1 TCP/IP based TML (Transport Mapping Layer) for ForCES Protocol Hormuzd Khosravi Shuchi Chawla Furquan Ansari Jon Maloy 62 nd IETF Meeting, Minneapolis.

Slides:



Advertisements
Similar presentations
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Advertisements

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
1 o Two issues in practice – Scale – Administrative autonomy o Autonomous system (AS) or region o Intra autonomous system routing protocol o Gateway routers.
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
By Ram Gopal, Alex Audu, Chaoping Wu, Hormuzd Khosravi Forwarding and Control Element Protocol (FACT)
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Module 5: Configuring Access for Remote Clients and Networks.
Review of Important Networking Concepts
Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.
Unicast Routing Protocols: RIP, OSPF, and BGP
Multicast Communication
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Lecture 8 Modeling & Simulation of Communication Networks.
VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Guide to TCP/IP, Third Edition
ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.
Chapter 4: Managing LAN Traffic
Communications Recap Duncan Smeed. Introduction 1-2 Chapter 1: Introduction Our goal: get “feel” and terminology more depth, detail later in course.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
11-01-K.Steenhaut & J.Tiberghien - VUB 1 Telecommunications Concepts Chapter 4.2 IPv4 and Other Networks.
The Network Layer. Network Projects Must utilize sockets programming –Client and Server –Any platform Please submit one page proposal Can work individually.
Chapter 22 Network Layer: Delivery, Forwarding, and Routing
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.
ES Module 4 Transport Layer Protocols. Last Lecture(s) Routing and IP Addressing Domain Name System.
Guide to TCP/IP, Third Edition Chapter 10: Routing in the IP Environment.
1 CMPT 471 Networking II IGMP (IPv4) and MLD (IPv6) © Janice Regan,
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
Transmission Control Protocol TCP. Transport layer function.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Unicast Routing Protocols.
CCNA 3 Week 9 VLAN Trunking. Copyright © 2005 University of Bolton Origins Dates back to radio and telephone Trunk carries multiple channels over a single.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
5: Link Layer Part Link Layer r 5.1 Introduction and services r 5.2 Error detection and correction r 5.3Multiple access protocols r 5.4 Link-Layer.
1 TCP/IP based TML for ForCES Protocol Hormuzd Khosravi Furquan Ansari Jon Maloy 61 st IETF Meeting, DC.
Link Layer5-1 Synthesis: a day in the life of a web request  journey down protocol stack complete!  application, transport, network, link  putting-it-all-together:
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
RFC 3964 Security Considerations for 6to4 Speaker: Chungyi Wang Adviser: Quincy Wu Date:
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
By Alex Audu, Jamal H. Salim, Avri Doria Forces-IPTML Design.
Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.
By Alex Audu Forces-PL Design Criteria. NOKIA RESEARCH CENTER / BOSTON NE (Network Element) WITH STATE NE (Network Element) WITH STATE  Importance of.
Jon Maloy, Ericsson Steven Blake, Modularnet Maarten Koning, WindRiver Jamal Hadi Salim,Znyx Hormuzd Khosravi,Intel draft-maloy-tipc-01.txt TIPC as TML.
Teacher:Quincy Wu Presented by: Ying-Neng Hseih
Internet Protocol Storage Area Networks (IP SAN)
1 TIPC based TML for ForCES Protocol Jon Maloy Shuchi Chawla Hormuzd Khosravi Furquan Ansari Jamal Hadi Salim 63 rd IETF Meeting, Paris.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.
1 Kyung Hee University Chapter 11 User Datagram Protocol.
© 2007 EMC Corporation. All rights reserved. Internet Protocol Storage Area Networks (IP SAN) Module 3.4.
Multicasting EECS June Multicast One-to-many, many-to-many communications Applications: – Teleconferencing – Database – Distributed computing.
TCP/IP PROTOCOL UNIT 6. Overview of TCP/IP Application FTP, Telnet, SMTP, HTTP.. Presentation Session TransportHost-to-HostTCP, UDP NetworkInternetIP,
Process-to-Process Delivery:
Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.
Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.
Booting up on the Home Link
A quick intro to networking
IP - The Internet Protocol
IT443 – Network Security Administration Instructor: Bo Sheng
What’s “Inside” a Router?
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Chapter 14 User Datagram Protocol (UDP)
16EC Computer networks unit II Mr.M.Jagadesh
Presentation transcript:

