On the performance and improvement of alias resolution methods for Internet core networks

The Internet is a huge interconnection of thousands of networks with different technologies, equipment, configurations, and administrative owners. This, added to the lack of public information about those individual infrastructures, makes it a difficult task to provide a so-called Internet map: a topological map with information of routers, interconnections between routers, and IP addressing configuration. Traditional topology discovery methods based on traceroutes only provide IP addresses in the path between end-nodes. Some of those IP addresses can belong to the same router, and this identification is made by alias resolution methods. Therefore, alias resolution allows to provide router-level map of the Internet with important applications in network simulation, protocol design, network management, network security, network service design, and geolocation. In this paper, alias resolution methods are analyzed in Internet core networks (GlobalNOC, Canet4, and Geant). This allows to identify peculiar behaviors in these core networks, improving alias resolution methods. Simultaneously, reduction methods are used to decrease the number of probing packets in alias resolution methods.     

AAA architecture for mobile IPv6 based on WLAN

Mobility support for Internet devices is quite important for consumer electronics. The number of the hand‐held devices is growing quickly. However, there are not enough IP addresses for the number of the rapidly growing devices in the All‐IP generation. Internet Protocol version 6 (IPv6) was therefore adopted to solve these problems. Our purposed structure is based on IEEE 802.11. However, IEEE 802.11 has a serious security drawback. Further, from the Internet Service Providers' point of view, accounting is a potential problem. A mechanism combining Mobile IPv6 and AAA based on IEEE 802.11 to overcome these problems is essential. Both Internet Protocol version 4 (IPv4) and IPv6 support IP security (IPsec) when data packets are exchanged across the IP network. IPsec operates at the IP layer. It can support system authentication and authorization, However, it lacks a system accounting function. Therefore ISPs cannot establish correct billing for their services. This is the reason why we chose to combine the wireless network and AAA functions. In this paper, the AAA mechanism is used to protect security, with the architecture having authentication, authorization, and accounting functions. We will discuss the benefits of AAA and state the reason why we choose to combine AAA with the mobility architecture. Copyright © 2004 John Wiley & Sons, Ltd.     

Efficient and secure business model for content centric network using elliptic curve cryptography

Initially, Internet has evolved as a resource sharing model where resources are identified by IP addresses. However, with rapid technological advancement, resources/hardware has become cheap and thus, the need of sharing hardware over Internet is reduced. Moreover, people are using Internet mainly for information exchange and hence, Internet has gradually shifted from resource sharing to information sharing model. To meet the recent growing demand of information exchange, Content Centric Network (CCN) is envisaged as a clean‐slate future network architecture which is specially destined for smooth content distribution over Internet. In CCN, content is easily made available using network caching mechanism which is misaligned with the existing business policy of content providers/publishers in IP‐based Internet. Hence, the transition from contemporary IP‐based Internet to CCN demands attention for redesigning the business policy of the content publishers/providers. In this paper, we have proposed efficient and secure communication protocols for flexible CCN business model to protect the existing business policies of the content publisher while maintaining the salient CCN features like in‐network content caching and Interest packet aggregation. To enhance the efficiency and security, the Elliptic Curve Cryptography (ECC) is used. The proposed ECC‐based scheme is analyzed to show that it is resilient to relevant existing cryptographic attacks. The performance analysis in terms of less computation and communication overheads and increased efficiency is given. Moreover, a formal security verification of the proposed scheme is done using widely used AVISPA simulator and BAN logic that shows our scheme is well secured.     

IPv6

The Internet is changing - as it has to, because IPv4 does not support enough addresses for everyone alive today, let alone proliferating embedded and mobile devices. This paper discusses the advantages of Internet protocol version 6 (IPv6) over IPv4. The main advantage of IPv6 is the increase in the number of addresses available for networked devices, allowing, for example, each mobile phone and mobile electronic device to have its own IP address     

专题：移动互联网的发展趋势和技术方向——移动互联网中的若干问题研究

对移动互联网的商业模型、移动互联网所使用的两种网络（移动网和无线局域网）的网络特性、移动智能终端、移动网的网络特性和资源管理、移动互联网中的IP地址和寻址等5个问题进行讨论,指出其存在的问题和可能的解决方法,认为这些深层次问题的解决,可使核心技术获得突破性进展.     

