7/31/2019 IP Routing for Next Generation Network Services Thesis Report
1/70
MEE07:25
IPRoutingforNextGenerationNetworkServices
OsagieIghodaloSolomonIghagbonOziegbe
ThisthesisispresentedaspartofDegreeof
MasterofScienceinElectricalEngineering
BlekingeInstituteofTechnology
June2007
BlekingeInstituteofTechnology
SchoolofEngineering
DepartmentofAppliedSignalProcessingSupervisor:DocentAdrianPopescu
Examiner:DocentAdrianPopescu
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
2/70
2
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
3/70
3
Abstract
AsthemarketforhighspeedInternetandcellularcommunicationservicesreachesmaturity,
communicationserviceshaveshownalimittogrowthbasedonthenumberofsubscribers.
NextGenerationNetworksservicesbasedonIPRoutingformthebeginningofanewageofinnovativeandaffordableserviceswhereconsumerswillwitnesssubstantialnewservice
offeringsandalsosavingsintheirconsumptionbillsforsuchservices.Therequirementof
theseapplicationschallengesthelimitationsofthenetworktechnologiesthatareinplacetoday.NextGenerationNetworksarebasedoninternettechnologiesincludingInternet
Protocol(IP)andMulti-protocolLabelSwitching(MPLS).
ThethesisthereforepresentsanoverviewoftheconvergedIPNetworkservices,focusingonopportunitiesforservicedifferentiationandintroducingcurrentserviceorientedtechnology
tomeetupthedemandsofconsumers.Thesetechnologiesallowserviceproviderstobuildandoperatenetworksthatcanbeabletoprovidelocal,longdistance,global,mobile,data,
voiceandinternetservicestoconsumers.Inmeetingthedemandsofthesenewerservicesto
itscustomersadequatelywithhighQualityofService(QoS),Speed,TrafficEngineeringandScalability,InternetServiceProvidershaveengagedNextGenerationNetworksusingthe
morereliableMulti-ProtocolLabelSwitchinginthecoreoftheirnetworkswhilealso
deliveringsuchservicesthroughasecuremeansoverthepublicinternetbyusingVirtual
PrivateNetworks.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
4/70
4
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
5/70
5
Acknowledgement
Wewouldliketoexpressourimmersegratitudeandwholeheartedappreciationtoour
SupervisorDocentAdrianPopescuforhisinvaluableguidance,patienceandencouragementtowardsthecompletionofourthesiswork.
Specialthanksgotoouruniversity,BlekingeInstituteofTechnologyforopeninganewdoor
regardingourtomorrow.
Wewouldalsoliketothankourparentsfortheirsupportandprayersandalsoourcolleagues
inthedepartment,especiallyourfriendswhohavecontributedonewayortheothertothe
successofthiswork.Godblessyouall.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
6/70
6
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
7/70
7
TableofContents
Abstract 3
Acknowledgement 5
ListofFigures 9
Chapter1 11
Introduction 11
Chapter2 13
NextGenerationNetworksOverview 132.1Introduction 132.2NextGenerationNetworksArchitecture 14
2.2.1TheAccessLayer 16
2.2.2TheTransportandSwitchingLayer 162.2.3TheApplicationandServiceLayer 17
2.3BuildingblocksforNextGenerationNetworks 19
2.3.1NextGenerationNetworkSwitches 20
2.3.2IPNetworks 212.4UsingNextGenerationNetworkServices 22
Chapter3 23
UnderlyingTechnologiesComponents 23
3.1IPRouting 233.1.1RoutingTable 23
3.1.2Autonomoussystems 24
3.1.3RoutingMechanisms 25
3.2Multi-ProtocolLabelSwitching 263.2.1BackgroundofMPLS 263.2.2HowMPLSworks 27
3.2.3MPLSArchitecture 31
3.2.4HowMPLSpathsareinstalledandRemoved 35
3.2.5ComparingIPandATMandthenMPLSandATMtechnologies 373.2.6MisconceptionsaboutMPLStechnology 38
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
8/70
8
Chapter4 39
VirtualPrivateNetworks 39
4.1Introduction 39
4.2InternetProtocolVPNs 394.3IPSecProtocolsfordataIntegrity 40
4.4AccessVirtualPrivateNetworks 41
4.5IPSecVPNsforRemoteAccess 41
4.6SSLVPNsforRemoteAccess 434.7MPLSVPNsforRemoteAccess 45
Chapter5 49
WirelessApplicationProtocol 49
5.1Introduction 495.2WAPArchitectureOverview 515.3WAPProtocolStack 54
5.3.1WirelessApplicationEnvironment 55
5.3.2WirelessSessionProtocol 555.3.3WirelessTransactionProtocol 55
5.3.4WirelessTransportLayerSecurity 56
5.3.5WirelessDatagramProtocol 565.4HowServiceProviders,OperatorsandSubscribersbenefitfromusing 57
WAP-basedSolutions
Chapter659
PerformanceManagementforNextGenerationNetworks59
6.1Definition 59
6.2WhyPerformanceManagementbyServiceProviders596.3TheFutureofPerformanceManagementandExpectedBenefitsinNext 60GenerationNetworks
6.4PerformanceManagementkeyfunctionalareainNextGenerationNetworks 60
6.5ChallengesofIntegratingPerformanceManagementSolutions 616.5.1Scalability 61
6.5.2Flexibility 62Chapter7 65
Conclusion 65
ReferenceList 67
Appendix 69
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
9/70
9
ListofFigures
2.1ThePublicSwitchedTelephoneNetworkandPublicSwitchedDataNetwork
2.2ThenewNextGenerationNetworkArchitecture
2.3TheSeparationofcontrolandconnection
2.4MediaGatewayPrinciple
3.1MPLSfunctioningbetweenthelayer2andlayer3Protocol
3.2MPLSgenericlabelformat
3.3PositionoftheMPLSlabelinalayer2frame
3.4MPLSlabelheader(Shimheader)
3.5MPLSarchitectureperformingtraditionalIProuting
3.6MPLSarchitectureperforminglabelswitchingrouting
3.7ServiceproviderMPLSnetwork
4.1RemoteaccesstoIPSecVPNs
4.2RemoteaccesstoSSLVPNs
4.3RemoteaccesstoMPLSVPNs
5.1TheWorldWideWebprogrammingmodel
5.2TheWAPprogrammingmodel
5.3AtypicalWAPnetwork
5.4WAParchitectureandreferencemodel
6.1ScalabilityRequirement
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
10/70
10
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
11/70
11
Chapter1
Introduction
TheInternettodayhadbecomeanevermorecriticalpartoftheworldscommunicationinfrastructurethusmakingInternetServiceProviders(ISPs)tobeunderincreasingpressure
toprovidegood,predictableperformance,highQualityofService(QoS),scalability,Traffic
Engineeringandspeedtoawiderangeofolderandnewerapplicationstoitsconsumers.AglobaltechnologyinfusionInternetProtocolandwirelessmobilityhaspresentedgreat
opportunitiesfortheservicedeliveryofdata,voiceandvideoforcommunicationsandalso
computinginrealtime.Thefutureoftelecommunicationshasalreadybeentremendously
changedandhasalsobeenshownthatNextGenerationNetworkServicesarecapableofreachingmarketsandcustomersworldwideinrealtime,inthiserawherebyserviceproviders
arewrestlingformindandmarketsharesastheyrestructuretheirnetworkstoattractan
increasinglydiversesetofclients.NextGenerationNetworksisabroadtermtodescribesomekeyarchitecturalevolutionsintelecommunicationscoreandaccessnetworksthatwill
bedeployedoverthenextfivetotenyears.ThegeneralideabehindthisNextGeneration
Networks,isthatonenetworkcantransportallinformationandservices(Voice,dataandothermediasuchasVideostreaming),byencapsulatingtheseintopackets,likeitsthecase
ontheinternet.IthasalsobeenshownthatNextGenerationNetworkServicesaresimply
morethanjustconnectivity,communicationandcollaborationbuttheyarealsoabouttechnologyleveraged,servicecentricplatformscombinedwithaservicevaluemind,thatis
setforthepurposeofengagingcustomersonanimmersive,interactivelevel,thoughnotonly
solvingtheirchallengesbutalsoanticipatingtheirfuturedreamsregardingbusinessandpersonalcommunications.[1]
Inthisthesiswork,themainobjectiveistogiveageneraloverviewofwhymostInternet
ServiceProvidersofferingNextgenerationnetworkserviceshavemostrecentlybeenemployingMPLSinthecoreoftheirnetworksbasedonnewerservicesthathavetobe
offeredtotheircustomers,thattheconventionalIProutingcouldnotfullysupportandalso
whytheyhavebeenusingVirtualPrivateNetworksasasecuredwayinofferingsuchservicesoverapublicnetwork.
Inthefollowingchapters,wewilldiscusstheNextGenerationNetworkarchitecture,itsbuildingblocks,switches,usesandthenfollowedbyabriefdescriptionofIProutingand
thenMulti-ProtocolLabelSwitching,whichisacentralelementofNextGeneration
Networks.ThenextchapterwouldbeVirtualPrivateNetworks,givingageneraldescriptionandvarioustypesofVPNsandthenfollowedbyWirelessApplicationProtocol,whichisa
communicationprotocolsthatenablewirelessdevicestohaveeasyaccesstotheinternetand
othertelephonyservicesandthenwetalkaboutPerformanceManagementforNextGenerationNetworkServicesandfinallyendwithconclusion.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
12/70
12
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
13/70
13
Chapter2
NextGenerationNetworksOverview
2.1Introduction
Thelasteightyearsormorehavewitnessedanincreasinglyspeedyintegrationofcomputers
andtelephonybothequipmentandnetworks.Theoldpublicnetworkoperators(PNOs)have
witnessed a decrease in telephony traffic on their public switched telecommunicationsnetworks (PSTNs)duelargelytotheincreasingly popularityof mobiletelephonesandthe
movementofservicesfromtelephonenetworkstothepublicinternet.
