Vol. 59 n°5-6, May-June 2004
Active networks : architecture and flexible applications
Guest editors Ken CHEN (Univ. Paris XIII) and B. PLATTNER (ETZH)
Active networks as a developing and testing environment for network protocols
Raouf BOUTABA*, Andreas POLYRAKIS**, Alvaro FERNANDEZ CASANI***
* University of Waterloo, School of Computer Science - 200 University Avenue West, Waterloo, Ontario, Canada, N2L 3G1
** National Technical University of Athens, ECE Department - Iroon Polytexneiou 9, 15780 Zografou, Greece
*** Institute of Particle Physics of Valencia, IFIC - CSIC - Edificio Institutos de Ivestigacion, Apartado de Correos 22085, E-46071 Valencia, Spain
Abstract: Active Networks is a modern network approach in which pieces of code can be downloaded and executed on network devices, affecting in this way their behavior. This approach alters the philosophy of a computer network, makes it resemble to a distributed system and affects not only network protocols, services or applications, but also high-level mechanisms and procedures. One of the affected procedures is the development and testing of new protocols. By exploiting active network properties the development of a network protocol can be simplified to software development. Expensive and time-consuming hardware implementations are avoided, while the code can be developed, shared and tested by individual researchers. Testing can be performed on actual conditions instead of using inaccurate simulations. Early implementations of the protocol, which can be modified easily while the protocol evolves, can be used to obtain useful feedback. This paper describes our experiences of developing and testing of some of the IETF COPS family protocols in an Active Environment.
Key words: Active telecommunication network, Network architecture, Transmission protocol, Software engineering, Networking, Programmable equipment.
Community aware network security and a DDoS response system
Stamatis KARNOUSKOS*
* Fraunhofer FOKUS - Institute for Open Communication Systems; Kaiserin-Augusta-Allee 31, D-10589 Berlin, Germany
Abstract: Due to the considerable growth of Internet as well as its usage as a commercial platform, attacks against networks such as Distributed Denial of Service (DDoS) attacks, have emerged, with victims even among prestigious commercial sites. Such attacks in traditional networking are difficult to recognize and to handle. Managing them requires a network that can dynamically detect, share info, respond to event-triggered requests and proactively secure itself. We present here a community aware network security as well as hands on experience with a specific threat i.e. a DDoS scenario and attack response system approach. We demonstrate the dynamicity and flexibility of the community-aware networks in dealing with this kind of threats. The implementation is based on agent-enabled active networks and makes heavy use of the mobile agent technology in order to asynchronously respond to critical situations. Finally we comment on the pros and cons of our approach and discuss future directions that could be followed.
Keywords: Communication security, Internet, Blocking, Protection, Web site, Active telecommunication network, Cooperation, Intelligent agent, System architecture.
A survey of active and router-assisted reliable multicast solutions
Moufida MAIMOUR-BOUYOUCEF*, Congduc PHAM**
*L2TI, Institut Galilée, Université Paris XIII ; 99 Avenue Jean-Baptiste Clément 93430 Villetaneuse, France.
**INRIA RESO/LIP/CNRS/UCB Lyon, Ecole Normale Supérieure ; 46, Allée d'Italie, 69364 Lyon Cedex 07, France
Abstract: Group communications, so-called multicast communications, have been introduced as early as 1986 as an efficient way to distribute on a large-scale basis data packets on the whole Internet. With the emergence of new applications driven by the increase of bandwidth in the networks (such as grid computing, large database replication, etc.), reliable multicast is foreseen to be one of the most challenging technologies of the next generation Internet. However, group communications are much more complex than point-to-point communications and solutions that have been implemented and deployed in the unicast world for ensuring reliability can not be so simply applied to the multicast area. Recently, a new paradigm proposes to dynamically add additional functionalities into the routers, thus enabling a whole new range of distributed control mechanisms as opposed to the traditional end-to-end form of control. In this paper, we summarize the various active networking and router-assisted solutions for reliable multicast to avoid or limit the scalability problems of end-to-end approaches for loss recovery, congestion control and heterogeneity support. Then, with the hypothesis that active networking could be deployed on a large scale, we present how this technology could solve the remaining bottlenecks of multicast on wide-area networks.
Key words: Multicast, State of the art, Internet, Point to multipoint communication, Reliability, Active telecommunication network, Congestion control, ARQ, Heterogeneity.
