Recursive InterNetwork Architecture. A policy-based recursive approach to building a better Internet

Size: px
Start display at page:

Download "Recursive InterNetwork Architecture. A policy-based recursive approach to building a better Internet"

Transcription

1 Recursive InterNetwork Architecture A policy-based recursive approach to building a better Internet Abraham Matta College of Arts & Sciences Computer Science Boston University March

2 Collaborators q PhD Students: Yuefeng Wang Nabeel Akhtar q Alumni: Flavio Esposito, Exegy Karim Mattar, Akamai Vatche Ishakian, BBN Gowtham Boddapati, Akamai Gonca Gursun, Ozyegin U. (Turkey) Joseph Akinwumi q Faculty John Day Lou Chitkushev q Outside Collaborators: Eduard Grasa, i2cat, Spain Eleni Trouva, i2cat, Spain Steve Bunch, TRIA Network Systems Peter DeWolf, TRIA Miguel Ponce de Leon, TSSG, Ireland Patrick Phelan, x-tssg, Ireland Xavier Hesselbach-Serra, UPC, Spain Louis Pouzin, father of connectionless networking 2

3 What s wrong with Ad-Hoc Wireless Network Laptop today s Internet? Wireless Mesh Backbone Cell phone PDA Internet Cellular Data Network Mesh router with gateway Wireless Sensor Network Laptop Sensor Event VoIP + video/tv streaming Sensor PDA Base Station q The brave new world Cell phone larger scale, more diverse technologies new services: content-driven, cloud-based, context-aware, mobile, socially-driven, secure, profitable, q Custom point-solutions: No or little science q Lots of problems: Denial-of-service attacks, bad performance, hard to manage, 3 Sink

4 Questions q Is the Internet s architecture fundamentally broken that we need to clean slate? q Can we find a new architecture that is complete, yet minimal? If so, what is it? q Can we transition to it without requiring everyone to adopt it? q YES q RINA (Recursive InterNetwork Architecture)? Based on Networking is inter-process communication --Robert Metcalfe 72 q YES 4

5 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions

6 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions

7 Internet s view: one big, flat, open net Application Web, , ftp, Application Transport TCP, UDP, IP protocol Transport Network Network Network Data Link DL DL Data Link Physical PHY PHY Physical q There s no building block q The hour-glass model imposed a least common denominator q We named and addressed the wrong things (i.e., interfaces) 7

8 Internet s view: one big, flat, open net Application Web, , ftp, Application Transport Network Data Link Physical TCP, UDP, IP protocol Network DL DL PHY PHY Transport Network Data Link Physical q We exposed addresses to applications q We hacked in middleboxes q Built a network of boxes, rather than networks of processes 8

9 Ex1: Bad Addressing & Routing Want to send message to Bob Alice Bob à I 1 I 1 Bob ` multi-homed destination To: I 1 I 2 q Naming interfaces application bound to a path (point-of-attachment address) huge routing tables q Hard to deal with multihoming and mobility 9

10 Ex2: Ad hoc Scalability & Security Mapping Table can t initiate connection NAT, id A ß à B, id B A NAT B ` To: NAT, id A message To: B, id B message q Network Address Translator aggregates private addresses q NAT acts as firewall preventing attacks on private addresses & ports causing so-called layer violations q Hard to coordinate communication across domains when we want to 10

11 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions

12 Our Solution: divide-and-conquer [ReArch/CoNEXT 08] q Application processes communicate over Distributed IPC Facility (DIF) a distributed application that does IPC q DIF management is internal è better security q IPC processes are application processes to lower DIF s q Recurse as needed è better management & scalability q Well-defined interfaces è predictable service 12

13 Recursive Architecture based on IPC Base Repeat Case 2-DIF 1-DIF 0-DIF 0-DIF 0-DIF node 1 node 2 node 3 node 4 DIF = Distributed IPC Facility (locus of shared state=scope) Policies are tailored to scope of DIF 13

14 RINA allows scoping of services Application Web, , ftp, Transport TCP, UDP, Network IP Network DIF Data Link DL DL DIF Physical PHY PHY DIF Application Transport Network Data Link Physical q The DIF is the building block (layer) and can be composed A DIF has all that is needed to manage a network, i.e. it integrates routing, transport and management q E2E (end-to-end principle) is not relevant! Each DIF layer provides transport flow service/qos over its scope q IPv6 is/was a waste of time! Each DIF layer has its private addresses 14

15 What goes into a DIF? IPC Transfer Delimiting Transfer Relaying/ Muxing PDU Protection DTSV IPC Control RIB IPC Management q Processing at 3 timescales, decoupled by either a State Vector or a Resource Information Base IPC Transfer actually moves the data Applications, e.g., routing, resource allocation, access control, etc. Common Distributed Application Protocol IPC Control (optional) for transmission, error, flow control, etc. IPC Management for routing, resource allocation, locating applications, access control, monitoring lower layer, etc. 15

