Geo-distributed application deployment assistance based on past routing information / Utplacering av geografiskt distribuerade applikationer baserat på tidigare routing information

Falgert, Marcus

January 2017

Cloud computing platforms allow users to deploy geographically distributed applications on servers around the world. Applications may be simple to deploy on these platforms, but it is up to the user and the application to decide which regions and servers to use for application placement. Furthermore, network conditions and routing between the geo-distributed servers change over time, which can lead to sub-optimal performance of applications deployed on such servers. A user could either employ a static deployment configuration of servers, or attempt to use a more dynamic configuration. However, both have inherent limitations. A static configuration will be sub-optimal, as it will be unable to adapt to changing network conditions. A more dynamic approach where an application could switch over or transition to a more suitable server could be beneficial, but this can be very complex in practice. Furthermore, such a solution is more about adapting to change as it happens, and not beforehand. This thesis will investigate the possibility of forecasting impending routing changes between servers, by leveraging messages generated by the Border Gateway Protocol (BGP) and past knowledge about routing changes. BGP routers can delay BGP updates due to factors such as the minimum route advertisement interval (MRAI). Thus, out proposed solution involves forwarding BGP updates downstream in the network, before BGP routers process them. As routing between servers changes, so does the latency, meaning that the latency then could be predicted to some degree. This observation could be applied to realize when the latency to a server increases or decreases past another server. This in turn facilitates the decision process of selecting the most optimal servers in terms of latency for application deployment. The solution presented in this thesis can successfully predict routing changes between end-points in an enclosed environment, and inform users ahead of time that the latency is about to change. The time gained by such predictions depend on factors such as the number of ASs between the end-points, the MRAI, and the update processing delay imposed on BGP routers. Time gains between tens of milliseconds to over 2 minutes has been observed.

Distributed applications

Routing

Network

Networking

Border Gateway Protocol

BGP

Distribuerade applikationer

Routing

Nätverk

Border Gateway Protocol

BGP

Communication Systems

Kommunikationssystem

Predicting catastrophic BGP routing instabilities

Nguyen, Lien K.

03 1900

Approved for public release, distribution is unlimited / Inter-domain routing connects individual pieces of Internet topology, creating an integral, global data delivery infrastructure. Currently, this critical function is performed by the Border Gateway Protocol (BGP) version 4 [RFC1771]. Like all routing protocols, BGP is vulnerable to instabilities that reduce its effectiveness. Among the causes of these instabilities are those which are maliciously induced. Although there are other causes, e.g., natural events and network anomalies, this thesis will focus exclusively on maliciously induced instabilities. Most current models that attempt to predict a BGP routing instability confine their focus to either macro- or micro-level metrics, but not to both. The inherent limitations of each of these forms of metric gives rise to an excessive rate of spurious alerts, both false positives and false negatives. It is the original intent of this thesis to develop an improved BGP instability prediction model by statistically combining BGP instability metrics with user level performance metrics. The motivation for such a model is twofold. 1) To provide sufficient prior warning of impending failure to facilitate proactive protection measures. 2) To improve warning reliability beyond existing models, by demonstrably reducing both false positives and false negatives. However, our analysis of actual network trace data shows that a widely used BGP instability metric, the total number of update messages received in a time period, is not a good indicator of future user level performance. / Civilian, Department of Defense

BGP (Computer network protocol)

Computer networks

Internet

Topology

Catastrophic BGP routing instabilities

Worm attack studies

Une architecture parallèle distribuée et tolérante aux pannes pour le protocole interdomaine BGP au cœur de l’Internet

