Architecture of distributed network processors: specifics of application in information security systems

Size: px
Start display at page:

Download "Architecture of distributed network processors: specifics of application in information security systems"

Transcription

1 Architecture of distributed network processors: specifics of application in information security systems V.Zaborovsky, Politechnical University, Sait-Petersburg, Russia 1. Introduction Modern telematic networks or Internet are distributed hierarchical systems consisting of basic components: nodes and communication lines. Telematic network nodes are computers with network interfaces employed for data exchange. A node with several network interfaces is called the router or network processor (NP). Each NP interface is provided by one or several identifiers called addresses. There are several types of addresses: physical or MAC, network or IP, application or Port Number. The set of network addresses forms specific space with its topology and metric. Topology is the measure of nearness in the network. The metric is defined by communication line. If the number of addresses that connected by the line is more than two, the communication line is termed broadcasting. The number of communication lines determines the distance between nodes. The distance between the nodes without network addresses is undefined. By combining nodes into a telematic network, one can provide information exchange among computer applications, which are executed at the network nodes. Information exchange is based on forwarding and receiving network packets. A packet is a specific logical sequential/recursive structure, which is formed at network nodes to execute information exchange. The sequential part of this structure consists of two, header and payload, fields. The recursiveness of a packet stems from the fact that the payload itself may be another packet with its specific structure and addresses (Fig.1). A packet originating from an application running on a node and destined to node in different network, arrives at a NP and is forwarded by it to the appropriate network on the basis of destination addresses in the packet s header. Sequence of binary bits Fig.1. The lines in telematic network used for bits transmission only. No data processing is executed in a communication line itself. The processing culminates in selection of the NP network interface from which the packet will be sent into the network. Should the processing produce a decision not to send the packet into the network, it is assumed that the packet has reached the required network node, or it will be dropped. Thus, the basic functionality of a NP or router is determined by two sequential processing stages of packets after their arrival from a communication line, namely, store-and-forward. However, with extensively growing in size and shifting into more and more sophisticated applications, NP become more complex and incorporated new functionality. The hundreds of scientific papers are being published proposing changes to existing NP architecture or introducing new communication mechanisms. In practice only very few modifications to the current Internet are deployed. One reason is that most improvements require that current routers have to be replaced. We are considering here a new approach to selecting the NP architecture, by which extension of functional demands on the various packet processing stages in particular, those involved in addressing information security issues, is executed by distributing the procedures of their execution among different network devices. One of the key issues in this approach is that the devices logically belongs to one NP. The specific feature of this distribution lies in that it does not interfere with the existing address connections or routing policy among the network nodes. This means that new devices that do not change network address space supplement expensive routing equipment that is already in place. Using a special functioning mode called the stealth mode attains the address invariance of the transformation of NP under the extension of their functionality. 2. Trends in telematics systems progress As the data transfer rate over communication lines increases and the protocol spectrum broadens, we are witnessing a growth in demands on the performance of the NP employed in packet handling at network nodes. The architecture and specific features of operation of such processing engines has become a subject of a large number of studies [1--3]. Rather than drawing on a systematic analysis of the various specific requirements and design alternatives, however, most of these studies invoked the well-known results of application of multi-processor architectures to increasing the speed of data flow processing. The solutions proposed to improve the functionality of the router now include firewalls, network address translaters, means for implementing quality-ofservice (QoS) guarantees to different packets flows and other mechanisms. Such implementations based on several

