Interdomain Traffic Engineering and Faster Restoration in Optical Networks

Muchanga, Americo Francisco

January 2006

Internet traffic has surpassed voice traffic and is dominating in transmission networks. The Internet Protocol (IP) is now being used to encapsulate various kinds of services. The new services have different requirements than the initial type of traffic that was carried by the Internet network and IP. Interactive services such as voice and video require paths than can guarantee some bandwidth level, minimum delay and jitter. In addition service providers need to be able to improve the performance of their networks by having an ability to steer the traffic along the less congested links or paths, thus balancing the load in a uniform way as a mechanism to provide differentiated service quality. This needs to be provided not only within their domains but also along paths that might traverse more than one domain. For this to be possible changes have been proposed and some are being applied to provide quality of service (QoS) and traffic engineering (TE) within and between domains. Because data networks now carry critical data and there are new technologies that enable providers to carry huge amount of traffic, it is important to have mechanisms to safeguard against failures that can render the network unavailable. In this thesis we propose and develop mechanisms to enable interdomain traffic engineering as well as to speed up the restoration time in optical transport networks. We propose a mechanism, called abstracted path information, that enable peering entities to exchange just enough information to engage in QoS and TE operations without divulging all the information about the internal design of the network. We also extend BGP to carry the abstracted information. Our simulations show that BGP could still deliver the same performance with the abstracted information. In this thesis we also develop a method of classifying failures of links or paths. To improve the restoration time we propose that common failures be classified and assigned error type numbers and we develop a mechanism for interlayer communication and faster processing of signalling messages that are used to carry notification signals. Additionally we develop a mechanism of exchanging the failure information between layers through the use of service primitives; that way we can speed up the restoration process. Finally we simulate the developed mechanism for a 24 node Pan American optical transport network. / <p>QC 20100913</p>

Interdomain Routing

Network Recovery

Restoration in Optical Networks

Optics

Optik

Robustness against large-scale failures in communications networks

Segovia Silvero, Juan

15 December 2011

This thesis studies robustness against large-scale failures in communications networks. If failures are isolated, they usually go unnoticed by users thanks to recovery mechanisms. However, such mechanisms are not effective against large-scale multiple failures. Large-scale failures may cause huge economic loss. A key requirement towards devising mechanisms to lessen their impact is the ability to evaluate network robustness. This thesis focuses on multilayer networks featuring separated control and data planes. The majority of the existing measures of robustness are unable to capture the true service degradation in such a setting, because they rely on purely topological features. One of the major contributions of this thesis is a new measure of functional robustness. The failure dynamics is modeled from the perspective of epidemic spreading, for which a new epidemic model is proposed. Another contribution is a taxonomy of multiple, large-scale failures, adapted to the needs and usage of the field of networking. / Esta tesis estudia la robustez contra fallos de gran escala en redes de comunicaciones. Si los fallos son aislados, usualmente pasan inadvertidos para los usuarios gracias al uso de mecanismos de recuperación. Sin embargo, tales mecanismos no son efectivos contra fallos múltiples de gran escala. Los fallos de gran escala pueden causar grandes pérdidas económicas. Un requisito clave a la hora de diseñar mecanismos efectivos para reducir los efectos negativos es la habilidad de evaluar la robustez de la red. Esta tesis se centra en redes multinivel que poseen planos de control y de datos separados. La mayoría de las medidas de robustez existentes no capturan correctamente la verdadera degradación de los servicios en tales escenarios porque basan la evaluación en propiedades puramente topológicas. Una de las contribuciones de esta tesis es una nueva métrica de robustez funcional. La dinámica de los fallos se modela desde la perspectiva de la propagación de epidemias, para lo cual un nuevo modelo epidémico es propuesto. Otra contribución es una taxonomía de los fallos múltiples de gran escala, adaptado a las necesidades y uso del campo de las redes de comunicaciones.

