Erwin P. Rathgeb

Evaluation of Concurrent Multipath Transfer over Dissimilar Paths

The steadily growing deployment of resilience-critical Internet services is leading to an increasing number of Multi-Homed network sites. Asymmetric Digital Subscriber Lines (ADSL) are an inexpensive way to add a secondary Internet access connection. With the development of Multi-Path Transport Layer protocols - like Multipath TCP (MPTCP) and the Stream Control Transmission Protocol (SCTP) furnished by a Concurrent Multipath Transfer (CMT-SCTP) extension - there is also a strong interest in utilising all access connections simultaneously to improve the data throughput of the applications. However, combining network paths over ADSL with paths over other access technologies like fibre optic links implies highly dissimilar paths with significantly different bandwidths, delays and queuing behaviours. Efficient Multi-Path transport over such dissimilar paths is a challenging task for the new Transport Layer protocols under development. In this paper, we show the difficulties of Multi-Path transport in a real-world dissimilar path setup which consists of a high-speed fibre optic link and an ADSL connection. After that, we present an optimised buffer handling technique which solves the transport efficiency issues in this setup. Our optimisation is first analysed by simulations. Finally, we also show the usefulness of our approach by experimental evaluation in a real Multi-Homed Internet setup.

On the fairness of transport protocols in a multi-path environment

Today, a steadily growing number of devices contains multiple network interfaces. For example, nearly all smartphones are equipped with at least W-LAN as well as 3G/4G interfaces. In consequence, there is a rising demand for so-called multi-path transfer, which utilizes all of these interfaces simultaneously in order to maximize the payload throughput of applications. Currently, this so-called multi-path transfer is very actively discussed by the IETF, in form of the Multi-Path TCP (MPTCP) extension for TCP as well as the Concurrent Multi-path Transfer extension for SCTP (CMT-SCTP). Their larger-scale deployment in the Internet is expected for the near future. A key issue that prevents the standardization of these approaches is the fairness to concurrent TCP flows. A multi-path transfer should behave “TCP-friendly”, i.e. cause no harm to the performance of the very widely deployed TCP-based applications. In this paper, we first extend the notion of “fairness” from single-path transport to multi-path transport. Furthermore, we introduce the relevant congestion control approaches in the IETF context for single-path as well as multi-path transfer. We simulatively analyze these approaches in a couple of interesting network configuration scenarios, in order to show their behavior with special regard to the fairness definitions. Particularly, we also point out items of further discussion which are the result of the current approaches.

Simulation and Experimental Evaluation of Multipath Congestion Control Strategies

The need for service resilience is leading to a steadily growing number of multi-homed Internet sites. In consequence, this results in a growing demand for utilising multiple Internet accesses simultaneously, in order to improve application payload throughput during normal operation. Multi-path Transport Layer protocol extensions - like Multi-Path TCP (MPTCP) for TCP and Concurrent Multipath Transfer for SCTP (CMT-SCTP) - allow applications to make use of such network topologies. However, since TCP - which constitutes the basis of most Internet applications - and its congestion control procedures have been designed under the assumption of single-homed sites, fairness issues may arise by the usage of multipath transport. These issues are addressed by advanced congestion control approaches, which have already been examined by simulations. However, real-life network measurements are missing. In this paper, we perform an experimental proof-of-concept evaluation of several multipath congestion control strategies, which are currently under discussion within the IETF in the context of MPTCP as well as CMT-SCTP. Particularly, we validate effects that have been observed in simulations, in order to trigger further discussions on multipath congestion control. Also, our goal is to provide insight into the different approaches to support the ongoing IETF standardisation activities on multipath transport protocols.

Secure End-to-End Transport Over SCTP

The Stream Control Transmission Protocol is a new transport protocol initially developed to transport signaling messages over IP networks. The new features of SCTP make it also a suitable candidate for applications which nowadays use the standard transport protocols TCP and UDP. Many of these applications have strict requirements with respect to end-to-end security. Providing end-to-end security by using IPsec or the Transport Layer Security (TLS) protocol in combination with SCTP is subject to functional and performance related limitations. These can be avoided by integrating security functions directly into SCTP (S-SCTP). Although S-SCTP in principle solves all limitations, some issues remain hindering broad deployment of this solution. Therefore, we propose an alternative solution which preserves the advantages of S-SCTP while avoiding major modifications to existing standards and operating systems.

Secure end-to-end transport over SCTP

The Stream Control Transmission Protocol is a new transport protocol initially developed to transport signaling messages over IP networks. The new features of SCTP make it also a suitable candidate for applications which nowadays use the standard transport protocols TCP and UDP. Many of these applications have strict requirements regarding the end-to-end security. Providing end-to-end security by using IPsec or the Transport Layer Security (TLS) protocol in combination with SCTP is subject to functional and performance related limitations. These can be avoided by integrating security functions directly into SCTP (S-SCTP). Although S-SCTP in principle solves all limitations, some issues remain hindering broad deployment of this solution. Therefore, we propose an alternative solution which preserves the advantages of S-SCTP while avoiding major modifications to existing standards and operating systems.

On the Robustness of SCTP against DoS Attacks

The stream control transmission protocol (SCTP) is a new general purpose transport protocol standardized by the IETF. The new features of SCTP make it an attractive option for new applications and even for those nowadays using TCP and UDP. One crucial issue for the broad acceptance of SCTP will be its security and in particular its robustness against denial-of-service attacks (DoS). Therefore, SCTP has been defined with a 4-way handshake including a cookie mechanism to mitigate DoS attacks similar to the SYN flooding in TCP. In this paper, we will first assess the behaviour of this mechanism in a classical DoS scenario and compare it to TCP. In the next step, we analyze the 4-way handshake to identify potential new attacks. These attacks are then investigated in detail to evaluate their risk.

A Future Internet architecture supporting multipath communication networks

The classic layered OSI reference model has reached its limits for the Internet of today. In this paper, we propose a clean-slate conceptual design of a new architecture as a contribution to the ongoing discussion on the Future Internet. We address the shortcomings of the layered model by redesigning the classical model. Our approach differs from the concepts found in prior work, which focus on special parts of the problems (such as the application, the service or the event) by staggering back a couple of steps and trying to see the requirements from a different perspective. Our concept - which is denoted as Encapsulated Responsibility-Centric Architecture Model (ERiCA) - focuses on determining the responsibilities by using different planes in addition to a partitioning of the network into different decision domains. With this partitioning, we can reduce the complexity of providing a certain service.

G-Lab Deep: Cross-Layer Composition and Security for a Flexible Future Internet

The Internet provides a global communication basis for businesses and communities. But in today’s Internet new demands collide with old design principles, resulting in a complex agglomerate of protocols and patches. These makeshift solutions are hard to manage, protect, and extend. The G-Lab DEEP project aims at these challenges with an innovative composition approach with a special emphasis on security. One goal is the dynamic composition of functions from network and service layer based on the requirements of applications. The composition is done by a mediation process that selects suitable function modules and can negotiate whether functions should be positioned on network or service layer. In G-Lab DEEP a prototype for such architecture will be developed.