150 likes | 165 Views
Introduction of An Engineering Project for KOREN/APII. 2003. 8. 27 Seung-Joon Seok Korea University. Project Overview. Project Title is “ A Study of Traffic Engineering in KOREN/APII Testbed ” Grant of NCA (National Computerization Agency)
E N D
Introduction of An Engineering Project for KOREN/APII 2003. 8. 27 Seung-Joon Seok Korea University
Project Overview • Project Title is “A Study of Traffic Engineering in KOREN/APII Testbed” • Grant of NCA (National Computerization Agency) • Project Period is 1.5 year (from July 2003 to Dec. 2004) • Participants
Project Goal • Improvement of Network Engineering Capability for KOREN and APII • Activation of Cooperative Research Group (KESG) in KOREN • Activation of Cooperative Research Interchange between KOREN & QGPOP
Project’s Overall Research Area • This Project treats the issues of KOREN/APII Traffic Engineering • Optimizing KOREN’s Network Performance • Improving International Resource Utilization • Preventing KOREN from anomalies
2) Performance Engineering Inter-Intra Routing Performance Measurement Infra TE 1) Network Traffic Measurement 3) BGP Routing 4) Network Security International routing Info. view Block Diagram of Four Research Areas
1. Network Measurement Area • Measurement System is a Key Infrastructure for Network Management. • In this project, Measurement is needed as a base technology for the other areas: security, performance management in KOREN, and international performance management. Management Area Collaboration Other Areas Collecting & Analyzing Traffic Information Developing Traffic Engineering Mechanisms
1.2 Our Research Topics • Developing & Deploying an Efficient Measurement Infrastructure. • First, Deploying a Measurement System covering entire KOREN/APII Links and using current open tools to collect basic information about KOREN status. • Next, Developing a KOREN Measurement System to support Traffic Engineering & Security efficiently. • How to Interchange Measurement Information between KOREN & other networks (QGPOP, APAN …) • Providing Other Research Areas with indispensable information about KOREN & other networks
2. Performance Engineering in KOREN Area • Now Traffic Engineering for KOREN have to be considered because Over-Engineering is limited • Simply Balancing Network Load • Optimizing Network Resource Utilization • Supporting User Requirements for End-to-End Performance through Edge-to-Edge Traffic Control • Two Issues should be considered simultaneously for KOREN Traffic Engineering .
2.1 Our Research Topics • Deploying Traffic Engineering System in KOREN NOC & Developing Traffic Engineering Mechanism • To collect network information • To control network traffic according to engineering policy • KOREN Edge-to-Edge Performance Information Service • To show end users edge-to-edge performance information through Web Service • To recommend a application a best path supporting user application requirements and not hurting traffic engineering goals simultaneously
3. Int. Performance Management Area • Oversea links should be effectively managed because they have limited resources. • KOREN can’t exactly control BGP operations by itself. • Received Information is up to neighbor domains (QGPOP). • So KOREN needs to cooperate with neighbor for International Performance Management. • BGP Protocol’s imperfection considerably affects KOREN Interior Performance. • So this area needs to be collaborated with Performance Engineering in KOREN area intimately.
3.1 Our Research Topics • Routing Technology for Oversea Link (APII-GENKAI) Management • Detecting & Correcting Asymmetric BGP Path • Load Balancing Mechanisms for Oversea links (APII-GENKAI) • Developing BGP Error Detection & Report System • To make overall map to show users/NOC BGP path at a glance
4. Network Security Area • Distributed Denial-of-Service (DOS) is to deny the victim(s) access to a particular resource/service • consumption of scarce, limited, or non-renewable resources • destruction or alteration of configuration information • physical destruction or alteration of network components • Attacks are detected using their inherent statistical characteristics
4.1 What Can ISPs Do for DOS? • Deploy source address anti-spoof filters (very important!). • Turn off directed broadcasts. • Develop security relationships with neighbor ISPs. • Set up mechanism for handling customer security complaints. • Develop traffic volume monitoring techniques.
4.2 Our Research Topics • Algorithm for dynamic and adaptive attack detection • Traceback mechanism to find original attackers. • Implementation & Deployment of Network Security system • A central network security system • Monitoring & filtering elements