• Journal of Korea Multimedia Society
• /
• v.18 no.1
• /
• pp.35-41
• /
• 2015

SDN(Software Defined Networking) has been considered as a new future computer network architecture and DDoS(Distributed Denial of Service) is the biggest threat in the network security. In SDN architecture, we present the technique to defend the DDoS SYN Flooding attack that is one of the DDoS attack method. First, we monitor the Backlog queue in order to reduce the unnecessary monitoring resources. If the Backlog queue of the certain server is occupied over 70%, the sFlow performs packet sampling with the server address as the destination address. To distinguish between the attacker and the normal user, we use the source address. We decide the SYN packet threshold using the remaining Backlog queue that possible to allow the number of connections. If certain sources address send the SYN packet over the threshold, we judge that this address is attacker. The controller will modify the flow table entry to block attack traffics. By using this method, we reduce the resource consumption about the unnecessary monitoring and the protection range is expanded to all switches. The result achieved from our experiment show that we can prevent the SYN Flooding attack before the Backlog queue is fully occupied.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.1-8
• /
• 2021

With the rapid growth of intelligent devices and communication technologies, 5G network environment has become more heterogeneous and complex in terms of service management and orchestration. 5G architecture requires supportive technologies to handle the existing challenges for improving the Quality of Service (QoS) and the Quality of Experience (QoE) performances. Among many challenges, traffic steering is one of the key elements which requires critically developing an optimal solution for smart guidance, control, and reliable system. Mobile edge computing (MEC), software-defined networking (SDN), network functions virtualization (NFV), and deep learning (DL) play essential roles to complementary develop a flexible computation and extensible flow rules management in this potential aspect. In this proposed system, an accurate flow recommendation, a centralized control, and a reliable distributed connectivity based on the inspection of packet condition are provided. With the system deployment, the packet is classified separately and recommended to request from the optimal destination with matched preferences and conditions. To evaluate the proposed scheme outperformance, a network simulator software was used to conduct and capture the end-to-end QoS performance metrics. SDN flow rules installation was experimented to illustrate the post control function corresponding to DL-based output. The intelligent steering for network communication traffic is cooperatively configured in SDN controller and NFV-orchestrator to lead a variety of beneficial factors for improving massive real-time Internet of Things (IoT) performance.

• ETRI Journal
• /
• v.30 no.2
• /
• pp.183-193
• /
• 2008

In this paper, we propose quality of service mechanisms for flow-based routers which have to handle several million flows at wire speed in high-speed networks. Traffic management mechanisms are proposed for guaranteed traffic and non-guaranteed traffic separately, and then the effective harmonization of the two mechanisms is introduced for real networks in which both traffic types are mixed together. A simple non-work-conserving fair queuing algorithm is proposed for guaranteed traffic, and an adaptive flow-based random early drop algorithm is proposed for non-guaranteed traffic. Based on that basic architecture, we propose a dynamic traffic identification method to dynamically prioritize traffic according to the traffic characteristics of applications. In a high-speed router system, the dynamic traffic identification method could be a good alternative to deep packet inspection, which requires handling of the IP packet header and payload. Through numerical analysis, simulation, and a real system experiment, we demonstrate the performance of the proposed mechanisms.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.11 no.4
• /
• pp.227-236
• /
• 1986

In this paper, an integrated voice/data packet network with window flow control is modeled by a colsed multichain queueing system, and its performance is analyzed by the mean value analysis method. Particularly, for the analysis of a packet network having various kinds of messages with different priority classes, we introduce an approach based on the mean value analysis and the concept of effective capacity. By the mathematical analysis and computer simulation, we obtain the following network statistics in the steady state: Mean buffer occupancy at each node, utilization of link throughput of a virtual channel, and mean delay time of each message. Our iterative analysis method can predict the link data status in most cases within about 10 percent of accurady, and the statistics of voice messages and external data within 5 percent as compared to simulation results.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.21 no.2
• /
• pp.447-460
• /
• 1996

Network optimization and design procedures often separate quality of service (QOS) performance measures from reliability issues. This paper considers channel allocation and flow assignment (routing) in a network subject to link failures. Fault-tolerant channel allocation and flow assingments are determined which minimize network cost while maintaining QOS performance requirements. this approach is shown to yield significant network cost reductions compared to previous heuristic methods used in the design of packet switched network with unreliable links.