2 primary operations with packets: parse, search, resolve, and modify (Fig.2). To implemented all this operations in real-time mode on general purpose processor (GPP) often becoming unfeasible due to performance requirements. This issue motivates solutions where packet-processing functionality of NP is implemented in specific pooled and pipeline hardware. Such a decision has restricted flexibility. Complex nature of packets operations favour software based implementations on GPP. To address these conflicting issues and organizing the stages in packet processing, recently a new store--process-and-forward scenario has been proposed. Fig.3. Fig.2. In a general case, all solutions may be separated in two classes. Grouped in the first class are the solutions aimed at boosting the pure router performance. The main parameters governing the router operation are the packet destination addresses, and, therefore, the solutions chosen are directed at accelerating data search in the router lookup tables. The second class of solutions involves implementation of various procedures without routing decisions: packet classification, data processing, providing the required QoS, bandwidth allocation, and so on. In principle, this separation of the handling processes permits one to break up the integrated performance of a NP into components that can be distributed among the individual processes. So, if a packet operation among such components occurs without the use of routing decision, they can be functionally assigned to communication lines. This approach modifies the basic network scenario from storeand-forward to process store-and-forward. This scenario offer a solution to providing necessary flexibility in telematic network by keeping basic routing operation, adding new functionality without changing network topology and redistributing computation power between all components of network. 3. Information security issues The principle underlying modern computer-based telecommunications is packet switching (Fig.3). In practice, this principle actually uses the open-system interaction (OSI) model to provide several control levels. At each level special data structures or packets are controlled by specific rules. The corresponding control processes can be broken down into the following stages: (1) collection of a data to be transmitted through the network; (2) configuring a structure to quantitatively determine the volume of the data to be transmitted; (3) attaching to the data a special header specifying the set of parameters to be used in handling the packet in network nodes; (4) formation of a frame meeting the requirements of the communication line hardware; and (5) frame transmission over the communication line connecting two network nodes. Packets are transmitted over network nodes of several types, more specifically, generation nodes, nodes handling packet headers only, and nodes to process both headers and data. The routing or selection of the interface where the packet is forwarded after processing is a process of a local character, i.e., it is executed on each network node through which a packet passes. Routing is based on the packet destination node address which is specified in the corresponding header field and on the lookup table relating the network node addresses to the router interface numbers. The above process is prone to various malicious actions which are capable of interfering with the standard procedure of packet transmission or of substituting packets on the way from their generation to reception. One can conceive of the following basic protection measures: (1) designing a special packet path through the network nodes which support processing rules denying

3 transmission of packets with preset addresses and header parameters; (2) executing the tunneling mode, in which the packet to be protected is transmitted in the data field of another network packet; and (3) using special packet transmission modes in which the header parameters are protected cryptographic algorithms. All these protective measures can be implemented by several means, which can be divided into methods of packet filtration, and of cryptographic data processing. The first group of methods protect the network address space by means of special NP called firewall network processors (FNP) [3]. In common configuration FNP does not becomes an end point of packet transmission and have to be installed in the network segments crossed by packet flows. These segments are customarily placed between the protected network and the interface of the router connected to this network. To keep the basic functionality of telematic network we need to have routing policy to be invariant to the place where FNP has been placed. It is possible if network metrics does not changes by FNP due to filtering interfaces have no physical and network addresses. Protective measures of the second type require designing special network gateways supporting the tunneling mode, with packet encoding being optional in this case. If such gateways are provided by routing functions, one of the promising network protocols may in this case be IPSec. This protocol permits different implementation possibilities one of which is based on approach that separate routing and cryptographic tasks between different processes which formed specific processor network connected by communication lines (Fig.4). While telecommunication industry featuring an excess throughput of physical lines, experiences nevertheless an ever-increasing demand for efficient packet processing methods. These demands have stimulated a broad spectrum of studies dealing with development of special NP for use in the network security systems. Development of such NPs should be carried out taking into account the trends predicting the growth of throughput of communication lines based on optical media and wave division multiplexing technologies. General solutions to the problem of boosting NP performance may be found in network technologies or by mean of spreading out needed power between different nodes. The well known possible means can be judiciously divided into the following groups: development of NPs based on parallel processors with a shared RAM; development of pipeline NPs with RAM resources distributed between different processing phases; hybrid network specific architectures, in which the stages of sequential and parallel processing are matched to the number of independent data flows. The efficiency of such solutions is fully determined by the specific algorithmic features of the problems to be solved and the way the relevant data are supplied. In the case of packet processing in network security systems, the factors of particular significance are: the parallel character of the flow in time space, in which the number of simultaneously processed connections depends on that of nodes with different network addresses, and the sequential character of packet transmission in network address space. Because the transmission of packets is executed in an asynchronous mode, i.e., it is initiated independently by each node, the number of logical connections passing through the routers is a random quantity obeying a fractal distribution function [4]. The packet switching processes having a complex character, the nominal number of parallel processors in the architecture of an NP does not determine fully its performance, so that the optimum number of pipeline processing stages depends on the actual character of the problem awaiting solution and, thus, can vary. All these factors stimulate a search for new approaches to a better organization of network packet processing. Fig Distributed NP architecture Development of NPs for security systems can be based on separation of packet processing functions into base and additional operations. Among the base operations is packet routing, and to the additional ones one could assign the other packet operations connected with extension of the NP functionality, for instance, packet filtration. The proposed separation permits one to consider a network node as a part of a special packet processing network. The connection topology of the processing devices should be such that packet transmission among them does not involve the addresses of the nodes included into the routing lookup table. Application of this approach to information security issues allows the use of the network control technologies based on the security through protection of protection devices system principle. This principle places the significance of the two key aspects of information security underlying standard Common Criteria, namely, functionality and

