LISP-MSX: Decentralized Interconnection of Independent LISP Mapping Systems

International audienceWe present in this paper a novel solution for the interconnection of LISP (Locator/Identifier Separation Protocol) mapping systems. Our solution, named LISP-MSX, differs from existing approaches in that it allows for complete mapping systems technology independence and for their decentralized interconnection, by means of novel control-plane primitives to LISP and routing protocols, hence guaranteeing faster mappings resolutio

MPTCP Robustness Against Large-Scale Man-in-the-Middle Attacks

International audienceMultipath communications at the Internet scale have been a myth for a long time, with no actual protocol being deployed at large scale. Recently, the Multipath Transmission Control Protocol (MPTCP) extension was standardized and is undergoing rapid adoption in many different use-cases, from mobile to fixed access networks, from data-centers to core networks. Among its major benefits-i.e., reliability thanks to backup path rerouting, through-put increase thanks to link aggregation, and confidentiality being more difficult to intercept a full connection-the latter has attracted lower attention. How effective would be to use MPTCP, or an equivalent multipath transport layer protocol, to exploit multiple Internet-scale paths and decrease the probability of Man-in-the-Middle (MITM) attacks is a question which we try to answer. By analyzing the Autonomous System (AS) level graph, we identify which countries and regions show a higher level of robustness against MITM AS-level attacks, for example due to core cable tapping or route hijacking practices.

Estimation of methane emissions from local and crossbreed beef cattle in Daklak province of Vietnam

Objective: This study was aimed at evaluating effects of cattle breed resources and alternative mixed-feeding practices on meat productivity and emission intensities from household farming systems (HFS) in Daklak Province, Vietnam. Methods: Records from Local Yellow×Red Sindhi (Bos indicus; Lai Sind) and 1/2 Limousin, 1/2 Drought Master, and 1/2 Red Angus cattle during the growth (0 to 21 months) and fattening (22 to 25 months) periods were used to better understand variations on meat productivity and enteric methane emissions. Parameters were determined by the ruminant model. Four scenarios were developed: (HFS1) grazing from birth to slaughter on native grasses for approximately 10 h plus 1.5 kg dry matter/d (0.8% live weight [LW]) of a mixture of Guinea grass (19%), cassava (43%) powder, cotton (23%) seed, and rice (15%) straw; (HFS2) growth period fed with elephant grass (1% of LW) plus supplementation (1.5% of LW) of rice bran (36%), maize (33%), and cassava (31%) meals; and HFS3 and HFS4 computed elephant grass, but concentrate supplementation reaching 2% and 1% of LW, respectively. Results: Results show that compared to HFS1, emissions (72.3±0.96 kg CH 4 /animal/life; least squares means± standard error of the mean) were 15%, 6%, and 23% lower (p < 0.01) for the HFS2, HFS3, and HFS4, respectively. The predicted methane efficiencies (CO 2 eq) per kg of LW at slaughter (4.3±0.15), carcass weight (8.8±0.25 kg) and kg of edible protein (44.1±1.29) were also lower (p < 0.05) in the HFS4. In particular, irrespective of the HSF, feed supply and ratio changes had a more positive impact on emission intensities when crossbred 1/2 Red Angus cattle were fed than in their crossbred counterparts. Conclusion: Modest improvements on feeding practices and integrated modelling frameworks may offer potential trade-offs to respond to climate change in Vietnam

An Outbreak of Severe Infections with Community-Acquired MRSA Carrying the Panton-Valentine Leukocidin Following Vaccination

Background: Infections with community-acquired methicillin-resistant Staphylococcus aureus (CA-MRSA) are emerging worldwide. We investigated an outbreak of severe CA-MRSA infections in children following out-patient vaccination. Methods and Findings: We carried out a field investigation after adverse events following immunization (AEFI) were reported. We reviewed the clinical data from all cases. S. aureus recovered from skin infections and from nasal and throat swabs were analyzed by pulse-field gel electrophoresis, multi locus sequence typing, PCR and microarray. In May 2006, nine children presented with AEFI, ranging from fatal toxic shock syndrome, necrotizing soft tissue infection, purulent abscesses, to fever with rash. All had received a vaccination injection in different health centres in one District of Ho Chi Minh City. Eight children had been vaccinated by the same health care worker (HCW). Deficiencies in vaccine quality, storage practices, or preparation and delivery were not found. Infection control practices were insufficient. CA-MRSA was cultured in four children and from nasal and throat swabs from the HCW. Strains from children and HCW were indistinguishable. All carried the Panton-Valentine leukocidine (PVL), the staphylococcal enterotoxin B gene, the gene complex for staphylococcal-cassette-chromosome mec type V, and were sequence type 59. Strain HCM3A is epidemiologically unrelated to a strain of ST59 prevalent in the USA, althoughthey belong to the same lineage. Conclusions. We describe an outbreak of infections with CA-MRSA in children, transmitted by an asymptomatic colonized HCW during immunization injection. Consistent adherence to injection practice guidelines is needed to prevent CA-MRSA transmission in both in- and outpatient settings

