41 research outputs found
Multidomain Network Based on Programmable Networks: Security Architecture
This paper proposes a generic security architecture
designed for a multidomain and multiservice network
based on programmable networks. The multiservice
network allows users of an IP network to run
programmable services using programmable nodes
located in the architecture of the network. The
programmable nodes execute codes to process active
packets, which can carry user data and control
information. The multiservice network model defined
here considers the more pragmatic trends in
programmable networks. In this scenario, new security
risks that do not appear in traditional IP networks become
visible. These new risks are as a result of the execution of
code in the programmable nodes and the processing of the
active packets. The proposed security architecture is based
on symmetric cryptography in the critical process,
combined with an efficient manner of distributing the
symmetric keys. Another important contribution has been
to scale the security architecture to a multidomain
scenario in a single and efficient way.Publicad
Scalable QoS-aware Mobility for Future Mobile Operators
Telecom operators and Internet service providers
are heading for a new shift in communications
paradigms. The forthcoming convergence
of cellular and wireless data networks is often
manifested in an “all IP approach” in which all
communications are based on an end-to-end IP
protocol framework. The approach to network
design becomes user and service-centered, so
that continuous reachability of mobile users and
sustained communication capabilities are default
requirements for a prospective architecture. In
this article, we describe a network architecture
which is able to provide seamless communication
mobility, triggered either by the user or by the
network, across multiple technologies. The architecture
allows for media independent handovers
and supports optimized mobility and resource
management functions. The main focus of the
article is on major technical highlights of mobility
and quality-of-service (QoS) management subsystems
for converged networks.Publicad
IPv6 Network Mobility
Network Authentication, Authorization, and Accounting has
been used since before the days of the Internet as we know it
today. Authentication asks the question, “Who or what are
you?” Authorization asks, “What are you allowed to do?” And fi nally,
accounting wants to know, “What did you do?” These fundamental
security building blocks are being used in expanded ways today. The
fi rst part of this two-part series focused on the overall concepts of
AAA, the elements involved in AAA communications, and highlevel
approaches to achieving specifi c AAA goals. It was published in
IPJ Volume 10, No. 1[0]. This second part of the series discusses the
protocols involved, specifi c applications of AAA, and considerations
for the future of AAA
Unificación de los protocolos de multipunto fiable optimizando la escalabilidad y el retardo
Las aplicaciones distribuidas que precisan de un servicio multipunto fiable son muy
numerosas, y entre otras es posible citar las siguientes: bases de datos distribuidas, sistemas
operativos distribuidos, sistemas de simulación interactiva distribuida y aplicaciones
de distribución de software, publicaciones o noticias. Aunque en sus orígenes el dominio
de aplicación de tales sistemas distribuidos estaba reducido a una única subred (por ejemplo
una Red de Área Local) posteriormente ha surgido la necesidad de ampliar su aplicabilidad
a interredes.
La aproximación tradicional al problema del multipunto fiable en interredes se ha basado
principalmente en los dos siguientes puntos: (1) proporcionar en un mismo protocolo
muchas garantías de servicio (por ejemplo fiabilidad, atomicidad y ordenación) y a su vez
algunas de éstas en distintos grados, sin tener en cuenta que muchas aplicaciones multipunto
que precisan fiabilidad no necesitan otras garantías; y (2) extender al entorno multipunto
las soluciones ya adoptadas en el entorno punto a punto sin considerar las características
diferenciadoras; y de aquí, que se haya tratado de resolver el problema de la fiabilidad
multipunto con protocolos extremo a extremo (protocolos de transporte) y utilizando esquemas
de recuperación de errores, centralizados (las retransmisiones se hacen desde un
único punto, normalmente la fuente) y globales (los paquetes solicitados se vuelven a enviar
al grupo completo).
En general, estos planteamientos han dado como resultado protocolos que son ineficientes
en tiempo de ejecución, tienen problemas de escalabilidad, no hacen un uso óptimo
de los recursos de red y no son adecuados para aplicaciones sensibles al retardo.