16 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions

17 Only one Data Transfer Protocol [NetDB 09, PFLDNeT 10] port-id Flow Allocation Local Mapping conn-id DIF q RINA decouples port allocation and access control from data synchronization and transfer q At each end, port and conn ID are allocated dynamically and bound to each other by management (using CDAP) in a hardstate fashion 17

18 Only one Data Transfer Protocol (2) port-id Local Mapping conn-id DIF q Once allocated, Data Transfer can start following Delta-t [Watson 81], a soft-state protocol Timers are necessary and sufficient for data synchronization and transfer Flows without data transfer control are UDP-like. Different policies support different requirements If there is a long idle period, conn state is discarded, but ports remain Conn IDs can be changed during data transfer and bound to same ports 18

19 RINA: Good Transport leads to Better Security [NPSec/ICNP 12] q In RINA, requesting applications never see addresses nor conn IDs No well-known ports Ports, dynamically allocated, are not part of conn IDs Service requested by application name Traditional port scanning attacks not possible Scanning application names is much more difficult, far larger name space port-id Local Mapping conn-id DIF 19

20 RINA: Good Transport leads to Better Security q In RINA, state of data transfer is soft, and conn IDs are allocated dynamically (and can change on the fly) Need to be authenticated and member of the DIF No explicit control messages to fabricate Conn IDs are hard to guess Conn opening and data transfer attacks are harder to mount port-id Local Mapping conn-id DIF 20

21 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions

22 Only One Application Protocol q For management applications, need only one stateless (soft-state) application protocol to access objects It does Read/Write, Create/Delete, Start/Stop q The objects are outside the protocol IPC Transfer Delimiting Transfer Relaying/ Muxing PDU Protection DTSV IPC Control RIB IPC Management Applications, e.g., routing, resource allocation, access control, etc. Common Distributed Application Protocol

23 RINA: Good Addressing private mgmt want to send message to Bob Bob Bob à B DIF B To: B DIF P q Each DIF is privately managed It assigns private node addresses to IPC processes It internally maps app/service name to node address An address is a synonym for an IPC process whose scope is limited to the DIF and may be structured to be useful within the DIF 23

24 RINA: Good Addressing recursive want to send message to Bob Bob DIF B To: B Bà P DIF P B and P are IPC processes on same system q Node address mapped to PoA (point-of-attachment) address q Roles are relative: node address is name for lower DIF, and PoA for higher DIF q Processes on a system are members of various DIF layers 24

25 RINA: Better Scalability & Security secure containers A relay B Public Internet Private Enterprise Network q Nothing more than applications establishing communication Authenticating that A is a valid member of the DIF Initializing it with current DIF information Assigning it an internal address for use in coordinating IPC This is enrollment, i.e., explicit negotiation to join DIF (access control) RINA decouples authentication from connection management and integrity/confidentiality 25

26 Good Design leads to Better Security q In RINA, underlying IPC processes must be authenticated to join DIF only insider attacks possible a hurdle that is not present in TCP/IP networks q Authentication and encryption are applied recursively no shim sublayers application process authentication module IPC process DIF integrity & confidentiality module 26

27 Good Design leads to Better Routing [FutureNet-III 10, WWIC 11, NoF 11, CC 12] source destination q Back to naming-addressing basics [Saltzer 82] Service/app name (location-independent) Node address (location-dependent) PoA address (path-dependent) Path q We clearly distinguish the last 2 mappings q Route: sequence of node addresses q Next-hop node address is mapped to PoA by lower DIF 27

28 Mobility is Inherent MH CH q Mobility is a dynamic form of multihoming q Mobile joins new DIF layers and leaves old ones q Local movement results in local routing updates 28

29 Mobility is Inherent CH q Mobility is a dynamic form of multihoming q Mobile joins new DIF layers and leaves old ones q Local movement results in local routing updates 29

30 Mobility is Inherent CH q Mobility is a dynamic form of multihoming q Mobile joins new DIF layers and leaves old ones q Local movement results in local routing updates 30

31 Simulation Results: RINA vs. LISP vs. [FutureNet-III 10, CC 12] RINA LISP LISP RINA q RINA inherently limits the scope of location update & inconsistency LISP (loc/id split): loc is still path-dependent! q RINA uses direct routing to destination node 31

32 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions

33 ProtoRINA [TR ,NSDI 13,GREE 13,GREE 14] q Overview Boston University s user-space prototype of the RINA architecture Experimental tool for new (non-ip) applications / policies Teaching tool for networking and distributed systems classes q Status cross-debugging with two other RINA prototypes (IRATI and TRIA) around 55,000 lines of Java code not complete; we continue to modify/add elements code and user manual available online 33

34 RINA Node q Distributed Application Facility (DAF): Distributed Application Processes cooperating to perform a certain function: communication, weather forecast, genomics, etc. q A DIF is a specific DAF whose job is only to provide IPC 34

35 IPC Process Provides communication service for application processes or higher level IPC processes 35

36 RINA API: IRM q Applications use it to allocate / deallocate flows, send / receive data, register / unregister their service 36

