• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.5B
• /
• pp.253-263
• /
• 2005

This paper proposed a mobile multicast technique to satisfy end-to-end QoS for various user requirements in mobile network environment. In order to provide seamless mobility, fast handoff technique was applied. By using L2 mobile trigger, it was possible to minimize remarkable amount of packet loss by delay occurred during handoff. To provide efficient multicast, concept of hierarchy was introduced to Xcast++, which results in a creation of HXcast++. HXcast++ optimized transfer path of multicast and reduced expensive multicast maintenance costs caused by frequent handoff. Suggestion of GMA (Group Management Agent) mechanism allows joining to group immediately without waiting IGMP Membership query during handoff. GMA mechanism will minimize the delay for group registration process and the resource usage due to delay of withdrawal process. And also use of buffering & forwarding technique minimized packet loss during generation of multicast tree. IntServ/RSVP was used to provide End-to-End QoS in local domain and DiffServ was used in global domain. To minimize reestablishment of RSVP session delay, extended HXcast++ control messages ware designed to require PATH message. HXcast++ proposed in this thesis is defined as multicast technique to provide end-to-end QoS and also to satisfy various user requirements in mobile network environment.

• Journal of KIISE:Information Networking
• /
• v.32 no.4
• /
• pp.452-461
• /
• 2005

In the star VPN (Virtual Private Network) topology, the traffic between the communicating two CPE(Customer Premise Equipment) VPN GW(Gateway)s nay be inefficiently transferred. Also, the Center VPN GW nav erperience the overload due to excessive packet processing overhead. As a solution to this problem, a direct tunnel can be established between the communicating two CPE VPN GWs using the IKE (Internet Key Exchange) mechanism of IPSec(IP Security). In this case, however, the tunnel establishment and management nay be complicated. In this paper, we propose a mechanism called' SVOT (Star VPN On-demand Tunnel)', which automatically establishes a direct tunnel between the communicating CPE VPN GWs based on demand. In the SVOT scheme, CPE VPN GWs determine whether it will establish a direct tunnel or not depending on the traffic information monitored. CPE VPN GW requests the information that is necessary to establishes a direct tunnel to the Center VPN GW Through a simulation, we investigate the performance of the scheme performs better than the SYST scheme with respect to scalability, traffic efficiency and overhead of Center VPN GW, while it shows similar performance to the FVST with respect to end-to-end delay and throughput.

• Journal of KIISE
• /
• v.43 no.12
• /
• pp.1404-1411
• /
• 2016

Network virtualization is a technique that abstracts the physical network to provide multiple virtual networks to users. Virtualized network has the advantage to offer flexible services and improve resource utilization. In SDN architecture, network hypervisor serves to virtualize the network through address virtualization, topology virtualization and policy virtualization. Among them, address virtualization refers to the technique that provides an independent address space for each virtual network. Previous work divided the physical address space, and assigned an individual division to each virtual network. Each virtual address is then mapped one-to-one to a physical address. However, this approach requires a lot of flow entries, thus making it disadvantageous. Since SDN switches use TCAM (Ternary Contents Addressable Memory) for the flow table, it is very important to reduce the number of flow entries in the aspect of cost and scalability. In this paper, we propose a LISP based address virtualization, which separates address spaces for the physical and virtual addresses and transmits packet through tunneling, in order to resolve the limitation of the previous studies. By implementing a prototype, we show that the proposed scheme provides better scalability.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.573-586
• /
• 2008

The improved performance and miniaturization of computer and the improvement of wireless communication technology have enabled the emergence of many high quality services. Among them multicast services are receiving much attention and their usage is increasing due to the increase of Internet multimedia services such as video conference, multimedia stream, internet TV, etc. Security plays an important role in mobile multicast services. In this paper, we proposed a secure multicast protocol for a hierarchical micro-mobility environment. The proposed secure multicast protocol provides security services such as authentication, access control, confidentiality and integrity using mechanisms including symmetric/asymmetric key crypto-algorithms and capabilities. To provide forward/backward secrecy and scalability, we used sub-group keys based on the hierarchical micro-mobility environment. With this security services, it is possible to guard against all kinds of security attacks performed by illegal mobile nodes. Attacks executed by internal nodes can be thwarted except those attacks which delete packet or cause network resources to be wasted. We used simulator to measure the performance of proposed protocol. As a result, the simulation showed that effect of these security mechanisms on the multicast protocol was not too high.

