IP源特定组播技术的研究和实现

文章指出传统PIM-SM组播存在的问题,介绍SSM源特定组播技术的优越性、SSM的实现过程及安全SSM应考虑的两个方面。     

基于SSM的移动多媒体会议中的SIP信令应用研究

人们普遍认为,分布式特定源组播(SSM)需要更简单、更具有选择性的机制为移动用户提供组播基础设施和服务。本文提出了直接扩展SIP信令来建立这一机制,并深入探讨了SSM的移动多媒体会议中,为了适应在不对等的点对点模式下建立SSM组播会话,如何扩展SIP请求消息的主要头部字段来发起和建立会话。     

基于域的MIPv6的SSM源移动的解决方案

SSM模型的提出较好的解决了传统组播模型ASM中存在的访问控制,地址管理,复杂性等一系列问题,但是它同样存在着由于组播源的移动所带来的延时和数据包的丢失问题,本文针对这一问题提出了基于域的MIPv6的SSM解决方案,从一定程度上解决了源移动带来的这些问题。     

软件定义网络中基于密码标识的报文转发验证机制

针对软件定义网络(SDN)中缺乏安全高效的数据来源验证机制问题,该文提出基于密码标识的报文转发验证机制。首先,建立基于密码标识的报文转发验证模型,将密码标识作为IP报文进出网络的通行证。其次,设计SDN批量匿名认证协议,将SDN控制器的验证功能下放给SDN交换机,由SDN交换机进行用户身份验证和密码标识验证,快速过滤伪造、篡改等非法报文,提高SDN控制器统一认证与管理效率,同时可为用户提供条件隐私保护。提出基于密码标识的任意节点报文抽样验证方案,任何攻击者无法通过推断采样来绕过报文检测,确保报文的真实性的同时降低其处理延迟。最后,进行安全性分析和性能评估。结果表明该机制能快速检测报文伪造和篡改及抵抗ID分析攻击,但同时引入了大约9.6%的转发延迟和低于10%的通信开销。     

传统IP组播面临的困境及源特定组播(SSM)

IP组播出现以来，尽管其技术上具有一定的优势，但并未得到广泛的应用。本文首先简要介绍IP组播的原理和体系结构．然后从ISP、用户、ASM模型等几个方面重点分析了传统IP组播没有得到大规模商业应用的原因，最后介绍了一种组播的改进模型——源特定组播(SSM)。     

无可信第三方的数据匿名化收集协议

针对半诚信的数据收集者对包含敏感属性(SA)数据收集和使用过程中可能造成隐私泄露问题,该文在传统模型中增加实时的数据领导者,并基于改进模型提出一个隐私保护的数据收集协议,确保无可信第三方假设前提下,数据收集者最大化数据效用只能建立在K匿名处理过的数据基础上。数据拥有者分布协作的方式参与协议流程,实现了准标识(QI)匿名化后SA的传输,降低了数据收集者通过QI关联准确SA值的概率,减弱内部标识揭露造成隐私泄露风险;通过树形编码结构将SA的编码值分为随机锚点和补偿距离两份份额,由K匿名形成的等价类成员选举获取两个数据领导者,分别对两份份额进行聚集和转发,解除唯一性的网络标识和SA值的关联,有效防止外部标识揭露造成的隐私泄露;建立符合该协议特性的形式化规则并对协议进行安全分析,证明了协议满足隐私保护需求。     

基于社会特征的能量感知的容迟网组播协议

由于容迟网DTN(Delay-Tolerant Network)节点间连接的间歇性,节点只能依据机会性相遇转发数据.为此,提出基于社会特征的能量感知的容迟网络的组播SCEAM(Social Characteristics Energy-Aware based Multicast)协议.将社会网络思想引入DTN的路由协议,进而选择合适的转发节点传输数据,这充分利用了节点的长期和较稳定的社会特征知识进行决策转发数据.SCEAM协议就利用节点最重要的社会特征——中心度,并考虑节点能量两项信息选择转发节点.仿真数据表明,提出的SCEAM协议在满足数据传输率的要求下,能够支持更多的组播业务,与SDM协议相比,组播业务提高了近27％.     

IGMPv3协议的研究与实现分析

IGMPv3协议提供“源过滤”特性,成为SSM组成框架的一部分。介绍了IGMPv3协议的特点,分析一种Linux操作系统下支持IGMPv3协议的主机实现。通过在网络实验床上进行实验来具体分析了IGMPv3协议的工作过程。     

