Joachim Sokol

M-MPLS: Micromobility-enabled multiprotocol label switching

This paper presents the integration of multiprotocol label switching with hierarchical mobile IPv6. The resulting micromobility-based MPLS (M-MPLS) is defined in two modes of operation: overlay and integrated. In an overlay framework MPLS and HMIP operate on their respective layers without having common processes, tables, or signaling. In an integrated framework, related functions are merged. The overall goal of an integrated framework is to facilitate efficient and reliable network operations while simultaneously optimizing network utilization and system performance.

Securing layer 2 in local area networks

Network security problems have been well known and addressed in the application, transport, or network layers. However, the Data Link Layer (Layer 2) security has not been adequately addressed yet. To secure Local or Metropolitan Area Networks, the IEEE 802.1AE Media Access Control (MAC) Security Task Group has proposed the IEEE P802.1AE Standard for Local and Metropolitan Area Networks: MAC Security (MACsec). MACsec introduces a new tag field, Security TAG (SecTAG), in Layer 2 frames. In this paper, we discuss the security concerns in Layer 2 and summarize some of the possible attacks in Layer 2 in Internet Protocol (IP) over Ethernet networks. We also provide an overview of the MACsec. Lastly, we propose to incorporate additional fields into the SecTAG to improve security in local area networks.

Addressing the weak link between layer 2 and layer 3 in the Internet architecture

With the rapid expansion and evolution of the Internet, the methodology of addressing in the data link layer and mapping between the network and data link layers has become inadequate to provide secure services in networks. In this paper, we examine the weak link between the network and data link layers in local area networks (LANs) with possible approaches to improve the network security.

QoS support for UDP/TCP based networks

To support UDP-based real-time applications over the Internet, it is necessary to provide bandwidth to the UDP applications within the network so that the performance of the UDP applications will not be seriously affected during periods of congestion. UDP flows do not typically back off when they encounter congestion. Thus, UDP flows aggressively use up more bandwidth than TCP friendly flows. Therefore, while it is important to have router algorithms support UDP flows by assigning appropriate bandwidth, it is also necessary to protect responsive TCP flows from unresponsive or aggressive UDP flows so that all users get a reasonable quality of service (QoS). In this paper, we propose a set of router-based QoS mechanisms including queue policy, resource reservation, and metering. These router-based QoS mechanisms provide rate guarantees to UDP flows, protection of well-behaved TCP flows from unresponsive UDP flows, and bandwidth fairness between TCP flows.

MCDN: Multimedia Content Discovery and Delivery

This paper presents a new architecture for content delivery networks (CDN). Whereas current CDN architectures represent proprietary overlay structures, our new architecture is based on open interfaces to allow an arbitrary composition of CDN services and actors supporting a variety of business models. The provision of content access, even in an optimized way, is not sufficient to satisfy future requirements, which will be driven by the heterogeneity of the technical environment and the expectation of the end user to have access to personalized content everywhere. Providers want to introduce new services and to rapidly change the access to their services in a secure way. The presented architecture is based on these requirements. It has been developed and successfully implemented in the EU project mCDN (multimedia content discovery and delivery) that has been finalized early 2006

Online Traffic Engineering and Connection Admission Control Based on Path Queue States

In this paper, we outline a new connection admission control and online traffic engineering framework for small networks using differentiated services. Decisions are made at the edge routers of the network. Multiple label switched paths are set up between each pair of edge routers. When a new connection arrives at an edge router, each path is evaluated to see whether it is able to carry the connection. Then, the best path of the remaining ones is picked. The evaluation of paths is based on state information gathered from the queues on each path. We show the results this scheme achieves based on simulations.

Distributed bandwidth reservation by probing for available bandwidth

For many applications in Internet protocol-based networks a guaranteed quality of service is crucial. A simple and scalable way of achieving this is to use the differentiated services architecture in conjunction with admission control. In this research, we focus on the reservation of bandwidth by routers on the edge of a single network domain with differentiated services support. We evaluate the assumptions made by previous research on probe-based bandwidth reservation. The availability of bandwidth is determined by measuring the throughput a probe flow of a certain rate achieves while the reservation is accomplished by assuming that the throughput this probe flow achieves equals to an amount of reserved bandwidth.

Adaptive per-flow traffic engineering based on probe packet measurements

In this research, we propose a new connection admission control and online traffic engineering framework. The framework is designed to fit small networks using differentiated services, e.g. radio access networks. Decisions are made at the edge routers of the network. Multiple disjoint label switched paths are pre-configured between each pair of edge routers (ERs). Between each pair of ERs, probe packets are sent on every path between those ERs and for every class of service. The characteristics of the transmission are measured at the ER at the end of the path, the egress ER. It sends the results back in feedback packets to the ingress ER at the beginning of the path. Additionally, low priority probe packets are sent at high rates to discover and reserve available bandwidth. The achieved throughput of those probes is also reported in feedback packets. Based on the results in these feedback packets, ERs render an admission decision for new connection requests and pick a path.

Traffic engineering based on local states in Internet protocol-based radio access networks

The purpose of this research is to develop and evaluate a traffic engineering architecture that uses local state information. This architecture is applied to an Internet protocol radio access network (RAN) that uses multi-protocol label switching (MPLS) and differentiated services to support mobile hosts. We assume mobility support is provided by a protocol such as the hierarchical mobile Internet protocol. The traffic engineering architecture is router based — meaning that routers on the edges of the network make the decisions onto which paths to place admitted traffic. We propose an algorithm that supports the architecture and uses local network state in order to function. The goal of the architecture is to provide an inexpensive and fast method to reduce network congestion while increasing the quality of service (QoS) level when compared to traditional routing and traffic engineering techniques. We use a number of different mobility scenarios and a mix of different types of traffic to evaluate our architecture and algorithm. We use the network simulator ns-2 as the core of our simulation environment. Around this core we built a system of pre-simulation, during simulation, and post-processing software that enabled us to simulate our traffic engineering architecture with only very minimal changes to the core ns-2 software. Our simulation environment supports a number of different mobility scenarios and a mix of different types of traffic to evaluate our architecture and algorithm.

Probing available bandwidth in radio access networks

This paper presents a way of measuring whether a certain amount of bandwidth is available on a path in a radio access network or in other kinds of networks with DiffServ support. The basic concept is to fill up the bandwidth that is not used by normal data traffic with special probe packets, which are only forwarded if there are no data packets that could be forwarded. When probing multiple paths the interaction of different probe flows can be exploited to signal bandwidth requirements and to reserve bandwidth. In contrast to other approaches, the available bandwidth is not estimated by using statistical properties of the transmission of trains of packets but determined by measuring the actual throughput of a stream of low-priority probe packets.