Hamzeh, Wissam

12 1900

L’augmentation du nombre d’usagers de l’Internet a entraîné une croissance exponentielle dans les tables de routage. Cette taille prévoit l’atteinte d’un million de préfixes dans les prochaines années. De même, les routeurs au cœur de l’Internet peuvent facilement atteindre plusieurs centaines de connexions BGP simultanées avec des routeurs voisins. Dans une architecture classique des routeurs, le protocole BGP s’exécute comme une entité unique au sein du routeur. Cette architecture comporte deux inconvénients majeurs : l’extensibilité (scalabilité) et la fiabilité. D’un côté, la scalabilité de BGP est mesurable en termes de nombre de connexions et aussi par la taille maximale de la table de routage que l’interface de contrôle puisse supporter. De l’autre côté, la fiabilité est un sujet critique dans les routeurs au cœur de l’Internet. Si l’instance BGP s’arrête, toutes les connexions seront perdues et le nouvel état de la table de routage sera propagé tout au long de l’Internet dans un délai de convergence non trivial. Malgré la haute fiabilité des routeurs au cœur de l’Internet, leur résilience aux pannes est augmentée considérablement et celle-ci est implantée dans la majorité des cas via une redondance passive qui peut limiter la scalabilité du routeur. Dans cette thèse, on traite les deux inconvénients en proposant une nouvelle approche distribuée de BGP pour augmenter sa scalabilité ainsi que sa fiabilité sans changer la sémantique du protocole. L’architecture distribuée de BGP proposée dans la première contribution est faite pour satisfaire les deux contraintes : scalabilité et fiabilité. Ceci est accompli en exploitant adéquatement le parallélisme et la distribution des modules de BGP sur plusieurs cartes de contrôle. Dans cette contribution, les fonctionnalités de BGP sont divisées selon le paradigme « maître-esclave » et le RIB (Routing Information Base) est dupliqué sur plusieurs cartes de contrôle. Dans la deuxième contribution, on traite la tolérance aux pannes dans l’architecture élaborée dans la première contribution en proposant un mécanisme qui augmente la fiabilité. De plus, nous prouvons analytiquement dans cette contribution qu’en adoptant une telle architecture distribuée, la disponibilité de BGP sera augmentée considérablement versus une architecture monolithique. Dans la troisième contribution, on propose une méthode de partitionnement de la table de routage que nous avons appelé DRTP pour diviser la table de BGP sur plusieurs cartes de contrôle. Cette contribution vise à augmenter la scalabilité de la table de routage et la parallélisation de l’algorithme de recherche (Best Match Prefix) en partitionnant la table de routage sur plusieurs nœuds physiquement distribués. / The increasing number of end users has led to an exponential growth in the Internet routing table. The routing table is expected to reach a size of one million prefixes within the coming few years. Besides, current core routers may easily attain hundreds of connected BGP peers simultaneously. In classical monolithic architecture, the BGP protocol runs as a single entity inside the router. This architecture suffers from two drawbacks: scalability and reliability. BGP scalability can be measured in terms of the number of connected peers that can be handled and the size of the routing table. On the other hand, the reliability is a critical issue in core routers. If the BGP instance inside the router fails, all peers’ connections will shutdown and the new reachability state will be propagated across the Internet in a non trivial convergence delay. Although, in current core routers, the resiliency is increased considerably, it’s mainly implemented via a primary-backup redundancy scheme which limits the BGP scalability. In this thesis we address the two mentioned BGP drawbacks by proposing a novel distributed approach to increase both scalability and reliability of BGP without changing the semantic of the protocol. The BGP distributed architecture in the first paper is built to satisfy both requirements: scalability and reliability by adequately exploiting parallelism and module separation. In our model, BGP functionalities are split in a master-slave manner and the RIB (Routing Information Base) is replicated to multiple controller cards, to form a cluster of parallel computing entities. In the second paper, we address the fault tolerance of BGP within the distributed architecture presented in the first paper. We prove analytically that, by adopting the distributed architecture of BGP the availability of BGP will be increased considerably versus a monolithic architecture. In the third paper we propose a distributed parallel scheme called DRTP to partition the BGP routing table on multiple controller cards. DRTP aims at increasing the BGP scalability and the parallelization of the Best Match Prefix algorithm.