一种基于数据平面可编程的软件定义网络报文转发验证机制

针对软件定义网络(SDN)中OpenFlow协议匹配字段固定且数量有限,数据流转发缺少有效的转发验证机制等问题,该文提出一种基于数据平面可编程的软件定义网络报文转发验证机制。通过为数据报文添加自定义密码标识,将P4转发设备加入基于OpenFlow的软件定义网络,在不影响数据流正常转发的基础上,对网络业务流精确控制和采样。控制器验证采样业务报文完整性,并针对异常报文下发流规则至OpenFlow转发设备,对恶意篡改、伪造等异常数据流进行转发控制。最后,构建基于开源BMv2的P4转发设备和基于OpenFlow的Open vSwitch转发设备的转发验证原型,并构建仿真网络进行实验。实验结果表明,该机制能够有效检测业务报文篡改、伪造等转发异常行为,与同类验证机制相比,在安全验证处理开销保持不变的情况下,能够实现更细粒度的业务流精确控制采样和更低的转发时延。     

无线Mesh网中灵活冗余路径的ODMRP协议

提出了一种灵活冗余路径的ODMRP协议(FRP-ODMRP),能在节点故障或网络链路失败时,为接收节点提供不间断的传送数据服务.FRP-ODMRP协议利用积极非转发节点上本采无用的复制包,根据被动转发概率提供一条灵活的冗余转发路径把数据转发到目的节点,不需要进行路由更新,不增加网络重建和修复开销、提高网络的可靠性.仿真...     

Improved Message Forwarding for Multi-Hop HaRTES Real-Time Ethernet Networks

Nowadays, switched Ethernet networks are used in complex systems that encompass tens to hundreds of nodes and thousands of signals. Such scenarios require multi-switch architectures where communications frequently occur in multiple hops. In this paper we investigate techniques to allow efficient multi-hop communication using HaRTES switches. These are modified Ethernet switches that provide real-time traffic scheduling, dynamic bandwidth management and temporal isolation between real-time and non-real-time traffic. This paper addresses the problem of forwarding traffic in HaRTES networks. Two methods have been recently proposed, namely Distributed Global Scheduling (DGS) that buffers traffic between switches, and Reduced Buffering Scheme (RBS), that uses immediate forwarding. In this paper, we discuss the design and implementation of RBS within HaRTES and we carry out an experimental validation with a prototype implementation. Then, we carry out a comparison between RBS and DGS using worst-case response time analysis and simulation. The comparison clearly establishes the superiority of RBS concerning end-to-end response times. In fact, with sample message sets, we achieved reductions in end-to-end delay that were as high as 80 %.     

Ethernet transport system supporting delay‐sensitive real‐time traffics

We propose and demonstrate an Ethernet transport system that can support hard real‐time traffics with guaranteed throughput and very low jitter performance even in the presence of asynchronous traffics. The superframe structure‐based Ethernet system first synchronizes all the nodes in a network by using the IEEE 1588‐compliant boundary clock scheme and then reserves the traffic channels for synchronous traffics before accommodating both synchronous and asynchronous traffics in the superframe. Our experimental demonstration performed on field‐programmable gate array‐enabled Gigabit Ethernet test benches shows that the proposed scheme not only guarantees the throughput of the synchronous frames but also substantially reduces the jitter of the synchronous frames less than 110 ns after seven‐hop transmission. Copyright © 2013 John Wiley & Sons, Ltd.     

Quality of service control in Ethernet passive optical networks based on virtual private LAN service technique

A technique is proposed that allows achievement of logical point-to-multipoint paths in gigabit Ethernet (GbE) networks with access based on passive optical networks (PONs), guaranteeing upstream/downstream bandwidth and quality of service also in conditions of traffic congestion. Such a method is based on the combination of the virtual private LAN service (VPLS), implemented in the core network, and the VLAN tagging forwarding process used in the edge-PON segment.     

Tracing IP-spoofed packets in software defined network

IP packets back tracing is to find the source host hop by hop from the destination.The method found the forwarding path of target packets and source host by adding probe entry into flow tables on SDN switches and analyzing the effective back tracing Packet-in messages sent by related switches.The proposed scheme can provide convenience for debugging network problems ,so that the network administrator can obtain the forwarding paths of any data packets.Furthermore,it can help to solve the problem of IP spoofing.Experimental results prove that the traceability method can find the forwarding paths of target packets in a timely and accurate manner without affecting other traffic or significant system overhead.     

SEAL2: An SDN‐enabled all‐Layer2 packet forwarding network architecture for multitenant datacenter networks

This paper presents the design and development of a new network virtualization scheme to support multitenant datacenter networking (MT‐DCN) based on software‐defined networking (SDN) technologies. Effective multitenancy supports are essential and challenging for datacenter networking designs. In this study, we propose a new network virtualization architecture framework for efficient packet forwarding in MT‐DCN. Traditionally, an internet host uses IP addresses for both host identification and location information, which causes mobile IP problems whenever the host is moved from one IP subnet to another. Unfortunately, virtual machine (VM) mobility is inevitable for cloud computing in datacenters for reasons such as server consolidation and network traffic flow optimization. To solve the problems, we decouple VM identification and location information with two independent values neither by IP addresses. We redefine the semantics of Ethernet MAC address to embed tenant ID information to the MAC address field without violating its original functionality. We also replace traditional Layer2/Layer3 two‐stage routing schemes (MAC/IP) with an all‐Layer2 packet forwarding mechanism that combines MAC addresses (for VM identification and forwarding in local server groups under an edge switch gateway) and multiprotocol label switching (MPLS) labels (for packet transportation between edge switch gateways across the core label switching network connecting all the edge gateways). To accommodate conventional IP packet architecture in a multitenant environment, SDN (OpenFlow) technology is used to handle all this complex network traffics. We verified the design concepts by a simple system prototype in which all the major system components were implemented. Based on the prototype system, we evaluated packet forwarding efficiency under the proposed network architecture and compared it with conventional IP subnet routing approaches. We also evaluated the incurred packet processing overhead caused by each of the packet routing components.     