A customer of telephone networks prefers the unregulated but large content of
communicationsprovidedbytheirnetworkproviderwhichhascommunicationpossibilities;
thisisofferedbythepublicinternet.Fixednetworkoperatorsresponsetomeetthisdemandwastodeploybroadband,whilethissolutionsatisfiesthecustomersdemandithasdonelittle
to ensure the continued development of global communications networks as the fixed
networkoperatorisleftmerelyprovidingaccesstothepublicinternet(orworseaccesstoaninternet service provider, ISP) While content and service are provided without any
associationwithnetworkingcosts.Customersdonotbuytechnologybuttheybuyservices.
Sofromthenetworkoperatorspointofview,it istheabilitytoofferservicesthatcantake
advantageofbroadbandwhichisimportant.
Thisnewconceptofanintegratedbroadbandnetworkhasdevelopedoverthelastfewyearsand has being labeled Next Generation Networks (NGN)This term is used to describe
some architecturalevolutionsin telecommunication core and accessnetwork, which meetstheneedsofatechnologyenabledculture,morespecificallyitisaninventiveoptimizationof
technologyandserviceplatformstomeetaneweraofIPcentricnetworkingrequirementsand customers opportunities. Next Generation Networks are commonly built around the
internetprotocol.ItenablesmultipleservicessuchasVoice,Video,andDatatobeintegrated
andefficientlycarriedoverasingleinfrastructure.[1]
The next generation network seamlessly blends the public switched telephone network
(PSTN) and the public switched data network (PSDN), creating a single multiservice
network.Insteadoflarge,centralized,proprietaryswitchinfrastructures,thisnextgeneration
architecturepushescentral-office(CO)functionalitytotheedgeofthenetwork.Whatresultsfrom this is a distributednetworkinfrastructure that influences new, open technologies to
reduce the cost of market entry dramatically, increase flexibility, and accommodate both
circuit-switchedvoiceandpacket-switcheddata.[26]
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
14/70
14
Figure2.1thePublicSwitchedTelephoneNetworkandPublicSwitchedDataNetwork
Todaysnetworkisdividedintotwoelements:thePSTNandthePSDN(seefigure1).The
PSTN consists of large, centralized, propriety class-5 switches with remote switching
modules(RSMs)anddigitalloopcarriers(DLCs).whileincontrastthesubstantiallysmaller
PSDN-consistingofnetworkpointsofpresence(POPs)andremoteaccessdevise-isgrowingatadramaticrate.ThegrowthofthePSDNisdrivenbytheinternet,intranets,virtualprivate
networks(VPNs)andtheremoteaccess.However,thePSTNcontinuestobetheprincipal
meansofdeliveringdataservices.
2.2NextGenerationNetworkArchitecture
ThereisaspeedofchangeintheTelecommunicationmarketplacethatwasinconceivable
someyearsback.Liberalizationhasleadtoanincreaseincompetitionandvariousnewbusinessopportunitiesfornumerousplayers.Societalchangesandworkhabitsimposedon
people,therequirementtobepracticallyalwaysconnected.Newtechnologiesoffermore
capacityandflexibilityforfasterandcheaperimplementationsofnewfeatures.Theintroductionanddeploymentofvariousnewservicesinthenetworkmustbecarriedoutat
thespeedrequiredbythemarket.Itisthereforeapparentthatthenewnetworkarchitecture
mustbeanevolutionoftodaysnetworkswithstepwiseapproachtointroducingthenew
technologies
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
15/70
15
Servers(INTERNET,ISDN/PSTNNETWORK,
Gateways(BSC,BTS,RNS)
Database(HLR,OSS/NMS,MSC/GMSC,SGSN/GGSN,TL/TG
Figure2.2:ThenewNextGenerationNetworkarchitecture
ThenewNextGenerationNetworkarchitectureconsistsof
AnAccesslayer Atransportandswitchinglayer Anapplicationandservicelayer(figure2.2)
The access layer consists of wireline and wireless technologies, while the switching andtransportbackboneprovidesbasicconnectivity.Theapplicationandservicelayercomprises
servers and databases that provide the intelligence required to manage subscribers and
servicesandcontroltheconnections.Inthe1980s,almostsimilarstructurewasintroducedintermsoftheintelligentnetwork(IN)
architecture, recent advances in technology has made the architecture largely accepted as
well as suitable for implementation on a broader scale, especially in microelectronics foraccess and transport enabling flexible extension of existing infrastructure as well as new
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
16/70
16
softwareandprotocolsallowingamigrationofexistingapplicationsandcontrolfunctionsonmewflexibleplatforms.[28]
2.2.1TheAccessLayer
Existingcopperaccessnetworkwasdeemedoutdatedonlyafewyearsago,andfuturebroadbandserviceswereexpectedtorequirefiberallthewaytothehome.Ithasbeingshownthatcurrent advances in digital subscriber loop (XDSL) technology demonstrate that existing
copperloopscanprovideseveralmegabitspersecond(M/S)downstreamindataspeed,high
enough to handle the majority of foreseeable services delivered by the current and Next-generationInternet.
Withtheadvancesinaccesstechnology,newaccessproductstakeadvantageontherebirth
ofexistingsubscriberloops,providea varietyofenduseraccesses, integratedservicesand
open interfaces. The V 5.2 isan exampleof such technology; itis usedfor connecting tobackbone andswitching networks in a way most suitable forthenetwork operator. There
have being tremendousinvestmentin thedevelopment ofradio technology,the successof
secondgenerationdigitalwirelessnetworksmostimportantlytheGlobalsystemformobilecommunication (GSM) has secured this feet. Narrow band capacity of digital radio is
continuouslybeingincreasedthroughmoreflexiblenetworksimplementationsolutionssuch
as hierarchical cell structures and adaptive antennas. The introduction of General PacketRadio Service (GPRS) in GSM, further improved by Enhanced Data rates for Global
Evolution[EDGE],utilizesthescarceradioresourceswithinfrequencyrangesexistingmore
effectively,especiallyfordataservices.
The evolutionary approach associatedwithGPRS where existing infrastructureinthebase
station system [BSS] can be reused, allows for introduction of mobile data services on abroad scale. With the universal mobile Telecommunications systems [UMTS] Terrestrial
radioaccessnetwork[UTRAN],anewspectrumefficientradiotechnologywidebandcodedivisionmultipleaccess[WCDMA]isintroducedtocontinuetheevolutionofGSMtoward
Third generation capabilities. Although UTRAN is based on a new radio technology, itsflexibilitiesintransportallowssignificantsavingsinradioaccessinvestments.[28]
2.2.2TheTransportandSwitchingLayer Inthenextgenerationnetworkbasicopticaltransmissiontechnologyhasanimportantrole.
In the last two years the area of wavelength division multiplexing [WDM] has shown
opportunitiestoincreasethe capacity ofexisting transmission networksbya factorof 100.
Henceperceivedbottleneckforfuturenetworkapplicationhaseffectivelybeenremoved.Withinthebackbonetransportnetworkthediscussiononthecostbenefitsofpacket-oriented
technologiesVstheQualityofservice[QoS]offeredbycircuitswitchednetworkscontinues.
AdvancesinroutercapacityandVoice-over-IP[VoIP]applicationshaveconvincedanumberof new entrants in the operator market to introduce overlay networks targeting selected
customers groups. Several established network operators have also launched networks
evolution programs introducing packet switching in a controlled way on the existingnetworks. Asynchronous transfer mode [ATM], as a packet-switchingtechnology offering
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
17/70
17
QoSandgoodnetworksmanagementmechanisms,playsanimportantroleinfacilitatingthisevolution .With ATM inter working closelywiththeexistingcircuit-switched call control
infrastructure, it is possible to flexibly introduce packet switching as a basic for new
applications in parallel with the current public switched telephone network/integrated
servicesdigitalnetwork[PSTN/ISDN].ThisensuresretainedQoSandreuseoftheexisting
functionalityfortelephony.[28]
Figure2.3theseparationofcontrolandconnection
2.2.3TheApplicationandServiceLayer
Anissuewhichisimportantinthenextgenerationnetworkarchitectureistheindependenceofapplicationsandservicesfrom basicswitching and transportTechnologies.A separationof applications and control mechanisms from the access and transport layers is the
fundamental feature of the next generation architecture. On the application layer severaltrendsarevisible,pertainingtothedifferentsegmentsofthemarket.Intelligentnetwork(IN)
still plays an important role for well specified services, especially mass market services
requiring high capacity and good management control; examples of this are number
portability and prepaid services.A lotof futureservices requiremoreflexibilityand smallscaleeconomicsintheirintroduction.Dedicatedservicesandstandalonenodesalreadyoffer
thesecapabilitiesformanynewservicestoday,especiallywithinthewirelessnetworks.[28]
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
18/70
18
Howeveritisbecomingmorecomplexbythedaytomanagecurrentimplementationoftheapplication structure. It nowrequires a new approach, thenext significant step towardthe
newarchitectureinvolvesthetrueseparationofcontrolandconnectionasshownin[Figure
2.3].Thisispossiblethroughthemigrationofapplicationsandcallcontrolfunctionsonopen
platforms,theintroductionofCommoncontrolprotocolstosupportcommunicationbetween
control function and network resources and especially through the introduction of mediagateway[MGW]nodes.MGWnodesprovideconversationbetweendifferentcommunication
media, protocol adaptations, and pooling of devices such as codec and announcementequipment [Figure 2.3].The implementations of the gateway nodes is based on the
applications and developed in different configurations but they should fulfill
telecommunication specific design requirements and reuse network infrastructure whenapplicable.
