Performance of active multicast congestion control

This paper aims to provide insight into the behavior of congestion control mechanisms for reliable multicast protocols. A multicast congestion control based on active networks has been proposed and simulated using ns-2 over a network topology obtained using the Tiers tool. The congestion control mechanism has been simulated under different network conditions and with different settings of its configuration parameters. The objective is to analyze its performance and the impact of the different configuration parameters on its behavior. The simulation results show that the performance of the protocol is good in terms of delay and bandwidth utilization. The compatibility of the protocol with TCP flows has not been demonstrated, but the simulations performed show that by altering the parameter settings, the proportion of total bandwidth taken up by the two types of flow, multicast and TCP, may be modified.Publicad

Multidomain Network Based on Programmable Networks: Security Architecture

This paper proposes a generic security architecture designed for a multidomain and multiservice network based on programmable networks. The multiservice network allows users of an IP network to run programmable services using programmable nodes located in the architecture of the network. The programmable nodes execute codes to process active packets, which can carry user data and control information. The multiservice network model defined here considers the more pragmatic trends in programmable networks. In this scenario, new security risks that do not appear in traditional IP networks become visible. These new risks are as a result of the execution of code in the programmable nodes and the processing of the active packets. The proposed security architecture is based on symmetric cryptography in the critical process, combined with an efficient manner of distributing the symmetric keys. Another important contribution has been to scale the security architecture to a multidomain scenario in a single and efficient way.Publicad

Performance analysis of a security architecture for active networks in Java

Internacional Association of Science and Technology for Development - IASTED, Benalmadena, Spain: 8-10 Septiembre, 2003.Active network technology supports the deployment and execution on the fly of new active services, without interrupting the network operation. Active networks are composed of special nodes (named Active Router) that are able to execute active code to offer the active services. This technology introduces some security threats that must be solved using a security architecture. We have developed a security architecture (ROSA) for an active network platform (SARA). Java has been used as programming language in order to provide portability, but it imposes some performance limitations. This paper analyses the penalty of using Java and proposes some mechanisms to improve the performance of cryptographic implementations in Java.Publicad

ROSA: Realistic Open Security Architecture for active networks

Proceedings of IFIP-TC6 4th International Working Conference, IWAN 2002 Zurich, Switzerland, December 4–6, 2002.Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among other features. Nevertheless, security is still a main concern when considering the industrial adoption of this technology. In this article we describe an open security architecture for active network platforms that follow the discrete approach. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm. The performance of the proposal is validated with experimental data obtained from a prototype implementation of the solution.Publicad

DoS protection for a Pragmatic Multiservice Network Based on Programmable Networks

Proceedings of First International IFIP TC6 Conference, AN 2006, Paris, France, September 27-29, 2006.We propose a scenario of a multiservice network, based on pragmatic ideas of programmable networks. Active routers are capable of processing both active and legacy packets. This scenario is vulnerable to a Denial of Service attack, which consists in inserting false legacy packets into active routers. We propose a mechanism for detecting the injection of fake legacy packets into active routers. This mechanism consists in exchanging accounting information on the traffic between neighboring active routers. The exchange of accounting information must be carried out in a secure way using secure active packets. The proposed mechanism is sensitive to the loss of packets. To deal with this problem some improvements in the mechanism has been proposed. An important issue is the procedure for discharging packets when an attack has been detected. We propose an easy and efficient mechanism that would be improved in future work.Publicad

Providing Authentication & Authorization Mechanisms for Active Service Charging

Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among others features. Nevertheless proper charging for these new added value services require suitable authentication and authorization mechanisms. In this article we describe a security architecture for SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the context of the IST-GCAP project. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm.Publicad

Principios y Aplicaciones de las Redes Activas

This paper presents an overview of a new network technology: active networks. The active networks goal is to produce a new networking platform, flexible and extensible at runtime to accommodate the rapid evolution and deployment of networking technologies and also to provide the increasingly sophisticated services demanded by users. A snapshot of the architecture being developed in DARPA active networks program is presented. Finally, potential applications of active networks are highlighted, along with some of the challenges that must be overcome to make them a reality

Caracterización de los enlaces de Internet utilizando tecnología de redes activas

This paper presents the design, implementation and trials of a-clink, which is a hop-by-hop performance estimation tool based on active networks. The paper begins by analyzing different alternatives of hop-by-hop performance estimation tools: pathchar, clink, pchar and nettimer. Based on this analysis, several deficiencies are identified on the different tools. In order to improve the efficiency and accuracy of the estimations, one of the tools is selected, clink, to design an extension based active network technology. This extension, a-clink, has been implemented over the public domain active network platform SARA. The implementation of a-clink has been trialed on a simple active network prototype spanning two universities connected through public Internet, and its results compared with those obtained by the original clink. The paper concludes describing the advantages of the active version of clink over the conventional passive performance estimation tool.Publicad

ROSA: Realistic Open Security Architecture for active networks

Proceedings of IFIP-TC6 4th International Working Conference, IWAN 2002 Zurich, Switzerland, December 4–6, 2002.Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among other features. Nevertheless, security is still a main concern when considering the industrial adoption of this technology. In this article we describe an open security architecture for active network platforms that follow the discrete approach. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm. The performance of the proposal is validated with experimental data obtained from a prototype implementation of the solution.Publicad