37 RINA API: RIB Daemon q Applications use this publish/subscribe API to access objects in a local RIB, or remote RIB (using CDAP) q Configuration files allow for selecting different policies (authentication, routing, etc.) 37

38 Dynamic Formation of a Virtual Private Cloud DIF App1 App2 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF q In RINA, Flow Allocation may involve instantiation of an underlying DIF, if one does not exist 38

39 Dynamic Formation of a Virtual Private Cloud DIF VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF q A new application acts as a relay IPC 39

40 Dynamic Formation of a Virtual Private Cloud DIF App1 Customer Application DAF App2 VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF 40

41 Policy-based Dynamic Service Management [TR ] App1 Customer Application DAF App2 VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF Layer/DIF Management Layer/DIF Management 41

42 Policy-based Dynamic Service Management Network Management App1 Customer Application DAF App2 VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF 42

43 Policy-based Dynamic Service Management App1 Customer Application DAF App2 Naming Management VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF 43

44 Policy-based Dynamic Service Management Application Management App1 Customer Application DAF App2 VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF 44

45 ProtoRINA over the GENI Testbed q Large-scale experimentation for correctness and performance q Run ProtoRINA within a long-lived slice over GENI researchers and educators can opt-in and experiment with programmable management policies 45

46 Example: One-level DIF Topology Node1 Node 2 App A App B Node A Node B Node C IPC 2 IPC 3 IPC 4 IPC 1 IPC 5 DIF IPC 6 IPC 7 IPC 8 Node D Node E Node F q Link-state updates sent every 10 seconds

47 Example: Two-level DIF Topology Node 1 Node 2 App A App B Node B DIF 5 IPC 14 IPC 13 IPC 16 IPC 15 Node A Node C IPC 2 IPC 3 IPC 4 IPC 5 IPC 6 IPC 1 DIF 1 DIF 2 IPC 12 DIF 4 IPC 11 IPC 10 IPC 9 IPC 8 Node D Node E Node F q 0-DIFs: Link-state updates sent every 10 seconds q 1-DIF: Link-state updates sent every 5 seconds IPC 7 DIF 3

48 GENI Resources q each RINA node on one VM from NYU aggregate nine VM s (one runs a naming service) 48

49 Effect of DIF Mgmt & Routing Policies Scoping (2-level DIF) yields faster convergence and less OOO packets with similar routing overhead* * Generally lower routing overhead for larger multi-level DIF topologies

50 How does RINA compare? q Related work: many, but not holistic We claim RINA is more complete and minimal RINA subsumes the mechanisms and policies of other architectural proposals q Security: DIF is a secure container of coordinated IPC processes RINA supports secure address spaces as in XIA q Manageability: DIF defines a scope that is locally managed RINA separates mechanisms from policies RINA has one recursive layer configurable with policies beyond middleware, tunneling, cross-layer approaches RINA supports virtual slices as in Nebula 50

51 How does RINA compare? (2) q Scalability: the multi-level DIF structure limits the scope of control and management Routing table size of a system depends on only those DIFs to which its IPC processes join q Content-based: service/app name is locationindependent, node address is not path-dependent beyond loc/id split approaches RINA supports multihoming and mobility as in Serval or Mobility-First, but inherently via local routing updates RINA supports content discovery as in NDN q Socially-driven / Cloud-based: DIF is dynamically formed to enable IPC among cloud / peer processes 51

52 How does RINA compare? (3) q Adoption: DIF is an overlay, internally managed using only two protocols: data transfer and management q Network neutrality: not relevant User has a choice of which DIF to join DIF differentiates its services via policies mechanisms are the same q Marketplace: individual services of DIFs can be (recursively) composed to offer new user services 52

53 References q q q q q q q [Book 08] John Day. "Patterns in Network Architecture: A Return to Fundamentals". Prentice Hall, Jan [ReArch/CoNEXT 08] John Day, Ibrahim Matta, and Karim Mattar. "Networking is IPC: A Guiding Principle to a Better Internet". In ReArch'08 (with CoNEXT), Madrid, SPAIN, Dec [NetDB 09] Karim Mattar, Ibrahim Matta, John Day, Vatche Ishakian, and Gonca Gursun. "Declarative Transport: A Customizable Transport Service for the Future Internet". In 5 th Int. Workshop on Networking Meets Databases (with SOSP), Big Sky, MT, Oct [PFLDNet 10] Gonca Gursun, Ibrahim Matta, and Karim Mattar. "On the Performance and Robustness of Managing Reliable Transport Connections". In 8 th Int. Workshop on Protocols for Future, Large-Scale and Diverse Network Transports, Lancester, PA, Nov [NPSec/ICNP 12] Gowtham Boddapati, John Day, Ibrahim Matta, and Lou Chitkushev. "Assessing the Security of a Clean-Slate Internet Architecture". In 7 th Workshop on Secure Network Protocols (with ICNP), Austin, Texas, Oct [FutureNet-III 10] Vatche Ishakian, Joseph Akinwumi, Ibrahim Matta. "On the Cost of Supporting Multihoming and Mobility". In 3 rd Int. Workshop on the Network of the Future (with GLOBECOM 2010), Miami, Florida, Dec [WWIC 11] Eleni Trouva, Eduard Grasa, John Day, Ibrahim Matta, Lou Chitkushev, Steve Bunch, Miguel Ponce de Leon, Patrick Phelan, and Xavier Hesselbach-Serra. "Transport over Heterogeneous Networks Using the RINA Architecture. In 9 th Int. Conference on Wired/ Wireless Internet Communications, Barcelona, SPAIN, June

