• The Journal of Engineering Research
• /
• v.3 no.1
• /
• pp.131-138
• /
• 1998

In this paper, we investigate the direction of LAN evolution. We focus rather on the philosophical changes than on the advances of technologies. In terms of topology, channel structure, and medium access control, we categorize major local area networks widely used in the past. We then investigate new directions in the concept and advances in the technology of local area networks. The idea of collapsed backbone is shown to be the most fundamental factor influencing the evolution of local area networks. Asynchronous Transfer Mode that is radically different form the existing LAN technology is now actively applied to LAN. In order to compete with ATM, conventional LANs should evolve to support quality of service for multimedia application

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.449-456
• /
• 2018

Many organizations divide the network to manage the network in order to prevent the leakage of internal data between separate organizations / departments by sending and receiving unnecessary traffic. The most fundamental network separation method is based on physically separate equipment. However, there is a case where a network is divided and operated logically by utilizing a virtual LAN (VLAN) network access control function that can be constructed at a lower cost. In this study, we first examined the possibility of bypassing the logical network separation through VLAN ID scanning and double encapsulation VLAN hopping attack. Then, we showed and implemented a data leak scenario by utilizing the acquired VLAN ID. Furthermore, we proposed a simple and effective technique to detect and prevent the double encapsulation VLAN hopping attack, which is also implemented for validation. We hope that this study improves security of organizations that use the VLAN-based logical network separation by preventing internal data leakage or external cyber attack exploiting double encapsulation VLAN vulnerability.

• The KIPS Transactions:PartC
• /
• v.8C no.2
• /
• pp.155-163
• /
• 2001

가상랜은 물리적 위치에 관계없이 마치 하나의 LAN에 연결되어 있는 것처럼 통신할 수 있는 구조로 브로드캐스트 도메인을 제한하여 대역 폭 낭비를 감소시키고 전체 네트워크의 효율을 증가시킨다. 본 논문에서는 ATM-LAN에서의 3계층 가상랜 구성방안을 제시한다. 첫 번째 방안은 ATM-LAN에서 3계층 멀티캐스트를 지원하는 MARS 구조를 사용하는 것으로 중앙에 가상랜 서버를 두어 여러 LIS에 걸쳐있는 가상랜 정보를 수집, 관리하고 이를 다시 각 LIS의 MARS에게 알려주도록 하는 것이다. 기존의 MARS는 하나의 LIS에 속하는 그룹만을 담당하기 때문에 여러 개의 LIS에 걸쳐있는 그룹의 경우 그 멤버 정보를 유지할 수 없으므로 이를 위해 각 LIS를 담당하는 MARS들을 중앙 집중적으로 관리하는 서버를 둔 것이다. 또 다른 방안으로 서로 다른 ELAN간의 유니캐그트 전송을 위해 제안된 MPOA 구조를 이용하는 것이다. 이를 위해 각 MPOA 서버에 가상랜 관리 및 브로드캐스트를 지원하기 위한 서버기능을 추가하였고 서버들끼리 서로 가상랜 정보를 주고받는 프로토콜을 제안하였다. 이들 두 가지 방안의 성능 특성을 살펴보기 위해 시뮬레이션을 수행하고 그 결과를 제시하였다.

• Journal of Digital Contents Society
• /
• v.2 no.1
• /
• pp.31-40
• /
• 2001

Currently there are many standards of network management. They are: SNMP(Simple Network Management Protocol - for Internet management), CMIP(Common Management Information Protocol - standardized by ITU-T and ISO), RMON(Remote network MONitoring - for distributed management of the LAN segment), and so on. Especially RMON has created the many concerns in order to manage subnetworks of a large network, but it has negative aspects. For instance, routers or hubs with RMON capability are expensive to a network manager because of adding heavy management cost. Moreover it imposes a heavier burden on network manager, because it must use a network management tool which will be additionally needed with RMON device. This paper proposes a model of PC based RMON Agent system. The RMON Agent system monitors the traffic on LAN segment through the use of a Virtual Device Driver(VxD), based on PC. In term of cost this model will replace the expensive RMON device, and eventually enable a network manager to manage LAN segment more efficiently, due to reduced cost.