Routeurs

Routers

BGP

BGP

Parallélisme

Parallelism

Systèmes distribués

Distributed systems

Fiabilité

Reliability

Tolérance aux pannes

Fault Tolerance

Mitigation of inter-domain Policy Violations at Internet eXchange Points

Raheem, Muhammad

January 2019

Economic incentives and the need to efficiently deliver Internet have led to the growth of Internet eXchange Points (IXPs), i.e., the interconnection networks through which a multitude of possibly competing network entities connect to each other with the goal of exchanging traffic. At IXPs, the exchange of traffic between two or more member networks is dictated by the Border gateway Protocol (BGP), i.e., the inter-domain routing protocol used by network operators to exchange reachability information about IP prefix destinations. There is a common “honest-closed-world” assumption at IXPs that two IXP members exchange data traffic only if they have exchanged the corresponding reachability information via BGP. This state of affairs severely hinders security as any IXP member can send traffic to another member without having received a route from that member. Filtering traffic according to BGP routes would solve the problem. However, IXP members can install filters but the number of filtering rules required at a large IXP can easily exceed the capacity of the network devices. In addition, an IXP cannot filter this type of traffic as the exchanged BGP routes between two members are not visible to the IXP itself. In this thesis, we evaluated the design space between reactive and proactive approaches for guaranteeing consistency between the BGP control-plane and the data-plane. In a reactive approach, an IXP member operator monitors, collects, and analyzes the incoming traffic to detect if any illegitimate traffic exists whereas, in a proactive approach, an operator configures its network devices to filter any illegitimate traffic without the need to perform any monitoring. We focused on proactive approaches because of the increased security of the IXP network and its inherent simplified network management. We designed and implemented a solution to this problem by leveraging the emerging Software Defined Networking (SDN) paradigm, which enables the programmability of the forwarding tables by separating the control- and data-planes. Our approach only installs rules in the data-plane that allow legitimate traffic to be forwarded, dropping anything else. As hardware switches have high performance but low memory space, we decided to make also use of software switches.  A “heavy-hitter” module detects the forwarding rules carrying most of the traffic and installs them into the hardware switch. The remaining forwarding rules are installed into the software switches. We evaluated the prototype in an emulated testbed using the Mininet virtual network environment. We analyzed the security of our system with the help of static verification tests, which confirmed compliance with security policies. The results reveal that with even just 10% of the rules installed in the hardware switch, the hardware switch directly filterss 95% of the traffic volume with non-uniform Internet-like traffic distribution workloads. We also evaluated the latency and throughput overheads of the system, though the results are limited by the accuracy of the emulated environment. The scalability experiments show that, with 10K forwarding rules, the system takes around 40 seconds to install and update the data plane. This is due to inherent slowness of the emulated environment and limitations of the POX controller, which is coded in Python. / Ekonomiska incitament och behovet av att effektivt leverera Internet har lett till tillväxten av Internet eXchange Points (IXP), dvs de sammankopplingsnät genom vilka en mängd möjligen konkurrerande nätverksenheter förbinder varandra med målet att utbyta trafik. Vid IXPs dikteras utbytet av trafik mellan två eller flera medlemsnät av gränsgatewayprotokollet (BGP), dvs det inter-domänroutingprotokollet som används av nätoperatörer för att utbyta tillgänglighetsinformation om IP-prefixdestinationer. Det finns ett gemensamt antagande om "honest-closed-world" vid IXP, att två IXP-medlemmar endast utbyter datatrafik om de har bytt ut motsvarande tillgänglighetsinformation via BGP. Detta tillstånd försvårar allvarligt säkerheten eftersom varje IXP-medlem kan skicka trafik till en annan medlem utan att ha mottagit en rutt från den medlemmen. Filtrering av trafik enligt BGP-vägar skulle lösa problemet. IXPmedlemmar kan dock installera filter men antalet filtreringsregler som krävs vid en stor IXP kan enkelt överskrida nätverksenheternas kapacitet. Dessutom kan en IXP inte filtrera denna typ av trafik eftersom de utbytta BGP-vägarna mellan två medlemmar inte är synliga för IXP-enheten själv. I denna avhandling utvärderade vi utrymmet mellan reaktiva och proaktiva metoder för att garantera överensstämmelse mellan BGP-kontrollplanet och dataplanet. I ett reaktivt tillvägagångssätt övervakar, samlar och analyserar en inkommande trafik en IXP-medlem för att upptäcka om någon obehörig trafik finns, medan en operatör konfigurerar sina nätverksenheter för att filtrera någon obehörig trafik utan att behöva övervaka. Vi fokuserade på proaktiva tillvägagångssätt på grund av den ökade säkerheten för IXP-nätverket och dess inneboende förenklad nätverkshantering. Vi konstruerade och genomförde en lösning på detta problem genom att utnyttja det nya SDN-paradigmet (Software Defined Networking), vilket möjliggör programmerbarheten hos vidarebefordringsborden genom att separera kontroll- och dataplanerna. Vårt tillvägagångssätt installerar bara regler i dataplanet som tillåter legitim trafik att vidarebefordras, släppa allt annat. Eftersom hårdvaruomkopplare har hög prestanda men lågt minne, bestämde vi oss för att även använda programvaruomkopplare. En "heavy-hitter" -modul detekterar vidarebefordringsreglerna som transporterar större delen av trafiken och installerar dem i hårdvaruomkopplaren. De återstående spolningsreglerna installeras i programvaruomkopplarna. Vi utvärderade prototypen i en emulerad testbädd med hjälp av virtuella nätverksmiljö Mininet. Vi analyserade säkerheten för vårt system med hjälp av statiska verifieringsprov, vilket bekräftade överensstämmelse med säkerhetspolicyerna. Resultaten visar att med bara 10% av de regler som installerats i hårdvaruomkopplaren filtrerar hårdvaruomkopplaren direkt 95% av trafikvolymen med ojämn Internetliknande trafikfördelningsarbete. Vi utvärderade också latens- och genomströmningsomkostnaderna för systemet, även om resultaten begränsas av noggrannheten hos den emulerade miljön. Skalbarhetsexperimenten visar att med 10K-vidarebefordringsregler tar systemet cirka 40 sekunder för att installera och uppdatera dataplanet. Detta beror på inneboende långsamma emulerade miljöer och begränsningar av POX-kontrollern, som kodas i Python.

