Správa sítí s Mobile IP pomocí SNMP / Managing Mobile IP enabled networks with SNMP protocol

Závodný, Ondřej

January 2011

The content of this thesis is to research possibilities of using SNMP for management of Mobile IP activated entities. The first two chapters deal with theoretical analysis of Mobile IP protocol, and Simple Network Management Protocol. The Mobile IP protocol analysis focuses especially on the elements Home agent and Foreign agent. In the SNMP chapter the analysis focuses mainly on ways to exchange messages. Another part of the document is devoted to a description of laboratory networks com- posed of routers Cisco 1841 and the configuration of them. Finally is described the programmed application to manager these devices in JAVA, which is included in Annex. The program periodically sends SNMP queries and finds relationships between the Home agent and the mobile nodes, and between the foreign agent and the mobile nodes. The application has a user-friendly interface that is shown on the attached flash animation. Finally, the thesis summarizes the concepts described in previous chapters and the goals to achieve.

Vyhledávání nejdelšího shodného prefixu ve vysokorychlostních sítích / Longest Prefix Match in High-Speed Networks

Skačan, Martin

January 2013

This thesis deals with the Longest Prefix Matching (LPM), which is a time-critical operation in packet forwarding. To achieve 100Gbps throughput, this operation has to be implemented in hardware and a forwarding table has to fit into the on-chip memory, which is limited by its small size. Current LPM algorithms need large memory to store IPv6 forwarding tables or cannot be simply implemented in HW. Therefore we performed an analysis of available IPv6 forwarding tables and several LPM algorithms. Based on this analysis, we propose a new algorithm which is able to provide very low memory demands for IPv4/IPv6 lookups. To the best of our knowledge, the proposed algorithm has the lowest memory requirements in comparison to existing LPM algorithms. Moreover, the proposed algorithm is suitable for IP lookup in 100Gbps networks, which is shown on new pipelined hardware architecture with 140Gbps throughput.

Interaktivní webové rozhraní pro zobrazení ip flow dat / Interactive Web Interface for IP Flow Data

Salač, Radek

January 2012

This thesis describes development of application for analyzing IP flow data.    The author conducts relative comparison of already existing protocols and tools and studies theirs pro's and con's.    Based on this comparison and features requested by users,    author develops his own application primarly focused on interactive and user-friendly interface for working with IP flow data.

The Design and Application of a Simplified Guaranteed Service for the Internet

Ossipov, Evgueni

January 2003

Much effort today in the Internet research community isaimed at providing network services for applications that werenot under consideration when the Internet was originallydesigned. Nowadays the network has to support real-timecommunication services that allow clients to transportinformation with expectations on network performance in termsof loss rate, maximum end-to-end delay, and maximum delayjitter. Today there exist two quality of service (QoS)architecture for the Internet: The integrated services, whichis usually referred to as intserv, and the differentiatedservices referred to as diffserv. Although the intserv clearlydefines the quality levels for each of its three serviceclasses, the limited scalability of this QoS architecture is acontinuous topic for discussion among the researchers. Theanalysis of the tradeoffs of the two QoS architecturesmotivated us to design a new QoS architecture which will takethe strength of the existing approaches and will combine themin a simpler, efficient and more scalable manner. In this LicentiateThesis we introduce a guaranteed servicefor the Internet, which definition is similar to the one inintserv: The guaranteed service (GS) is a network servicerecommended for applications with firm requirements on qualityof end-to-end communication. The service should provide zeropacket loss in routers and tightly bound the end-to-end delay.The capacity for a GS connection should be explicitly reservedin every router along a path of a connection. However, incontrary to intserv the necessary quality level will beprovided without per-flow scheduling in the core routers, whichis the major drawback of the intserv architecture. We use thediffserv principle of dealing with aggregates in the corenetwork since this approach is proven to be scalable andefficient. The thesis considers two major building blocks of the newarchitecture: The packet scheduling and the signaling protocol.We have developed a special scheduling algorithm. Our formaland experimental analysis of its delay properties shows thatthe maximum end-to-end delay is acceptable for real-timecommunication. Moreover, our scheme provides a fair service tothe traffic of other service classes. In order to achieve thedesired QoS level, a sufficient amount of capacity should bereserved for the GS connections in all intermediate routersend-to-end. We have developed a both simple and robustsignaling protocol. The realization of our protocol shows thatrouters are able to process up to 700,000 signaling messagesper second without overloading the processor. / NR 20140805