Amélioration du plan de contrôle d'internet avec de nouvelles solutions d'ingénierie de trafic

One of the major challenges in the evolution of the Internet architecture is the definition of a protocol architecture that allows to solve the following major issues in Internet routing and traffic forwarding capabilities, (i) keeping a routing state that is manageable with current and forthcoming computing infrastructure – i.e., with few millions of states, (ii) offering a scalable pull architecture in support of data-plane programmability, (iii) offering a scalable forwarding plane able to be regularly optimized with only active flows information, (iv) offering locator/identifier separation for advanced IP mobility, (v) is incrementally deployable, (vi) can enhance the support of over-the-top services. The Locator/Identifier Separation Protocol (LISP) has been identified as one of the rising protocols in this respect. In its current status, it supports the above mentioned requirements at a level that is acceptable for basic networking environments. However, it shows too limited capacities when it comes to take into consideration fault resiliency and capability to react fast to network state updates. These shortcomings can be compensated by enhancing the control-plane architecture, and the routing algorithms therein. In this dissertation, we propose new protocol features and experiment novel control-plane primitives, as well as hybrid distributed-centralized routing state dissemination algorithms, to scale with different network conditions. We first design and build own open source LISP data-plane and control plane node, comparing it with other implementations, showing how our implementation can scale for large networks and reach performances suitable for real deployments. We present how our implementation served to operate all network nodes (data-plane and control-plane nodes) of a large scale experimentation testbed, the LISP-Lab testbed. Then we propose a novel LISP-based solution for VM live migrations across geographically separated datacenters over wide area IP networks. Experimenting it at large scale, we show that with our approach we can easily reach sub-second downtimes upon Internet-wide migration, even for very distant clients. Moreover, we investigate cross-layer network optimization protocols, in particular in relation with the Multipath Transport Control Protocol (MPTCP) to which LISP can deliver path diversity in support of bandwidth increase, confidentiality support and connection reliability, also using LISP traffic engineering network overlays. Despite we could benefit from only few overlay network nodes, we could experimentally evaluate our proposals showing the positive impact by using our solution, the negative impact of long round-trip times on some MPTCP subflows, and the strong correlation between the differential round-trip time among subflows and the throughput performance. Finally, we worked on a framework to improve LISP operation at the Internet scale, by facilitating cooperation between LISP Mapping Systems and introducing more automation in the LISP connectivity service delivery procedure. We believe such optimization could raise awareness among the service providers’ community, yielding new business opportunities related to LISP mapping services and the enforcement of advanced inter-domain traffic engineering policies for the sake of better quality of service guarantees.L'un des défis majeurs de l'évolution de l'architecture Internet est la définition d'une architecture protocolaire permettant d'améliorer le routage, et en particulier (i) conserver un système de routage gérable avec les technologies actuelles et futures c'est-à-dire, avec quelques millions d'états, (ii) offrir une architecture apte à faciliter la programmabilité du plan de transfert, (iii) proposer un système de routage évolutif pouvant être régulièrement optimisé avec uniquement les informations sur les flux actifs, (iv) fournir une séparation entre localisateurs et identificateurs pour la mobilité IP avancée, (v) faciliter un déploiement incrémental, (vi) mieux servir les services applicatifs "over-the-top". Le protocole LISP (\textit{Locator/Identifier Separation Protocol}) a été identifié comme l'un des protocoles émergents à cet égard. Dans son état actuel, il répond très bien aux besoins susmentionnés. Cependant, il subit des limitations lorsqu'il s'agit de prendre en compte la résilience et la capacité à réagir rapidement aux mises à jour de l'état du réseau. Ces inconvénients peuvent être compensés en améliorant l'architecture du plan de contrôle et ses algorithmes de routage. Dans cette thèse, nous proposons une nouvelle architecture réseau-système et expérimentons de nouvelles primitives de plan de contrôle, ainsi que d'algorithmes de diffusion des états, en testant son passage à l'échelle avec différentes conditions de réseau. Nous concevons et construisons d'abord un nœud de plan de données et de plan de contrôle LISP open source. Nous le comparons avec d'autres implémentations en montrant que notre implémentation atteint des performances adaptées aux vrais déploiements. Nous montrons comment notre implémentation a permis la mise en oeuvre d'une plateforme d'expérimentation à grande échelle, la plate-forme LISP-Lab, en opération aussi bien les fonctions de plan de transfert que les fonctions de plan de contrôle. En suite, nous proposons une nouvelle solution pour les migrations à chaud de machines virtuelles à travers des centres de données géographiquement répartis sur des réseaux IP étendus. Des tests dans un testbed réel connecté nativement à Internet montrent qu'avec notre approche, nous pouvons facilement atteindre des temps d'arrêt inférieurs à la seconde lors de la migration sur une grande échelle, même pour des clients très distants. En outre, nous avons étudié des protocoles d'optimisation de réseau multicouche, en particulier en relation avec le protocole MPTCP (Multipath Transport Control Protocol), auquel LISP peut offrir une diversité de chemins pour l’agrégation de bande passante, ainsi qu’une plus grande confidentialité et fiabilité des connexions. Bien que nous ne puissions bénéficier que de quelques nœuds de réseau superposés, nous avons pu évaluer expérimentalement nos propositions en montrant l'impact positif de notre solution, l'impact négatif des longs temps d'aller-rétour sur certains sous-flux MPTCP, et la forte corrélation entre le temps d'aller-retour différentiel et le débit. Enfin, nous avons travaillé sur une refonte du plan de contrôle de LISP afin d’améliorer son fonctionnement du à l'échelle d’Internet, en facilitant la coopération entre les systèmes de mapping LISP et en introduisant plus d'automatisation dans la procédure de fourniture de services de connectivité LISP. Nous croyons qu'une telle optimisation pourrait sensibiliser la communauté des fournisseurs de services, générant de nouvelles opportunités commerciales liées aux services de cartographie LISP et l'application de politiques d'ingénierie de trafic interdomaines avancées dans le but d'obtenir de meilleures garanties de qualité de service