Fast Duplicate Address Detection for Seamless Inter-Domain Handoff in All-IPv6 Mobile Networks

In All-IP networks, each computer or communication equipment needs an IP address. To supply enough IP addresses, the new Internet protocol IPv6 will be used in next generation mobile communication. Although IPv6 improves the existing Internet protocol (IPv4), Duplicate Address Detection (DAD) mechanism may consume resources and suffer from long delay. DAD is used to make sure whether the IP address is unique or not. When a mobile node performs an inter-domain handoff, it will first generate a new IP and perform a DAD procedure. The DAD procedure not only wastes time but also increases the signaling load on Internet. In this paper, we propose a new DAD mechanism to speed up the DAD procedure. We create a DAD table in access or mobility routers in All-IP networks and record all IP addresses of the area. When a new IP address needs to perform DAD, it can just search in the DAD table to confirm the uniqueness of the address. Furthermore, we propose a new method, Fast Duplicate Address Detection (Fast DAD), to reduce data search time. Simulation results show that our method outperforms the existing DAD methods.     

Autonomic addressing and internetworking on unlimited scale

Following host software evolution and experience, it is pointed out that the namespace is the only appropriate application-system boundary even for networking, and that in analogy to host operating systems, the namespace is in fact necessary and sufficient for automatic, efficient management of the Internet addresses and routes. A simple, elegant namespace construction is described which does not need a global address infrastructure, provides addressing, routing and flow setup signalling over an unconstrained number of independent IP address spaces or realms, reducing to IP and DNS within a single realm and degrading softly on the multirealm scale.     

A novel IPv6 traceback architecture using COPS protocol

In any Distributed Denial of Service (DDoS) attack, invaders may use incorrect or spoofed Internet Protocol (IP) addresses in the attacking packets and thus disguise the actual origin of the attacks. This is primarily due to the stateless nature of the Internet. IP traceback algorithms provide mechanisms for identifying the true source of an IP datagram on the Internet ensuring at least the accountability of cyber attacks. While many IP traceback techniques have been proposed, most of the previous studies focus and offer solutions for DDoS attacks done on Internet Protocol version 4 (IPv4) environment. IPv4 and IPv6 networks differ greatly from each other, which urge the need of traceback techniques specifically tailored for IPv6 networks. In this paper, we propose a novel traceback architecture for IPv6 networks using Common Open-Policy Service and a novel packet-marking scheme. We also provide complete underlying protocol details required for traceback support in IPv6 networks. The proposed architecture is on demand and only single packet is required to traceback the attack.     

IP-address lookup using LC-tries

There has been a notable interest in the organization of routing information to enable fast lookup of IP addresses. The interest is primarily motivated by the goal of building multigigabit routers for the Internet, without having to rely on multilayer switching techniques. We address this problem by using an LC-trie, a trie structure with combined path and level compression. This data structure enables us to build efficient, compact, and easily searchable implementations of an IP-routing table. The structure can store both unicast and multicast addresses with the same average search times. The search depth increases as Θ(log log n) with the number of entries in the table for a large class of distributions, and it is independent of the length of the addresses. A node in the trie can be coded with four bytes. Only the size of the base vector, which contains the search strings, grows linearly with the length of the addresses when extended from 4 to 16 bytes, as mandated by the shift from IP version 4 to IP version 6. We present the basic structure as well as an adaptive version that roughly doubles the number of lookups/s. More general classifications of packets that are needed for link sharing, quality-of-service provisioning, and multicast and multipath routing are also discussed. Our experimental results compare favorably with those reported previously in the research literature     

Virtual network approach to scalable IP service deployment and efficient resource management

As the Internet evolves into a global all-service communication infrastructure, a key consideration is providing quality of service guarantees over IP with efficient resource utilization in a scalable, flexible, and automatic way. In this article we present a virtual network (VN) based architecture for scalable IP service deployment and efficient network resource management. Particularly considering a DiffServ/MPLS III transport network supporting multiple VNs, we propose a dynamic approach for efficient bandwidth sharing among VNs. The bandwidth sharing is service-level-agreement-based; the spare capacity in underloaded VNs is adaptively and efficiently utilized, and SLA compliance for all the VNs involved is always guaranteed.     