1 TCP/IP based TML (Transport Mapping Layer) for ForCES Protocol Hormuzd Khosravi Shuchi Chawla Furquan Ansari Jon Maloy 62 nd IETF Meeting, Minneapolis

2 Topics  TCP/IP TML Overview  CE-FE Communication Channels  Unicast and Multicast Messaging  TML Messaging  TML Service Interface  TML Service Interface Usage –Channel Setup –Multicast Support  Opens  Summary

3 TCP/IP TML Overview  Reliability: TCP/IP as transport provides reliability  Congestion Control: TCP/IP as transport provides congestion control  Security: Use of TLS provides desired security  Addressing: –Unicast: standard use of TCP/IP channels –Multicast: simulated over unicast channels

4 TCP/IP TML Overview (contd.)  Prioritization: –Scheduling within TML over a channel –Use of separate data and control channels  Encapsulations: Propose use of a TML header for PL messages and messages it generates [requirement for a TML header under investigation]  High Availability: –TML Heartbeats [under investigation, may not be required if PL heartbeat exists] –Channels setup between active and standby CEs to an FE  Protection (Mitigation) Against DoS Attacks: –Separation of data and control messaging via use of separate channels –Prioritization of control messages

5 CE-FE Communication Channels CE TML (Server) FE TML (Client) TCP Control Channel (Cc) TCP Data Channel (Cd) FE PL FE TML (Client) FE PL FE TML (Client) FE PL CE PL TCP Control Channel TCP Data Channel FE 1 FE 2 FE N

6 CE-FE Communication Channels (contd.)  Separate control and data channels  CE listens for channel setup by FE on well- defined (server) port  Channel setup initiated by FE (client)  Channel shutdown may be initiated by either CE or FE  Control and data channels between each CE (active/standby) and each FE  Prioritization of messages over the channels

7 Unicast and Multicast Messaging  Unicast and multicast messaging supported over unicast communication channels  Simulated Multicast Support: –Multicast join/leave messages sent over control channel [under investigation: model may change from receiver initiated to CE configured] –Using multiple unicast channels  Mimic behavior of Traditional Multicast: –Multicast group information obtained through configuration –Receiver initiated multicast tree setup [under investigation: model may change from receiver initiated to CE configured] –CE: root/source of multicast tree –FE: leaf/receiver of multicast tree

8 Unicast and Multicast Messaging  Unicast versus multicast message distinguished via the channel/group descriptor used when sending message

9 TML Messaging  TML transports: –PL control messages –PL data messages –TML control messages [under investigation if any control messages are required – may be transported over a separate TML control channel]  Minimal/Shim TML Header used for de-multiplexing messages [under investigation if TML header is required] –Flag: Protocol flag for de-muxing PL/TML messages –Version: TML Version –Message Type: Different TML Messages (e.g. Join/Leave) –Message length: Length of TML message only (not of entire payload)

10 TML Service Interface  Provides a service interface to an upper layer protocol (PL)  Support for: –Channel setup and shutdown –Multicast group join and leave –Write/send message (unicast or multicast) –Read/receive message

11 TML Service Interface (contd.)  tmlInit: Enable establishment of channels. [CE]  tmlOpen: Set up a unicast channel. [FE]  tmlClose: Shut down a unicast channel. [CE or FE]  tmlWrite: Send a message over a channel. [CE or FE]  tmlRead: Read a message over a channel. [CE or FE]  tmlMulticastGroupJoin: Join a multicast group. [FE]  tmlMulticastGroupLeave: Leave a multicast group joined previously. [FE]

12 TML Service Interface Usage: Channel Setup FE PLFE TMLCE TMLCE PL tmlInit (Cc) tmlInit (Cd) tmlOpen(Cc) TCP ctrl chan (Cc) setup CcDes Association, capability, topology info Setup control channel Setup data channel CE init/ boot up STEADY STATE OPERATION tmlEvent (CcUp) CcDes tmlEvent (CcUp) tmlOpen(Cd) TCP data chan (Cd) setup CdDes tmlEvent (CdUp) CdDes tmlEvent (CdUp) tmlWrite (CcDes) tmlRead(CcDes)