4 confidence, on equal footing. Adhering to this principle implies that the devices employed to protect information in a computer network should incorporate efficient mechanisms to ensure their own security in the stages of both development and operation itself. To reach this goal, one should undertake at several levels of OSI model measures which would make localization of the protection devices in the network address space by remote monitoring impossible. This concealment of functioning gives rise to a modification of the protection model using NP without addressing interfaces (NP in stealth mode), because most of the existing means of network attacks and destructive interference are based on remote neutralization of the devices employed to protect information resources in a network. or IP address space is the same on both sides of the firewall. Fig.6. Fig.5 Development of protective devices in the stealth mode with the use of distributed NPs becomes possible because such devices do not act in most of their operational regimes as sources or destinations of network packets. Therefore, network interfaces of these devices may have no physical or logical addresses altogether and, hence, transmission of IP packets or MAC frames through them becomes similar in character to their passing through a HUB or cable line segments used in packets exchange. To operate successfully, a NP should work like a sophisticated parallel bundle of network cables or a transparent but secure logical channel between the network nodes (Fig 5). The next step of decomposition based on sequential-parallel-sequential stages in packet-handling processes. This offers a possibility to cut packet delays in the packet reception and processing mode. Operation sequence in the second mode can be integrating into a specialized pipeline cluster and spread out between its nodes (Fig.6). In this scheme, a NP can either bridge or route traffic. In the first case, the NP functions as a layer-2 network bridge with IP transparent or stealth interfaces. This means that each interface has MAC address but network This method of concealing the network address of information protection devices, on the one hand, provides conditions necessary for execution of the protection functions, while on the other, because of the packet processing device network interfaces having no addresses, does not require any changes in the network connection topology and in the already accepted packet routing policy. Security devices based on the stealth technologies have a number of assets not only due to their concealed functioning but also from the standpoint of the scalability of performance and enhanced reliability of operation. The improved performance originates from the use of sequential/parallel character of the network traffic employed, where independent logical connections form through pipeline transmission of packets with definite addresses of message sources and receivers (fig.6). Operation with network devices based on IEEE Ethernet technologies in the stealth mode permits packet processing in the kernel of the built-in operating system without using the TCP/IP protocol stack. This method of processing reduces the packet buffering delay fluctuation level, which likewise improves concealment of the location of protection devices. 6. Conclusion Application of network processors with a distributed architecture broadens substantially the range of use of information protection systems in telematic networks. The concealed character of operation of the protection devices offers a possibility of integrating additional packet processing procedures into the standard switching process while not changing in any way the routing policy. Application of the stealth technology cuts the costs of network upgrading, because its implementation permits redistribution of the required processing power among various network devices. The NP clusterization technology

5 provides a possibility of scaling up the performance of network nodes and increase the overall system reliability. REFERENCES 1. Intel Corp. Intel Second Generation Network Processor,http://www.intel.com/design/network/produ cts/npfamily/ixp2400.htm 2. V.S. Zaborovsky «Multiscale Network Processes: Fractal and p-adic analysis», Proceedings of 10-th International Conference on telecommunications ICT`2003, University of Haute Alsace, Colmar, France, V.S. Zaborovsky, Y. A. Shemanin, Jim A.McCombs, A. Sigalov «Firewall Network Processors: Concept, Model and Platform», Proceedings of International Conference on Networking (ICN 04), Guadeloupe, N. O. Vil chevskii, V. S. Zaborovsky, V. E. Klavdiev, and Yu. A. Shemanin, Methods of Evaluating the Efficiency of Control and Protection of Traffic Connections in High-Speed Computer Networks, Proc. Conf. Mathematics and the Security of Information Technologies (MaBIT-03), Lomonosov MSU, October , 2003.

Distributed Security Appliances and their Configuration Methodology on the Basis of Information Access Policy

Distributed Security Appliances and their Configuration Methodology on the Basis of Information Access Policy Distributed Security Appliances and their Configuration Methodology on the Basis of Information Access Policy Vladimir Zaborovsky St.Petersburg Polytechnical University, Russia Infotelecom Center, vlad@rusnet.ru

More information

Computer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks

Computer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks Computer Networks Lecture 06 Connecting Networks Kuang-hua Chen Department of Library and Information Science National Taiwan University Local Area Networks (LAN) 5 kilometer IEEE 802.3 Ethernet IEEE 802.4

More information

Exhibit n.2: The layers of a hierarchical network

Exhibit n.2: The layers of a hierarchical network 3. Advanced Secure Network Design 3.1 Introduction You already know that routers are probably the most critical equipment piece in today s networking. Without routers, internetwork communication would