Figure2.4MediaGatewayPrinciple
AnMGWisalogicalnode:
TheMGWperformsprotocolconversionoftheuserplanebetweentwonetworks. TheMGWiscontrolledbyserversusingthex-cpprotocol TheMGWperformsbearercontrol TheMGWshallownitsownresources,enablingseveralserverstocontrol
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
19/70
19
Themaincharacteristicsoftheabovedescribednetworkarchitectureareasfollows:
Service-differentiated:TheneedtooffernewapplicationatarateexpectedbythedifferentmarketsegmentsaswellassupportdifferentlevelsofQoS,dependingon
thepriceendcustomersarepreparedtopay.
ApplicationDriven:Separationofcontrolandconnectionandbusinessaspects
drivingthespeedofimplementation.
Server-oriented:TheopportunitiestointroducenewservicesboththroughserversconnectedtothenetworkandbyportingexistingTelecommunicationlogicon
openserversplatforms.
Softwaredominated:Duetotheexpectedincreaseofhigher-levelprogrammingandamountofsourcecodeusedand/orreusedforimplementingtheapplication
layerandcorrespondingprotocols.
2.3BuildingblocksforNextGenerationNetworks
Internet protocol [IP] starts the fundamental building blocks of Next GenerationNetworks, applications and services. It is the networking massager between data
computingapplications,IPtelephonyconversationsand IPvideosessionsat layer3. IP
successhasbeenbeneficialtotheriseofEthernettechnologyatlayer2.Inthebeginningof the early 1970s Ethernet has withstood all layer 2 competitions defeating the
technology push of all deterministic layer 2 challengers with the pull of Ethernets
simplicity,adaptability andinteroperability withall layer 1 mediums. Where IP is thelayer3packaging,Ethernetisthelayer2conveyorbeltthatleadstothedigitalversions
ofmailbags(wireline),photoniclocomotives(optical),andstealthjetplanes(wireless)
allatlayer1.InternetProtocol,Ethernet,Opticalandwirelessnetworksarethemusthave
networkinglayersinessence, thenew-era building blockswithwhichtoconstruct andenhance networkthat areflexible, fast andservice rich. WiththeseTechnologyinuse
providers are adapting their networks towards architectures that better support Data,
VoiceandVideo
Convergence,providingavarietyofaccessinterfacestodealwithcustomerschoiceand
augmenting theiroptionsto offernext generationbroadbandservices that find success
withcustomers.[1]
This servicevalued technologies within the contextof general classifications or rather
typesofprovidernetworksencompass
IPNetwork Virtualprivatenetworks Wirelessnetworks
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
20/70
20
Depending upon various business plan providers might use one classification of network
exclusively or they might incorporate several network classifications while considering
relativestrength,customersneedsandmarketopportunities.
2.3.1NextGenerationNetworkSwitches
Next generation switches are the most flexible platforms available. Combining extremescalability,anopenservicecreationenvironment(SCE),remotemanagementanddiagnostics
andthehighestavailability,nextgenerationswitchesprovideamigrationpathfromtodays
switching architecture to a more cost effective, efficient, next generation network
architecture.Thisnextgenerationswitchingarchitecturerepresentsanentirelynewapproachtodeliveringservicesthatisspecificallydesignedtoaccomplishthefollowingservices:
Distributeswitchingfunctionalitytotheedgeofthenetwork Deliverrobustswitchingfunctionality ata costthatisanorderofmagnitudelower
thantraditional,proprietyclass-5switches
Protectexisting investmentsby supporting all currentanalogy anddigitalnetworkstandards,interfaces,media,andserviceselements.
Reduce the number of network elements by combining a range of telephony,applicationandservicedeliveryfunctions
Through programmability and the flexibility of an open application programminginterface(API)enablenewservicecreation
Provide a high degree of scalability, enabling network operators to expand theirsubscriberbaserapidlyandcosteffectively
Take advantage of future technological advances which promoted extensibilitythroughopenarchitecturedesign
Redefinetrue,carrier-classdesignformaximumfaulttoleranceandzerodowntime Reduceoperatingcostsbyemployingadvancedremotemaintenanceanddiagnostics
capabilities.
Increase revenues by shortening time to market, reducing upfront costs, andprovidingremotemanagementcapabilities
Obviouslythis methodor approachrepresentsa dramaticdeparture from traditionalswitch
architecture.Onsidebysidecomparison,theimmediatedifferencesareclear.Seefigure2.1.
Nextgenerationswitchesarepurpose-builttoscaletomeettheneedsofanysubscriberbase.
In designing these systems small start up cost and a linear incremental cost is taken intoconsideration. This architecture allows carriers to make better use of their capital by
purchasingonlythecapacitythattheirnetworkrequires,ascarriersneedadditionalcapacity,additional cards can be inserted. In competing and wining in a competitive environment,
carriers must offer revenue generating enhanced services ahead of the competition. Other
benefitsofnextgenerationswitchesistheirlargeservicecreationenvironment(SCE).Thisismainlya graphical user interface, these SCEs allows carriers to develop,deploy and most
importantly pay onlyfor the services that theircustomers require [26]. In an era of next
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
21/70
21
generationswitches,carrierswillnolongerneedtowaitforavendorsnextgenericreleaseoffeature software. Thecarriersorthird party developerscan quickly andcost effectively
develops their ownapplications.Doingsowillprovide yet another competitive advantage.
Thecarrierwillownitsnewapplications,therebylimitingacompetitorsabilitytoofferthe
same service. Nextgeneration switches enablecarriers toconnect a distributednetwork of
intelligentswitchestogetherandmanagethemasasinglevirtualswitch.Italsogivescarriersthe ability to gain access to a specific resource on a specific card via a host computer
connected to the next generation network. This possibility greatly reduces a networkoperatorscostsby eliminating expensivetruckrollsand costlyservicecalls.Newfeatures
are introducewith next generation switches, carriers can introducefeatures andservicesin
realtime,ratherthanwaituntilnetworktrafficgoestothelowestpossible.NGNswitchescanservethefollowing:
Analternativetotraditionalclass-5,endofficeswitches
Analternativetotraditionalclass-4,tandem-officeswitches
Enhancedservicesplatforms
Wirelesslocalaccessswitchesandthebasestationcontrollers
Cabletelephonyheadendswitches.
2.3.2IPNetworks
IPisuniquelypositionedasthecentralthemeintheneweraofnetworkingandanimportantpoint ofconvergence fornetworks,service and applications.Alltypesof serviceproviders
nowuse IPnetworks; this allowsproviders tointerface directly with thetype ofnetworks
mostfamiliartotheircustomers.
IP networks a layer 3 protocol stitch together various purpose built networks and are the
fundamental accesslayer to theinternet. IPis themost preferred networkinginterface foradvanced application because it can reach the largest customer markets and it is moving
centerstage into carrier class networking.Data, voice, video and internet data must come
together. Bystandardizing varioustypesofdataformerlyassociatedwithentirely separate
technologiesIPprovidesapowerfulsolution.IPnetworkconvergenceprovidesafoundationfor greater collaboration, opening new ways to work and interact, simplifying network
managementandreducingoperatingcosts.[1]
Today,convergednetworksarefuelingthedevelopmentofanarrayofdynamicapplicationsexamples include E-learning, unified messaging and integrated call center and customers
supportsystems is unifying theconvergence of networks while facilitating thepurposeful
andappropriatecombinationofData.MoreonIPnetworksisonchapterthree.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
22/70
22
2.4UsingNextGenerationNetworkServices
Innovative technology, process and a companys culture each have part and parcel in thedelivery of a next generation network service. This services leap from a service-valued
emphasis made possible by appropriate applicationof next generationnetworktechnologyalongwithprocessoptimizationandculturalshift.ExamplesofNextgenerationservicesare:
Internetaccessservices VPNservicesatbothlayer2andlayer3 EthernetasmetroareaandwideareaLANextensions IPservicesincludinglayer3Datarouting,IPvoice,andIPvideo OpticalwavelengthServices Content,Database,andapplicationdeliveryservices Storageandsecurityservices Managednetworkservices
Manyoftheseservicesresideatnetworkinglayers2and3andalsoatlayers4-7forhostedapplications.Thisistheessentialdistinction:nextgenerationnetworkservicestranscendthe
physicallayeratlayer1,traditionallyconsideredtheheartoftheprovidertransportmodel
and move upscaleinto layers2, 3 and beyond. Services aredecoupledfrom transport asaresultofIP based any toanynetworking. Service ismore than Technology. It isin fact a
uniqueblendoftechnology,processandculture.Themeasurementofservicevaluewillbe
increasingly calculated as a success ratio with the amount of time saved as the mostimportant factor and to thecustomer serviceis everything. Providers that are engaging in
next generation network services are doing so through the recognition and tailored
exploitation of convergence trends. Seeking to rapidly market an expanded catalog of
servicestheyareconvergingtheirTechnologyplatformsandnetworkinfrastructuresaswellasexploitingselectiveconvergenceofvariouscommunicationsservices.[1]
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
23/70
23
Chapter3
UnderlyingTechnologiesComponents
3.1IPRouting
IPRoutinginvolvestheprocessofmovingpacketsacrossaninternetfromasourcetoa
destinationandmakingthisroutingdecisionisachievedbyusingarouterwhichprovidesthephysicalconnectionbetweennetworks.Suchroutersmustbeconfiguredwithsometypeof
routingmechanismtoenablecommunicationbetweenhostsgobeyondtheirlocalsegments.
Theseroutingmechanismscouldbestaticordynamicinnatureorcouldalsobeacombinationofbothandtothinkofwhichofthechoicesischosendoesntmatterbecause
theybothhavethesameobjectiveoffacilitatingcommunicationbetweenremotehosts.