54 References q q q q q q q [NoF 11] John Day, Eleni Trouva, Eduard Grasa, Patrick Phelan, Miguel Ponce de Leon, Steve Bunch, Ibrahim Matta, Lou Chitkushev, and Louis Pouzin. "Bounding the Router Table Size in an ISP Network using RINA". In 2 nd Int. Conference on Network of the Future, Universite Pierre et Marie Curie, Paris, FRANCE, Nov [CC 12] Vatche Ishakian, Joseph Akinwumi, Flavio Esposito, Ibrahim Matta. "On Supporting Mobility and Multihoming in Recursive Internet Architectures". Computer Communications, Volume 35 Issue 13, July [TR ] Yuefeng Wang, Flavio Esposito, Ibrahim Matta and John Day. Boston University s RINA Prototype: Programming Manual. Technical Report BUCS-TR , Boston University, [NSDI 13] Flavio Esposito, Yuefeng Wang, Ibrahim Matta and John Day. "Dynamic Layer Instantiation as a Service". Demo at USENIX Symp. on Networked Systems Design and Implementation, Lombard, IL, April [GREE 13] Yuefeng Wang, Flavio Esposito and Ibrahim Matta. "Demonstrating RINA using the GENI Testbed". In 2 nd GENI Research and Educational Experiment Workshop, Salt Lake City, Utah, Mar [GREE 14] Yuefeng Wang, Ibrahim Matta and Nabeel Akhtar. "Experimenting with Routing Policies using ProtoRINA over GENI". In 3 rd GENI Research and Educational Experiment Workshop, Atlanta, Georgia, Mar [TR ] Yuefeng Wang, Flavio Esposito, Ibrahim Matta and John Day. "RINA: An Architecture for Policy-Based Dynamic Service Management". Technical Report BUCS- TR , Boston University,

55 irati.eu pouzinsociety.org 55

Assessing the Security of a Clean-Slate Internet Architecture

Assessing the Security of a Clean-Slate Internet Architecture Assessing the Security of a Clean-Slate Internet Architecture Security as Byproduct of Decoupling Different Concerns GOWTHAM BODDAPATI Akamai Technologies Cambridge, MA gboddapa@akamai.com JOHN DAY Metropolitan

More information

Assessing the Security of a Clean-Slate Internet Architecture

Assessing the Security of a Clean-Slate Internet Architecture Assessing the Security of a Clean-Slate Internet Architecture Gowtham Boddapati John Day Ibrahim Matta Lou Chitkushev Metropolitan College College of Arts & Science Computer Science, Boston University

More information

Network Forensics in a Clean-Slate Internet Architecture

Network Forensics in a Clean-Slate Internet Architecture Network Forensics in a Clean-Slate Internet Architecture Tinus Strauss Department of Computer Science University of Pretoria, South Africa Email: tstrauss@cs.up.ac.za Martin S. Olivier Department of Computer

More information

Load Balancing in Recursive Networks using Whatevercast Names

Load Balancing in Recursive Networks using Whatevercast Names Load Balancing in Recursive Networks using Whatevercast Names E. Elahi, J. Barron, M. Crotty, Miguel Ponce de Leon and S. Davy Email: {eelahi, jbarron, mcrotty, miguelpdl, sdavy} @tssg.org Telecommunication

More information

IRATI - Investigating RINA as an Alternative to TCP/IP

IRATI - Investigating RINA as an Alternative to TCP/IP Títol de la presentació de powerpoint IRATI - Investigating RINA as an Alternative to TCP/IP FIRE Engineering Workshop, Ghent, Belgium November 6th, 2012 Sergi Figuerola Project coordinator Director @

More information

Experimental evaluation of a Recursive InterNetwork Architecture prototype

Experimental evaluation of a Recursive InterNetwork Architecture prototype Experimental evaluation of a Recursive InterNetwork Architecture prototype Sander Vrijders, Dimitri Staessens, Didier Colle (Ghent University iminds) Francesco Salvestrini, Vincenzo Maffione (Nextworks

More information

GENI Network Virtualization Concepts

GENI Network Virtualization Concepts GENI Network Virtualization Concepts Alexander Gall 22.2.2007 EFNI Workshop, Amsterdam 2007 SWITCH The GENI initiative GENI: Global Environment for Network Innovations. Initiative planned

More information

10CS64: COMPUTER NETWORKS - II

10CS64: COMPUTER NETWORKS - II QUESTION BANK 10CS64: COMPUTER NETWORKS - II Part A Unit 1 & 2: Packet-Switching Networks 1 and Packet-Switching Networks 2 1. Mention different types of network services? Explain the same. 2. Difference