Faultless Protection Methods in Self‐Healing Ethernet Ring Networks

Self‐healing Ethernet rings show promise for realizing the SONET/SDH‐grade resilience in Carrier Ethernet infrastructures. However, when a ring is faulty, high‐priority protection messages are processed in less time than low‐priority data frames are processed. In this situation, any delayed data frames either being queued or traveling through long ring spans will cause the ring nodes to generate incorrect forwarding information. As a result, the data frames spread in the wrong direction, causing the ring to become unstable. To solve this problem, we propose four schemes, that is, dual flush, flush delay timer setting, purge triggering, and priority setting, and evaluate their protection performance under various traffic conditions on a ring based on the Ethernet ring protection (ERP) method. In addition, we develop an absorbing Markov chain model of the ERP protocol to observe how traffic congestion can impact the protection performance of the proposed priority setting scheme. Based on our observations, we propose a more reliable priority setting scheme, which guarantees faultless protection, even in a congested ring.     

基于负载均衡和流量优先级的网络拓扑设计

交换式以太网网络的拓扑结构设计是一个带约束的优化问题,需要同时考虑多种约束条件。本文中定义了两个主要的准则：交换机负载均衡和流量最短路径。根据设计目标而衡量每条准则的权重．对拓扑进行评分而进行网络的拓扑结构设计。该方法以终端节点间网络流量需求矩阵和终端设备间流量优先级矩阵为输入,利用遗传算法从所有的拓扑结构中找出最优拓扑,决定交换机生成树拓扑和终端节点的分布位置。通过网络仿真,可以证明此方法的有效性。     

Traffic Shaping for Resource-Efficient In-Vehicle Communication

In-vehicle communication has become complex and costly due to the growing number of automotive network systems applied for different data types. In this work, our previously proposed in-vehicle network architecture that is based on Internet Protocol (IP) and full-duplex switched Ethernet (IP/Ethernet) is further investigated for real-time audio and video streaming. Quality-of-service (QoS) and resource usage are analyzed for selected IP/Ethernet-based network topologies. Traffic shaping is used to reduce the required network resources and consequently the cost. A novel traffic shaping algorithm is presented that outperforms other traffic shapers in terms of resource usage when applied to variable bit rate video sources in the proposed double star topology. In addition, a new architecture design is introduced for traffic shaper implementation in switches which operates on a per stream basis. Analytical and simulation results confirm that the proposed network architecture with traffic shaping is well-adapted for in-vehicle communication.      

A layer 2 multipath solution and its performance evaluation for Data Center Ethernets

Data Center Ethernet is likely to be deployed as the communication infrastructure for future data centers, which carries multiple types of traffic with very different characteristics and handling requirements. Conventional Spanning Tree Protocol (STP) cannot meet the requirement of a Data Center Ethernet framework because of its poor bandwidth utilization and lack of multipathing capability. In this paper, we propose a layer 2 multipathing solution, namely optimized dynamic load‐balancing multipathing (ODLBMP), to be deployed in Data Center Ethernet. Our proposed method utilizes all available links and ports for frame delivery and can split traffic of a communication pair along multiple paths. In ODLBMP, the traffic loads of all paths are continuously monitored so that traffic assigned to each path can be dynamically adjusted to avoid path/link over‐utilization. Per‐flow forwarding is observed in ODLBMP to guarantee the in‐order delivery, which is important for most storage traffic. In addition, ODLBMP finely differentiates flows from application perspective so it has more flexibility in traffic splitting and route selection, and achieves better multipath load balancing. Computer simulations show that our proposed algorithm performs better than other compared algorithms, including STP, Transparent Interconnection of Lots of Links, and DLBMP, in all simulation scenarios in terms of frame delivery ratio and network throughput. Copyright © 2013 John Wiley & Sons, Ltd.     

无线交换机二层转发分析

无线交换机的出现,使无线局域网(WLAN)由传统的分布式架构向集中管理式架构转变,其中转发功能也实现了从AP到无线交换机(AC)的迁移.如何利用AC更好地实现集中式流量转发也成为无线交换机研发厂商主要考虑的问题之一.为了增强转发模块的可移植性,提出了无线交换机模块化的FPL转发模型,并给出了具体的实现方案.最终通过转发性能测试表明其满足所要求的性能指标.