More information

Chapter 2 Network Devices

Chapter 2 Network Devices Chapter 2 Network Devices Objectives Explain the uses, advantages, and disadvantages of repeaters, hubs, wireless access points, bridges, switches, and routers Define the standards associated with wireless

More information

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK Contemporary Control Systems, Inc. Understanding Ethernet Switches and Routers This extended article was based on a two-part article that was

More information

Introduction to Local Area Networks

Introduction to Local Area Networks For Summer Training on Computer Networking visit Introduction to Local Area Networks Prepared by : Swapan Purkait Director Nettech Private Limited swapan@nettech.in + 91 93315 90003 Introduction A local

More information

Region 10 Videoconference Network (R10VN)

Region 10 Videoconference Network (R10VN) Region 10 Videoconference Network (R10VN) Network Considerations & Guidelines 1 What Causes A Poor Video Call? There are several factors that can affect a videoconference call. The two biggest culprits

More information

Data Communication Networks and Converged Networks

Data Communication Networks and Converged Networks Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous

More information

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

More information

Introduction to LAN Protocols

Introduction to LAN Protocols CHAPTER 2 Chapter Goals Learn about different LAN protocols. Understand the different methods used to deal with media contention. Learn about different LAN topologies. This chapter introduces the various

More information

Unit of Learning # 2 The Physical Layer. Sergio Guíñez Molinos sguinez@utalca.cl 2-2009

Unit of Learning # 2 The Physical Layer. Sergio Guíñez Molinos sguinez@utalca.cl 2-2009 Unit of Learning # 2 The Physical Layer Sergio Guíñez Molinos sguinez@utalca.cl 2-2009 Local Area Network (LAN) Redes de Computadores 2 Historic topologies more used in LAN Ethernet Logical Bus and Physical

More information

COMPUTER NETWORKS - LAN Interconnection

COMPUTER NETWORKS - LAN Interconnection LAN interconnection Telecommunication s Group firstname.lastname@polito.it http://www.telematica.polito.it/ COMPUTER NETWORKS - LAN interconnection- 1 Copyright Quest opera è protetta dalla licenza Creative

More information

Computer Networks Vs. Distributed Systems

Computer Networks Vs. Distributed Systems Computer Networks Vs. Distributed Systems Computer Networks: A computer network is an interconnected collection of autonomous computers able to exchange information. A computer network usually require

More information

Local-Area Network -LAN

Local-Area Network -LAN Computer Networks A group of two or more computer systems linked together. There are many [types] of computer networks: Peer To Peer (workgroups) The computers are connected by a network, however, there

More information

Computer Network. Interconnected collection of autonomous computers that are able to exchange information

Computer Network. Interconnected collection of autonomous computers that are able to exchange information Introduction Computer Network. Interconnected collection of autonomous computers that are able to exchange information No master/slave relationship between the computers in the network Data Communications.

More information

Internet Packets. Forwarding Datagrams

Internet Packets. Forwarding Datagrams Internet Packets Packets at the network layer level are called datagrams They are encapsulated in frames for delivery across physical networks Frames are packets at the data link layer Datagrams are formed

More information

Communication Networks. MAP-TELE 2011/12 José Ruela

Communication Networks. MAP-TELE 2011/12 José Ruela Communication Networks MAP-TELE 2011/12 José Ruela Network basic mechanisms Introduction to Communications Networks Communications networks Communications networks are used to transport information (data)

More information

LAN Switching. 15-441 Computer Networking. Switched Network Advantages. Hubs (more) Hubs. Bridges/Switches, 802.11, PPP. Interconnecting LANs

LAN Switching. 15-441 Computer Networking. Switched Network Advantages. Hubs (more) Hubs. Bridges/Switches, 802.11, PPP. Interconnecting LANs LAN Switching 15-441 Computer Networking Bridges/Switches, 802.11, PPP Extend reach of a single shared medium Connect two or more segments by copying data frames between them Switches only copy data when

More information

Computer Networking Networks

Computer Networking Networks Page 1 of 8 Computer Networking Networks 9.1 Local area network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as a home, school, office

More information

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs CHAPTER 6 VOICE COMMUNICATION OVER HYBRID MANETs Multimedia real-time session services such as voice and videoconferencing with Quality of Service support is challenging task on Mobile Ad hoc Network (MANETs).

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

EE4367 Telecom. Switching & Transmission. Prof. Murat Torlak

EE4367 Telecom. Switching & Transmission. Prof. Murat Torlak Packet Switching and Computer Networks Switching As computer networks became more pervasive, more and more data and also less voice was transmitted over telephone lines. Circuit Switching The telephone

More information

Communications and Computer Networks

Communications and Computer Networks SFWR 4C03: Computer Networks and Computer Security January 5-8 2004 Lecturer: Kartik Krishnan Lectures 1-3 Communications and Computer Networks The fundamental purpose of a communication system is the

More information

Introduction OSI Model Open Systems Interconnection OSI OSI Seven Layer Model

Introduction OSI Model Open Systems Interconnection OSI OSI Seven Layer Model OSI MODEL 1 Introduction Open Systems Interconnection Basic Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design.

