• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.49 no.3
• /
• pp.27-36
• /
• 2012

With the increase of various user's requirements, lots of interesting applications on the Internet have been emerging recently. However, Internet has many limitations for providing upcoming new services because it was only designed to provide basic connectivity between research networks and simplified forwarding functions at the first time. Internet has many problems in the aspects of routing scalability, mobility, security and QoS, so lots of researches are being actively performed in many countries to solve these problems. In this paper, we implement RED(Random Early Detection) scheduler using NetFPGA platform and local testbed to provide active queue management. Using the implemented RED scheduler, packets are dropped according to the specified drop probability, so Global Synchronization coming from simultaneous TCP segment losses in a congestion condition can be prevented. With the comparison to the Drop-Tail scheme in the basic router, we show TCP performance can be enhanced in the congestion situation using the NetFPGA-based RED scheduler.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.12
• /
• pp.17-24
• /
• 2005

Traditional Internet applications such as FIP and E-mail are increasingly sharing bandwidth with newer, more demanding applications such as Web browsing, IP telephony, video conference and online games. These new applications require Quality of Service (QoS), in terms of delay, loss and throughput that are different from QoS requirements of traditional applications. Unfortunately, current Active Queue Management (AQM) approaches offer monolithic best-effort service to all Internet applications regardless of the current QoS requirements. This paper proposes and evaluates a new AQM technique, called MCDT that provides dynamic and separated buffer threshold for each Applications, those are FTP and e-mail on TCP traffic, streaming services on tagged UDP traffic, and the other services on untagged UDP traffic. Using a new QoS metric, our simulations demonstrate that MCDT yields higher QoS in terms of the delay variation and a packet loss than RED when there are heavy UDP traffics that include streaming applications and data applications. MCDT fits the current best-effort Internet environment without high complexity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.129-140
• /
• 2003

Recently viruses and various hacking tools that threat hosts on a network becomes more intelligent and cleverer, and so the various security mechanisms against them have ken developed during last decades. To detect these network attacks, many NIPSs(Network-based Intrusion Prevention Systems) that are more functional than traditional NIDSs are developed by several companies and organizations. But, many previous NIPSS are hewn to have some weakness in protecting important hosts from network attacks because of its incorrectness and post-management aspects. The aspect of incorrectness means that many NIPSs incorrectly discriminate between normal and attack network traffic in real time. The aspect of post-management means that they generally respond to attacks after the intrusions are already performed to a large extent. Therefore, to detect network attacks in realtime and to increase the capability of analyzing packets, faster and more active responding capabilities are required for NIPS frameworks. In this paper, we propose a framework for real-time intrusion prevention. This framework consists of packet filtering component that works on netfilter in Linux kernel and traffic control component that have a capability of step-by-step control over abnormal network traffic with the CBQ mechanism.