Routinginterfacesconnectnetworksandsubnetworksandalsoserveastheentry/exitpoint
forendsystemswithinthenetworksandsubnetworks.Localroutingtablesarebuiltandmaintainedbystaticordynamicroutingprotocolsandtheseroutingtablesrepresentthe
physicalnetworkinfrastructureidentifyingpathstonetworksandsubnetworks.Routersusetheroutingtablestodeterminethebestpathbetweensourceanddestinationafterthe
destinationaddresshasbeenidentified.Routingbasicallyconsistsoftwoseparatetasks
whicharealsorelatedbasedonapplicationsandtheyare:First,thepathsforthetransmissionofpacketsthroughtheinternetshouldbedefinedandsecondly,packetsarewillnowbe
forwardedbasedonthepathswhichhasbeendefined.[3]
3.1.1Routingtable
Routersuseacombinationofdifferentroutingmethodsnamelystatic,defaultordynamicto
buildaroutersroutingtablessinceallroutersmusthavealocalroutingtabletomakeits
routingdecisions.Routingtablesaregenerallyusedbyrouterstodeterminethebestpathbetweenasourceanddestinationwhendatagramarebeingforwarded.Itincludesalistofall
networksandsubnetworksknowntoarouterandalsotheIPaddressofthenexthoprouter.
Thenextquestionwillbehowtheseroutingtablesworks.Usually,whenarouterreceivesa
datagramthatneedstobeforwarded,thedestinationaddressisfirstdeterminedand
comparedwitheachroutewithintheroutingtableandthiswillcontinuouslybedone,untilanexactorbestroutematchisfoundandifanexactmatchisfoundwithintheroutingtable,the
routersimplyre-addressesthedatagrambyusingitsMACaddressasthesourceandthenexthoproutersaddressasthedestinationbutdoesnotinanyawaychangethelogicalnetworklayeraddresswithinthedatagram.Itfinallysendsthedatagramouttothelocalinterface
connectedtothelinkleadingtothenexthoprouter.Anotherquestionthatfollowsinthis
casewillbewhennospecificmatchisfoundwithintheroutingtable.Ifithappensthatthe
routerdoesntfindaspecificmatchwithinitsroutingtablewhiletryingtoforwardadatagram,therouterthenusesthedefaultrouteinforwardingthedatagramorthedatagramis
discardedwithaninternetcontrolmessageprotocol(ICMP)errormessagesentbacktothe
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
24/70
24
source.Wheninthealternativemultiplepathstoadestinationexist,thenitmeansthatmorethanoneroutemaybeincludedintheroutingtablebutonepathwillhavetobeselectedas
thebestbytheroutingprotocolandplacedintheroutingtable.However,somerouting
protocolsallowsforloadbalancingacrossmultiplepathsbymakingbothpathsactiveand
thenplacingthemintheroutingtabletherebymakingitpossibleforrouterstoalternatelyuse
bothactivepathsinforwardingdatagramandalsobalancingthetrafficloadacrossthepaths.Itisveryimportanttomaintaininformationintheroutingtableoncearouterhasbeenableto
buildoneandsuchmaintenancecanbeachievedbyeithermanualconfigurationorbytheuseofdynamicroutingprotocols.[3]
3.1.2AutonomousSystems(AS)
Anautonomoussystembasicallyconsistsofmultipleroutingdomains.Routingdomainsreferstoacollectionofnetworksandsubnetworksassociatedwithroutersrunningthesame
routingprotocol.Therearetwotypesofautonomousroutingprotocol:[3]
1:Intra-AutonomousRoutingProtocols:Theseroutingprotocolsareusedtoconfigureandmaintainroutingtableswithinanautonomoussystem(AS)andcouldalsobecalledIntra
domainrouting.Intra-AutonomousroutingprotocolsarealsoknownasInteriorGateway
Protocol(IGP).AnIGPusuallycalculatesrouteswithinasingleASanditalsoenablesdatatobeforwardedacrossanASfromingresstoegress,whentheASisprovidingtransit
services.
2.Inter-AutonomousRoutingProtocols:Theyareusedtoforwardpacketstoexterior
Autonomoussystems(ASs)andarealsocalledInter-domainroutingprotocol.Inter-domain
routingprotocolsarealsoknownasExteriorGatewayProtocols(EGPs).EGPallowsroutestobedistributedbetweenAssanditenablesrouterswithinanAStochoosethebestpointof
egressfromtheASforthedatatheyaretryingtoroute.
RoutingProtocolsfallintotwocategories,namely:InteriorandExteriorRoutingProtocols.a)InteriorRoutingProtocols:ThisisalsocalledInteriorGatewayProtocols(IGPs)andit
referstoanyroutingprotocolexclusivelyusedwithinanAS,therebyprovidingIntra-AS
routing.InteriorGatewayProtocolsimplydescribesanyroutingprotocoloperatingasaseparate
routingdomainwithanAS.Usually,allIPInteriorGatewayProtocolsmustbespecifiedwith
alistofassociatednetworksbeforeroutingactivitiescanstart.ExamplesofIGPsareRIP,OSPF,IGRP,EIGRP,IS-ISandHP.RIPandOSPFarealsoreferredtoasborderroutes
becausetheysitontheborderbetweentwoIGProutingdomains.
b)ExteriorRoutingProtocols(EGP):Theydescriberoutingprotocolsthatallowsfor
communicationbetweenseparateAutonomousSystems,therebyprovidingInter-ASrouting.
Usually,allIPExteriorgatewayprotocolrequiresknowingalistofneighborrouterswithwhichtoexchangeroutinginformation,alistofnetworkstoadvertiseasdirectlyreachable
andtheASnumberofthelocalrouterbeforeroutingcanstart.ExamplesofExteriorgateway
protocolsareBGP,EGP,GGPandIDRP.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
25/70
25
3.1.3RoutingMechanisms
Therearedifferentroutingmechanismswhichroutersuseasacombinationofinputsources
tobeabletobuildtheirroutingtables.Themostimportantoftheseroutingmechanismsarestaticanddynamicrouting.[3]
1)StaticRouting:Staticroutingisperformedusingapreconfiguredroutingtablewhichwillcontinuetobeavailableunlessitismanuallychangedbytheuseri.e.theroutingtablesare
createdmanually.Thisisthemostbasicformofroutingandsincethisisstaticinnature,it
doesnothavethecapabilityofadjustingtochangesinthenetworkandassuch,ifthereisanyfailureorunavailabilityintherouterorinterfacethathasbeendefined,thentherouteto
thedestinationfailsandthisisoneofthenotgoodperformanceofstaticroutingbut
however,ithastheadvantageofeliminatingalltrafficrelatedtoroutingupdates.
Staticroutestendstobeidealwherethelinkistemporaryorbandwidthisanissuebecause
theyconservebandwidthsincetheydonotcauserouterstogeneraterouteupdatetrafficbutit
howeverconsumesalotoftimewhentherouteupdatesneedstobemanuallydoneeachtimetherearechangesinthenetwork.
2)DynamicRouting:Theroutingtablesarecreatedautomaticallybydynamicrouting.Itusesspecialroutinginformationprotocolstoautomaticallyupdatetheroutingtablewithroutes
knownbypeerroutersandtheseprotocolsareeithergroupedasInteriorgatewayprotocolsor
Exteriorgatewayprotocols.IGPsareusedtodistributeroutinginformationinsideanASwhileEGPsareusedforInter-ASrouting,sothateachASmaybeawareofhowtoreach
othersthroughouttheinternet.
Whensuchroutingprotocolsasaboveareusedinexchangingmessageswitheachother,then
bestroutesarethuscomputed.Dynamicroutingisadvantageousbecauseofthechoicetoselectbestroutesbasedonaspecificroutingmetrice.g.Bandwidth,linkcost,delay,number
ofhops,reliability,loadetcandalsohasadisadvantageofcreatingsomediverseproblemssuchasloops,instabilityetc.
Routingprotocolsbasicallyfallintotwomaincategories,namelyDistancevectorandLink
state.[3]
1)DistanceVector:Distancevectorroutingprotocolsusuallydeterminesthebestpathonhowfaristhedestinationanddistancecanbehopsoracombinationofmetricscalculatedto
representadistancevalue.ExamplesofdistancevectorroutingprotocolsareRIPv1,RIPv2
andIGRP.WhileRIPv1andRIPv2usehopsasthemetrictodeterminethebestpath,IGRPontheotherhandusesacombinedmetricofbandwidthanddelay.
Thereareseveraldistancevectorcharacteristicsindeterminingthebestpathandthey
include:Routeupdates,metrics(hops,bandwidthanddelay),Variablelengthsubnetmasks
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
26/70
26
(VLSM),ToS,loadbalancing,maximumnetworkdiameterandthenauthentication.Distancevectorroutingprotocolshasroutingloopsproblemswhichoccursinnetworkswhenoldroute
informationexistsinaroutingtableandthisproblemoriginatesfromtheperiodicscheduled
routeupdatesthatresultinslowconvergence(convergenceisusuallyattainedwhenall
routerswithinaroutingdomainagreeonreachabilityinformation).
Thereareseveraltechniquesthatcanbeusedtominimizeroutingloopsonanetworkand
theyincludecounttoinfinity,splithorizon,holddowntimersandPoissonreverse.
2)LinkStateRouting:Linkstateroutingprotocolsgenerallyprovidegreaterflexibilitythan
distancevectorrouting.TheyreduceoverallbroadcasttrafficandmakebetterdecisionsaboutroutingbytakingcharacteristicssuchasBandwidth,delay,reliabilityandloadinto
considerationinsteadofbasingtheirdecisionsonlyondistanceorhopcount.Examplesof
LinkstateroutingprotocolsareOSPFandIS-IS.
