• Journal of KIISE:Information Networking
• /
• v.29 no.1
• /
• pp.31-39
• /
• 2002

The VPN(Virtual Private Network) is a private network constructed logically on a public network infrastructure. There have been numerous studies to support the VPN services by using different technologies such as IP in IP, GRE, L2TP, MPLS and so on. Among these technologies, MPLS has shown many merits in aspects of QoS, security, and management, compared with other technologies. As an enhancement of the VPN that is controlled by MPLS PE(Provider Edge) routers, this paper presents the VPN controlled by MPLS CE(Customer Edge) routers. The functional architecture of the CE based VPN and operations of the CE routers are described along with the performance comparison of CE based MPLS VPN. It has been shown that the CE based VPN has more advantages than PE based VPN with respect to independency, scalability, security, and complexity.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.2B
• /
• pp.130-137
• /
• 2012

In this paper, we propose core and edge router architectures with LPI(Low Power Idle) for reducing energy consumption in OBS networks. The proposed core router architecture is comprised of a BCP switch, a burst switch, line cards and sleep/wake controller for LPI. When the offered load of network is low, sleep/wake controller can change the state of the core router line card from active to sleep state for saving the energy after receiving network control packet. The edge router consists of a switch for access line card, a SCU and OBS edge router line cards. The LPI function in edge router line card is performed through network level control by network control packet, individually. Additionally, PHY/transceiver modules can transition active state to sleep state when burst assemble engine generates new bursts. To evaluate the energy saving performance of proposed architecture with LPI, the power consumption of each router is analyzed by using data sheet of commercial router and optical device. And, simulation is also performed in terms of sleep time of PHY/Transceiver through OPNET.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.9
• /
• pp.1374-1381
• /
• 2022

Existing research on security technology related to network attack response has focused on research using hardware network security technology, network attacks that wiretap and wiretap network packets, denial of service attack that consumes server resources to bring down the system, and network by identifying vulnerabilities before attack. It is classified as a scanning attack. In addition, methods for increasing network security, antivirus vaccines and antivirus systems have been mainly proposed and designed. In particular, many users do not fully utilize the security function of the router. In order to overcome this problem, it is classified according to the network security level to block external attacks through layered security management through layer-by-layer experiments. The scope of the study was presented by examining the security technology trends of edge routers, and suggested methods and implementation examples to protect from threats related to edge router-based network attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.1023-1026
• /
• 2005

지난 몇 년간 DDoS 공격의 기법들은 더욱 복잡해지고 효과적으로 변하였으며, 공격자를 추적하기는 더욱 힘들어지고 있다. 이러한 문제들에 대응하기 위해 다양한 패킷 필터링 기법과 공격자 추적 기법등 많은 연구들이 진행되어 왔다. 하지만 이러한 노력에도 불구하고 DDoS 공격은 여전히 인터넷의 안정성을 위협하는 요소로 작용하고 있다. 따라서 본 논문에서는 이러한 위협에 대응하기 위하여 Active Edge 라우터 기반의 분산 서비스 거부공격대응 기법을 제안하고자 한다. 제안된 방법의 경우 기존의 중간 라우터(intermediate-router)의 오버헤더, 공격경로 재구성에 필요한 오버헤더, 재구성된 공격경로의 부정확성과 같은 기존의 기법들이 지니고 있던 단점들을 보완하고 있다. 또한 제안된 방법의 경우 공격 패킷을 공격대상 네트워크가 아닌 공격자가 위치하고 있는 네트워크에서 제거함으로서 공격패킷의 필터링 효과를 더욱 향상 시켰다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.1
• /
• pp.65-73
• /
• 2006

Network based VPN(Virtual Private Network) using MPLS(Multiprotocol Label Switching) technology, called PE(Provider Edge router) based MPLS VPN, is regarded as a good solution for intranets or ext3nets because of the low cost and the flexibility of the service provision. In this paper, we describe a mechanism that allows the VPN users to move from one site to another site of the VPN network based on the BGP-E MPLS technology. This mechanism is designed for PE(Provider Edge) routers of the backbone network. PE routers connected to the VPN sites establish a new MPLS path to the mobile node after they detect movement of the mobile VPN node. The new location may belong to the same VPN or to different VPN. We desisted VPN management and control functions of the PE routers in order to interface with the Mobile IP protocol and support the QoS mechanism. The pilot implementation and performance measurement were carried out on a simulation using COVERS tool.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.26 no.12C
• /
• pp.225-232
• /
• 2001