• Journal of Communications and Networks
• /
• v.8 no.4
• /
• pp.410-421
• /
• 2006

In this work, we propose an analytic framework for dimensioning the link capacity of broadband access networks which provide universal broadband access services to a diverse kind of customers such as patient and impatient customers. The proposed framework takes into account the flow-level quality of service (QoS) of a connection as well as the packet-level QoS, via which a simple and systematic provisioning and operation of the network are provided. To that purpose, we first discuss the necessity of flow-aware network dimensioning by reviewing the networking technologies of the current and future access network. Next, we propose an analytic model for dimensioning the link capacity for an access node of broadband convergence networks which takes into account both the flow and packet level QoS requirements. By carrying out extensive numerical experiment for the proposed model assuming typical parameters that represent real network environment, the validity of the proposed method is assessed.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.1
• /
• pp.23-34
• /
• 2004

This paper presents architecture and control method of packet scheduler to guarantee QoS of high quality streaming services in high-speed packet-switched networks. Since streaming services need far more stringent QoS requirements than the typical sort of burst data applications, they should be guaranteed minimum bandwidth and end-to-end delay bound to each flow, regardless of the behavior of other flows. To meet these requirements, a packet scheduler isolate a flow from the undesirable effects of other flows and provides end-to-end delay guarantees for individual flow and divides stringently the available link bandwidth among flows sharing the link. Until now, many vendors are developing traffic management chips running at 10Gbps, but most of chips have drawbacks to support high quality streaming services. In this paper, we investigate the drawbacks of commercial TM chips and traffic characteristic of streaming services and present implementation frameworks of the proposed packet scheduler. Finally, we analyze the simulation results of the proposed scheduler.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.1
• /
• pp.15-21
• /
• 2018

Per-packet scheduling is more suitable than per-flow scheduling to reduce the flow completion time by efficiently utilizing resources in data center networks. Recently, many per-packet scheduling schemes utilizing multiple paths have been proposed. However, to mitigate the negative effect of packet reordering on TCP performance, most of the schemes require supplemental measures such as putting packets in order at the lower layer. In this study, we investigate how well DCTCP, which is a representative TCP for data center networks, performs with per-packet scheduling through simulation. Simulation results show that DCTCP keeps the queue length short but that DCTCP shows low fairness due to the way of reducing the congestion window by ECN.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.10B
• /
• pp.1168-1174
• /
• 2011

The IEFT has recently considered to provide flow mobility for multi-interface MN in the PMIPv6. In this paper, we proposed an extended BCE of the LMA and a novel mechanism for flow mobility of PMIPv6. With our proposal BCE and mechanism, the LMA can route packets by the flow label and hence packet loss during handover can be eliminated. Also, to validate our flow mobility scheme, we designed and implemented the PMIPv6 packet data unit and database of both LMA and MAG, and configured a testbed for flow mobility in PMIPv6. And the support of flow mobility was configured with the network connectivity test in our testbed. According to the Wireshark results, we can see that our proposed scheme works wells for flow mobility in PMIPv6.

• Journal of Korea Multimedia Society
• /
• v.19 no.5
• /
• pp.924-931
• /
• 2016

In this paper, Various network adaptive MAC scheduling technique is proposed to effectively overcome limits of narrow bandwidth and low transmission speed in underwater. UPFC(Underwater Packet Flow Control) is a technique to reduce both the number of transmission and transmission time using three types (Normal, Blocked, Parallel) of data transmission. In this technique, the load information, in which a transmission node have, is transmitted to destination node using marginal bit in reserved header. Then the transmitted information is referred to determine weighting factor. According to the weighting factor, scheduling is dynamically changed adaptively. The performance of UPFC is analyzed and flow control technique which can be applied to Cluster Based Network and Ad Hoc network as well.