Linkstateroutingprotocolsareabletoreducebroadcasttrafficbecausetheydonotsendout
periodicbroadcastsortheirentireroutingtableswitheachbroadcast.AllLinkstateroutingprotocolmustbeabletobuildandmaintainthreeseparatetablesandtheseincludesthe
neighbortable(alsocalledAdjacencydatabase),topologymap(Linkstatedatabase)and
routingtable(Forwardingdatabase).Linkstateroutingprotocolcharacteristicstodetermine
thebestpathincludesrouteupdates,databasesandtables,metrics,VLSM,ToS,LoadbalancingandAuthentication.However,thereisadisadvantageintheamountofCPU
overheadinvolvedincalculatingroutechangesandmemoryresourcesthatarerequiredto
storeneighbortables,routingtablesandacompletetopologymap.
3.2.1BackgroundofMPLSTherelativeandfastgrowingtrendoftheinternetoverthepastyearshasplacedahighdemandonserviceprovidernetworkstomeasureupwiththeincreaseinthenumberofusers,
increaseinconnectionspeeds,backbonetraffic,increaseinbandwidthandtheemergenceof
newerapplicationsthatincorporatesvoiceandmultimediaservices(e.g.VoIP)whichrequirehigherbandwidthandbetterguarantees,irrespectiveofanydynamicchangesordisruptions
inthenetworks.[1]
Though,thereareanumberofdifferenttechnologiese.g.Asynchronoustransfermode
(ATM)andFrameRelay,thatweredeployedtomeetupwithsuchdemandsbutanewer
technologycalledMultiprotocolLabelSwitching(MPLS)isnowgraduallyreplacingthembecauseofsomeproblemsimminentwiththoseoldertechnologiesandsomeofsuch
problemsincludeSpeed,Scalability,TrafficEngineeringandQualityofService(QoS)
management.MPLSthusaddressestheseproblemsandhasalsobeenpositionedtoalignwithcurrentandfuturetechnologyneedsbutitcanexistoverexistingATMandFR,thereforenot
completelyreplacingthem.MPLSisanevolvingtechnologythatenablesserviceprovidersto
offeradditionalservicesfortheircustomersbyscalingtheircurrentofferingsandexercising
morecontrolovertheirgrowingnetworksbyusingitstrafficengineeringcapabilitiesand
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
27/70
27
thereforemostnetworkoperatorshaveconsidereditasthebesttechnologyforthemtoconvergealloftheirbackbonetransport,whilestilldeliveringthequalityofservicerequired
bymultipletraffictypes.
Therefore,basedonthecapabilitiesofMPLS,itwillplayavitalroleintherouting,
switchingandforwardingofpacketsthroughthenextgenerationnetworkssoastobeabletomeetincreasingservicedemandsofthenetworkusers.MPLShasaprimarygoalof
integratinglabelswappingforwardingparadigmwithnetworklayerroutingandthislabelswappingisexpectedtoimprovethepriceandperformanceofnetworklayerrouting,
improvethescalabilityofthenetworklayerandprovidegreaterflexibilityinthedeliveryof
newerroutingservicesbyallowingnewroutingservicestobeaddedwithoutachangetotheforwardingparadigm.MPLShasproventobeatechnologythatcombinesboththegood
attributesofthecircuit-switchedandpacket-switchednetworkstherebymakingithave
diversefunctionalitiesbutitisindependentofthelayer2andlayer3protocolswhileexercisingitsfunctionsandalsohasawiderangeapplicationsinserviceproviderand
enterprisenetworksbackbone.[2,7]
Figure3.1MPLSfunctioningbetweentheLayer2andLayer3Protocol
3.2.2HowMPLSworks
TherearesomeMPLSterminologiescommonlyusedandthusneedstobeexplainedhere
beforeexplaininghowMPLSworks.Theterminologiesinclude[2,7,11,13]1.)ForwardEquivalenceClass(FEC):isdefinedasagroupofIPpacketswhicharegenerally
forwardedthroughthesamepathandusuallyallsuchpacketsinthisgrouparesubjectto
sametypeoftreatmentastheyareforwardedtotheirdestination.Theallocationofa
MPLS
SDH,ODH,WDN,CSMA
IP
ATM,FR,Ethernet,PPP
Layer3
Layer2
Layer1
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
28/70
28
particularpackettoaparticularFECisusuallydoneonceasthepacketentersthenetworkandtheFECwhichthisparticularpacketisassignedisthenencodedasashortfixed-length
identifierknownaslabel.
2.)LabelsandLabelbindings:Labelsareusedtoidentifytheforwardingpathofapacket
andisusuallyencapsulatedorcarriedinalayer2headeralongwiththepacket.Theforwardingofapacketthroughthebackboneisusuallybasedonlabelswitchingandthisis
doneoncethepackethasbeenlabeledandthenexthopdetermined.Alabelisusuallyassignedtoapacket,onceithasbeenclassifiedasaneworexistingFECandthelabelis
boundtothisFECduetosomeeventorpolicywhichspecifiestheneedforsuchbinding.
[11]
Thegenericlabelformatisasshownbelow:
Figure3.2MPLSGenericLabelformat
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
29/70
29
Thelabelcanbeembeddedintheheaderofthedatalinklayer,framerelayDLCIorintheshimi.e.betweenthelayer-2datalinkheaderandlayer-3networklayerheader.
Figure3.3PositionoftheMPLSlabelinalayer-2frame
TheMPLSlabelisinsertedbetweenthelayer-2headerandthelayer-3contentsofthelayer-2frameasshowninthefigureabove.[2]
3.)MPLSLabelheader:itisalsocalledMPLSShimheader.Itconsistsof32bitsandhasthe
followingfields:
a)TheLabelfield(20bits):ThisisthefieldthatusuallycarriestheactualvalueoftheMPLSlabel.
b)TheClassofService(CoS)field(3bits):ThisisalsocalledExperimentalbitsaccordingtodocumentationbytheIETFMPLS.Itcanmaintaineight(8)distinctserviceclassessincethe
CoSfieldhas3bits.
c)TheTime-to-Live(TTL)field(8bits):TheTTLfieldhasanidenticalfunctionastheIP
TTLfieldbasicallyinloopdetection.TheTTLisnormallydecrementedbyoneeachtimethe
packetpassesthrougharouterandthenthepacketisdiscardedwhentheTTLfieldreaches
zero.
d)TheBottom-of-Stack(S)field(1-bit):ThisfieldusuallyperformsanMPLSlabelstack
whichMPLSapplications,includingMPLSbasedVirtualPrivateNetworksorMPLSTrafficEngineeringuses.SincetheMPLSlabelstackheader(Shimheader)isinsertedbetweenthe
layer2andthelayer3payloads,theroutersendingthepacketshouldinformtherouter
receivingitthatthepacketbeingtransmittedisnotapureIPdatagrambutalabeledpacketi.e.anMPLSdatagram.TheMPLSlabelstackisusedforroutingpacketsthroughLSP
tunnels.TheS-bitisusuallysettooneforthelastentryandzeroforallotherlabelstack
entries.
Layer3data(IPPacket) Layer2header
Layer2frame
Layer2frame
MPLSlabel
Shimheader
Layer3data(IPPacket)Layer3data(IPPacket) Layer2header
Unlabeledpacket
inlayer2frame
beledIPpacket
ayer2frame
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
30/70
30
Figure3.4MPLSLabelheader(Shimheader)
e)LabelSwitchRouters(LSR):ThelabelSwitchRoute(LSR)formsthecoreoftheMPLS
network.LSRtakesactivepartintheforwardingofpacketstootherMPLSroutersandalso
intheformationoflabelswitchedpaths.Theyanalyzelabelsandthenforwardpacketsdependingonthecontentsofthelabelbutthisisonlypossibleiftheyhavealreadyreceived
packetsfromtheLabelEdgeRouters(LER).ThreedifferenttypesofLSRexistinanMPLS
networkandtheyinclude:[2]
1)Edge-LSR:ThistypeofLabelSwitchRouterhasseveralfunctionalitiesthatinclude
receivinganIPpacket,performinglayer3lookupsandthenimposingalabelstackbeforeforwardingthepacketintotheLSRdomainandasafollowuptoreceivingIPpacket,itcan
alsoreceivealabeledpacket,removelabels,performlayer3lookupsandthenforwardtheIP
packettowardsitsnexthop.
2)ATM-LSR:ThistypeofLSRrunsMPLSinthecontrolplanetosetupATMvirtualcircuitsanditalsoforwardslabeledpacketsasATMcells.
3)ATMedge-LSR:ThisLSRtypecanreceivelabeledorunlabeledpackets,segmentthem
intoATMcellsbeforeforwardingthecellstowardthenext-hopATM-LSRoralternatively,itcanfirstandforemostreceiveATMcellsfromanadjacentATM-LSR,reassemblestheminto
theoriginalpacketbeforeforwardingthepacketasalabeledorunlabeledpacket.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
31/70
31
f)LabelEdgeRouters(LERs):LERoperatesattheedgeofanMPLSnetworkandcontains
interfacestodissimilarnetworkslikeATM,EthernetandFrameRelay.Theyroutetrafficand
arethereforeusedasaninterfacebetweenlayer2networksandanMPLScorenetwork.
Usually,whenanLERreceivesapacketfromlayer2networks,alabelisattachedandthe
newpacketsubsequentlysentintotheMPLScorenetworksandnormallyalso,thepacketwillfollowaspecificpathcalledaLabelSwitchedPath(LSP),goingfromoneLERto
anotherandwhenanLERreceivesapacketfromtheMPLSnetwork,thelabelisremovedandthepacketsenttotheappropriatenetwork.LERsthatsendpacketsintotheMPLS
networkarereferredtoasingressLERswhiletheLERsthatsendspacketsintothelayer2
networksarereferredtoasegressLERsandtheyalltakepartintheestablishmentofLSPspriortoexchangingpackets.
g)LabelSwitchedPath(LSP):ThisisaspecifictrafficpaththroughanMPLSnetworkthat
hastheabilitytomapincomingMPLSlabeledpacketstosomeoutgoingaction.Thecreation
ofanLSPisconnection-orientedbasedbecausethepathissetuppriortodatatransmission.MPLSprovideshop-by-hoproutingorexplicitroutingoptionstosetupanLSP.Itisalso
importanttonotethatinanLSPmechanism,eachpacketenterstheMPLSnetworkatthe
ingressLSRandexitsthenetworkattheegressLSR.TheLSPsetupforanFECis
unidirectionalinnaturewhichsimplymeansthatthereturntrafficfromaparticularFECmusttakeanotherLSP.