More information

Internet Protocol (IP) IP - Network Layer. IP Routing. Advantages of Connectionless. CSCE 515: Computer Network Programming ------ IP routing

Internet Protocol (IP) IP - Network Layer. IP Routing. Advantages of Connectionless. CSCE 515: Computer Network Programming ------ IP routing Process Process Process Layer CSCE 515: Computer Network Programming ------ IP routing Wenyuan Xu ICMP, AP & AP TCP IP UDP Transport Layer Network Layer Department of Computer Science and Engineering University

More information

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX APPENDIX A Introduction Understanding TCP/IP To fully understand the architecture of Cisco Centri Firewall, you need to understand the TCP/IP architecture on which the Internet is based. This appendix

More information

Network Virtualization: A Tutorial

Network Virtualization: A Tutorial Network Virtualization: A Tutorial George N. Rouskas Department of Computer Science North Carolina State University http://rouskas.csc.ncsu.edu/ Network Virtualization: A Tutorial OFC 2012, March 2012

More information

BOSTON UNIVERSITY METROPOLITAN COLLEGE. Thesis PATTERNS IN NETWORK SECURITY: AN ANALYSIS OF ARCHITECTURAL COMPLEXITY IN SECURING

BOSTON UNIVERSITY METROPOLITAN COLLEGE. Thesis PATTERNS IN NETWORK SECURITY: AN ANALYSIS OF ARCHITECTURAL COMPLEXITY IN SECURING BOSTON UNIVERSITY METROPOLITAN COLLEGE Thesis PATTERNS IN NETWORK SECURITY: AN ANALYSIS OF ARCHITECTURAL COMPLEXITY IN SECURING RECURSIVE INTER-NETWORK ARCHITECTURE NETWORKS by JEREMIAH SMALL B.S., University

More information

CS 268: Lecture 5 (TCP/IP Architecture)

CS 268: Lecture 5 (TCP/IP Architecture) CS 268: Lecture 5 (TCP/IP Architecture) Ion Stoica February 1, 2006 The Problem Before Internet: different packet-switching networks (e.g., ARPANET, ARPA packet radio) - only nodes on the same network

More information

Mobility (and philosophical questions about names and identity) David Andersen CMU CS 15-744. The problem

Mobility (and philosophical questions about names and identity) David Andersen CMU CS 15-744. The problem Mobility (and philosophical questions about names and identity) David Andersen CMU CS 15-744 The problem How to support mobile users What do we mean by support? Make it easy and convenient to effectively

More information

Protocols. Packets. What's in an IP packet

Protocols. Packets. What's in an IP packet Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets

More information

MetroNet6 - Homeland Security IPv6 R&D over Wireless

MetroNet6 - Homeland Security IPv6 R&D over Wireless MetroNet6 - Homeland Security IPv6 R&D over Wireless By: George Usi, President, Sacramento Technology Group and Project Manager, California IPv6 Task Force gusi@sactechgroup.com Acknowledgement Reference:

More information

Network Security TCP/IP Refresher

Network Security TCP/IP Refresher Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014 Outline Network Reference Models Local Area Networks Internet Protocol (IP)

More information

Integrating Security, Mobility, and Multi-Homing in a HIP way

Integrating Security, Mobility, and Multi-Homing in a HIP way Integrating Security, Mobility, and Multi-Homing in a way Pekka Nikander Ericsson Research Nomadiclab & Helsinki Institute for Information Technology Outline The problem: TCP/IP is getting old Locators

More information

Networking Test 4 Study Guide

Networking Test 4 Study Guide Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.

More information

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall SOFTWARE ENGINEERING 4C03 Computer Networks & Computer Security Network Firewall HAO WANG #0159386 Instructor: Dr. Kartik Krishnan Mar.29, 2004 Software Engineering Department of Computing and Software

More information

AERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP

AERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP AERONAUTICAL COMMUNICATIONS PANEL (ACP) Working Group I - 7 th Meeting Móntreal, Canada 2 6 June 2008 Agenda Item x : ATN and IP Information Paper Presented by Naoki Kanada Electronic Navigation Research

More information

www.mindteck.com 6LoWPAN Technical Overview

www.mindteck.com 6LoWPAN Technical Overview www.mindteck.com 6LoWPAN Technical Overview 6LoWPAN : Slide Index Introduction Acronyms Stack Architecture Stack Layers Applications IETF documents References Confidential Mindteck 2009 2 6LoWPAN - Introduction

More information

CSE 3461 / 5461: Computer Networking & Internet Technologies

CSE 3461 / 5461: Computer Networking & Internet Technologies Autumn Semester 2014 CSE 3461 / 5461: Computer Networking & Internet Technologies Instructor: Prof. Kannan Srinivasan 08/28/2014 Announcement Drop before Friday evening! k. srinivasan Presentation A 2

More information

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2 1 ISTANBUL 1.1 MPLS overview 1 1.1.1 Principle Use of a ATM core network 2 Overlay Network One Virtual Circuit per communication No routing protocol Scalability problem 2 1.1.1 Principle Weakness of overlay

More information

12. Firewalls Content

12. Firewalls Content Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall

More information

Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.

Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch. Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.20 Long term and short term solutions to Internet scalability

More information

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT Track 2 Workshop PacNOG 7 American Samoa Firewalling and NAT Core Concepts Host security vs Network security What is a firewall? What does it do? Where does one use it? At what level does it function?

More information

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:

More information

Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation

Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu These slides are

More information

Validating the System Behavior of Large-Scale Networked Computers

Validating the System Behavior of Large-Scale Networked Computers Validating the System Behavior of Large-Scale Networked Computers Chen-Nee Chuah Robust & Ubiquitous Networking (RUBINET) Lab http://www.ece.ucdavis.edu/rubinet Electrical & Computer Engineering University

More information

Software Defined Networking & Openflow

Software Defined Networking & Openflow Software Defined Networking & Openflow Autonomic Computer Systems, HS 2015 Christopher Scherb, 01.10.2015 Overview What is Software Defined Networks? Brief summary on routing and forwarding Introduction

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

SBSCET, Firozpur (Punjab), India

SBSCET, Firozpur (Punjab), India Volume 3, Issue 9, September 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Layer Based

More information

SANE: A Protection Architecture For Enterprise Networks

SANE: A Protection Architecture For Enterprise Networks Fakultät IV Elektrotechnik und Informatik Intelligent Networks and Management of Distributed Systems Research Group Prof. Anja Feldmann, Ph.D. SANE: A Protection Architecture For Enterprise Networks WS

More information

Tomás P. de Miguel DIT-UPM. dit UPM

Tomás P. de Miguel DIT-UPM. dit UPM Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability

More information

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

CS 457 Lecture 19 Global Internet - BGP. Fall 2011 CS 457 Lecture 19 Global Internet - BGP Fall 2011 Decision Process Calculate degree of preference for each route in Adj-RIB-In as follows (apply following steps until one route is left): select route with

More information

Bit Chat: A Peer-to-Peer Instant Messenger

Bit Chat: A Peer-to-Peer Instant Messenger Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one

More information

SOFTWARE DEFINED NETWORKS REALITY CHECK. DENOG5, Darmstadt, 14/11/2013 Carsten Michel

SOFTWARE DEFINED NETWORKS REALITY CHECK. DENOG5, Darmstadt, 14/11/2013 Carsten Michel SOFTWARE DEFINED NETWORKS REALITY CHECK DENOG5, Darmstadt, 14/11/2013 Carsten Michel Software Defined Networks (SDN)! Why Software Defined Networking? There s a hype in the industry!! Dispelling some myths

More information

21.4 Network Address Translation (NAT) 21.4.1 NAT concept

21.4 Network Address Translation (NAT) 21.4.1 NAT concept 21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially

More information

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31 IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Design of a SIP Outbound Edge Proxy (EPSIP)

Design of a SIP Outbound Edge Proxy (EPSIP) Design of a SIP Outbound Edge Proxy (EPSIP) Sergio Lembo Dept. of Communications and Networking Helsinki University of Technology (TKK) P.O. Box 3000, FI-02015 TKK, Finland Jani Heikkinen, Sasu Tarkoma

More information

The TCP/IP Reference Model

The TCP/IP Reference Model The TCP/IP Reference Model The TCP/IP Model Comparison to OSI Model Example Networks The TCP/IP Model Origins from ARPANET, DoD research network ARPA - Advanced Research Projects Agency Reliability was

More information

Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation

Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu IEEE Distinguished

More information

COMPUTER NETWORKS LECTURES. DR.PETER G. GYARMATI Research professor. Lectures of P. G. Gyarmati 1. page 1999.-2006.

COMPUTER NETWORKS LECTURES. DR.PETER G. GYARMATI Research professor. Lectures of P. G. Gyarmati 1. page 1999.-2006. COMPUTER NETWORKS LECTURES DR.PETER G. GYARMATI Research professor Lectures of P. G. Gyarmati 1. page 1999.-2006. 1999.-2006. This page is intentionally left blank Lectures of P. G. Gyarmati 2. page 1999.-2006.

More information

G-Lab: A Future Generation Internet Research Platform

G-Lab: A Future Generation Internet Research Platform Institute of Computer Science Department of Distributed Systems Prof. G-Lab: A Future Generation Internet Research Platform www3.informatik.uni-wuerzburg.de Institute of Computer Science University of

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012

CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012 CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012 Important: The solutions to the homework problems from the course book have been provided by the authors.

