalissa toiminnallisessa tai regressiotestauksessa vaan vaativat ilmaantuakseen pidempää ajoaikaa tai useita toistoja. Työssä kehitettiin kehys sille, kuinka testausympäristössä voidaan suorittaa automaattisesti erilaisia operaatioita sekä voidaan ohjelmallisesti havaita mahdollisia ongelmatilanteita. Testausjärjestelmä toteutettiin onnistuneesti ja täyttää sille asetetut tavoitteet. Testausjärjestelmä on otettu käyttöön Tellabsin systeemitestauksessa ja on käyttöönoton jälkeen osoittautunut hyödylliseksi ja tehokkaaksi järjestelmäksi. Systeemitestauksen käyttöön toteutettiin myös toinen täysin identtinen ympäristö.The quality requirements are extremely demanding for telecommunications software. Operators usually have SLA agreements with their customers, and violations to that contract may lead to serious compensations. Furthermore, every moment that equipment or some service is not operating correctly means lost income for the operator. For these reasons, it is extremely important for a telecommunications equipment to continue functioning properly without service affecting breaks. The purpose of this thesis was to design and implement automated soak testing for the IP/MPLS-based Tellabs 8600 router series. The system under test is composed of several network elements and a graphical Tellabs 8000 Network Management System. The purpose of this testing environment is to reveal defects that do not show up immediately in functional or regression testing but may manifest when the system is used for longer periods or operations are executed many times. A framework for automatically operating the test network and detecting problems programmatically was implemented in this thesis. The testing environment was successfully implemented and satisfies the objectives initially set for it. Testing environment has been taken into use in system testing at Tellabs and after deployment has turned out to be useful and effective. Another identical environment was also implemented for the system testing group

    An outright open source approach for simple and pragmatic internet eXchange

    Get PDF
    L'Internet, le réseaux des réseaux, est indispensable à notre vie moderne et mondialisée et en tant que ressource publique il repose sur l'inter opérabilité et la confiance. Les logiciels libres et open source jouent un rôle majeur pour son développement. Les points d'échange Internet (IXP) où tous les opérateurs de type et de taille différents peuvent s'échanger du trafic sont essentiels en tant que lieux d'échange neutres et indépendants. Le service fondamental offert par un IXP est une fabrique de commutation de niveau 2 partagée. Aujourd'hui les IXP sont obligés d'utiliser des technologies propriétaires pour leur fabrique de commutations. Bien qu'une fabrique de commutations de niveau 2 se doit d'être une fonctionnalité de base, les solutions actuelles ne répondent pas correctement aux exigences des IXPs. Cette situation est principalement dûe au fait que les plans de contrôle et de données sont intriqués sans possibilités de programmer finement le plan de commutation. Avant toute mise en œuvre, il est primordial de tester chaque équipement afin de vérifier qu'il répond aux attentes mais les solutions de tests permettant de valider les équipements réseaux sont toutes non open source, commerciales et ne répondent pas aux besoins techniques d'indépendance et de neutralité. Le "Software Defined Networking" (SDN), nouveau paradigme découplant les plans de contrôle et de données utilise le protocole OpenFlow qui permet de programmer le plan de commutation Ethernet haute performance. Contrairement à tous les projets de recherches qui centralisent la totalité du plan de contrôle au dessus d'OpenFlow, altérant la stabilité des échanges, nous proposons d'utiliser OpenFlow pour gérer le plan de contrôle spécifique à la fabrique de commutation. L'objectif principal de cette thèse est de proposer "Umbrella", fabrique de commutation simple et pragmatique répondant à toutes les exigences des IXPs et en premier lieu à la garantie d'indépendance et de neutralité des échanges. Dans la première partie, nous présentons l'architecture "Umbrella" en détail avec l'ensemble des tests et validations démontrant la claire séparation du plan de contrôle et du plan de données pour augmenter la robustesse, la flexibilité et la fiabilité des IXPs. Pour une exigence d'autonomie des tests nécessaires pour les IXPs permettant l'examen de la mise en œuvre d'Umbrella et sa validation, nous avons développé l'"Open Source Network