In this paper, we describe a mechanism that supports the mobility service for VPN(Virtual Private Network) users on MPLS(Multiprotocol Label Switching) network. The MPLS VPN considered in this study is controlled by CE(Customer Edge) routers. In such a VPN, CE routers have additional functions to support mobile VPN users, i.e., Home Agent function, foreign Agent function, Correspondent Agent function. This mechanism is applied when a VPN node moves to other site of the saute VPN, or when it moves to other site of a different VPN, or to a non-VPN site. We perform a simulation study to compare the performance of CE based MPLS VPN with that of PE(Provider Edge) based MPLS VPN with mobility support.

• Proceedings of the Korea Contents Association Conference
• /
• 2003.11a
• /
• pp.227-233
• /
• 2003

In paper, we present design and implementation of MPLS based VPN with QoS capabilities. We propose a design architecture of an edge router for MPLS based VPN with QoS capabilities in backbone network. We design functional blocks, interface specifications, detail routing and forwarding information based structure, and packet forwarding engine for the purpose of implementation of an edge router, We extend bgp-4 software for implementation differentiated service packet forwarding schemes in MPLS based VPN.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.6B
• /
• pp.588-603
• /
• 2003

In this paper, we propose an Aggregate Three Color Marker without per flow management which is required for an Edge router to improve End-to-End QoS of Assured Service in DiffServ. Proposed Aggregate Three Color Marker is used with the Adaptive RIO-DC scheme to achieve the minimum rate guarantee without per flow management. Assuming that the admission control for Assured Service has been performed, proposed Aggregate Three Color Marker measures incoming In-profile traffic rate at the output link of an edge router using a token-bucket with a token rate equal to the sum of contracted rates of admitted flows passing the edge router. If there are token losses from the token bucket, out-of-profile packets are promoted to Yellow packets within the aggregate traffic profile. And yellow packets are demoted to out-of-profile packets at the input link to an Edge router fer the purpose of fairness maintenance. In-profile packets and Yellow packets are processed identically at the RIO-DC buffer management scheme in our proposed method. Simulation results show that through using proposed Aggregate Three Color Marker with the Adaptive RIO-DC scheme, the minimum rate guarantee for Assured Service can be achieved without per flow management at multiple DiffServ domains.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1591-1594
• /
• 2002

BE(Best-Effort)방식의 인터넷에서 제공되던 Text위주의 서비스 제공 방식이 Multimedia 위주의 서비스로 점차 바뀌어 감에 따라, 기존의 BE(Best-Effort)방식으로는 Multimedia QoS(Quality of Service)를 보장하기가 어려워졌다. 이에 IETF(Internet Engineering Task Force)에서는 변화하는 인터넷 환경에서 QoS 보장을 위해 Diffserv(Differentiated Service)방식을 제안하게 되었다. 본 논문에서는 Content를 제공하는 Linux Web Server에서 패킷을 클래스 분류기준(Classification Method)에 의해 분류하고 Scheduling Algorithm을 적용하여 DSCP(Differentiated Service CodePoint) 값을 Web Server 자체에서 결정하여 경계라우터(Edge Router)로 전송하는 방식을 취하였으며, 이를 토대로 하여 경계라우터의 Traffic 부하를 줄이고, 경계라우터의 코어라우터(Core Router)화를 통해 더욱더 향상된 Differentiated Service를 제공하는 것이 목적이다. 이를 본 논문에서는 ns2 를 통해 IETF에서 제안된 Diffserv방식과 본 논문에서 제안한 방식의 Diffserv 방식과 현재의 BE방식을 비교하여 어느 정도의 성능 향상이 있었는지 비교 분석하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.4B
• /
• pp.339-350
• /
• 2003

The demands of network users emphasize the improvement and guarantee of service quality as well as the increment of bandwidth. As a result, high performance and additional new functions are important features to build network equipments, especially and edge router. For this structure, network processors with high performance and flexibility are considered as a main part of a packet forwarding module. In this paper, we design and edge MPLS router with a network processor, which supports high performance and multi-functionalities and examine its advantage and limitation.