IXP

Computer Networks

Distributed Systems

SDN

OpenFlow

BGP

Open vSwitch

Security

Firewall

Monitoring

IXP

Datornätverk

Distribuerade System

SDN

OpenFlow

BGP

Open vSwitch

Säkerhet

Brandvägg

Övervakning

Communication Systems

Kommunikationssystem

Une architecture parallèle distribuée et tolérante aux pannes pour le protocole interdomaine BGP au cœur de l’Internet

Hamzeh, Wissam

12 1900

L’augmentation du nombre d’usagers de l’Internet a entraîné une croissance exponentielle dans les tables de routage. Cette taille prévoit l’atteinte d’un million de préfixes dans les prochaines années. De même, les routeurs au cœur de l’Internet peuvent facilement atteindre plusieurs centaines de connexions BGP simultanées avec des routeurs voisins. Dans une architecture classique des routeurs, le protocole BGP s’exécute comme une entité unique au sein du routeur. Cette architecture comporte deux inconvénients majeurs : l’extensibilité (scalabilité) et la fiabilité. D’un côté, la scalabilité de BGP est mesurable en termes de nombre de connexions et aussi par la taille maximale de la table de routage que l’interface de contrôle puisse supporter. De l’autre côté, la fiabilité est un sujet critique dans les routeurs au cœur de l’Internet. Si l’instance BGP s’arrête, toutes les connexions seront perdues et le nouvel état de la table de routage sera propagé tout au long de l’Internet dans un délai de convergence non trivial. Malgré la haute fiabilité des routeurs au cœur de l’Internet, leur résilience aux pannes est augmentée considérablement et celle-ci est implantée dans la majorité des cas via une redondance passive qui peut limiter la scalabilité du routeur. Dans cette thèse, on traite les deux inconvénients en proposant une nouvelle approche distribuée de BGP pour augmenter sa scalabilité ainsi que sa fiabilité sans changer la sémantique du protocole. L’architecture distribuée de BGP proposée dans la première contribution est faite pour satisfaire les deux contraintes : scalabilité et fiabilité. Ceci est accompli en exploitant adéquatement le parallélisme et la distribution des modules de BGP sur plusieurs cartes de contrôle. Dans cette contribution, les fonctionnalités de BGP sont divisées selon le paradigme « maître-esclave » et le RIB (Routing Information Base) est dupliqué sur plusieurs cartes de contrôle. Dans la deuxième contribution, on traite la tolérance aux pannes dans l’architecture élaborée dans la première contribution en proposant un mécanisme qui augmente la fiabilité. De plus, nous prouvons analytiquement dans cette contribution qu’en adoptant une telle architecture distribuée, la disponibilité de BGP sera augmentée considérablement versus une architecture monolithique. Dans la troisième contribution, on propose une méthode de partitionnement de la table de routage que nous avons appelé DRTP pour diviser la table de BGP sur plusieurs cartes de contrôle. Cette contribution vise à augmenter la scalabilité de la table de routage et la parallélisation de l’algorithme de recherche (Best Match Prefix) en partitionnant la table de routage sur plusieurs nœuds physiquement distribués. / The increasing number of end users has led to an exponential growth in the Internet routing table. The routing table is expected to reach a size of one million prefixes within the coming few years. Besides, current core routers may easily attain hundreds of connected BGP peers simultaneously. In classical monolithic architecture, the BGP protocol runs as a single entity inside the router. This architecture suffers from two drawbacks: scalability and reliability. BGP scalability can be measured