• Proceedings of the IEEK Conference
• /
• 1999.06a
• /
• pp.106-109
• /
• 1999

위성 인터넷망에서의 성능 향상을 위한 프록시의 대표적인 기법인 Snoop과 Spoofing에서의 TCP 성능을 모의실험을 통해 비교하고, 전체 메모리 크기에 따른 TCP 전송 특성 변화를 살펴보았다. Spoofing과 Snoop에서 모두 TCP 전송율이 향상됨을 확인할 수 있었고, Spoofing을 적용했을 경우 Snoop보다 높은 전송율을 얻을 수 있었으나 데이터를 저장하기 위한 버퍼 요구량이 매우 커졌다. 메모리 크기는 제한되어 있으므로 효율적인 메모리 분배 방법이 필요함을 고찰할 수 있었다.

• Journal of Communications and Networks
• /
• v.13 no.5
• /
• pp.518-524
• /
• 2011

A high assurance IP encryption (HAIPE) compliant protocol accelerator is proposed for military networks consisting of red (or classified) networks and black (or unclassified) networks. The boundary between red and black sides is assumed to be protected via a HAIPE device. However, the IP layer encryption introduces challenges for bandwidth on demand satellite communication. The problems experienced by transmission control protocol (TCP) over satellites are well understood: While standard modems (on the black side) employ TCP performance enhancing proxy (PEP) which has been shown to work well, the HAIPE encryption of TCP headers renders the onboard modem's PEP ineffective. This is attributed to the fact that under the bandwidth-on-demand environment, PEP must use traditional TCP mechanisms such as slow start to probe for the available bandwidth of the link (which eliminates the usefulness of the PEP). Most implementations recommend disabling the PEP when a HAIPE device is used. In this paper, we propose a novel solution, namely broadband HAIPE-embeddable satellite communications terminal (BHeST), which utilizes dynamic network performance enhancement algorithms for high latency bandwidth-on-demand satellite links protected by HAIPE. By moving the PEP into the red network and exploiting the explicit congestion notification bypass mechanism allowed by the latest HAIPE standard, we have been able to regain PEP's desired network enhancement that was lost due to HAIPE encryption (even though the idea of deploying PEP at the modem side is not new). Our BHeST solution employs direct video broadcast-return channel service (DVB-RCS), an open standard as a means of providing bandwidth-on-demand satellite links. Another issue we address is the estimation of current satellite bandwidth allocated to a remote terminal which is not available in DVBRCS. Simulation results show that the improvement of our solution over FIX PEP is significant and could reach up to 100%. The improvement over the original TCP is even more (up to 500% for certain configurations).

• Journal of Internet Computing and Services
• /
• v.10 no.2
• /
• pp.15-28
• /
• 2009

This paper proposes HWbF(Hit and WLC based Firewall) design which consists of an PFS(Packet Filter Station) and APS(Application Proxy Station). PFS is designed to reduce bottleneck and to prevent the transmission delay of them by distributing packets with PLB(Packet Load Balancing) module, and APS is designed to manage a proxy cash server by using PCSLB(Proxy Cash Server Load Balancing) module and to detect a DoS attack with packet traffic quantity. Therefore, the proposed HWbF in this paper prevents packet transmission delay that was a drawback in an existing Firewall, diminishes bottleneck, and then increases the processing speed of the packet. Also, as HWbF reduce the 50% and 25% of the respective DoS attack error detection rate(TCP) about average value and the fixed critical value to 38% and 17%. with the proposed expression by manipulating the critical value according to the packet traffic quantity, it not only improve the detection of DoS attack traffic but also diminishes the overload of a proxy cash server.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.328-330
• /
• 2019

RTT(Round Trip Time)가 큰 위성링크에서는 TCP의 정상적인 동작이 어렵다. PEP(Performance Enhanced Proxy)은 위성과 지상 통신간의 성능 향상을 위해 개발되었으나. PEP의 위성링크 구간에 적용되는 TCP Cubic, TCP Hybla등 기존의 Enhanced TCP는 충분한 윈도우사이즈를 확보하는데 시간이 걸리는 문제점이 있다. 본 논문에서는 Cubic의 초기 윈도우 값을 높게 설정해 위성 대역폭을 보다 빨리 점유할 수 있는 수정된 혼잡제어 알고리즘을 제안한다. 제안한 방법은 기존 혼잡제어 알고리즘보다 전송률이 약 26% 향상되었다.

