Global ETD Search

21	Modelování a simulace BGP / Modeling and Simulation of BGP Novák, Adrián January 2019 (has links) This Master's thesis deals with modeling and simulation of BGP protocol within the OMNeT++ environment. The BGP protocol is described with employed data structures and the finite state machine of BGP peering. Next, the basic configuration is outlined involving the setup of the BGP protocol on Cisco devices. Further, BGP for OMNeT++ state-of-the-art is investigated together with its lack of functionality and issues. The second part of this thesis deals with design, implementation, and testing of the new functionality of BGP protocol and simulation models. The last section describes the overall achieved results.
22	Understanding the Capabilities of Route Collectors to Observe Stealthy Hijacks : Does adding more monitors or reporting more paths help? / Förståelse av ruttsamlares förmåga att observera smygkapningar : Hjälper det att lägga till fler övervakningsenheter eller rapportera fler rutter? Milolidakis, Alexandros January 2022 (has links) Routing hijacks have plagued the Internet for decades. These attacks corrupt the routing table entries that networks use to forward traffic, causing affected network devices to route private and possibly sensitive Internet traffic towards the hijacker. Despite many failed attempts to thwart hijackers, recent Internet-wide routing monitoring infrastructures give us hope that future systems can quickly and ultimately mitigate hijacks. Such monitoring infrastructures consist of multiple globally distributed monitoring entities, called Route Collectors. To enable the whole community to monitor the validity and stability of the exchanged routing information, network volunteers disclose their routes to public route collectors. However, hijackers can also exploit this information to avoid being reported to route collectors. This thesis evaluates the effectiveness of monitoring infrastructures against two kinds of hijack scenarios: (i) an omniscient attacker with complete knowledge of both the Internet topology and the routing preferences of networks, and (ii) a realistic attacker which lacks such knowledge but gathers routing information from what networks themselves disclose to the public route collectors. Prior simulations showed that hijacks that affect more than 2% of the Internet are always visible to the public route collector infrastructure. However, our simulations show that omniscient and realistic hijackers that react to the deployment of public collectors could stealthily hijack up to 11.7× more (i.e., 23.5%) and 8.1× (i.e., 16.2%) more of the Internet (respectively) without being observed by the existing public route collector infrastructure. Having evaluated the effectiveness of the existing public route collector infrastructure with current Internet datasets, we evaluated the effectiveness in realistic future scenarios of (i) more interconnected (flatter) Internet topologies as well as (ii) topologies where more network volunteers disclose their routes to the public collectors. Unfortunately, both types of hijackers are more effective in flatter Internet topologies. Omniscient hijackers could stealthily hijack up to 24.5× (i.e., 49.0%) more of the Internet while realistic hijackers up to 22.7× (i.e., 45.5%) more without being observed by route collectors. In topologies with up to 4× more volunteers disclosing their routes to the public route collectors, hijackers could react to these new monitors by modifying their attacks to stealthily hijack up to 4× (i.e., 8.2%) and 2.9× (i.e., 5.9%) more of the Internet (respectively). Finally, we conclude with an analysis of two suggestions for improving the existing public route collector infrastructure: (i) selecting new network volunteers in more strategic locations and (ii) having volunteers disclose more routes to the route collectors. We hope that our findings in simulations will help towards the design of more reliable public route monitoring infrastructures. / Ruttkapningar har plågat internet i årtionden. Dessa attacker korrumperar poster i routingtabeller som används av nätverket för att vidarebefordra trafik, på ett sådant sätt att påverkade enheter dirigerar privat och tänkbart känslig trafik till kaparen. Trots många misslyckade försök att hindra kapare, ger på senare tid internetbred ruttövervakningsinfrastruktur oss förhoppningen att framtida system snabbt och slutgiltigt kan förhindra kapningar. Sådan övervakningsinfrastruktur består av flera globalt distribuerade övervakningsenheter kallade ruttinsamlare. Nätverksvolontärer