in terms of the number of connected peers that can be handled and the size of the routing table. On the other hand, the reliability is a critical issue in core routers. If the BGP instance inside the router fails, all peers’ connections will shutdown and the new reachability state will be propagated across the Internet in a non trivial convergence delay. Although, in current core routers, the resiliency is increased considerably, it’s mainly implemented via a primary-backup redundancy scheme which limits the BGP scalability. In this thesis we address the two mentioned BGP drawbacks by proposing a novel distributed approach to increase both scalability and reliability of BGP without changing the semantic of the protocol. The BGP distributed architecture in the first paper is built to satisfy both requirements: scalability and reliability by adequately exploiting parallelism and module separation. In our model, BGP functionalities are split in a master-slave manner and the RIB (Routing Information Base) is replicated to multiple controller cards, to form a cluster of parallel computing entities. In the second paper, we address the fault tolerance of BGP within the distributed architecture presented in the first paper. We prove analytically that, by adopting the distributed architecture of BGP the availability of BGP will be increased considerably versus a monolithic architecture. In the third paper we propose a distributed parallel scheme called DRTP to partition the BGP routing table on multiple controller cards. DRTP aims at increasing the BGP scalability and the parallelization of the Best Match Prefix algorithm.

Routeurs

Routers

BGP

BGP

Parallélisme

Parallelism

Systèmes distribués

Distributed systems

Fiabilité

Reliability

Tolérance aux pannes

Fault Tolerance

Migración e implementación hacia una red MPLS-VPN aplicado a una entidad empresarial en la ciudad de Lima

Castillo Meza, Joel Omar

January 2015

En la presente tesina se realiza una descripción de la tecnología de Conmutación Multi-Protocolo mediante etiquetas usando una red privada virtual para la comunicación de una entidad empresarial. Se realizó una descripción de la tecnología MPLS con VPN mostrando sus cualidades, ventajas y desventajas, se promueve la esta tecnología a la red de comunicación de datos de la empresa tenga un performance y confidencialidad en los datos transmitidos, diseñando un esquema así como la infraestructura que podría ser usada en esta implementación, con características modulares las cuales permitirá a la empresa ir creciendo a la medida de que su tráfico o demanda de transporte vaya aumentando al igual que la integración de las demás extensiones se amerita el caso; para el diseño nos ayudaremos del programa de simulación “GNS3” el mismo que se hará un bosquejo de la configuración y modelo para la transmisión de sucursal a matriz y viceversa. This thesis is a description of MPLS VPN using a communication from the business entity. Was a description of MPLS VPN showing his qualities, advantages and disadvantages, promotes the introduction of this technology to the data communication network of the company to have a performance traffic and confidentiality of the data transmitted, designing scheme as well as the infrastructure that could be used in this implementation, modular features which allow the company to grow to the extent that their traffic and transport demand will increase as the integration of other extensions are merited case, to help us design simulation program "GNS3" the same to be made a sketch of the model configuration and transmission branch to parent and vice versa.