3.2.3MPLSArchitectureTheMPLSarchitectureisdividedintotwocomponentsnamelydataplanecomponentandcontrolplanecomponent.[2]
1)DataPlane:Thisisalsocalledtheforwardingcomponent.Itcarriesoutdatapackets
forwardingbasedonlabelscarriedbypacketsbysimplyusingalabelforwardingdatabasemaintainedbyalabelswitch.
2)ControlPlane:Thisisalsocalledthecontrolcomponent.Ithastheresponsibilitytocreateandmaintainlabelforwardinginformationalsoreferredtoasbindingsamongagroupof
interconnectedlabelswitches.Thecontrolplanealsotakesresponsibilityforpathselection
byusinghop-by-hoporexplicitroutingtodeterminethebestpaththroughanetworkandalsopathestablishmentbyaddingasignalingprotocoltoinformalltheroutersinthepath
thatanewlabelswitchingpath(LSP)isrequiredoncethepathhasbeendetermined.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
32/70
32
Figure3.5MPLSarchitectureperformingtraditionalIProuting
IntraditionalIProuters,theIProutingtableisusedtobuildtheIPforwardingtableandtoexchangeIProutinginformationwitheachotherMPLSnodesinanetwork,theMPLSnode
mustberunononeormoreIProutingprotocolswhiletheMPLSIProutingcontrolprocessuseslabelsexchangedwithadjacentMPLSnodestobuildthelabelforwardingtableusedto
forwardlabeledpacketsthroughtheMPLSnetwork.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
33/70
33
Figure3.6MPLSArchitectureperforminglabelswitchrouting
TraditionalIPforwardingtableextendedwithlabelinginformationareusedtoeitherlabelIPpacketsortoremovelabelsfromlabeledpacketsbeforesendingthemtonon-MPLSnodes
andincominglabeledpacketscanbeforwardedaslabeledtootherMPLSnodes.Whenthe
destinationofaparticularlabeledpacketisanon-MPLSnode,thenthefirstthingtodo,isto
removethelabelandperformalayer3lookuptobeabletolocatethenon-MPLSdestination.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
34/70
34
MPLSOperation:
Figure3.7ServiceproviderMPLSnetwork
ThefigureshowsatypicalMPLSnetwork.ThecentralcloudrepresentstheMPLSnetworkitselfandalltrafficbetweenthecloudandcustomernetworksisnotMPLSlabeled.Theother
componentsofthenetworkareLabelEdgeRouters(LERs),LabelSwitchRouters(LSRs)
andLabelSwitchedPaths(LSPs).
IntheMPLSnetwork,LERsaddMPLSlabelstopacketsattheingress(in-coming)while
theyremovethelabelsattheegress(out-going)side.TheLSRsswitchtraffichop-by-hopbasedonMPLSlabelwithintheMPLScloud.
TheflowofdatathroughtheMPLSnetworkcanbesummarizedinthefollowingstepsbelow:[7]
1)ThePEroutersfirstcreateLSPsthroughtheMPLSnetworktootherremoteLERsbeforetrafficisforwardedontheMPLSnetwork.
2)Thennon-MPLStraffic(likeFrameRelay,ATMandEthernet)issentfromacustomer
networkthroughitsCEroutertotheingressPErouterwhichisoperatingattheedgeofthe
providersMPLSnetwork.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
35/70
35
3)ThePErouternowperformsalookup(i.e.IPforwarding)oninformationinthepacket,soastoassociateitwithaFECandthenaddstherelevantMPLSlabel(s)tothepacket.
4)ThepacketnowmovesalongitsLSPwitheachadjoiningProuterperforminglabel
swappingtodirectthepackettothenexthop.
5)Andthen,attheegressPE,thelastMPLSlabelisremovedandthepacketsubsequently
forwardedbytraditionalroutingmechanisms.
6)Finally,thepacketproceedstothedestinationCEandthenintotheCustomersnetwork
whichisthefinaldestinationforthepacket.
LabeldistributionProtocol(LDP):Thisisaprotocolthatallowslabelbindinginformationto
bedistributedamonglabelswitchroutersinanMPLSnetwork.LDPsarealsousedtomap
FECstolabelswhicharethenusedtocreateLSPs.TherearedifferenttypesofLDP
messageswhichcanbeexchangedbetweenLDPpeersandtheyinclude:[11]a)DiscoveryMessages:ThepresenceofanLSRinanetworkcanbeannouncedand
maintainedbyusingdiscoverymessages.
b)SessionMessages:DifferentLDPpeerssessionscanbeestablishedmaintainedand
terminatedbyusingsessionmessages.
c)AdvertisementMessages:LabelmappingsfordifferentFECscanbecreated,changedand
deletedusingadvertisementmessages.
d)NotificationMessages:ThistypeofLDPmessagesallowssignalerrorandadvisory
informationtobeprovided.
3.2.4HowMPLSPathsareInstalledandRemoved
TherearetwobasicsignalingprotocolsthatperformsimilarfunctionsinMPLSnetworksand
whicharebasicallyusedtomanageMPLSpathsthathavebeencreatedandthisincludeConstraint-basedRoutingLabeldistributionprotocol(CR-LDP)andResourceReservation
ProtocolTrafficEngineering(RSVP-TE).[11,14,15]
1)Constraint-basedRoutingLabeldistributionProtocol(CR-LDP):CR-LDPisanextension
ofLabeldistributionProtocol(LDP).ItcontainsextensionsforLDPtoextenditscapabilities
suchassetuppathsbeyondwhatisavailablefortheroutingprotocol.LSPcanbesetupbasedonexplicitrouteconstraints,QoSconstraintsetc.Constraint-basedroutingisamechanism
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
36/70
36
usedtomeetTErequirementsandtheserequirementsaremetbyextendingLDPforsupportofconstraint-basedroutedLSPs(CR-LSPs).
CR-LDPisasimple,scalable,open,non-proprietary,TEsignalingprotocolforMPLSIP
networksanditprovidesmechanismsforestablishingandmaintainingexplicitlyroutedlabel
switchedpaths(LSPs).ItisdesignedtoadequatelysupportthevariousmediatypesthatMPLSwasdesignedtosupport(ATM,FrameRelay,andEthernet).CR-LDPisapplicablein
thoseportionsoftheinternetwhereverylargenumbersofLSPsmayneedtobeswitchedateachLSR.TheycanbeusedforTEandhop-by-hopLSPsandCR-LDPmessagesare
reliablydeliveredbytheunderlyingTCPandtheyalsousesUDPfordiscovery.SinceCR-
LDPusesTCP/IPconnection,itthereforeoffersareliableandmoresecureconnectionbetweenpeers.ItisalsogoodtonotethatTCP/IPconnectioncapabilitiesalsooffertimely
errornotification,ifthereisacommunicationfailurebetweenpeers.CR-LDPisalsoreferred
toashard-stateprotocol.
2)ResourceReservationProtocolTrafficEngineering(RSVP-TE):ThissignalingprotocolperformssamefunctionastheCR-LDPinanMPLSnetwork.Itusesdownstream-on-
demandlabeldistributionandsupportsexplicitroutingcapability.Theadvantageofusing
thisprotocoltoestablishLSPtunnelsisthatitenablestheallocationofresourcesalongthe
path.TherearesomefeaturesassociatedwiththisprotocolandtheyarethecapabilitytoestablishLSPtunnelswithorwithoutQoSrequirements,thecapabilitytodynamically
rerouteanestablishedLSPtunnel,thecapabilitytoobservetheactualroutetransversesbyan
establishedLSPtunnel,thecapabilitytoidentifyanddiagnoseLSPtunnel,thecapabilitytoperformdownstream-on-demandlabelallocation,distributionandbinding.Inestablishing
LSPsusingRSVP-TE,therearesomenetworkconstraintparametersthatneedtobe
consideredsuchasexplicithopsandbandwidth.
BothCR-LDPandRSVP-TEcreateLSPsbyfirstsendinglabelrequeststhroughthenetwork
hop-by-hoptotheegresspointandateachhop,theMPLS-enabledrouterusesthelabelanditscorrespondingIPheaderinformationtoprogramthehardwaretoswitchtheframetoits
nexthop.RSVPusesUDPandrawIPdatagramtocommunicatebetweenpeers,thereby
raisingtwoconcernsofvulnerabilitytosecurityattacksandfastrecovery.
CR-LDPandRSVP-TEallowsforroutepinning,thatistheabilitytoforceanLSPtostayin
placeaftersetupandnotreroutedbypreemptandbyusingexplicitlyroutedLSPs,anodeat
theingressedgeofanMPLSdomaincancontrolthepaththroughwhichtraffictransversesfromitself,throughtheMPLSnetworktoanegressnode.OneadvantageofusingRSVPto
establishLSPtunnelsisthatitenablestheallocationofresourcesalongthepath.RSVP-TEis
alsoreferredtoassoft-stateprotocol.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
37/70
37
3.2.5ComparingInternetProtocol(IP)andAsynchronousTransferMode
(ATM)MPLSworkswithIPbygivingIPnetworkssimpleTEandabilitytotransportlayer2and
layer3(IP)VPNswithoverlappingaddressspace.