En esta Tesis se investiga el problema de la fiabilidad multipunto en interredes operando
en modo datagrama y se presenta una forma novedosa de enfocar el problema: es más
óptimo resolver el problema de la fiabilidad multipunto a nivel de red y separar la fiabilidad
de otras garantías de servicio, que pueden ser proporcionadas por un protocolo de
nivel superior o por la propia aplicación.
Siguiendo este nuevo enfoque se ha diseñado un protocolo multipunto fiable que opera
a nivel de red (denominado RMNP). Las características más representativas del RMNP
son las siguientes; (1) sigue una aproximación orientada al emisor, lo cual permite lograr
un grado muy alto de fiabilidad; (2) plantea un esquema de recuperación de errores distribuido
(las retransmisiones se hacen desde ciertos encaminadores intermedios que siempre
estarán más cercanos a los miembros que la propia fuente) y de ámbito restringido (el alcance
de las retransmisiones está restringido a un cierto número de miembros). Este esquema
hace posible optimizar el retardo medio de distribución y disminuir la sobrecarga
introducida por las retransmisiones; (3) incorpora en ciertos encaminadores funciones de
agregación y filtrado de paquetes de control, que evitan problemas de implosión y reducen
el tráfico que fluye hacia la fuente.
Con el fin de evaluar el comportamiento del protocolo diseñado, se han realizado
pruebas de simulación obteniéndose como principales conclusiones que, el RMNP escala
correctamente con el tamaño del grupo, hace un uso óptimo de los recursos de red y es adecuado para aplicaciones sensibles al retardo.---ABSTRACT---There are many distributed applications that require a reliable multicast service, including:
distributed databases, distributed operating systems, distributed interactive simulation
systems and distribution applications of software, publications or news. Although
the application domain of distributed systems of this type was originally confíned to a single
subnetwork (for example, a Local Área Network), it later became necessary extend
their applicability to internetworks.
The traditional approach to the reliable multicast problem in internetworks is based
mainly on the following two points: (1) provide a lot of service guarantees in one and the
same protocol (for example, reliability, atomicity and ordering) and different levéis of
guarantee in some cases, without taking into account that many multicast applications that
require reliability do not need other guarantees, and (2) extend solutions adopted in the
unicast environment to the multicast environment without taking into account their distinctive
characteristics. So, the attempted solutions to the multicast reliability problem
were end-to-end protocols (transport protocols) and centralized error recovery schemata
(retransmissions made from a single point, normally the source) and global error retrieval
schemata (the requested packets are retransmitted to the whole group).
Generally, these approaches have resulted in protocols that are inefficient in execution
time, have scaling problems, do not make optimum use of network resources and are not
suitable for delay-sensitive applications.
Here, the multicast reliability problem is investigated in internetworks operating in
datagram mode and a new way of approaching the problem is presented: it is better to
solve to the multicast reliability problem at network level and sepárate reliability from
other service guarantees that can be supplied by a higher protocol or the application itself.
A reliable multicast protocol that operates at network level (called RMNP) has been
designed on the basis of this new approach. The most representative characteristics of the
RMNP are as follows: (1) it takes a transmitter-oriented approach, which provides for a
very high reliability level; (2) it provides for an error retrieval schema that is distributed
(the retransmissions are made from given intermedíate routers that will always be closer to the members than the source itself) and of restricted scope (the scope of the retransmissions
is confined to a given number of members), and this schema makes it possible to optimize
the mean distribution delay and reduce the overload caused by retransmissions; (3)
some routers include control packet aggregation and filtering functions that prevent implosión
problems and reduce the traffic flowing towards the source.