Red Privada Virtual (VPN)

Protocolo Puerta de Frontera BGP

Multiprotocol Label Switching (MPLS)

Virtual Private Network (VPN)

Border Gateway Protocol (BGP)

Étude de réseaux complexes et de leurs propriétés pour l’optimisation de modèles de routage / Study of complex networks properties for the optimization of routing models

Lancin, Aurélien

09 December 2014

Cette thèse s’intéresse aux problématiques de routage dans les réseaux, notamment dans le graphe des systèmes autonomes (AS) d’Internet. Nous cherchons d’une part à mieux comprendre les propriétés du graphe de l’Internet qui sont utiles dans la conception de nouveaux paradigmes de routage. D’autre part, nous cherchons à évaluer par simulation les performances de ces paradigmes. La première partie de mes travaux porte sur l’étude d’une propriété́ métrique, l’hyperbolicité́ selon Gromov, utilisée dans la conception de nouveaux paradigmes de routage. Je présente dans un premier temps une nouvelle approche pour le calcul de l’hyperbolicité́ d’un graphe utilisant une décomposition du graphe par les cliques-séparatrices et la notion de paires éloignées. Je propose ensuite un nouvel algorithme pour le calcul de l’hyperbolicité́ qui, combiné avec la méthode de décomposition par les cliques-séparatrices, permet son calcul sur des graphes composés de 58 000 sommets en quelques heures. La deuxième partie de mes travaux porte sur le développement de DRMSim, une nouvelle plate-forme de simulation de modèles de routage dynamiques. Celle-ci permet l’évaluation des performances des schémas de routage et leur comparaison au protocole de référence, le protocole de routeur frontière, BGP. DRMSim a permis l’étude par simulation de différents schémas de routage compact sur des topologies à O(10k) nœuds. Je détaille l’architecture de DRMSim et quelques exemples d’utilisation. Puis, je présente une étude réalisée en vue de développer une version parallèle et distribuée de DRMSim dans le cadre de la simulation de BGP / This thesis considers routing issues in networks, and particularly the graph of the autonomous systems (AS) of the Internet. Firstly, we aim at better understanding the properties of the Internet that are useful in the design of new routing paradigms. Secondly, we want to evaluate by simulation the performance of these paradigms. The first part of my work concerns the study of the Gromov hyperbolicity, a useful metric property for the design of new routing paradigms. I show how to use a decomposition of the graph by clique-separators as a pre-processing method for the computation of the hyperbolicity. Then, I propose a new algorithm to compute this property. Altogether, these methods allows us for computing the hyperbolicity of graphs up to 58 000 nodes. The second part of my work concerns the development of DRMSim, a new Dynamic Routing Model Simulator. It facilitates the evaluation of the performances of various routing schemes and their comparison to the standard routing scheme of the Internet, the border router protocol BGP. Using DRMSim, we performed simulations of several compact routing schemes on topologies up to O(10k) nodes. I describe its architecture and detail some examples. Then, I present a feasibility study for the design of a parallel/distributed version of DRMSim in order to simulate BGP on larger topologies.

Internet

Algorithme

Graphe

Hyperbolicité

Décomposition de graphe

Routage

BGP

Simulation

Simulation parallèle distribuée

Internet

Algorithm

Graph

Hyperbolicity

Graph decomposition

Routing

BGP

Simulation

Parallel distributed simulation

Virtual Routing and Forwarding (VRF) - och dess påverkan på en routers processor

Ohlson, Johan

January 2010

<p>I dagsläget används VPN allt mer bland företagen för att ansluta till olika nätverk. Detta kan medföra att routingtabellen blir alltför stor och det kan i sin tur påverka processorbelastningen på routern som delar ut alla VPN.Detta arbete hade som syfte att granska om det är några märkbara prestandaskillnader på en routers processor när olika routingprotokoll används tillsammans med VRF. Protokollen som detta arbete tog upp var BGP, OSPF och RIP.Tre olika nätverks-scenarier skapades där olika tester genomfördes för de tre nämnda routingprotokollen. Det gjordes även tester på routrar när ingen VRF användes för att jämföra resultaten. Testerna bestod av att granska processorbelastningen på routrar när det fanns många rutter i nätverket och när nätverket var belastat med trafik.Testernas visade att skillnaden mellan BGP och OSPF inte är särskilt stor, men när RIP användes så steg processorbelastningen markant när nätverket hade många rutter. Om däremot VRF användes tillsammans med RIP så sjönk belastningen avsevärt på vissa routrar.</p>