Robustness

Robustez

Robustness

Resilience

Resistència

Resistencia

Complex networks

Xarxes complexes

Redes complejas

GMPLS

Network recovery

Recuperació de la xarxa

Recuperación de la red

Epidemic models

Models epidèmics

Modelos epidémicos

68

Link failure recovery among dynamic routes in telecommunication networks

Stapelberg, Dieter

12 1900

Thesis (MSc (Mathematical Sciences. Computer Science))--University of Stellenbosch, 2009. / ENGLISH ABSTRACT: Since 2002 data tra c has overtaken voice tra c in volume [1]. Telecom / Network operators still generate most of their income carrying voice tra c. There is however a huge revenue potential in delivering reliable guaranteed data services. Network survivability and recovery from network failures are integral to network reliability. Due to the nature of the Internet, recovery from link failures needs to be distributed and dynamic in order to be scalable. Link failure recovery schemes are evaluated in terms of the survivability of the network, the optimal use of network resources, scalability, and the recovery time of such schemes. The need for recovery time to be improved is highlighted by real-time data tra c such as VoIP and video services carried over the Internet. The goal of this thesis is to examine existing link failure recovery schemes and evaluate the need for their extension, and to evaluate the performance of the proposed link failure recovery schemes. i / AFRIKAANSE OPSOMMING: Sedert 2002 het data verkeer die stem verkeer in volume verbygesteek [1]. Telekommunikasie / netwerk operateurs genereer egter steeds die meeste van hul inkomste met stem verkeer. Netwerk oorlewing en die herstel van netwerk mislukkings is integraal tot netwerk stabiliteit. Die samestelling van die Internet noodsaak dat die herstel van skakel mislukkings verspreid en dinamies van natuur moet wees. Die herstel-skema van skakel mislukkings word evalueer in terme van die oorleefbaarheid van die netwerk, die mees e ektiewe benutting van network bronne, aanpasbaarheid, en die herstel tydperk van die skema. Die vinnig moontlikste herstel tydperk word genoodsaak deur oombliklike data verkeer soos VoIP en beeld dienste wat oor die Internet gedra word. The doel van hierdie tesis is om bestaande skakel mislukking herstel skemas te evalueer, en dan verder ondersoek in te stel na hul uitbreiding. Daarna word die voorgestelde skakel mislukking skema se e ektiwiteit gemeet.

Telecommunication networks

Network reliability

Link failures

Network recovery

Mathematical Sciences

Theses -- Computer science

Dissertations -- Computer science

Computer networks

Network performance (Telecommunication)

Reliability (Engineering)

Computer networks -- Reliability

Computer Science

Performance comparison of two dynamic shared-path protection algorithms for WDM optical mesh networks

Sharma, Ameeth

26 January 2009

Finding an optimal solution to the problem of fast and efficient provisioning of reliable connections and failure recovery in future intelligent optical networks is an ongoing challenge. In this dissertation, we investigate and compare the performance of an adapted shared-path protection algorithm with a more conventional approach; both designed for survivable optical Wavelength Division Multiplexing (WDM) mesh networks. The effect of different classes of service on performance is also investigated. Dedicated path protection is a proactive scheme which reserves spare resources to combat single link failures. Conventional Shared-path Protection (CSP) is desirable due to the efficient utilization of resources which results from the sharing of backup paths. Availability is an important performance assessment factor which measures the probability that a connection is in an operational state at some point in time. It is the instantaneous counterpart of reliability. Therefore, connections that do not meet their availability requirements are considered to be unreliable. Reliability Aware Shared-path Protection (RASP) adopts the advantages of CSP by provisioning reliable connections efficiently, but provides protection for unreliable connections only. With the use of a link disjoint parameter, RASP also permits the routing of partial link disjoint backup paths. A simulation study, which evaluates four performance parameters, is undertaken using a South African mesh network. The parameters that are investigated are: 1. Blocking Probability (BP), which considers the percentage of connection requests that are blocked, 2. Backup Success Ratio (BSR), which considers the number of connections that are successfully provisioned with a backup protection path, 3. Backup Primary Resource Ratio (BPR), which considers the ratio of resources utilized to cater for working traffic to the resources reserved for protection paths and lastly 4. Reliability Satisfaction Ratio (RSR), which evaluates the ratio of provisioned connections that meet their availability requirements to the total number of provisioned connections. Under dynamic traffic conditions with varying network load, simulation results show that RASP can provision reliable connections and satisfy Service Level Agreement (SLA) requirements. A competitive Blocking Probability (BP) and lower Backup Primary Resource Ratio (BPR) signify an improvement in resource utilization efficiency. A higher Backup Success Ratio (BSR) was also achieved under high Quality of Service (QoS) constraints. The significance of different availability requirements is evaluated by creating three categories, high availability, medium availability and low availability. These three categories represent three classes of service, with availability used as the QoS parameter. Within each class, the performance of RASP and CSP is observed and analyzed, using the parameters described above. Results show that both the BP and BPR increase with an increase in the availability requirements. The RSR decreases as the reliability requirements increase and a variation in BSR is also indicated. / Dissertation (MEng)--University of Pretoria, 2009. / Electrical, Electronic and Computer Engineering / unrestricted