Simulation test have been performed in order to evalúate the behaviour of the protocol
designed. The main conclusions are that the RMNP scales correctly with group size,
makes optimum use of network resources and is suitable for delay-sensitive applications
Practical Evaluation of a Network Mobility Solution
IFIP International Workshop on Networked Applications, Colmenarejo, Madrid/Spain, 6–8 July, 2005As the demand of ubiquitous Internet access and the current trend of all-IP communications keep growing, the necessity of a protocol that provides mobility management increases. The IETF has specified protocols to provide mobility support to individual nodes and networks. The Network Mobility (NEMO) Basic Support protocol is designed for providing mobility at IP level to complete networks, allowing a Mobile Network to change its point of attachment to the Internet, while maintaining ongoing sessions of the nodes of the network. All the mobility management is done by the mobile router whilst the nodes of the network are not even aware of the mobility.
The main aim of this article is evaluating the performance of the NEMO Basic Support protocol by using our implementation. We also discuss the design of an implementation of the NEMO Basic Support protocol.Publicad
Caracterización de los enlaces de Internet utilizando tecnología de redes activas
This paper presents the design, implementation and trials of a-clink, which is a hop-by-hop
performance estimation tool based on active networks. The paper begins by analyzing different alternatives
of hop-by-hop performance estimation tools: pathchar, clink, pchar and nettimer. Based on this analysis,
several deficiencies are identified on the different tools. In order to improve the efficiency and accuracy of
the estimations, one of the tools is selected, clink, to design an extension based active network technology.
This extension, a-clink, has been implemented over the public domain active network platform SARA. The
implementation of a-clink has been trialed on a simple active network prototype spanning two universities
connected through public Internet, and its results compared with those obtained by the original clink. The
paper concludes describing the advantages of the active version of clink over the conventional passive
performance estimation tool.Publicad
A practical approach to network-based processing
The usage of general-purpose processors externally attached to routers to play virtually the role of active coprocessors seems a safe and cost-effective approach to add active network capabilities to existing routers. This paper reviews this router-assistant way of making active nodes, addresses the benefits and limitations of this technique, and describes a new platform based on it using an enhanced commercial router. The features new to this type of architecture are transparency, IPv4 and IPv6 support, and full control over layer 3 and above. A practical experience with two applications for path characterization and a transport gateway managing multi-QoS is described.Most of this work has been funded by the IST project GCAP (Global Communication Architecture and Protocols for new QoS services over IPv6 networks) IST-1999-10 504. Further development and application to practical scenarios is being supported by IST project Opium (Open Platform for Integration of UMTS Middleware) IST-2001-36063 and the Spanish MCYT under projects TEL99-0988-C02-01 and AURAS TIC2001-1650-C02-01.Publicad
ABEONA monitored traffic: VANET-assisted cooperative traffic congestion forecasting
The existing mechanisms to monitor vehicular traffic, such as the use of induction loops and cameras, are expensive to deploy and maintain. Vehicular communications opens up a new world of optimization opportunities as each vehicle can be used as a sensor to measure the fundamental variables defining the traffic state (flow, density, and speed). In this article, we propose ABEONA, a beacon-based traffic congestion algorithm and also the name of the Roman goddess of journey, which captures the current and recent-past traffic trends to forecast the near-future road conditions. Compared to the existing monitoring approaches, ABEONA allows for the estimation of the vehicular density and reduces installation and maintenance costs. ABEONA's algorithm incurs low overhead and enables drivers to use forecast traffic congestion events to replan their route accordingly.Publicad
Mecanismos de seguridad en redes activas sobre arquitectura SARA
Active network technology enables fast deployment of new network services tailored to
the specific needs of end users, among others features. Nevertheless security issues still are a main
concern when considering the industrial adoption of this technology. In this article we describe
SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the
context of the IST-GCAP project, and then consider security requirements detected in this
architecture, concerning confidentiality, integrity, authentication, no repudiation and
retransmission. Later, we present the security protocol proposed which intents to cover all
imposed requirements, and finally we will address implementation perspectives using available
technologies such as IPSec and SSL
PMIPv6: a network-based localized mobility management solution
European Community's Seventh Framework ProgramPublicad