More information

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above CCNA1 V3.0 Mod 10 (Ch 8) 1. How many bits are in an IP C. 64 2. What is the maximum value of each octet in an IP A. 28 55 C. 256 3. The network number plays what part in an IP A. It specifies the network

More information

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life Overview Dipl.-Ing. Peter Schrotter Institute of Communication Networks and Satellite Communications Graz University of Technology, Austria Fundamentals of Communicating over the Network Application Layer

More information

Stress Testing Switches and Routers

Stress Testing Switches and Routers Stress Testing Switches and Routers Rev 4 How to perform a simple stress test on a Layer 2 switch device step-by-step. APPLICATION NOTE The Xena testers can verify traffic forwarding performance, protocol

More information

APPLICATION NOTE 211 MPLS BASICS AND TESTING NEEDS. Label Switching vs. Traditional Routing

APPLICATION NOTE 211 MPLS BASICS AND TESTING NEEDS. Label Switching vs. Traditional Routing MPLS BASICS AND TESTING NEEDS By Thierno Diallo, Product Specialist Protocol Business Unit The continuing expansion and popularity of the Internet is forcing routers in the core network to support the

More information

PART II. OPS-based metro area networks

PART II. OPS-based metro area networks PART II OPS-based metro area networks Chapter 3 Introduction to the OPS-based metro area networks Some traffic estimates for the UK network over the next few years [39] indicate that when access is primarily

More information

Lecture 17 - Network Security

Lecture 17 - Network Security Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

ELEC3030 (EL336) Computer Networks. How Networks Differ. Differences that can occur at network layer, which makes internetworking difficult:

ELEC3030 (EL336) Computer Networks. How Networks Differ. Differences that can occur at network layer, which makes internetworking difficult: How Networks Differ Differences that can occur at network layer, which makes internetworking difficult: It is impossible to resolve all differences, and the solution is to take a simple approach (as in

More information

VoIP Reliability in Managed Service Deployments

VoIP Reliability in Managed Service Deployments 1 VoIP Reliability in Managed Service Deployments Technical White Paper Introduction This White Paper introduces the Aspen 365 family of network appliances and explains how service providers offering a

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

The IP Transmission Process. V1.4: Geoff Bennett

The IP Transmission Process. V1.4: Geoff Bennett The IP Transmission Process V1.4: Geoff Bennett Contents Communication Between Hosts Through a MAC Bridge Through a LAN Switch Through a Router The tutorial is divided into four sections. Section 1 looks

More information

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

MOC 6435A Designing a Windows Server 2008 Network Infrastructure MOC 6435A Designing a Windows Server 2008 Network Infrastructure Course Number: 6435A Course Length: 5 Days Certification Exam This course will help you prepare for the following Microsoft exam: Exam 70647:

More information

1. What was the first type of microcomputer network to be implemented? A. MAN B. WAN C. LAN D. PAN

1. What was the first type of microcomputer network to be implemented? A. MAN B. WAN C. LAN D. PAN CCNA 1 Module 2 1. What was the first type of microcomputer network to be implemented? A. MAN B. WAN C. LAN D. PAN 2. Using modem connections, how many modems would it take to allow connections from ten

More information

A Study of Network Security Systems

A Study of Network Security Systems A Study of Network Security Systems Ramy K. Khalil, Fayez W. Zaki, Mohamed M. Ashour, Mohamed A. Mohamed Department of Communication and Electronics Mansoura University El Gomhorya Street, Mansora,Dakahlya

More information

STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT

STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT 1. TIMING ACCURACY The accurate multi-point measurements require accurate synchronization of clocks of the measurement devices. If for example time stamps

More information

LAN Switching and VLANs

LAN Switching and VLANs 26 CHAPTER Chapter Goals Understand the relationship of LAN switching to legacy internetworking devices such as bridges and routers. Understand the advantages of VLANs. Know the difference between access

More information

ISO-OSI 7-Layer Network Architecture

ISO-OSI 7-Layer Network Architecture ISO-OSI 7-Layer Network Architecture This lecture introduces the ISO-OSI layered architecture of Networks. According to the ISO standards, networks have been divided into 7 layers depending on the complexity