Mesh network

Wavelength division multiplexing

Service level agreement

Quality of service

Dynamic traffic

Network recovery

Path availability

Link failure

Blocking probability

Shared-path protection

UCTD

SurvSec Security Architecture for Reliable Surveillance WSN Recovery from Base Station Failure

Megahed, Mohamed Helmy Mostafa

30 May 2014

Surveillance wireless sensor networks (WSNs) are highly vulnerable to the failure of the base station (BS) because attackers can easily render the network useless for relatively long periods of time by only destroying the BS. The time and effort needed to destroy the BS is much less than that needed to destroy the numerous sensing nodes. Previous works have tackled BS failure by deploying a mobile BS or by using multiple BSs, which requires extra cost. Moreover, despite using the best electronic countermeasures, intrusion tolerance systems and anti-traffic analysis strategies to protect the BSs, an adversary can still destroy them. The new BS cannot trust the deployed sensor nodes. Also, previous works lack both the procedures to ensure network reliability and security during BS failure such as storing then sending reports concerning security threats against nodes to the new BS and the procedures to verify the trustworthiness of the deployed sensing nodes. Otherwise, a new WSN must be re-deployed which involves a high cost and requires time for the deployment and setup of the new WSN. In this thesis, we address the problem of reliable recovery from a BS failure by proposing a new security architecture called Surveillance Security (SurvSec). SurvSec continuously monitors the network for security threats and stores data related to node security, detects and authenticates the new BS, and recovers the stored data at the new BS. SurvSec includes encryption for security-related information using an efficient dynamic secret sharing algorithm, where previous work has high computations for dynamic secret sharing. SurvSec includes compromised nodes detection protocol against collaborative work of attackers working at the same time where previous works have been inefficient against collaborative work of attackers working at the same time. SurvSec includes a key management scheme for homogenous WSN, where previous works assume heterogeneous WSN using High-end Sensor Nodes (HSN) which are the best target for the attackers. SurvSec includes efficient encryption architecture against quantum computers with a low time delay for encryption and decryption, where previous works have had high time delay to encrypt and decrypt large data size, where AES-256 has 14 rounds and high delay. SurvSec consists of five components, which are: 1. A Hierarchical Data Storage and Data Recovery System. 2. Security for the Stored Data using a new dynamic secret sharing algorithm. 3. A Compromised-Nodes Detection Algorithm at the first stage. 4. A Hybrid and Dynamic Key Management scheme for homogenous network. 5. Powerful Encryption Architecture for post-quantum computers with low time delay. In this thesis, we introduce six new contributions which are the followings: 1. The development of the new security architecture called Surveillance Security (SurvSec) based on distributed Security Managers (SMs) to enable distributed network security and distributed secure storage. 2. The design of a new dynamic secret sharing algorithm to secure the stored data by using distributed users tables. 3. A new algorithm to detect compromised nodes at the first stage, when a group of attackers capture many legitimate nodes after the base station destruction. This algorithm is designed to be resistant against a group of attackers working at the same time to compromise many legitimate nodes during the base station failure. 4. A hybrid and dynamic key management scheme for homogenous network which is called certificates shared verification key management. 5. A new encryption architecture which is called the spread spectrum encryption architecture SSEA to resist quantum-computers attacks. 6. Hardware implementation of reliable network recovery from BS failure. The description of the new security architecture SurvSec components is done followed by a simulation and analytical study of the proposed solutions to show its performance.