• Journal of Industrial Technology
• /
• v.28 no.B
• /
• pp.245-250
• /
• 2008

Recently, mobile devices have supported wireless LAN as well as bluetooth, where the services such as heterogeneous network access and seamless mobility connection are important. Even though the mobility and physical network might be varied, an efficient communication mechanism for the network access and a robust mobility management of mobile devices are needed. In this paper, we design and implement a Bluetooth system with mobile LAN access capability. The proposed system has the following features; 1) IP connection is enabled by BENP in the link layer, 2) The networks devices of heterogeneous mobile devices are integrated into a single virtual network interface, 3) IP mobility between the bluetooth and wireless LAN is supported by mobile IP. The experimented results show that the packet loss and delay time during the handover duration is reduced by predicting the handover among different networks followed by the setup of any required parameters in advance.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.2B
• /
• pp.144-156
• /
• 2003

Internet/Intranet has been continuously enhanced by new emerging IP technologies such as differentiate service(DiffServ), IPSec(IP Security) and MPLS(Multi-protocol Label Switching) traffic engineering. According to the increased demands of various real-time multimedia services, ISP(Internet Service Provider) should provide enhanced end-to-end QoS(quality of service) and security features. Therefore, Internet and Intranet need the management functionality of sophisticated traffic engineering functions. In this paper, we design and implement the performance management functionality for the guaranteed end-to-end QoS provisioning on MPLS-based VPLS(Virtual Private LAN Service). We propose VPLS OAM(Operation, Administration and Maintenance) for efficient performance management. We focus on a scheme of QoS management and measurement of QoS parameters(such as delay, jitter, loss, etc.) using VPLS OAM functions. The proposed performance management system also supports performance tuning to enhance the provided QoS by re-adjusting the bandwidth of LSPs for VPLS. We present the experimental results of performance monitoring and analysis using a network simulator.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.533-535
• /
• 1998

가상 다중 세그먼트 (Virtual Multi-Segment)란 하나의 LAN이 라우터나 방화벽을 사용하지 않고 가상적으로 여러 개의 세그먼트로 나뉘어진 것을 의미한다. 일반적으로 같은 LAN에 속한 호스트들일지라도 다양한 보안 정책을 가지게 되는데 그 결과로 우회 경로 공격(bypass path attack)이 가능해지고 (Hierarchical)방화벽 시스템을 구성하여 다른 보안 정책을 가진 세스먼트마다 방화벽을 구축하고 있는데 이 방식은 방화벽 시스템을 구성하여 다른 보안 정책을 가진 세그먼트마다 방화벽을 구축하고 있는데 이 방식은 방화벽을 여러 개 설치해야 하는 문제가 있다. 이런 문제를 해결하기 위해 본 논문에서 방화벽을 통해 지나오는 각 연결에 대해서 회선체인을 구성하는 기법을 이용하여 가상적인 다중 세그먼크를 구성한다. 회선체인구성을 효과적으로 수행하기 위해 Thumbpint기법을 사용하는데 이 기법은 동일한 시간대에 모든 회선이 갖는 내용에 대한 요약을 만들어 그 요약들을 가지고 어떤 회선들이 같은 내용을 가지고 있는지를 판단하여 회선체인을 구성하는 기법이다. 본 논문에서 가상 다중 세그먼트 방화벽을 설계와 구현하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.322-324
• /
• 2002

실시간 분산처리 시스템에서의 통신은 신뢰성이 높아야 한다. 신뢰성이 높은 그룹통신 프로토콜에서 그룹 멤버쉽을 위한 뷰 관리는 매우 중요하다. 이 논문에서는 실시간 요소를 가진 시스템에서 LAN환경을 위한 가상 링 구조에서의 그룹연산 프로토콜과 LAN의 확장인 intranet상에서의 네트웍의 효율적 사용을 위한 트리구조상에서의 프로토콜을 제안하고 실시간 시뮬레이션을 통해 평가하고 결과를 분석하여 실시간성을 제공하기 위해 필요한 요소를 확인한다.

• Proceedings of the Korean Institute of Communication Sciences Conference
• /
• 2004.11a
• /
• pp.271-271
• /
• 2004

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.247-256
• /
• 2006

Among the resource provisioning mechanisms for the hose based Virtual Private Network (VPN) Quality of Service (QoS ), VPN-specific state provisioning allows the service provider to obtain highest resource multiplexing gains. However, dynamic and automatic resource reservation for the VPN-specific state provisioning is difficult due to the lack of appropriate resource reservation protocol. Furthermore, users of a VPN may experience unfair usage of resources among themselves since the reserved resources of a VPN are shared by the VPN users in a similar way that the traditional LAN bandwidth is shared by the attached hosts. In this paper, we propose a resource reservation protocol and a traffic service mechanism, which not only enable dynamic and automatic resource reservation according to the VPN-specific state provisioning algorithm, but also enforce the fair usage of reserved resources among the users of a VPN in case of congestion.