Improving the routing and addressing of IP

Simple mechanisms for introducing hierarchy into the interdomain routing system, making it practical to route a truly large Internet, are described. It is shown that addresses need to be assigned along network topological lines to maximise the reduction in routing overhead. Simplifying the mechanisms for changing hot addresses makes it possible to renumber a network so that it has a topologically significant address when the site changes position within the routing system. These proposals make it possible to significantly increase the utilization of addresses and extend the time the Internet can use the Internet Protocol (IP) Version 4     

MPLS and traffic engineering in IP networks

Rapid growth and increasing requirements for service quality, reliability, and efficiency have made traffic engineering an essential consideration in the design and operation of large public Internet backbone networks. Internet traffic engineering addresses the issue of performance optimization of operational networks. A paramount objective of Internet traffic engineering is to facilitate the transport of IP traffic through a given network in the most efficient, reliable, and expeditious manner possible. Historically, traffic engineering in the Internet has been hampered by the limited functional capabilities of conventional IP technologies. Recent developments in multiprotocol label switching (MPLS) and differentiated services have opened up new possibilities to address some of the limitations of the conventional technologies. This article discusses the applications of MPLS to traffic engineering in IP networks     

基于名的平坦路由

路由是信息网络的基础,分布于网络的各个层面。现有互联网采用了基于IP地址的网络层路由技术和基于域名解析的域名服务器（DNS）应用层路由技术。由于IP地址和域名的结构化特点和身份位置紧耦合特点,使得互联网面临路由可扩展性、安全性、资源服务迁徙移动支持性差等严峻问题。基于名的平坦路由采用了平面化的身份命名方式,实现了身份位置分离,可有效提高网络路由的可扩展性、可配置性、安全性、服务支持的鲁棒性、资源移动的支持性等。     

Dynamic Resource Allocation for Beyond 3G Cellular Networks

The Multicarrier CDMA Transmission Techniques for Integrated Broadband Cellular Systems (MATRICE) project addresses a candidate solution for a Beyond 3G (B3G) air-interface based on Multi-Carrier Code Division Multiple Access (MC-CDMA). It investigates dynamic resource allocation strategies at the Medium Access Control (MAC) layer to support the transport of Internet Protocol (IP) packets over the air-interface in a cost effective manner and maximise the cell capacity with a target QoS. A candidate Dynamic Resource Allocation (DRA) protocol architecture is proposed that is based on cross-layer signalling to provide reactive resource allocation according to the fast channel and traffic variations. In-line with B3G expectations, the proposed DRA handles a very large number of users with inherent flexibility and granularity necessary to support heterogeneous traffic, and still with limited complexity. Thanks to the modular architecture of the DRA, various scheduling policies are investigated and compared in terms of capacity and reactivity to the system environment. Simulation results have shown that the MATRICE system has the potential to deliver broadband heterogenous services in a cost-effective manner, and emerge as a propespective candidate air-interface for B3G cellular networks.     

中国互联网产业缘何逆势上扬

研究背景 2009年,中国互联网进入高速发展的时期。在全球金融危机不断蔓延的大环境下,截至2009年6月底,中国网民规模达到3．38亿人,较2008年底增长4000万人,半年增长率为13．4％,互联网普及率达到25．5％,中国网民规模依然保持快速增长之势。此外,宽带网民规模达到3．2亿人,占网民总体规模的94.3％;手机网民规模为1．55亿人,占整体网民的45．9％,半年内手机网民增长超过3700万。     