Internet Acceleration with LISP Traffic Engineering and Multipath TCP

International audience—We present different design options to implement Augmented Multipath Transmission Control Protocol (A-MPTCP) communications via a Locator/Identifier Separation Protocol (LISP) Traffic Engineering (TE) overlay network. MPTCP allows a TCP connection using multiple subflows to maximize resource usage. LISP is a routing and addressing architecture that provides new semantics for IP communications, by separating the device identity (endpoint identifier) from its location (routing locator) using two different numbering spaces. Our proposition is to adopt a LISP overlay network with traffic engineering capabilities to steer MPTCP subflows across wide-area Internet networks. The resulting augmentation consists of a subflow forwarding that can reach edge bottleneck capacity and surround inter-domain transit bottlenecks and inefficient paths. It can be particularly useful for cases where, even if endpoints are single-homed, inter-domain path diversity can be grasped by the LISP-TE network overlay. We specify the different modes at which this augmentation can take place, from stateless and light modes with very limited management in the network, to stateful and advanced modes implementable by a network provider desiring a higher control on the network. Based on extensive experimentation on the worldwide LISP testbed, we show that the achievable gains up 25% in throughput, while identifying required further improvements

The OpenLISP control-plane architecture

International audienceAmong many options tackling the scalability issues of the current Internet routing architecture, the Locator/Identifier Separation Protocol (LISP) appears as a viable solution. LISP improves a network's scalability, flexibility, and traffic engineering, enabling mobility with limited overhead. As for any new technology, implementation and deployment are essential to gather and master the real benefits that it provides. In this article, we present the first complete open source implementation of the LISP control plane. Our implementation is deployed in the worldwide LISP Beta Network and the French LISP-Lab testbed, and includes the key standardized control plane features. Our control plane software is the companion of the existing OpenLISP dataplane implementation, allowing the deployment of a fully functional open source LISP network compatible with any implementation respecting the standards

An Open Control-Plane Implementation for LISP networks

International audienceAmong many options to tackle scalability issues of the current Internet routing architecture, the Locator Identity Separation Protocol (LISP) seems to be a feasible and effective one. LISP brings renewed scale and flexibility to the network, enabling advanced mobility management, with acceptable scalability and security. This paper gives a brief presentation about an open control-plane implementation of LISP currently working in the lisp4.net testbed. Our implementation includes most LISP control-plane functions, and also a module to allow the integration with an OpenLISP data-plane and, therefore, the deployment of a complete standalone Open-Source LISP Tunnel Router interoperable with existing Cisco LISP implementation

Numerical evaluation of MPTCP schedulers in terms of throughput and reliability

International audienc