IP QoS

guaranteed service

scheduling

signaling protocol

Towards Trojan Detection from a Raw Bitstream

Simpson, Corey Ryan

23 March 2022

Many avenues exist to insert malicious circuitry into an FPGA designs, including compromised CAD tools, overwriting bitstream files, and post-deployment attacks. The proprietary nature of the Xilinx bitstreams precludes the ability to validate an implemented design. This thesis introduces the BitRec and IPRec projects in an effort to support trojan detection tools. BitRec provides a novel approach to mapping of the Xilinx bitstream format into FPGA features in order to recreate the original design's netlist. BitRec supports the 7 Series, UltraScale and UltraScale+ architectures. IPRec then provides a novel approach to recognizing parameterizable IP within a flattened netlist in an effort to eliminate large sections of trusted circuitry from needing to be analyzed by a trojan detection tool.

FPGA

bitstream

Xilinx

trojan

IP

Engineering

TCP Reaction to Rapid Changes of the Link Characteristics due to Handover in a Mobile Environment

Ronquist, Mattias

January 1999

The Transmission Control Protocol (TCP), used in the Internet, was not developed for a mobile, wireless environment. One reason why TCP might encounter problems in such an environment is rapid changes of the link characteristics. These rapid changes can occur due to handover between two subnetworks (macro handover), e.g., when a mobile node switches between different access networks. A possible and realistic handover scenario could be when a mobile node is roaming between a high bandwidth local area network (LAN) with limited coverage and a low bandwidth radio link with wide area coverage. The goals of this thesis were to set up a realistic environment for measurements of the handover performance of TCP, and to observe TCP behavior when the link characteristics suddenly change. Further objectives were to analyze the results and propose solutions for improving the performance. The mobility management in the measurement setup is handled by Mobile IP. Handovers are performed between a wireless LAN (WaveLAN) and a PPP link over a GSM circuit switched data connection. Our investigation shows that several spurious TCP timeouts occur after handover from the fast link to the slow link, triggering unnecessary retransmissions and hence resulting in TCP performance degradation. To avoid unnecessary retransmissions, we suggest a resetting of the retransmission timeout value (RTO) at the moment of handover. In the case of handover from the low bandwidth link (PPP) to the high bandwidth link (WaveLAN), our measurements show that queued packets in the link layer buffer continue to flow over the PPP link even after the handover. The high bandwidth available after the switch is thus poorly utilized before the buffer of the low bandwidth link has been emptied. The IP sending process should delay putting packets in the queue of a slow link, thus avoiding large link layer queues and enabling utilization of the high bandwidth link faster. This could be achieved by flow control between the IP layer and the link layer. After the packets have started flowing over the WaveLAN, the RTO value is unnecessarily high, which could result in extensive delays in the case of packet losses. To alleviate the problems we recommend resetting the RTO value or modifying the algorithm for calculating the RTO value to faster adapt to sudden and significant decrease of the round-trip time (RTT) in the case of handover. In both handover scenarios mentioned above we have found that a small window size is favorable to mitigate the negative effects due to the rapid changes of the link characteristics. The use of Active Queue Management to avoid large window sizes would be an interesting approach for future investigations. Another interesting approach could be to have flow control between the IP layer and the link layer to avoid a large link layer queue when the handover from [one link to another occurs.]