Integrated Service Mobile Internet: RSVP over Mobile IPv4&6

While the Internet keeps its penetration into every facet of life and every corner of the globe, two things stand out. One is the hunger for high quality of services to convey audio and video data. The other is the desire for ubiquitous connections. Combining the two we have an Internet that is capable of supporting multimedia communications for nomadic users on the move. To have a high quality connection, resource must be allocated along the connection path. The current Internet standard for resource reservation is RSVP (Resource reSerVation Protocol), which is receiver-initiated and allows one-to-one or one-to-many communication to have resource reserved in the path from sender to receiver(s). To support mobile users, the Internet also has the mobile IP standard. Mobile IP allows a mobile host to roam from one subnet to another seamlessly. However, several problems need to be solved before we can support QoS communications for mobile users by applying RSVP to mobile IP. In this paper, we identify four problems related to RSVP over mobile IP. The problems are the resource pre-reservation problem, the RSVP tunneling problem, the common path identification problem, and the mobile proxy problem. We also survey the various solutions proposed by many papers.     

Low-Cost Identifiers for Ubiquitous Computing

Any device we want to connect to a global network, e.g. Internet, should have a unique global identifier. However, the size of this identifier can be an unacceptable overhead for devices with limited resources (sensors, toys, disposable devices, micro-robots, etc.), because conventional protocols use full addresses to transmit, process, and store the data required for routing. The usual solution for such devices is to limit the address space to 1 or 2 bytes, but this sacrifices the global unicity of the identifiers. The proposal presented in this article enables devices with limited resources to use reduced addresses that globally identify hosts. We propose the use of abbreviated addresses for routing. We have developed a new protocol named ADSR that takes advantage of these new addresses. This protocol is a modified version of DSR based on the use of abbreviated addresses. The abbreviation procedure can lead to two different nodes having the same address, which we will term collision. ADSR allows rather than avoids collisions. The foundations of this protocol, and some results of an implementation are also presented in this article.     

Box counting–based multifractal analysis of network to detect Domain Name Server attack

Domain Name Server (DNS) is a type of server used to maintain and process the IP addresses of all the domains in the Internet. It works by responding with corresponding IP addresses when a client requests with a domain name. The DNS can be attacked by redirecting all the incoming traffic to a fake server by returning fake IP address when requested by a client. In this work, a novel work has been employed to detect DNS attack using box‐counting method (BCM)–based multifractal analysis. A set of network features are selected and rules are created using CISCO's Flowspec model, and those features are analysed using BCM technique to find the attack in the network traffic. To the best of our knowledge, this is the first work that implements Flowspec‐based monitoring of DNS attack using fractal analysis.     

Dynamic hierarchical mobility management strategy for mobile IP networks

One of the major challenges for the wireless network design is the efficient mobility management, which can be addressed globally (macromobility) and locally (micromobility). Mobile Internet protocol (IP) is a commonly accepted standard to address global mobility of mobile hosts (MHs). It requires the MHs to register with the home agents (HAs) whenever their care-of addresses change. However, such registrations may cause excessive signaling traffic and long service delay. To solve this problem, the hierarchical mobile IP (HMIP) protocol was proposed to employ the hierarchy of foreign agents (FAs) and the gateway FAs (GFAs) to localize registration operations. However, the system performance is critically affected by the selection of GFAs and their reliability. In this paper, we introduce a novel dynamic hierarchical mobility management strategy for mobile IP networks, in which different hierarchies are dynamically set up for different users and the signaling burden is evenly distributed among the network. To justify the effectiveness of our proposed scheme, we develop an analytical model to evaluate the signaling cost. Our performance analysis shows that the proposed dynamic hierarchical mobility management strategy can significantly reduce the system signaling cost under various scenarios and the system robustness is greatly enhanced. Our analysis also shows that the new scheme can outperform the Internet Engineering Task Force mobile IP hierarchical registration scheme in terms of the overall signaling cost. The more important contribution is the novel analytical approach in evaluating the performance of mobile IP networks.     

加快以IPv6为基础的下一代互联网发展迫在眉睫

随着IPv4地址的耗尽和IP地址需求的持续增加,以IPv6为核心的下一代互联网发展成为通信业界最关心、最直接、最迫切的问题之一。而3G移动互联网和物联网等新兴产业的发展使得向IPv6过渡变得更为紧迫。本文对国内外IPv4和IPv6发展现状进行梳理,分析IPv6过渡的关键技术和产业链,并从中国联通的实际出发,对如何加快我国发展IPv6提出若干建议。