More information

Facility Usage Scenarios

Facility Usage Scenarios Facility Usage Scenarios GDD-06-41 GENI: Global Environment for Network Innovations December 22, 2006 Status: Draft (Version 0.1) Note to the reader: this document is a work in progress and continues to

More information

Private Industry Role in Next Generation Internet. Bob Aiken. NGI Project Leader DOE er.doe..doe.gov Large Scale Networking Working Group June 1997

Private Industry Role in Next Generation Internet. Bob Aiken. NGI Project Leader DOE er.doe..doe.gov Large Scale Networking Working Group June 1997 Private Industry Role in Next Generation Internet Bob Aiken NGI Project Leader DOE aiken@er er.doe..doe.gov Large Scale Networking Working Group June 1997 NGI: Foundation for the Future Points to Remember

More information

Communications and Computer Networks

Communications and Computer Networks SFWR 4C03: Computer Networks and Computer Security January 5-8 2004 Lecturer: Kartik Krishnan Lectures 1-3 Communications and Computer Networks The fundamental purpose of a communication system is the

More information

Load Balancing. Final Network Exam LSNAT. Sommaire. How works a "traditional" NAT? Un article de Le wiki des TPs RSM.

Load Balancing. Final Network Exam LSNAT. Sommaire. How works a traditional NAT? Un article de Le wiki des TPs RSM. Load Balancing Un article de Le wiki des TPs RSM. PC Final Network Exam Sommaire 1 LSNAT 1.1 Deployement of LSNAT in a globally unique address space (LS-NAT) 1.2 Operation of LSNAT in conjunction with

More information

1.264 Lecture 37. Telecom: Enterprise networks, VPN

1.264 Lecture 37. Telecom: Enterprise networks, VPN 1.264 Lecture 37 Telecom: Enterprise networks, VPN 1 Enterprise networks Connections within enterprise External connections Remote offices Employees Customers Business partners, supply chain partners Patients

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Layered Architectures and Applications

Layered Architectures and Applications 1 Layered Architectures and Applications Required reading: Garcia 2.1, 2.2, 2.3 CSE 3213, Fall 2010 Instructor: N. Vlajic 2 Why Layering?! 3 Montreal London Paris Alice wants to send a mail to Bob and

More information

Internet Peering, IPv6, and NATs. Mike Freedman V22.0480-005 Networks

Internet Peering, IPv6, and NATs. Mike Freedman V22.0480-005 Networks Internet Peering, IPv6, and NATs Mike Freedman V22.0480-005 Networks Internet Peering Review: Routing Internet has a loose hierarchy of domains Hosts now local router Local routers know site routers Site

More information

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date IPv4 and IPv6 Integration Formation IPv6 Workshop Location, Date Agenda Introduction Approaches to deploying IPv6 Standalone (IPv6-only) or alongside IPv4 Phased deployment plans Considerations for IPv4

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

IP Subnetting and Addressing

IP Subnetting and Addressing Indian Institute of Technology Kharagpur IP Subnetting and Addressing Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Kharagpur Lecture 6: IP Subnetting and Addressing

More information

Internet Ideal: Simple Network Model

Internet Ideal: Simple Network Model Middleboxes Reading: Ch. 8.4 Internet Ideal: Simple Network Model Globally unique identifiers Each node has a unique, fixed IP address reachable from everyone and everywhere Simple packet forwarding Network

More information

Internet Architecture

Internet Architecture Internet Architecture CSE 561 Lecture 2, Spring 2002 David Wetherall The OSI layering Model End host Application Presentation Session Top four layers are end-to-end Lower 3 layers are peer-to-peer End

More information

Cisco PIX vs. Checkpoint Firewall

Cisco PIX vs. Checkpoint Firewall Cisco PIX vs. Checkpoint Firewall Introduction Firewall technology ranges from packet filtering to application-layer proxies, to Stateful inspection; each technique gleaning the benefits from its predecessor.

More information

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015 Distributed Systems 23. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2015 November 17, 2015 2014-2015 Paul Krzyzanowski 1 Motivation Serving web content from one location presents

More information

Why ISPs need SDN: SDN-based Network Service Chaining and Software-defined Multicast

Why ISPs need SDN: SDN-based Network Service Chaining and Software-defined Multicast Why ISPs need SDN: SDN-based Network Chaining and Software-defined Multicast ZKI Herbsttagung, Kaiserslautern, Germany, 24. Sept. 2014 Jeremias Blendin, Julius Rückert, David Hausheer Department of Electrical

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

Plutarch: An Argument for Network Pluralism

Plutarch: An Argument for Network Pluralism Plutarch: An Argument for Network Pluralism Andrew Warfield andrew.warfield@cl.cam.ac.uk Jon Crowcroft, Steven Hand, and Andrew Warfield University of Cambridge Richard Mortier Microsoft Research Cambridge

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Internet Infrastructure Measurement: Challenges and Tools

Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Outline Motivation Challenges Tools Conclusion Why Measure? Why Measure? Internet, with

More information

Internet inter-as routing: BGP

Internet inter-as routing: BGP Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means to: 1. Obtain subnet reachability information from neighboring ASs. 2. Propagate the reachability

More information

INTRODUCTION TO NETWORK VIRTUALIZATION

INTRODUCTION TO NETWORK VIRTUALIZATION 1 INTRODUCTION TO NETWORK VIRTUALIZATION Wednesday, May 14, 2008 Mosharaf Chowdhury Member, envy Project What is Virtualization? 2 Transparent abstraction of computing platform and resources Multiple logical

More information

What would you like to protect?