13 TML Service Interface Usage: Multicast Support [under investigation] FE1 PLFE1 TMLCE TMLCE PL tmlMcGrpJoin Multicast group join Join multicast group STEADY STATE OPERATION Join upcall Grp X = {FE1} Join ok tmlWrite (X) Write to McGrp X  msg sent to FE1 only FE2 PLFE2 TMLCE TMLCE PL tmlMcGrpJoin Multicast group join Join multicast group Join upcall Grp X = {FE1, FE2} Join ok tmlWrite (X) Write to McGrp X  msg sent to FE1 and FE2 1 st join req. for McGrp. Create grp. 2 nd join req. for McGrp X. Update grp. members

14 TML Service Interface Usage: Multicast Support (contd.) [under investigation] FE2 PLFE2 TMLCE TMLCE PL tmlMcGrpLeave Multicast group leave Leave multicast group STEADY STATE OPERATION Leave upcall Grp X = {FE1} Leave ok tmlWrite (X) Write to McGrp X  msg sent to FE1 only Update grp. members

15 Opens/Under investigation  Broadcast messaging model  Detailed High Availability model  Details on message prioritization  TML Messaging/Encapsulations: Are TML control messages required?  Multicast Model: Receiver initiated versus CE configured

16 Summary  TCP/IP based TML for ForCES protocol: –TCP/IP is widely deployed and meets TML requirements  Provides a Service Interface for PL  Areas missing in previous draft that have been addressed in this version: –Connection setup –Uni/Multicast support –TML messaging/encapsulations –Service Interface  Request: “TCP/IP based TML for ForCES Protocol” be made a Working Group draft

17 Backup

18 Problem Statement  Requirements RFC 3654 – “Protection against Denial of Service Attacks (based on CPU overload or queue overflow) - Systems utilizing the ForCES protocol can be attacked using denial of service attacks based on CPU overload or queue overflow. The ForCES protocol could be exploited by such attacks to cause the CE to become unable to control the FE or appropriately communicate with other routers and systems. The ForCES protocol MUST therefore provide mechanisms for controlling FE capabilities that can be used to protect against such attacks. FE capabilities that MUST be manipulated via ForCES include the ability to install classifiers and filters to detect and drop attack packets, as well as to be able to install rate limiters that limit the rate of packets which appear to be valid but may be part of an attack (e.g., bogus BGP packets).”

19 Possible Solutions  Basic Idea – Separation of data and control messages –Data messages are control protocol packets such as RIP, OSPF, BGP packets. All other messages considered control messages  Solution 1 – Different Transport connections –Use different congestion aware transport protocol connections for data and control messages  Solution 2 – Different Prioritization –Assign higher priority to control messages and use scheduling mechanisms in protocol to differentiate

20 Experimental Setup  Used IXIA box as packet generator and Linux PCs as CE, FE connected using 100 Mbps Ethernet links  Basic implementation consisting of multi-threaded client/server on Linux using pthreads (RR scheduling for threads)  Increased data connection rate to simulate DoS Attack

21 Experimental Results  Using TCP for control and UDP for data messages (with and without prioritization for control)  Results show UDP (data) overwhelms TCP (control) traffic during DoS attack, prioritization of No help  With Prioritization

22 Experimental Results (contd..)  Using TCP for control and TCP for data messages (with and without prioritization for control  Results show control traffic is not overwhelmed by data traffic during DoS attack, prioritization helps improve the performance (by 5%)  With Prioritization

23 Protocol for Data Channel  May need further investigation  Other options: –Datagram Congestion Control Protocol (DCCP) –Provides congestion control but not reliable (which satisfies requirements for data channel) –Experimented with this but no stable implementation available at this point –Generic Routing Encapsulation (GRE) Tunneling –Encapsulate data packets in a GRE header  data channel is a GRE tunnel –Rate limiting may be done by the FE to provide support for congestion control –Consider other tunneling protocols

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.