A new architecture to control DiffServ networks based on active networks technology and policies
Mauro FONSECA*, Nazim AGOULMINE*,**, Yacine GHAMRI-DOUDANE*, Nadjib ACHIR*, Guy PUJOLLE*
* LIP6 - Université Pierre et Marie Curie ; 8, rue du capitaine Scott 75015 Paris, France
** LSC - Université d'Evry Val d'Essonne ; 40, rue du Pelvoux 94000 Evry, France
Abstract: The objective of this work is to propose an architectural solution to the very complex problem of DiffServ network management and control. Despite the fact that DiffServ offers a scalable QoS provisioning solution, it introduces a high complexity in term of its deployment due to the number of complex configurations to perform in the highly distributed and heterogeneous network environment. The proposed solution aims to take benefit from the scalability and flexibility properties of Active Network technology for distributing the control in large scale as well as the autonomic property of Policy Based Management to automate the distribution of these tasks in the operator network. This solution constitutes an alternative to the client/server approach generally used.
Key words: Active telecommunication network, Network management, Network architecture, Decision rule.
Applications based on active networks assessment and perspectives
Yvon GOURHANT*,Yannick CARLINET*, Bertrand MATHIEU*, Djamal-Eddine MEDDOUR*
* France Telecom, Division R&D - 2, avenue Pierre Marzin F-22307 - Lannion Cedex, France ; Tel : +33 2 96 05 39 53, Fax: +33 2 96 05 37 84
Abstract: Active network technologies, started by D. Tennenhouse's work at MIT in 1995 have led a lot of promises on the evolution of data networks. Active networks aim at integrating new application-level functionalities into active nodes within the network, in a flexible and extensible way. The research works on active networks have raised at the same time as the definition of new open network architectures (e.g., Tina model) and the deployment of intelligent networks merging telecom networks with distributed systems fields. This concept of "programmable networks" led to many technology-oriented projects, but has not identified relevant applications highlighting the benefits of the technology. During the three last years, our laboratory has tackled this gap and prototyped some use cases of open programmable networks. The paper gives an overview of each of these use cases and focuses on the integration with existing network elements both at transfer and management planes. Then it presents some assessments and perspectives. We show that programmable networks are optimizing globally resources to be deployed although they impose an overhead at node level, thanks to efficient integration choices. We present two scenarios of deployment of current programmable network platforms within the same network configuration than a real WAN network.
Key words: Active telecommunication network, Programmable equipment, Telecommunication service management, Packet transmission, Network architecture, Programming, Transcoding, Internet, Audiovisual service, World Wide Web, Access network.
Web services based active network architecture
Maroun CHAMOUN*, Rima KILANY*, Ahmed SERHROUCHNI**
* École Supérieure d'Ingénieurs de Beyrouth, Mar Roukos, Mkallès B.P. : 11-514, Liban
** GET/Télécom Paris, 46 rue Barrault, 75634 Paris Cedex 13, France
Abstract: This paper presents a novel active architecture for building and deploying network services : ASWA,Web Services based Active network Architecture. At the architectural level, ASWA defines an active node whose functionalities are divided into the Node Operating System, the Execution Environment, and the Active Applications. At the implementation level, ASWA is a Web Services based platform where new components could be added and deployed, in order to dynamically modify network nodes behavior. Applications can be developed with any language and communicate across heterogeneous environments, and across Internet and Intranet structures. At the deployment level ASWA uses an active node approach, and offers a controlled deployment mode. In terms of security, Authentication of deployed code and protection of the nodes is achieved by the use of HTTPS and the header extensions of the SOAP envelope. Finally to validate this architecture, ASWA defines a Firewall as an Active Application to secure the code deployment.
Key words : Active telecommunication network, Network architecture, Telecommunication service management, World Wide Web, Network routing, Firewall, Communication security.
One-time password-based high performance per-packet authentication for capsule networks
Takashi EGAWA*, Hideki OTSUKI**
* NEC System Platforms Research Laboratories, Shimonumabe 1753, Nakahara-Ku, Kawasaki, Kanagawa, 211-8666 Japan
** National Institute of Information and Communications Technology, 4-2-1, Nukui-Kitamachi, Koganei-shi, Tokyo, Japan
Abstract: Most traditional security for capsule-type active networks focused on node-level security mechanism that tries to restrict resource consumption of a packet at a node. Network level security mechanism, which restricts resource consumption in the whole network like ttl in ipv4, is also necessary for capsule. We propose high-performance per-packet authentication mechanism for this purpose. The proposed authentication mechanism uses packet-loss-resistant one-time password algorithm to avoid multiple packet exchanges between user terminals and routers. Since the address in a node where a packet's authentication data is stored can be easily calculated from the information contained in the packet, we can authenticate the packet without searching a database. The overhead in the packet for authentication information is 46 bytes, and a Linux PC with a 2.8 GHz Intel Pentium 4 processor can authenticate and process a packet in 22 ms, which corresponds to 45,000 authentications per second.
Key words : Active telecommunication network, Communication security, Packet transmission, Authentification, Computer security.