uppger sina rutter till sådana publika ruttinsamlare så att hela nätverket kan övervaka validiteten och stabiliteten av den utbytta ruttinformationen. Dessvärre kan kapare utnyttja denna information för att undvika att bli rapporterade till ruttinsamlare. I denna avhandling utvärderar vi effektiviteten av sådan övervakningsinfrastruktur mot två typer av kapnings scenarier: Det första innefattar en allvetande attackerare med fullständig vetskap om både internettopologin och ruttpreferenser i nätverken. Det andra innefattar en realistisk attackerare som saknar sådan kunskap men som samlar upp den ruttinformation som nätverken själva lämnar ut till publika ruttinsamlare. Tidigare simuleringar har visat att kapningar som påverkar mer än 2% av internet alltid är synliga för den publika ruttinsamlarinfrastrukturen. Vår simulering visar däremot att allvetande och realistiska kapare som reagerar på utplaceringen av publika ruttinsamlare i smyg kan kapa upp till 11.7 gånger (d.v.s. 23.5%) respektive 8.1 gånger (d.v.s. 16.2%) mer av internet, utan att upptäckas av den existerande publika ruttinsamlarinfrastrukturen. Efter att ha utvärderat effektiviteten i den existerande publika infrastrukturen med nuvarande internet datamängder, utvärderade vi effektiviteten i realistiska framtida scenarier av för det första fler sammanlänkad (plattare) internet topologier samt för det andra topologier där fler nätverksvolontärer uppger sina rutter till publika ruttinsamlare. Dessvärre är båda typer av kapare mer effektiva i plattare internet topologier. Allvetande kapare kunde i smyg kapa upp till 24.5 gånger (d.v.s. 49.0%) mer av internet, medan realistiska kapare kunde kapa upp till 22.7 gånger (d.v.s. 45.5%) mer av internet, utan att upptäckas av ruttinsamlare. I topologier med upp till 4 gånger fler nätverksvolontärer som uppger sina rutter till publika ruttinsamlare, kunde allvetande och realistiska kapare reagerar på nya övervakare genom att modifiera sina attacker till att i smyg kapa upp till 4 gånger (d.v.s. 8.2%) respektive 2.9 gånger (d.v.s. 5.9%) mer av internet. Slutligen sammanfattar vi med en analys av två förslag till förbättring av den existerande ruttinsamlarinfrastrukturen: I det första väljes nya nätverksvolontärer på mer strategiska platser och i det andra låter vi nätverksvolontärer uppge fler rutter till ruttinsamlare. Vi hoppas att våra simuleringsresultat kan bidra till en design av en mer pålitlig publik rutt övervakningsinfrastruktur. / <p>QC 20220524</p> Border gateway protocol Stealthy hijacking BGP hijacking Route collector Computer Sciences Datavetenskap (datalogi) Communication Systems Kommunikationssystem
23	Can We Study the Topology of the Internet from the Vantage Points of Large and Small Content Providers? Drivere, Aleisa A. January 2011 (has links) No description available. Computer Science Internet Topology Border Gateway Protocol traceroute DipZoom Content Provider Autonomous System
24	Interdomain traffic engineering with MPLS Pelsser, Cristel 10 November 2006 (has links) During the last years, MultiProtocol Label Switching (MPLS) has been deployed by most large Service Providers (SP). The main driver for MPLS deployment is the ability to provide new services with stringent Service Level Agreements (SLAs) such as layer-2 and layer-3 Virtual Private Networks (VPNs) as well as Voice and Video over IP. Most of these services are already deployed inside single SP networks. However, customers now require world-wide VPN and VoIP services. Therefore, SPs need to collaborate to offer these services across multiple SP networks. Inside a single SP network, each node usually knows the complete topology of the network with the load and delay of all the links. Based on this information, each router is able to compute constrained paths toward any other router inside the SP network. Then, it can establish a connection and reserve resources along the computed path with the Resource reSerVation Protocol (RSVP-TE). However, when services with stringent requirements must cross multiple SP networks the computation of the path becomes a problem. Routers in different SP networks exchange routing information by using the Border Gateway Protocol (BGP). BGP provides reachability information. It does not distribute complete topology, delay and bandwidth information. One way to provide guaranteed services crossing different SPs is to delegate the computation of the paths to a Path Computation Element (PCE) that learns the topology of the different SPs. However, this requires that SPs reveal information that they usually consider