ItisimportanttoobservethedifferencesonhowMPLSandIProutingforwarddataacrossa
network.InthecaseoftraditionalIPpacketforwarding,theIPdestinationaddressinthe
packetsheaderisbasicallyusedateachrouterinthenetworktomakeanindependent
forwardingdecisionandsuchhop-by-hopdecisionsarebasedonnetworklayerroutingprotocolssuchasOpenShortestPathFirst(OSPF)orBorderGatewayProtocol(BGP).Itis
alsoworthknowing,thattheseroutingprotocolsonlyfindtheshortestpaththrougha
networkwithoutconsideringotherfactorsliketrafficcongestionwhileinthecaseofMPLS,itsimplycreatesaconnectionbasedmodelthatisoverlaidontothetraditionalconnectionless
frameworkofIProutednetworksandthisfeaturemakesitpossibletomanagetrafficonan
IPnetwork.Likeearliersaid,MPLSbuildsonIPbycombiningtheintelligenceofrouting
withitshighperformanceswitchingcapabilityandMPLSlearnsroutinginformationfrominteriorgatewayprotocol(IGP)e.g.OSPF,IS-ISetc[2,11]
MPLSandATM:
MPLSandATMco-exitinanetworktoeliminatecomplexitybymappingIPaddressingand
routinginformationdirectlyintoATMswitchingtable.Theyprovideaconnection-orientedserviceforthetransportationdifferforbothtechnologies,whileMPLSusesRSVPandLDP,
ATMusesUNI(User-NetworkInterface)andPNNI(PrivateNetwork-NetworkInterface).MPLScanberunonmostimportantmedium(ATM,FrameRelay,Ethernetetc)insteadofbeingtiedtoaspecificlayer2encapsulation.MPLSworkswithvariablelengthpackets
comparedtoATMthattransportsfixedlength(i.e.53bytecells).MPLSaddsalabeltothe
packetheaderandthentransmitsitonthenetworkwhileinanATM,thepacketneedstobesegmented,transportedandre-assembledoveranATMnetworkbyusingadaptationlayer
beforeitcanbetransmitted.TherearestillsomeotherdifferencesbetweenMPLSandATM,
whileanMPLSconnection(LSP)isuni-directionali.e.canonlyallowdatatoflowinonedirectionbetweentwoendpoints,ATM(Virtualcircuits:point-to-pointconnections),onthe
otherhandhasabi-directionalconnectiontherebyallowingdataflowinbothdirectionsover
thesamepath.[12,13]
Itshouldalsobenotedthatbothtechnologiespracticallysupporttunnelingofconnections
insideconnectionsandwhilstMPLSononehanduseslabelstackingtoachievethis,ATM
ontheotherhandusesvirtualpathsbutATMhasalimitingfactorbecauseitonlyhasasingleleveloftunnelingsincetheATMvirtualpathidentifier(VPI)andvirtualcircuit
indicator(VCI)arebothcarriedtogetherinthecellheader.IntermsofcompatibilitywithIP,
MPLShasabetteradvantageoverATMbecauseMPLSiscompatiblewithIPwhileATMdoesnot.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
38/70
38
3.2.6MisconceptionsaboutMPLSTechnologyTherehavebeennumberofmisconceptionsabouttheroleofMPLSinthecoreofthe
internet.SomepartoftheinternetcommunitybelievesthatMPLSwasdevelopedtoprovideastandardthatallowedvendorstotransformATMstitchesintohighperformanceinternetbackbonerouters.Although,thatwasoneoftheoriginalgoalsofthetechnologybutrecent
advancesinsilicontechnologyallowsASICbasedIProutelookupenginestorunjustasfast
asMPLSorATMVPI/VCIlookupengines.ItwillalsobeinterestingtonoteherethatalthoughMPLScanenhancetheforwardingperformanceofprocessorbasedsystems,
acceleratingpacketforwardingperformancewasnottheprimaryideabehindthecreationof
theMPLSworkinggroup.
ItisalsobelievedbysomeotherpartoftheinternetcommunitythatMPLSwasdesignedto
completelyeliminatetheneedforconventional,longest-matchIProuting.Thiswasalso
neveranobjectiveoftheMPLSworkinggroupbecauseitsmembersactuallyunderstoodthattraditionalLayer3routingwouldalwaysberequiredintheinternetanditisunlikelythata
largenumberofhostsystemswillimplementMPLS.Thismeansthateachpackettransmitted
byahoststillneedstobeforwardedtoafirst-hopLayer3devicewherethepacketheadercanbeexaminedpriortoforwardingittowardsitsultimatedestination.Thefirst-hoprouter
cantheneitherforwardthepacketusingconventionallongest-matchroutingorprobably
assignalabelandthenforwardthepacketoveranLSPbutinacasewhereaLayer3devicealongthepathexaminestheIPheaderandthenassignsalabel,thelabelwillrepresentan
aggregateroutebecauseitisimpossibletomaintainlabelbindingsforeveryhostonthe
globalinternet.Thismeansthat,atsomepointalongthedeliverypath,theIPheadermustbeexaminedbyanotherLayer3devicetodetermineafinergranularitytocontinueforwarding
thepacket.Thisroutercanelecttoeitherforwardthepacketusingaconventionalroutingorassignalabelandthenforwardthepacketoveranewlabelswitchedpath.[8,13]]
MostInternetServiceProviders(ISPs)haverecentlyconsidereddeployingMPLSinthecore
oftheirnetworksbecauseitprovidesafoundationthatpermitsISPstodelivernewerservices
thatcannotbereadilysupportedbyconventionalIProutingtechniquesandsincethereisgrowingcompetitionintheglobalmarket,mostISPsnowfacethechallengesofnotonly
deliveringsuperiorbaselineservices,butalsoprovidingnewerservicesthatwould
distinguishthemfromtheircompetitorsinthemarketofdeliveringreliable,efficientandcosteffectiveservicestotheircustomersandMPLShasbeenabletoallowserviceprovidersto
controlcosts,providebetterlevelsofbaseserviceandalsoofferingnewrevenuegenerating
customerservices.[13]
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
39/70
39
Chapter4
VirtualPrivateNetworks
4.1Introduction
VirtualPrivateNetwork(VPN)isaprivatecommunicationsnetworkwidelyusedbyseveral
companiesororganizationsorwithinaparticularcompanytocommunicateconfidentiallyoveranon-privatenetwork.VPNsareimplementedwithawiderangeoftechnologiesandas
suchcanbeself-implementedormanagedbyaserviceproviderthusallowingtheend
customerstorealizethecostadvantagesofasharednetwork,whileenjoyingitsbenefitsof
security,qualityofservice(QoS),reliabilityandmanageability.AVPNusesvirtualconnectionsroutedthroughtheinternetfromthecompanysprivatenetworktotheremote
siteoremployee.ItisalsoworthknowingthatVPNtrafficcanbecarriedoverapublic
networkinginfrastructureliketheinternetbuthastobeontopofstandardprotocolsoroveraserviceprovidersprivatenetworkwithadefinedservicelevelagreementinplace.
VirtualPrivateNetworksusingtheinternethavethepotentialtosolvemanyoftodaysbusinessnetworkingproblemse.g.businessestodayarefindingthatpastsolutionstowide
arenetworkingbetweenthemaincorporatenetworkandbranchoffices,suchasdedicated
leasedlinesorframerelaycircuits,donoprovidetheflexibilityrequiredforquicklycreatingnewpartnerlinksorsupportingprojectteamsinthefield.VPNsthereforeallowmany
networkmanagerstoconnectremotebranchofficesandprojectteamstothemaincorporate
networkeconomicallyandprovideremoteaccesstoemployeeswhilealsoreducingtheinternalrequirementsforequipmentandsupport.VPNsalsoofferdirectcostsavingsover
othercommunicationsmethodssuchasleasedlinesandlongdistancecallsandalsoofferotheradvantagesincludingindirectcostsavingsasaresultofreducedtrainingrequirements
andequipment,increasedflexibilityandscalability.[2]
AwelldesignedVPNshouldbeabletohavethefollowingfeaturesinordertoachieveits
aim:Security,Scalability,Policymanagement,networkmanagementandreliability.Inadditionalso,VPNsaremostlynotlimitedtocorporatesitesandbranchofficesbutitrather
hasanadvantagealsoofprovidingsecureconnectivityformobileworkers.Therearevarious
typesofVPNthatwillbediscussedhereandtheyinclude:InternetProtocol(IPVPN),IPSecVPN,andSecuresocketlayer(SSLVPN),MPLSVPNetc.[1]
4.2InternetProtocolVPNs(IPVPNs)IP-basedVPNsenableenterprisestotakeadvantagetotheflexibilityofboththeinternetand
serviceproviderIPnetworkstocreate-to-anyWANcommunications.IPVPNsrequire
publiclyaddressedIProutingacrosssharednetworkinfrastructures.ThemajorgoalofIP
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
40/70
40
VPNistoadequatelyprovideIPconnectivityoverasharedIPinfrastructurewhilestillmaintainingthesecurityandservicefeaturesofadedicatedprivatenetwork.
ThereareanumberofessentialattributesofVPNsthatcanextendthecapabilitiesofa
privatenetworkandtheyinclude:[1]
1.QualityofService(QoS):Theytypicallyallowtheprioritizationofvoice,dataandvideo
applicationstravelingacrossthenetworks.
2.Security:Privacyfornetworktrafficmovingacrosspublicnetworksbothinthecoreand
networkedgesareprovidedbyusingsuchsecuritytechnologyasIPsecurity(IPSec).
3.Scalability:provisioningtimesaredecreasedandaccessspeedenhancedwhenthereis
accesstoavarietyofbroadbandnetworkconnectiontypessuchaspoint-to-pointprotocol(PPP),ATM,FrameRelay,DSLetc.