• Journal of KIISE:Information Networking
• /
• v.30 no.2
• /
• pp.282-292
• /
• 2003

This paper proposes an efficient data structure for forwarding IPv4 and IPv6 packets at the gigabit speed in backbone routers. The LPM(Longest Prefix Matching) search becomes a bottleneck of routers' performance since the LPM complexity grows in proportion to the forwarding table size and the address length. To speed up the forwarding process, this paper introduces a data structure named BMT(Bit-Map Tie) to minimize the frequent main memory accesses. All the necessary search computations in BMT are done over a small index table stored at cache. To build the small index table from the tie representation of the forwarding table, BMT represents a link pointer to the child node and a node pointer to the corresponding entry in the forwarding table with one bit respectively. To improve the poor performance of the conventional tries when their height becomes higher due to the increase of the address length, BMT adopts a binary search algorithm for determining the appropriate level of tries to start. The simulation experiments show that BMT compacts the IPv4 backbone routers' forwarding table into a small one less than 512-kbyte and achieves the average speed of 250ns/packet on Pentium II processors, which is almost the same performance as the fastest conventional lookup algorithms.

• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.1-15
• /
• 2007

Increase in the wireless mobile network users brings the issue of mobility management into the Virtual Private Network (VPN) services. We propose a provider edge (PE)-based provider provisioned mobile VPN mechanism, which enables efficient communication between a mobile VPN user and one or more correspondents located in different VPN sites. The proposed mechanism not only reduces the IPSec tunnel overhead at the mobile user node to the minimum, but also enables the traffic to be delivered through optimized paths among the (mobile) VPN users without incurring significant extra IPSec tunnel overhead regardless of the user's locations. The proposed architecture and protocols are based on the BGP/MPLS VPN technology that is defined in RFC24547. A service provider platform entity named PPVPN Network Server (PNS) is defined in order to extend the BGP/MPLS VPN service to the mobile users. Compared to the user- and CE-based mobile VPN mechanisms, the proposed mechanism requires less overhead with respect to the IPSec tunnel management. The simulation results also show that it outperforms the existing mobile VPN mechanisms with respect to the handoff latency and/or the end-to-end packet delay.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.10
• /
• pp.2627-2640
• /
• 1998

In this paper, we analyze the performance of the virtual cell system[1] for the transmission of IP datagrams in mobile computer communications. A virtual cell consistsof a group of physical cells shose base stationsl are implemented b recote bridges and interconnected via high speed datagram packet switched networks. Host mobility is supported at the data link layer using the distributed hierachical location information of mobile hosts. Given mobility and communication ptems among physical cells, the problem of deploying virtual cells is equivalent to the optimization cost for the entire system where interclster communication is more expesive than intracluster communication[2]. Once an iptimal partitionof disjoint clusters is obtained, we deploy the virtual cell system according to the topology of the optimal partition such that each virtual cell correspods to a cluser. To analyze the performance of the virtual cell system, we adopt a BCMP open multipel class queueing network model. In addition to mobility and communication patterns, among physical cells, the topology of the virtual cell system is used to determine service transition probabilities of the queueing network model. With various system parameters, we conduct interesting sensitivity analyses to determine network design tradeoffs. The first application of the proposed model is to determine an adequate network bandwidth for base station networking such that the networks would not become an bottleneck. We also evaluate the network vlilization and system response time due to various types of messages. For instance, when the mobile hosts begin moving fast, the migration rate will be increased. This results of the performance analysis provide a good evidence in demonsratc the sysem effciency under different assumptions of mobility and communication patterns.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.135-140
• /
• 2015

The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

• Journal of KIISE:Information Networking
• /
• v.29 no.4
• /
• pp.428-436
• /
• 2002

Providing a mobile host with its required QoS is highly influenced by its mobility. The resource ReSerVation Protocol(RSVP) establishes and maintains a reservation state to ensure a given QoS level along the path from the sender to the receiver. However, RSVP is designed for use in fixed networks and thus it is inadequate in the mobile networking environment where a host changes its point of attachment. In this paper, we propose a new resource reservation protocol, RSVP-RA(RSVP by RSVP Agent) for mobile hosts. Our protocol assumes IETF Mobile IP as a mobility support mechanism. The proposed protocol introduce a new protocol entity - RSVP agent - to manage reservations in a mobile host's current visiting network. RSVP Agent is located in a local network and makes resource reservations in neighboring cells that the mobile host is expected to visit in the future. Thus, the proposed Protocol can provide a seamless QoS to the mobile host and significantly improve the scalability problem of RSVP by reducing the end-to-end signalling messages acrossing the backbone networks. The proposed protocols reduce packet delay, bandwidth overhead and the number of RSVP messages to maintain reservation states. We compared the performance of our proposed protocol with other proposed protocols in terms of signalling overhead, packet delay by simulation.