confidential, their topology. In this thesis, we perform active measurements to show the difficulty to engineer the interdomain traffic with BGP. MPLS together with RSVP-TE provide much more control on the traffic. We define extensions to RSVP-TE for the protection of inter-AS MPLS paths. The aim is to be able to provide the same service guarantees as inside a domain while keeping the internal topology of SPs confidential, as required by SPs. We propose and evaluate distributed techniques relying on PCEs for the computation of interdomain constrained paths respecting the latter confidentiality requirement. Border Gateway Protocol AS Traffic Engineering MPLS Path Computation Element TE Multi-Protocol Label Switching PCE Vivaldi coordinates BGP Interdomain
25	BGP Extended Community Attribute for QoS Marking 09 June 2008 (has links) This document specifies a simple signalling mechanism for inter-domain QoS marking using a BGP Extended Community QoS Attribute. Class based packet forwarding for delay and loss critical services is currently performed in an individual AS internal manner. The new QoS marking attribute makes the QoS class setup within the IP prefix advertising AS known to all access and transit ASes. This enables individual (re-)marking and forwarding treatment adaptation to the original QoS class setup of the respective IP prefix. The attribute provides the means to signal QoS markings on different layers, which are linked together in QoS class sets. It provides inter-domain and cross-layer insight into the QoS class mapping of the source AS with minimal signalling traffic. info:eu-repo/classification/ddc/500 ddc:500 Border Gateway Protocol 4 Dienstgüte RFC <Normung> Attribute BGP Draft IETF
26	Cross-Domain and Cross-Layer Coarse Grained Quality of Service Support in IP-based Networks Knoll, Thomas Martin 11 November 2009 (has links) Mit der zunehmenden Popularität des Internets steigt die Anzahl der Nutzer und vor allem die Anzahl zeit- und verlustkritische Dienste – wie zum Beispiel „Voice over IP“, Videoübertragungen und netzbasierte Spiele. Das Internet ist dabei der Zusammenschluss von ca. 30.000 Betreibernetzen, die mit Hilfe des „Internet Protocol (IP)“ derzeit ohne jede Dienstgüteunterstützung den Datenverkehraustausch realisieren. Massive Überdimensionierung der Netzkapazitäten führen zu einer Netzauslastung von nur ca. 10% und entsprechend guter Übertragungsqualität. Mit steigendem Verkehrsaufkommen wird in dieser Dissertation erwartet, das die Netzbetreiber infolge des Kostendrucks nicht schritthaltend den überhöhten Netzausbau aufrechterhalten können und somit Qualitätseinbußen zu erwarten sind. Innerhalb der Betreiber wird bereits jetzt Verkehrstrennung betrieben, jedoch am Übergabepunkt verworfen und im besten Fall im Nachbarnetz durch aufwendige Analyse erneut vorgenommen. Im Rahmen dieser Arbeit wurde deshalb ein domänen- und schichtenübergreifendes Konzept zur Realisierung grob-granularer Dienstgüte in IP-Netzen entworfen, zur Standardisierung bei der „Internet Engineering Task Force (IETF)“ vorgeschlagen, implementiert und in Auszügen simuliert und getestet. Dabei werden die Verkehrsklasseninformationen mehrere Netzschichten in transitiven Nachrichtenelementen des „Border Gateway Protocol (BGP)“ signalisiert und schichtenübergreifend assoziiert. Die vorliegende Dissertation beinhaltet im wesentlichen drei Teile: 1. Eine umfassende Zusammenstellung von vorhandenen Dienstgütekonzepten einschließlich der bereits existierenden QoS-Funktionselemente in verfügbaren Netzelementen, 2. Die detaillierte Spezifikation des neuen Konzeptes und 3. den Ergebnissen der Simulations- und Implementierungsaktivitäten zum Nachweis der Funktion und Skalierbarkeit des Entwurfes. Zwei wesentliche Erkenntnisse und Forderungen sind durch die Bearbeitung des Themas erwachsen. Die Einfachheit der Konzeptstruktur und die Einfachheit der angestrebten Dienstgüteunterstützung. Die angestrebte Dienstgüte beschränkt sich deshalb auf die primitive Verkehrstrennung in mehrere Klassen, die in den Weiterleitungsknoten getrennt abgelegt und mit verschiedenem Vorrang behandelt werden. info:eu-repo/classification/ddc/000 ddc:000 Border Gateway Protocol 4 Dienstgüte CoS class of service inter-domain