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

AERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP

AERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP AERONAUTICAL COMMUNICATIONS PANEL (ACP) Working Group I - 7 th Meeting Móntreal, Canada 2 6 June 2008 Agenda Item x : ATN and IP Information Paper Presented by Naoki Kanada Electronic Navigation Research

More information

The OSI Model and the TCP/IP Protocol Suite

The OSI Model and the TCP/IP Protocol Suite The OSI Model and the TCP/IP Protocol Suite 1 Example 1 Assume Maria and Ann are neighbors with a lot of common ideas. However, Maria speaks only Spanish, and Ann speaks only English. Since both have learned

More information

Protocol Data Units and Encapsulation

Protocol Data Units and Encapsulation Chapter 2: Communicating over the 51 Protocol Units and Encapsulation For application data to travel uncorrupted from one host to another, header (or control data), which contains control and addressing

More information

High-Speed LANs Part III: LLC and Bridging

High-Speed LANs Part III: LLC and Bridging High-Speed LANs Part III: LLC and ridging Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 1-1 Overview

More information

Extending Networking to Fit the Cloud

Extending Networking to Fit the Cloud VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at

More information

Tutorial Questions EG/ES The tutorial questions illustrate the style of examination questions for EG/ES 3567.

Tutorial Questions EG/ES The tutorial questions illustrate the style of examination questions for EG/ES 3567. The tutorial questions illustrate the style of examination questions for EG/ES 3567. The paper will be of 3 hours duration, and each student should attempt four questions during this time. You should aim

More information

Performance Evaluation of Linux Bridge

Performance Evaluation of Linux Bridge Performance Evaluation of Linux Bridge James T. Yu School of Computer Science, Telecommunications, and Information System (CTI) DePaul University ABSTRACT This paper studies a unique network feature, Ethernet

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight

More information

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CET 2600 COURSE TITLE: Network Fundamentals PREREQUISITE(S): CTS 1131 and CTS 1133 COREQUISITE(S): STUDENT

More information

Network Services Internet VPN

Network Services Internet VPN Contents 1. 2. Network Services Customer Responsibilities 3. Network Services General 4. Service Management Boundary 5. Defined Terms Network Services Where the Customer selects as detailed in the Order

More information

2. What is the maximum value of each octet in an IP address? A. 128 B. 255 C. 256 D. None of the above

2. What is the maximum value of each octet in an IP address? A. 128 B. 255 C. 256 D. None of the above 1. How many bits are in an IP address? A. 16 B. 32 C. 64 2. What is the maximum value of each octet in an IP address? A. 128 B. 255 C. 256 3. The network number plays what part in an IP address? A. It

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features

High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features UDC 621.395.31:681.3 High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features VTsuneo Katsuyama VAkira Hakata VMasafumi Katoh VAkira Takeyama (Manuscript received February 27, 2001)

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc

Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc (International Journal of Computer Science & Management Studies) Vol. 17, Issue 01 Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc Dr. Khalid Hamid Bilal Khartoum, Sudan dr.khalidbilal@hotmail.com

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org

More information

IT4504 - Data Communication and Networks (Optional)

IT4504 - Data Communication and Networks (Optional) - Data Communication and Networks (Optional) INTRODUCTION This is one of the optional courses designed for Semester 4 of the Bachelor of Information Technology Degree program. This course on Data Communication

More information

TCP/IP Protocol Architecture. The Need For Protocol Architecture

TCP/IP Protocol Architecture. The Need For Protocol Architecture TCP/IP Protocol Architecture CSE 3213 Fall 2011 1 The Need For Protocol Architecture 1.) the source must activate communications path or inform network of destination 2.) the source must make sure that

More information

Data Communication and Computer Network

Data Communication and Computer Network 1 Data communication principles, types and working principles of modems, Network principles, OSI model, functions of data link layer and network layer, networking components, communication protocols- X

More information

Technology in Action. Alan Evans Kendall Martin Mary Anne Poatsy. Eleventh Edition. Copyright 2015 Pearson Education, Inc.

Technology in Action. Alan Evans Kendall Martin Mary Anne Poatsy. Eleventh Edition. Copyright 2015 Pearson Education, Inc. Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Eleventh Edition Technology in Action Chapter 10 Behind the Scenes: Networking and Security in the Business World 2 Chapter Topics Client/Server

More information

Wireless Home Networks based on a Hierarchical Bluetooth Scatternet Architecture

Wireless Home Networks based on a Hierarchical Bluetooth Scatternet Architecture Wireless Home Networks based on a Hierarchical Bluetooth Scatternet Architecture W. Lilakiatsakun'. 2, A. Seneviratne' I School of Electrical Engineering and Telecommunication University of New South Wales,