TCP

mobile IP

Communication Systems

Kommunikationssystem

3rd Party IP Encryption from Netlist to Bitstream for Xilinx 7-Series FPGAs

Hutchings, Daniel

14 August 2023

IP vendors need to keep the internal designs of their IP secret from the IP user for security or commercial reasons. The CAD tools provided by FPGA vendors have some built-in functionality to encrypt the IP. However, the IP is consequently decrypted by the CAD tools in order to run the IP through the design flow. An IP user can use APIs provided by the CAD tools to recreate the IP in an unencrypted state. An IP user could also easily learn the internals of a protected IP with the advent of new open-source bitstream to netlist tools. The user can simply generate a bitstream that includes the protected IP and then use the tools to create a netlist of the third party IP, exposing the internals of IP. Any solution to keep IP protected must keep the IP encrypted through the CAD tools and bitstream generation all the way to FPGA configuration. This thesis presents a design methodology, along with a proof-of-concept tool, that demonstrates how IP can remain partially encrypted through the CAD flow and into the bitstream. It shows how this approach can support multiple encryption keys from different vendors, and can be deployed using existing CAD tools and FPGA families. Results are presented that document the benefits and costs of using such an approach to provide much greater protection for 3rd party IP.

FPGA

security

IP

encryption

bitstream

CAD

Engineering

Mobility management incorporating fuzzy logic for a heterogeneous IP environment

Chan, Pauline M.L., Sheriff, Ray E., Hu, Yim Fun, Conforto, P., Tocci, C.

January 2001

The next generation in mobility management will enable different mobile networks to interoperate with each other to ensure terminal and personal mobility and global portability of network services. However, in order to ensure global mobility, the deployment and integration of both satellite and terrestrial components are necessary. This article is focused on issues reltaed to mobility management in a future mobile communications system, in a scenario where a multisegment access network is integrated into an IP core network by exploiting the principles of Mobile IP. In particular, attention is given to the requirements for location, address, and handover management. In a heterogeneous environment, the need to perform handover between access networks imposes particular constraints on the type of information available to the terminal and network. In this case, consideration will need to be given to parameters other than radio characteristics, such as achievable quality of service and user preference. this article proposes a new approach to handover management by applying the fuzzy logic concept to a heterogeneous environment. The article concludes with the presentation of mobility management signaling protocols.

Mobility Management

Fuzzy Logic

IP Environment

Postabsorptive Glucose Decreases the Excitatory Effects of Taste on Ingestion

Bedard, Michel

12 1900

To test the hypothesis that postprandial rises of plasma glucose attenuate the motivation derived from positive tastes, I analyzed the effects of intraperitoneal (ip) injections of glucose on sham feeding, a preparation in which food intake is motivated primarily by taste sensations. IP glucose suppressed sham feeding, with maximal suppressions approximating 42%, but only when glucose was administered contiguous with oropharyngeal stimulation. The food intake inhibition produced by ip glucose interacted with palatability; smaller doses of glucose were required to suppress less concentrated sucrose solutions. Closing the gastric cannula increased the potency with which ip glucose inhibited eating suggesting synergy of postabsorptive glucose with other postgastric satiety signals. The inhibition of eating produced by ip glucose did not result from malaise. Thus, postabsorptive rises of plasma glucose decrease the ability of taste cues to drive ingestion and suggest that this phenomenon may contribute to spontaneous meal termination. / Thesis / Master of Science (MSc)

A Framework for Providing Redundancy and Robustness in Key Management for IPsec Security Associations in a Mobile Ad-Hoc Environment

Hadjichristofi, George Costa

23 September 2005

This research investigated key management in a Mobile Ad Hoc Network (MANET) environment. At the time this research began key management schemes provided limited functionality and low service availability in a highly partitioned ad hoc environment. The purpose of this research was to develop a framework that provides redundancy and robustness for Security Association (SA) establishment between pairs of nodes. The key contribution of this research is the Key Management System (KMS) framework and, more specifically, the unique way the various components are integrated to provide the various functionalities. The KMS overcomes the limitations of previous systems by (1) minimizing pre-configuration, (2) increasing service availability, (3) and increasing flexibility for new nodes joining the network. A behavior grading scheme provides the network with a system-wide view of the trustworthiness of nodes and enables the KMS to dynamically adjust its configuration according to its environment. The introduction of behavior grading allows nodes to be less dependent on strict identity verification. This KMS was simulated with Monte Carlo and NS2 simulations and was shown to interoperate with IP Security (IPsec) to enable the establishment of IPsec SAs. The simulations have proven the effectiveness of the system in providing service to the nodes in a highly partitioned environment. / Ph. D.

MANET

Key Management

IP Security

Performance