27	A Neural Network Approach to Border Gateway Protocol Peer Failure Detection and Prediction White, Cory B. 01 December 2009 (has links) (PDF) The size and speed of computer networks continue to expand at a rapid pace, as do the corresponding errors, failures, and faults inherent within such extensive networks. This thesis introduces a novel approach to interface Border Gateway Protocol (BGP) computer networks with neural networks to learn the precursor connectivity patterns that emerge prior to a node failure. Details of the design and construction of a framework that utilizes neural networks to learn and monitor BGP connection states as a means of detecting and predicting BGP peer node failure are presented. Moreover, this framework is used to monitor a BGP network and a suite of tests are conducted to establish that this neural network approach as a viable strategy for predicting BGP peer node failure. For all performed experiments both of the proposed neural network architectures succeed in memorizing and utilizing the network connectivity patterns. Lastly, a discussion of this framework's generic design is presented to acknowledge how other types of networks and alternate machine learning techniques can be accommodated with relative ease. neural network artificial neural network border gateway protocol BGP machine learning networks Artificial Intelligence and Robotics Computer and Systems Architecture OS and Networks
28	BGPcredit : A Blockchain-based System for Securing BGP Yang Liu, Yu January 2022 (has links) Due to the absence of appropriate security mechanisms, even the latest version of Board Gateway Protocol (BGP) is still highly vulnerable to malicious routing hijacking. The original problem is that BGP allows router to accept any BGP update message without any extra validation process. Resource Public Key Infrastructure (RPKI) issues a series of digital signature certificates to provide binding relationship between the IP prefix in the route advertisement and the Autonomous System (AS) number on the propagation path to protect BGP routing. However, RPKI is a centralized architecture in which Certification Authority (CA) can launch power abuses attacks, such as unilaterally certificate revocation or publication repository tampering. In this thesis, we propose a blockchain-based BGP security infrastructure, named BGPcredit. The BGPcredit system synchronizes RPKI certificates by consensus process. It can maintain identical RPKI certificates repository across the whole system through blockchain, providing necessary security protection for BGP routing. In order to provide such features, we customize a proper consensus algorithm for BGPcredit which a reasonable credence management mechanism, credit computing function, block forger election process, Verifiable Random Function (VRF) are introduced. Also, the blockchain is customized to meet the system requirements. Moreover, BGPcredit advocates to make fully use of the trust of certification authorities to build a partially decentralized system. Some trusted nodes with higher authority are set to enhance the system’s security and robustness. Finally, I implement the BGPcredit prototype and conduct some validation experiments to test its performance. / På grund av avsaknaden av lämpliga säkerhetsmekanismer är även den senaste versionen av BGP fortfarande mycket sårbar för skadlig routerkappning. Det ursprungliga problemet är att BGP tillåter routern att acceptera alla BGP uppdateringsmeddelande utan någon extra valideringsprocess. RPKI utfärdar en serie digitala signaturcertifikat för att ge bindande relation mellan IP-adressprefixet i ruttannonsen och AS-numret på spridningsvägen för att skydda BGP-routningssäkerheten. Men RPKI är för centraliserad och CA kan starta strömmissbruk, till exempel ensidigt återkallande av certifikat och skadlig modifiering av publikationsregistret. I detta projekt föreslår vi en blockkedjebaserad BGP-säkerhetsinfrastruktur, kallad BGPcredit. Detta system synkroniserar RPKI-certifikat genom konsensusprocessen och kan upprätthålla identiska RPKI-certifikat arkiv över hela systemet genom blockchain, vilket ger nödvändigt säkerhetsskydd för BGP-routing. För att tillhandahålla sådana funktioner skräddarsyr vi en lämplig konsensusalgoritm baserad på nodkredit för BGPcredit som inkluderar en rimlig kredithanteringsmekanism, kreditberäkningsfunktion, blockförfalskningsprocess, VRF, etc. Dessutom har vissa anpassade ändringar i blockchain gjorts för att uppfylla systemkraven. Dessutom förespråkar BGPcredit att fullt ut utnyttja certifieringsmyndigheternas förtroende för att bygga upp ett delvis decentraliserat system. Vissa tillförlitliga noder med högre auktoritet är inställda för att förbättra systemets säkerhet och robusthet. Slutligen implementerar vi BGPcredit prototypen och genomför några valideringsexperiment. Resultaten visar att BGPcredit kan fungera bra och är kompatibel med BGP routing nätverk. blockchain RPKI consensus algorithm border gateway protocol security blockchain RPKI konsensusalgoritm border gateway-protokoll säkerhet Computer and Information Sciences Data- och informationsvetenskap