More information

Lecture 8. IP Fundamentals

Lecture 8. IP Fundamentals Lecture 8. Internet Network Layer: IP Fundamentals Outline Layer 3 functionalities Internet Protocol (IP) characteristics IP packet (first look) IP addresses Routing tables: how to use ARP Layer 3 functionalities

More information

ETHERNET ENCRYPTION MODES TECHNICAL-PAPER

ETHERNET ENCRYPTION MODES TECHNICAL-PAPER 1 ETHERNET ENCRYPTION MODES TECHNICAL-PAPER The CN series encryption platform is designed to secure information transmitted over a number of network protocols. The CN series encryptors secure Ethernet

More information

DdcServer Network Channel Bonding

DdcServer Network Channel Bonding Network Channel Bonding Project Date 2005 05 04 Reference Author ddcserver/networkbonding 2 Dr Terry Barnaby Introduction This document covers the possible network configurations to enable the use of multiple

More information

Three Key Design Considerations of IP Video Surveillance Systems

Three Key Design Considerations of IP Video Surveillance Systems Three Key Design Considerations of IP Video Surveillance Systems 2012 Moxa Inc. All rights reserved. Three Key Design Considerations of IP Video Surveillance Systems Copyright Notice 2012 Moxa Inc. All

More information

ADVANCED NETWORK CONFIGURATION GUIDE

ADVANCED NETWORK CONFIGURATION GUIDE White Paper ADVANCED NETWORK CONFIGURATION GUIDE CONTENTS Introduction 1 Terminology 1 VLAN configuration 2 NIC Bonding configuration 3 Jumbo frame configuration 4 Other I/O high availability options 4

More information

DESIGN AND VERIFICATION OF LSR OF THE MPLS NETWORK USING VHDL

DESIGN AND VERIFICATION OF LSR OF THE MPLS NETWORK USING VHDL IJVD: 3(1), 2012, pp. 15-20 DESIGN AND VERIFICATION OF LSR OF THE MPLS NETWORK USING VHDL Suvarna A. Jadhav 1 and U.L. Bombale 2 1,2 Department of Technology Shivaji university, Kolhapur, 1 E-mail: suvarna_jadhav@rediffmail.com

More information

White Paper. Requirements of Network Virtualization

White Paper. Requirements of Network Virtualization White Paper on Requirements of Network Virtualization INDEX 1. Introduction 2. Architecture of Network Virtualization 3. Requirements for Network virtualization 3.1. Isolation 3.2. Network abstraction

More information

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

More information

Protocols and Architecture. Protocol Architecture.

Protocols and Architecture. Protocol Architecture. Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between

More information

Computer Networks CS321

Computer Networks CS321 Computer Networks CS321 Dr. Ramana I.I.T Jodhpur Dr. Ramana ( I.I.T Jodhpur ) Computer Networks CS321 1 / 22 Outline of the Lectures 1 Introduction OSI Reference Model Internet Protocol Performance Metrics

More information

Converged Networks. Networks

Converged Networks. Networks Converged Networks Networks From Telecom to Datacom, Asynchronous Transfer Mode () From Datacom to Telecom, Multiprotocol Label Switching (MPLS) Further Convergence Evolving Networks OPTI 500, Spring 2011,

More information

Quality of Service in the Internet. QoS Parameters. Keeping the QoS. Traffic Shaping: Leaky Bucket Algorithm

Quality of Service in the Internet. QoS Parameters. Keeping the QoS. Traffic Shaping: Leaky Bucket Algorithm Quality of Service in the Internet Problem today: IP is packet switched, therefore no guarantees on a transmission is given (throughput, transmission delay, ): the Internet transmits data Best Effort But:

More information

Communication Systems Internetworking (Bridges & Co)

Communication Systems Internetworking (Bridges & Co) Communication Systems Internetworking (Bridges & Co) Prof. Dr.-Ing. Lars Wolf TU Braunschweig Institut für Betriebssysteme und Rechnerverbund Mühlenpfordtstraße 23, 38106 Braunschweig, Germany Email: wolf@ibr.cs.tu-bs.de

More information

Development of the FITELnet-G20 Metro Edge Router

Development of the FITELnet-G20 Metro Edge Router Development of the Metro Edge Router by Tomoyuki Fukunaga * With the increasing use of broadband Internet, it is to be expected that fiber-tothe-home (FTTH) service will expand as the means of providing

More information

BASIC ANALYSIS OF TCP/IP NETWORKS

BASIC ANALYSIS OF TCP/IP NETWORKS BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks

More information

Implementing VoIP support in a VSAT network based on SoftSwitch integration

Implementing VoIP support in a VSAT network based on SoftSwitch integration Implementing VoIP support in a VSAT network based on SoftSwitch integration Abstract Satellite communications based on geo-synchronous satellites are characterized by a large delay, and high cost of resources.