Surveillance Wireless Sensor Network

Security manager (SM)

Backup security manager (BKSM)

Network trustworthiness

Efficient dynamic secret sharing

Distributed users tables (DUT)

Node compromise attack

Hybrid key management

Dynamic key management

Homogenous network

High end Sensor Nodes (HSNs)

Network scalability

Network connectivity

Unpredictability principal

PRNG

Resistant to quantum computer

SurvSec Security Architecture for Reliable Surveillance WSN Recovery from Base Station Failure

Megahed, Mohamed Helmy Mostafa

January 2014

Surveillance wireless sensor networks (WSNs) are highly vulnerable to the failure of the base station (BS) because attackers can easily render the network useless for relatively long periods of time by only destroying the BS. The time and effort needed to destroy the BS is much less than that needed to destroy the numerous sensing nodes. Previous works have tackled BS failure by deploying a mobile BS or by using multiple BSs, which requires extra cost. Moreover, despite using the best electronic countermeasures, intrusion tolerance systems and anti-traffic analysis strategies to protect the BSs, an adversary can still destroy them. The new BS cannot trust the deployed sensor nodes. Also, previous works lack both the procedures to ensure network reliability and security during BS failure such as storing then sending reports concerning security threats against nodes to the new BS and the procedures to verify the trustworthiness of the deployed sensing nodes. Otherwise, a new WSN must be re-deployed which involves a high cost and requires time for the deployment and setup of the new WSN. In this thesis, we address the problem of reliable recovery from a BS failure by proposing a new security architecture called Surveillance Security (SurvSec). SurvSec continuously monitors the network for security threats and stores data related to node security, detects and authenticates the new BS, and recovers the stored data at the new BS. SurvSec includes encryption for security-related information using an efficient dynamic secret sharing algorithm, where previous work has high computations for dynamic secret sharing. SurvSec includes compromised nodes detection protocol against collaborative work of attackers working at the same time where previous works have been inefficient against collaborative work of attackers working at the same time. SurvSec includes a key management scheme for homogenous WSN, where previous works assume heterogeneous WSN using High-end Sensor Nodes (HSN) which are the best target for the attackers. SurvSec includes efficient encryption architecture against quantum computers with a low time delay for encryption and decryption, where previous works have had high time delay to encrypt and decrypt large data size, where AES-256 has 14 rounds and high delay. SurvSec consists of five components, which are: 1. A Hierarchical Data Storage and Data Recovery System. 2. Security for the Stored Data using a new dynamic secret sharing algorithm. 3. A Compromised-Nodes Detection Algorithm at the first stage. 4. A Hybrid and Dynamic Key Management scheme for homogenous network. 5. Powerful Encryption Architecture for post-quantum computers with low time delay. In this thesis, we introduce six new contributions which are the followings: 1. The development of the new security architecture called Surveillance Security (SurvSec) based on distributed Security Managers (SMs) to enable distributed network security and distributed secure storage. 2. The design of a new dynamic secret sharing algorithm to secure the stored data by using distributed users tables. 3. A new algorithm to detect compromised nodes at the first stage, when a group of attackers capture many legitimate nodes after the base station destruction. This algorithm is designed to be resistant against a group of attackers working at the same time to compromise many legitimate nodes during the base station failure. 4. A hybrid and dynamic key management scheme for homogenous network which is called certificates shared verification key management. 5. A new encryption architecture which is called the spread spectrum encryption architecture SSEA to resist quantum-computers attacks. 6. Hardware implementation of reliable network recovery from BS failure. The description of the new security architecture SurvSec components is done followed by a simulation and analytical study of the proposed solutions to show its performance.

Surveillance Wireless Sensor Network

Security manager (SM)

Backup security manager (BKSM)

Network trustworthiness

Efficient dynamic secret sharing

Distributed users tables (DUT)

Node compromise attack

Hybrid key management

Dynamic key management

Homogenous network

High end Sensor Nodes (HSNs)

Network scalability

Network connectivity

Unpredictability principal

PRNG

Resistant to quantum computer