29	Migración e implementación hacia una red MPLS-VPN aplicado a una entidad empresarial en la ciudad de Lima Castillo Meza, Joel Omar January 2015 (has links) En la presente tesina se realiza una descripción de la tecnología de Conmutación Multi-Protocolo mediante etiquetas usando una red privada virtual para la comunicación de una entidad empresarial. Se realizó una descripción de la tecnología MPLS con VPN mostrando sus cualidades, ventajas y desventajas, se promueve la esta tecnología a la red de comunicación de datos de la empresa tenga un performance y confidencialidad en los datos transmitidos, diseñando un esquema así como la infraestructura que podría ser usada en esta implementación, con características modulares las cuales permitirá a la empresa ir creciendo a la medida de que su tráfico o demanda de transporte vaya aumentando al igual que la integración de las demás extensiones se amerita el caso; para el diseño nos ayudaremos del programa de simulación “GNS3” el mismo que se hará un bosquejo de la configuración y modelo para la transmisión de sucursal a matriz y viceversa. This thesis is a description of MPLS VPN using a communication from the business entity. Was a description of MPLS VPN showing his qualities, advantages and disadvantages, promotes the introduction of this technology to the data communication network of the company to have a performance traffic and confidentiality of the data transmitted, designing scheme as well as the infrastructure that could be used in this implementation, modular features which allow the company to grow to the extent that their traffic and transport demand will increase as the integration of other extensions are merited case, to help us design simulation program "GNS3" the same to be made a sketch of the model configuration and transmission branch to parent and vice versa. Red Privada Virtual (VPN) Protocolo Puerta de Frontera BGP Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Border Gateway Protocol (BGP)
30	Multicasting in Intra and Inter Domain Networks Khan, Shahzad Hayat, Badshah, Jehan January 2011 (has links) Multicasting in a network improves the efficiency to deliver an IP packet to multiple clients at the same time. Small to medium sized organizations implement this technology to enhance their network capability, which is otherwise not possible just with normal routing. However, to use this technology, it requires proper network design with tidy resource implementation.Network administrators prefer automatic deployment of multicast technology because it reduces the potential risk of prolonged down time during network troubleshooting. On the other hand, choosing an auto deployment technology could cause malfunctioning in the network. To avoid such malfunctioning, we used two technologies: Auto-RP (Auto- Rendezvous Point) [1] and Bootstrap [2] in our network. A problem that occurs here is that if different domains with similar or different technologies want to share their resources with each other, then regular multicasting cannot connect them for successful communication. Also, if an administrator wishes to provide short and redundant paths within a domain, then these two technologies do not possess the ability to do so.The thesis presents issues in intra-domain and inter-domain multicast networks; it also focuses on Auto-RP (Auto Rendezvous Point) and BSR (Bootstrap Router) which are technologies related to multicasting. This project highlights the importance of multicasting security and will brief the problems associated with these two technologies. It will offer a better solution with a properly implemented design guide. The study uses MSDP (Multicast Source Discovery Protocol) [3] which connects two domains with multicasting capabilities for exchanging the source and providing redundancy in intra- domain. The work implements MBGP (Multicast Border Gateway Protocol) [4] to avoid a situation in which there is no multicast support on one of the service provider(s) end. Keywords:Auto-RP (Auto-Rendezvous Point), BSR (Bootstrap Router), MSDP (Multicast Source Discovery Protocol), MBGP (Multicast Border Gateway Protocol) Multicast Auto-RP Auto-Rendezvous Point Bootstrap Router MSDP Multicast Source Discovery Protocol MBGP Multicast Border Gateway Protocol Computer Engineering Datorteknik Telecommunications Telekommunikation Telecommunications Telekommunikation

Search results