More information

Packet Switching Technologies (Part I)

Packet Switching Technologies (Part I) Packet Switching Technologies (Part I) Adapted from notes by Prof. Dileeka Dias Department of Electronic & Telecommunication Engineering University of Moratuwa A Switching Network Circuit Switching Call

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

hp ProLiant network adapter teaming

hp ProLiant network adapter teaming hp networking june 2003 hp ProLiant network adapter teaming technical white paper table of contents introduction 2 executive summary 2 overview of network addressing 2 layer 2 vs. layer 3 addressing 2

More information

Quality of Service Routing Network and Performance Evaluation*

Quality of Service Routing Network and Performance Evaluation* Quality of Service Routing Network and Performance Evaluation* Shen Lin, Cui Yong, Xu Ming-wei, and Xu Ke Department of Computer Science, Tsinghua University, Beijing, P.R.China, 100084 {shenlin, cy, xmw,

More information

Scaling 10Gb/s Clustering at Wire-Speed

Scaling 10Gb/s Clustering at Wire-Speed Scaling 10Gb/s Clustering at Wire-Speed InfiniBand offers cost-effective wire-speed scaling with deterministic performance Mellanox Technologies Inc. 2900 Stender Way, Santa Clara, CA 95054 Tel: 408-970-3400

More information

What is CSG150 about? Fundamentals of Computer Networking. Course Outline. Lecture 1 Outline. Guevara Noubir noubir@ccs.neu.

What is CSG150 about? Fundamentals of Computer Networking. Course Outline. Lecture 1 Outline. Guevara Noubir noubir@ccs.neu. What is CSG150 about? Fundamentals of Computer Networking Guevara Noubir noubir@ccs.neu.edu CSG150 Understand the basic principles of networking: Description of existing networks, and networking mechanisms

More information

Point-to-Point Vs. Shared Channel Communication In LANs Point-to-point:

Point-to-Point Vs. Shared Channel Communication In LANs Point-to-point: Point-to-Point Vs. Shared Channel Communication In LANs Point-to-point: Computers connected by communication channels that each connect exactly two computers with access to full channel bandwidth. Forms

More information

Vocia Network Communications

Vocia Network Communications Vocia Network Communications Vocia hardware is designed to communicate over an Ethernet network. The Vocia hardware will use, to varying degrees, CobraNet digital audio, raw Ethernet, and TCP/IP protocols

More information

A NOVEL RESOURCE EFFICIENT DMMS APPROACH

A NOVEL RESOURCE EFFICIENT DMMS APPROACH A NOVEL RESOURCE EFFICIENT DMMS APPROACH FOR NETWORK MONITORING AND CONTROLLING FUNCTIONS Golam R. Khan 1, Sharmistha Khan 2, Dhadesugoor R. Vaman 3, and Suxia Cui 4 Department of Electrical and Computer

More information

SBSCET, Firozpur (Punjab), India

SBSCET, Firozpur (Punjab), India Volume 3, Issue 9, September 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Layer Based

More information

Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview

Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview 2114 West 7 th Street Tempe, AZ 85281 USA Voice +1.480.333.2200 E-mail sales@comtechefdata.com Web www.comtechefdata.com Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview January 2014 2014

More information

Optimizing Data Center Networks for Cloud Computing

Optimizing Data Center Networks for Cloud Computing PRAMAK 1 Optimizing Data Center Networks for Cloud Computing Data Center networks have evolved over time as the nature of computing changed. They evolved to handle the computing models based on main-frames,

More information

The OSI and TCP/IP Models. Lesson 2

The OSI and TCP/IP Models. Lesson 2 The OSI and TCP/IP Models Lesson 2 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Introduction to the OSI Model Compare the layers of the OSI and TCP/IP

More information

Interconnection Networks. Interconnection Networks. Interconnection networks are used everywhere!

Interconnection Networks. Interconnection Networks. Interconnection networks are used everywhere! Interconnection Networks Interconnection Networks Interconnection networks are used everywhere! Supercomputers connecting the processors Routers connecting the ports can consider a router as a parallel

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

Data Link Protocols. TCP/IP Suite and OSI Reference Model

Data Link Protocols. TCP/IP Suite and OSI Reference Model Data Link Protocols Relates to Lab. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet, and the Point-to-Point Protocol (PPP). 1 TCP/IP Suite

More information

Network Simulation Traffic, Paths and Impairment

Network Simulation Traffic, Paths and Impairment Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating

More information