• Journal of Communications and Networks
• /
• v.4 no.4
• /
• pp.266-281
• /
• 2002

The General Packet Radio Service (GPRS) is being deployed by GSM network operators world-wide, and promises to provide users with “always-on” data access at bandwidths comparable to that of conventional fixed-wire telephone modems. However, many users have found the reality to be rather different, experiencing very disappointing performance when, for example, browsing the web over GPRS. In this paper, we examine the causes, and show how unfortunate interactions between the GPRS link characteristics and TCP/IP protocols lead to poor performance. A performance characterization of the GPRS link-layer is presented, determined through extensive measurements taken over production networks. We present measurements of packet loss rates, bandwidth availability, link stability, and round-trip time. The effect these characteristics have on TCP behavior are examined, demonstrating how they can result in poor link utilization, excessive packet queueing, and slow recovery from packet losses. Further, we show that the HTTP protocol can compound these issues, leading to dire WWW performance. We go on to show how the use of a transparent proxy interposed near the wired-wireless border can be used to alleviate many of these performance issues without requiring changes to either client or server end systems.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.8
• /
• pp.10-17
• /
• 2015

A satellite communication system is one of viable solutions for Internet applications running in wide areas. However, the performance of TCP can be seriously degraded in the satellite networks due to long round-trip time (RTT) and high bit error rate (BER) over satellite links. Therefore, a performance enhancing proxy(PEP) based TCP splitting connection scheme is used in the satellite link to improve the TCP performance. In this paper, we implement PEP testbed and conduct experiment to evaluate the performance of TCP splitting connection by comparing with high-speed TCP solutions in various environments. In our experimental environment, we consider multiple connections, high packet loss, and limited bandwidth. The experiment results show that PEP improves the TCP throughput than high-speed TCP variants in various environments. However, there is no improvement of the TCP throughput with the limited bandwidth because there is packet loss caused by both the congestion and the channel error.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.1 no.2
• /
• pp.64-72
• /
• 2006

The long propagation delay over satellite internet causes degradation of TCP performance in slow start phase. Especially, web traffic performance is greatly reduced by low throughput in slow start phase. To improve web traffic performance, we propose the Dynamic ACK Generation Scheme which generates ACKs and considers sender RTO in PEP (Performance Enhancing Proxy). The Normal ACK generation mechanism improves TCP throughput, and also decreases sender RTO. if PEP stops generating ACKs, TCP performance will be reduced by frequent RTO expiration. To solve this problem, our scheme adjusts RTO using ACK generation interval. And it supports retransmission mechanism for loss recovery in PEP. The results of the performance analysis provide a good evidence to demonstrate the efficiency of our mechanisms over satellite internet.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.3
• /
• pp.25-31
• /
• 2015

In this paper, we propose PEP based on cross-layer and network coding in digital video broadcasting-return channel via satellite (DVB-RCS) networks. In particular, we propose not only a scheme of cross-layer information exchange for interaction between TCP and the resource allocation (RA) scheme in the link layer but also a tuning algorithm for the TCP contention window (CWND) by using information on the RA in the link layer and the redundancy rate for network-coded packets. The simulation results show that TCP CWND can be adjusted by RA information in the proposed protocol. Furthermore, through the transmission of network-coded packets and the proposed CWND tuning algorithm, TCP throughput is enhanced in lossy environment due to user mobility without the unnecessary resource overhead.

• Proceedings of the IEEK Conference
• /
• 2002.06a
• /
• pp.413-416
• /
• 2002

중앙집중식 구조의 기존 내용기반 요구분산의 문제점인 확장성 및 성능을 향상시키기 위해, 본 논문에서 는 2단계로 구성된 분산구조로 된 L4/L7 방법을 사용한다. L4 스위치를 이용하여 1차적으로 부하를 분산시키고, 이들에 대해 Proxy의 성능상의 단점을 보완한 TCP splicing을 적용하여 2차로 L7 스위치 기능을 수행하도록 한다. 리눅스 환경에서 제안한 시스템을 구현하고 클러스터형 웹서버 시스템을 구성하여 실험하였다. 제안한 분산구조 방법이 중앙집중 방식에 비해 확장성, 성능면에서 우수함을 확인하였다.

• Journal of the Korean Geophysical Society
• /
• v.4 no.4
• /
• pp.239-249
• /
• 2001

NAT (Network Address Translation) is an IP address modification protocol that translates private IP addresses into authentic Internet addresses. The main features of NAT are to improve network security and to save IP addresses. Generally speaking, in order to perform its functionality. NAT uses the address informaiton in the packet header. Certain application protocols, however, use the information in the packet data as well as the imformation in the packet header to perform end-to-end communication. Therefor, to support these types of application protocols, NAT should be able to perform appropriate translation of protocol information in the packet data. In this thesis, we design and implement a method which translates virtual IP information in the packet data into real IP information by using port proxy server.