What would you like to protect? Network Security What would you like to protect? Your data The information stored in your computer Your resources The computers themselves Your reputation You risk to be blamed for intrusions or cyber

More information

The Purpose of a SIP-Aware Firewall/ALG

The Purpose of a SIP-Aware Firewall/ALG NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application

More information

Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks

Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Introduction Issues Design Goals Classifications TCP Over Ad Hoc Wireless Networks Other Transport Layer Protocols Security

More information

Topics. Computer Networks. Let s Get Started! Computer Networks: Our Definition. How are Networks Used by Computers? Computer Network Components

Topics. Computer Networks. Let s Get Started! Computer Networks: Our Definition. How are Networks Used by Computers? Computer Network Components Topics Use of networks Network structure Implementation of networks Computer Networks Introduction Let s Get Started! Networking today: Where are they? Powerful computers are cheap Networks are everywhere

More information

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 This example explains how to configure pre-shared key based simple IPSec tunnel between NetScreen Remote Client and RN300 VPN Gateway.

More information

Kick starting science...

Kick starting science... Computer ing (TDDD63): Part 1 Kick starting science... Niklas Carlsson, Associate Professor http://www.ida.liu.se/~nikca/ What do you have in the future? What do you have in the future? How does it keep

More information

Data Communication Networks Introduction

Data Communication Networks Introduction Data Communication Networks Introduction M. R. Pakravan Department of Electrical Engineering Sharif University of Technology Data Networks 1 Introduction The course introduces the underlying concepts and

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

Network performance in virtual infrastructures

Network performance in virtual infrastructures Network performance in virtual infrastructures A closer look at Amazon EC2 Alexandru-Dorin GIURGIU University of Amsterdam System and Network Engineering Master 03 February 2010 Coordinators: Paola Grosso

More information

CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required

CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required Current Catalog Description: Computer network architectures and their application to industry needs.

More information

Firewalls CSCI 454/554

Firewalls CSCI 454/554 Firewalls CSCI 454/554 Why Firewall? 1 Why Firewall (cont d) w now everyone want to be on the Internet w and to interconnect networks w has persistent security concerns n can t easily secure every system

More information

Communication Networks. MAP-TELE 2011/12 José Ruela

Communication Networks. MAP-TELE 2011/12 José Ruela Communication Networks MAP-TELE 2011/12 José Ruela Network basic mechanisms Network Architectures Protocol Layering Network architecture concept A network architecture is an abstract model used to describe

More information

(Refer Slide Time: 02:17)

(Refer Slide Time: 02:17) Internet Technology Prof. Indranil Sengupta Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No #06 IP Subnetting and Addressing (Not audible: (00:46)) Now,

More information

Does SDN accelerate network innovations? Example of Flexible Service Creation

Does SDN accelerate network innovations? Example of Flexible Service Creation Does SDN accelerate network innovations? Example of Flexible Service Creation Andreas Gladisch VP Convergent Networks and Infrastructure, Telekom Innovation Labs 24.10.2012 Do you know what this is? Zuse

More information

Distributed Authentication Mechanism for Mobile IP Route Optimization

Distributed Authentication Mechanism for Mobile IP Route Optimization Distributed Authentication Mechanism for Mobile IP Route Optimization Neeraj Jaggi Department of ECSE Rensselaer Polytechnic Institute jaggin@rpi.edu Koushik Kar Department of ECSE Rensselaer Polytechnic

More information

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Why SSL is better than IPsec for Fully Transparent Mobile Network Access Why SSL is better than IPsec for Fully Transparent Mobile Network Access SESSION ID: SP01-R03 Aidan Gogarty HOB Inc. aidan.gogarty@hob.de What are we all trying to achieve? Fully transparent network access

More information

ProCurve Networking IPv6 The Next Generation of Networking

ProCurve Networking IPv6 The Next Generation of Networking ProCurve Networking The Next Generation of Networking Introduction... 2 Benefits from... 2 The Protocol... 3 Technology Features and Benefits... 4 Larger number of addresses... 4 End-to-end connectivity...

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

VPN Lesson 2: VPN Implementation. Summary

VPN Lesson 2: VPN Implementation. Summary VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users

More information

Security principles Firewalls and NAT

Security principles Firewalls and NAT Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network

More information

Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) 8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

From Active & Programmable Networks to.. OpenFlow & Software Defined Networks. Prof. C. Tschudin, M. Sifalakis, T. Meyer, M. Monti, S.

From Active & Programmable Networks to.. OpenFlow & Software Defined Networks. Prof. C. Tschudin, M. Sifalakis, T. Meyer, M. Monti, S. From Active & Programmable Networks to.. OpenFlow & Software Defined Networks Prof. C. Tschudin, M. Sifalakis, T. Meyer, M. Monti, S. Braun University of Basel Cs321 - HS 2012 (Slides material from www.bigswitch.com)

More information