Tester" (OSNT), un système entièrement open source "hardware" de génération et de capture de trafic. OSNT est le socle pour l"OpenFLow Operations Per Second Turbo" (OFLOPS Turbo), la plate-forme d'évaluation de commutation OpenFlow. Le dernier chapitre présente le déploiement de l'architecture "Umbrella" en production sur un point d'échange régional. Les outils de test que nous avons développés ont été utilisés pour vérifier les équipements déployés en production. Ce point d'échange, stable depuis maintenant un an, est entièrement géré et contrôlé par une seule application Web remplaçant tous les systèmes complexes et propriétaires de gestion utilisés précédemment.In almost everything we do, we use the Internet. The Internet is indispensable for our today's lifestyle and to our globalized financial economy. The global Internet traffic is growing exponentially. IXPs are the heart of Internet. They are highly valuable for the Internet as neutral exchange places where all type and size of autonomous systems can "peer" together. The IXPs traffic explode. The 2013 global Internet traffic is equivalent with the largest european IXP today. The fundamental service offer by IXP is a shared layer2 switching fabric. Although it seems a basic functionality, today solutions never address their basic requirements properly. Today networks solutions are inflexible as proprietary closed implementation of a distributed control plane tight together with the data plane. Actual network functions are unmanageable and have no flexibility. We can understand how IXPs operators are desperate reading the EURO-IX "whishlist" of the requirements who need to be implemented in core Ethernet switching equipments. The network vendor solutions for IXPs based on MPLS are imperfect readjustment. SDN is an emerging paradigm decoupling the control and data planes, on opening high performance forwarding plane with OpenFlow. The aims of this thesis is to propose an IXP pragmatic Openflow switching fabric, addressing the critical requirements and bringing more flexibility. Transparency is better for neutrality. IXPs needs a straightforward more transparent layer2 fabric where IXP participants can exchange independently their traffic. Few SDN solutions have been presented already but all of them are proposing fuzzy layer2 and 3 separation. For a better stability not all control planes functions can be decoupled from the data plane. As other goal statement, networking testing tools are essential for qualifying networking equipment. Most of them are software based and enable to perform at high speed with accuracy. Moreover network hardware monitoring and testing being critical for computer networks, current solutions are both extremely expensive and inflexible. The experience in deploying Openflow in production networks has highlight so far significant limitations in the support of the protocol by hardware switches. We presents Umbrella, a new SDN-enabled IXP fabric architecture, that aims at strengthening the separation of control and data plane to increase both robustness, flexibility and reliability of the exchange. Umbrella abolish broadcasting with a pseudo wire and segment routing approach. We demonstrated for an IXP fabric not all the control plane can be decoupled from the date plane. We demonstrate Umbrella can scale and recycle legacy non OpenFlow core switch to reduce migration cost. Into the testing tools lacuna we launch the Open Source Network Tester (OSNT), a fully open-source traffic generator and capture system. Additionally, our approach has demonstrated lower-cost than comparable commercial systems while achieving comparable levels of precision and accuracy; all within an open-source framework extensible with new features to support new applications, while permitting validation and review of the implementation. And we presents the integration of OpenFLow Operations Per Second (OFLOPS), an OpenFlow switch evaluation platform, with the OSNT platform, a hardware-accelerated traffic generation and capturing platform. What is better justification than a real deployment ? We demonstrated the real flexibility and benefit of the Umbrella architecture persuading ten Internet Operators to migrate the entire Toulouse IXP. The hardware testing tools we have developed have been used to qualify the hardware who have been deployed in production. The TouIX is running stable from a year. It is fully managed and monitored through a single web application removing all the legacy complex management systems
    corecore