Computer science

Datavetenskap

LAN-refresh och WAN-migrering / LAN-refresh and WAN-migrering

Thor, Kim, Allared, Sofie

January 2010

<p>This work has been carried out at a company in the region which has about 30000 employeeswith about 400 sites all over the world. The company outsources their network including theLAN refresh and the WAN migration. They needed help with an upgrade of their LAN at theirScandinavian headquarters and to find a new solution for their WAN. The reason why the upgradeof the LAN was needed was that the equipment was too old and did not pass the securityrequirements. They also required a solution to segment their LAN, which consisted of a singlelarge VLAN with 1,300 employees. their WAN solution was made up of tunnels between all officesand the headquarter were used as the central point. They wanted to get away from beingdependent on a central point while redundancy was not always working as it should.The solution to the WAN problem was to use the ISPs backbone based on MPLS. There are two mainsolutions, layer 2 (Ethernet) VPN or layer 3 (IP) VPN. In the case of IP VPN, there are a couple of differentconnectivity options such as a static route, or use a routing protocol (eg OSPF or BGP). The final solutionwas IP VPN with OSPF as routing protocol to the ISP. With regard to the configuration of the OSPF solutionwas that every office became an own OSPF domain, configured with area 0. The report also includesthe implementation of the WAN migration with its problems.The upgrade of the LAN was a lot of planning, documentation and security. The solution for the segmentationwas to create a VLAN per floor. Because of the new software they can have the required securityfeatures.</p>

WAN

MPLS VPN

VPLS

BGP

OSPF Superbackbone

LAN refresh

Computer science

Datalogi

Interdomain Traffic Engineering for Multi-homed Networks

Gao, Ruomei

24 August 2007

Interdomain traffic engineering (TE) controls the flow of traffic between autonomous systems (ASes) to achieve performance goals under various resource constraints. Interdomain TE can be categorized into ingress TE and egress TE, which aim to control the ingress and egress traffic flow in a network, respectively. Most interdomain TE techniques are based on BGP, which was not designed to support performance based routing. Hence even though some basic interdomain TE techniques are widely deployed, their overall effectiveness and impact on interdomain traffic are not well understood. Furthermore, systematic practices for deploying these techniques have yet to be developed. In this thesis, we explore these open issues for both ingress and egress TE. We first focus on the AS-Path prepending technique in interdomain ingress TE. We design a polynomial algorithm that takes network settings as input and produces the optimal prepending at each ingress link. We also develop methods to measure the inputs of the optimal algorithm by leveraging widely available looking glass severs and evaluate the errors of such measurement. We further propose an algorithm, based on this optimal algorithm, that is robust to input errors. We then focus on Intelligent Routing Control (IRC) systems often used at multihomed networks for egress interdomain TE. To address the possible traffic oscillation problem caused by multiple IRC systems, we design a class of randomized IRC algorithms. Through simulations, we show that the proposed algorithms can effectively mitigate oscillations. We also show that IRC systems using randomized path switching algorithms perform better than those switching path deterministically, when both types of IRC systems co-exist. To further understand the performance impact of IRC systems, we next focus on the performance of applications, such as TCP connections. We study the synergistic and antagonistic interactions between IRC and TCP connections, through a simple dual-feedback model. We first examine the impact of sudden RTT and available bandwidth changes in TCP connection. We then examine the effect of IRC measurement delays on closed loop traffic. We also show the conditions under which IRC is beneficial under various path impairment models.

TCP/IP

BGP

Traffic engineering

Performance-based routing

Interdomain routing

Stability

Telecommunication Traffic

Algorithms