Flexibility and performance in software active routers for efficiently supporting services in gigabit networks
Jean-Patrick GELAS*, Laurent LEFÈVRE*
* INRIA RESO/Laboratoire LIP (UMR, CNRS, ENS Lyon, INRIA, UCB Lyon I) ; École Normale Supérieure de Lyon -
4b, allée d'Italie - 69364 Lyon Cedex 07 - France
Abstract: Providing execution environments able to efficiently support requirements of real networks remains a difficult task. This article proposes solutions for the design of a high performance software active node. Based on a multi-level architecture, this execution environment has been implemented as the Tamanoir environment. Experiments on local and wide-area platforms are described.
Key words: Active telecommunication network, Network router, Software, State of the art, Network architecture, Node, Programming environment, Experimentation, Experimental result, Transmission rate.
Iterative low-complexity receiver for the UMTS Downlink
Hatem BOUJEMAA*, Raphael VISOZ**, Antoine O. BERTHET***
* École Supérieure des Communications de Tunis, Route de raoued Km, 3.5, 2083 El Ghazala, Ariana, Tunisie.
** France Telecom R&D/DMR/IIM, 38-40 rue du Général-Leclerc 92794, Issy Moulineaux Cedex 9-France.
*** École Supérieure d'Electricité (SUPELEC), 3-5 rue Joliot Curie, Plateau de Moulon, 91192 Gif-sur-Yvette,France. .
Abstract: In this paper, an iterative low-complexity receiver is proposed for Code Division Multiple Access (CDMA) systems with small spreading factors. The UMTS (Universal Mobile Télecommunication System) radio interface based on CDMA has been designed to offer a wide range of data rates using variable spreading factors. High data rate services are obtained by using small spreading factors. For such services, the spreading sequences have bad autocorrelation properties causing the degradation of the Rake receiver performance because of the InterSymbol Interférence (ISI). In order to improve the receiver performance, we propose to add a Decision Feedback Sequence Estimation (DFSE) equalizer at the Rake receiver output. The DFSE is a low complexity equalizer which is able to take into account a priori probability ratios and to deliver a posteriori probability ratios on bits in order to exchange soft information with the channel decoder, so that the proposed receiver benefits from the turbo-processing gains. Channel estimation is also treated in an iterative fashion. The complete receiver is well suited to the UMTS downlink system as it drastically reduces the ISI while keeping a reasonable computational complexity. 1
Key words : UMTS, Receiver, Iteration, Code division multiple access, Spread spectrum, Intersymbol interference, Equalizer.
A sensitivity study for an indoor channel
Rodolphe VAUZELLE*,Yannis POUSSET*, Frédéric ESCARIEU*
* SIC FRE CNRS n° 2731, Université de Poitiers - Bât.SP2MI, Bd 3 Téléport 2, BP 30179 - 86960 Futuroscope Chasseneuil Cedex, France.
Abstract: The context of this paper is the 3D wave propagation simulation with a software based on a ray tracing technique in typical indoor environments. The presented works are complementary to these of the literature which propose the validation of a propagation model in comparison with measurements. Indeed, the presented study consists of a sensitivity analysis of an already validated propagation model. The considered parameters are electromagnetic, geometric and electric ; they directly intervene in the two parts of a simulation: the modelling of the wave propagation and of the environment. The aim of this study is to contribute to the setting up of parameterisation rules of a simulation software according to two criteria: the accuracy and the compromise between accuracy and computation time.
Key words : Indoor radiocommunication,Wave propagation, Radio wave, Ray tracing, Simulation, Sensitivity.
QoS-aware Handover control in current and future wireless/mobile networks
Hakima CHAOUCHI*
* Centre of Telecommunication research-CTR; King's College, University of London; Strand London WC2R 2LS - United Kingdom
Abstract: In this article we propose to enhance a handover management in a QoS and 4G based environments by providing a handover decision mechanism that considers QoS and other policies constraints. We introduce a policy based handover by combining the mobility management with the policy based architecture in order to achieve handovers that are triggered not only on the signal strength basis, but also on policy constraints such as cost, resource availability or load balancing. The policy based architecture will provide the handover triggering mechanism and the decision support related to the best next cell where the mobile node will move to. We also introduce mobility parameters in the Service Level Specification (SLS) that specifies the handover type, the accepted handover packet loss, and the accepted handover delay. Based on these SLS mobility parameters, the QoS service classes can be mapped to the smooth handover (minimum packet loss), the fast handover (minimum delay), or the seamless handover (fast and smooth).
Key words : Mobile radiocommunication, Réseau cellulaire, Radiocommunication handover, Network management, Packet transmission, Decision rule, Quality of service.