4.EaseofManagement:Serviceproviderstoday,havemorenetworkmanagementpointsandIPvisibilitythroughwhichtomonitorandreportondatatraversingtheirnetworks.
5.Highavailability:Networkavailabilityisincreasedbecausethecarriernetworkcontains
equipmentandcorelinkredundancy,broadbandbackbones,accesslinksandatwentyfourhourseverydaymanagement.
TherearethreebasicclassesofIPVPNsandtheyincludeAccessVPNs,IntranetVPNsandExtranetVPNs.SomeexamplesoftheseclassesofIPVPNwillbediscussedonthischapter.
4.3IPSecProtocolsfordataintegrityIPSecstandardappliestobothIPv4andIPv6environmentsandtheyhaveanopenstandard
thatensuresinteroperabilitybetweendifferentmanufacturersdevicesandalsorepresentsa
fundamentalbuildingblockformanytypesofVPNarchitectures.TheIPSecstandardemploysasetofprotocolsandtechnologiessuchasAuthenticationHeader(AH),
EncapsulatingSecurityPayload(ESP),InternetKeyExchange(IKE),DataEncryption
Standard(DES),AdvancedEncryptionStandard(AES)etc,intoacompletesystemthatprovidesconfidentialityandauthenticityofIPdata.[1,9]
IPSecachievesIPtrafficsecuritybysimplyaddingIPSecheaderstooriginalIPdatagramandthesenewIPheaderssuchasAuthenticationheaders(AH)andEncapsulatingSecurity
Payload(ESP),canbeusedeitherseparatelyorcombinedtogetherdependingonthedesired
degreeofsecurityrequirements.ItshouldalsobenotedthatforIPSectomaintaindata
integrityasitcrossespublicnetworks,theAHuseshashmethodssuchasMessageDigest5
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
41/70
41
(MD5)fromRSADatasecurityortheSecureHashAlgorithm1(SHA-1).ThesemethodsareappliedtotheoriginalpacketsIPheader,whichconcealsthingslikethehostIPaddressand
otherparametersfrompublicview.TheHashmethodisreversedatthedestinationendto
restoretheoriginalIPheadertofullviewsothatthepacketcanberoutedwithinthe
destinationIPPacketandtheextraprocessingofthesesecurityalgorithms.Whichis
necessaryforeverypacketisnormallyacceleratedtoincreaseIPSecperformance.
4.4AccessVirtualPrivatenetworks(VPNs)AnaccessVPNcanbedefinedasaschemethatallowssecureremoteaccesstoaninternal
corporateserver.Theyallowremotecorporateuserstohaveon-demandconnectivityinto
theircorporateintranetsthroughadhoctunnels.AccessVPNsactuallyallowscompaniestotakeworktotheworker,wherevertheyare.Therearesomecertainrequirementsthatneedto
befulfilledbysuchaschemeandtheyinclude:[1]
a)Userauthenticationandauthorization:Theschemeshouldbeabletoidentifytheuserandtoverifythatthisuserisauthorizedtoaccessthecontactedinternalserver.
b)DataPrivacy:Theschemeshouldbeabletoguaranteethattheexchangeddatais
encryptedandauthenticationatleastwhenitissentoverthepublicinternet.
c.)Privateaddressing:TheaccessVPNschemeshouldbeabletoassigntheremoteusera
privateIPaddresstakenfromthesamerangesincemanycorporationsuseprivateIP
addressesintheirintranets.
ThemainreasonforthewidevarietyofaccessVPNsolutionsandtheircomplexityisthatup
tofiveentitiescanbeactivelyinvolvedastunnelendpoints;theendhost(i.e.theusersPC),thebroadbandmodem,theoperatoraccessgateway,theISPaccessgatewayandthecorporateaccessgateway.
4.5IPSecVPNsforRemoteAccessTheIPSecVPNisatechnologythatworksattheOSIlayer3tocreateatunnelintothe
network,sothatasdeviceslogon,theyactasiftheyarephysicallyattachedtotheLocalAreaNetwork.AsthestandardizationofthesecurityarchitectureofIPprotocolwasachieved,IPSecstartedallowingsecureremoteaccessoverapubliclysharedIP
infrastructuresuchastheinternetandwhenthiswasdone,itwaspossibletodialorconnect
withlocalinternetaccessnumbersandthenbuildsecure,IPSectunnelsacrosstheinternet,
connectingtothecompanysIPSecVPNheadendconcentrator.TheVPNconcentratorwasresponsibleforauthenticatingandlogicallybridgingtheremoteusersworkstationintothe
enterprisecomputingenvironmentinatrustedbasisandtheseremovedmajorconcernswith
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
42/70
42
movingenterprisedatathroughpubliclysharedcommunicationsfacilities,becausealldatawasauthenticatedandoptionallyencrypted.[2]
TheIPSecopenstandardbenefitstheremoteaccessenvironment,helpingtoremovecostand
bandwidthconstraintsthroughtheuseoflowercost,flatratebroadbandinternetaccess
pricingandwithstrongerauthenticationandencryptionoptionsthananypreviouslyavailableremoteaccesstechnologies,IPSecremoteaccesssolutionsscalewellwithinternet
andISPbroadbandconnectivity,providingfasterperformance,quickerdeployment,andmoresecurecommunicationsformobileworkers,homeofficeworkersandsmallsites.
IPSecVPNcanbeimplementedassoftwareorfirmwareinsideanetworkfirewallhardwaredeviceanditpresentlyhasfouroptionsofimplementationswhichincludessoftwareIPSec
VPNclientonaremoteworkstation,IPSecVPNclientinaremote-accessfirewall,hardware
IPSecVPNclientdeviceataremotesiteandIPSecVPNclientfeatureinaremotesiterouter.[24]
Figure4.1RemoteaccesstoIPSecVPNs
Fromthediagram,AuserthathastheremoteVPNclientsoftwareinstalledcomesthrough
theinternettothefirewallorVPNgatewayandtheninitiatesakeyexchange(IKE)andonce
theuserhasbeenproperlyauthenticated,aVPNpipe/tunneliscreatedandtheVPNthenrunsineithertwomodes;tunnelandtransportwiththeformerbeingpreferredbecauseithasthe
entirepacketencryptedasagainstthatofthetransportmodewhichhasonlythetransport
layersegmentofthepacketbeenencrypted.[24]
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
43/70
43
IPSecVPNsstrengthcomesfromthefactthatifencryptspacketsofinformation,significantlyincreasingitsabilitytoprovidedataconfidentialityandintegrity.ItusesMD5
andSHAforencryptingdataandauthenticatingpackets.Although,IPSecVPNhasseveral
drawbacks,IPSecstillcurrentlyhasthemostsecureVPNsolutionavailable.
4.6SSLVPNsforRemoteAccess
SSLVPNtechnologyworksatthelayer4,theapplicationlayerandallowsusersaccesstoindividualapplicationsviaawebbrowserwhileadministratorscandetermineaccessby
applicationratherthanprovidingaccesstotheentirenetwork.SSL-basedVPNsareremote
connectionsacrosstheinternetorotherIPnetwork,usingthenativeSSLcapabilityof
popularbrowserstoprovideclientlessSSL-basedsecurecommunications.Theyallowremoteuserstoaccessthewebpagesandagrowingsetofweb-enabledservices,transfer
email,accessfilesandTCP/IPapplications,withouttheuseofVPNclientsoftwareonthe
remoteworkstation.SSLVPNsthusallowsforclientlessaccessanywherefromanyinternet-connectedPCwithanSSL-capablebrowserwhichmakesitabitdifferentfromwhatthe
IPSecVPNoffers.[1]
SSLVPNsusuallyrequirestheuseofawebbrowserastheaccessportaltoapplicationsand
applicationsusedbySSLusersneedtopresenttrafficthroughawebinterfaceandnot
throughanapplicationsnativegraphicaluserinterface(GUI),asisthecasewithmanyclient/serverapplicationsandthiscanrequiresomechangestoanapplicationsworkflowbut
addingweb-basedcapabilityincreasestheapplicationsaccessibilityforremoteusers.SSL
andIPSecVPNsarecomplementarytechnologiesthatmightbedeployedtogetherandassuchmostvendorssupportbothSSLandIPSecVPNswithintheirsameproductofferings.
SSLVPNstechnologyisfastgrowingandithasaprimeadvantageofcreatingsecureaccess
fromanysupportedwebbrowser,acrossanyinternetorISPconnectionanditbasicallydoesthiswithouttheVPNclientsoftwaremanagementattheremoteuserworkstationlevel.
Although,SSLVPNswhencomparedwithIPSecVPNshavemorelimitedapplication
availability,thetechnologycanstillbeappropriateformanyorganizationsremoteaccessrequirementsandsecuritypolicy.SuchorganizationsuseSSLVPNtechnologytosupporta
specificsetorsetofusers,whilealsousingIPSecforfullnetworkaccessorrobustsupport
formultimediaapplications.SSLVPNsemergencehasaddedanotherlevelofprice,performanceandsecuritygranularityforcompaniestoconsiderforremote-accessIPVPN
supportandthusmakesitthebestchoiceforanywhereaccesstousersasagainsttheIPSec
VPNthathasthebestchoicewhenitcomestoaccesstoanyapplication.[1]
SSLVPNsusessomeacceptedstandardsofencryptionandkeyexchangesuchas3DES,
MD5andSHA.Aswillbeseenfromthefigurebelow,SSLVPNsprovideaccesstowebbasedapplicationsandnottheinternalnetwork.Itisalsoshownthatthewebserversare
usuallysittingintheDMZzoneofthefirewallthusprotectingtheinternalnetworks.[24]
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
44/70
44
Figure4.2RemoteaccesstoSSLVPNs
InordertobeabletoaccessSSLVPNapplication,alevelofcontrolovertheusersis
requiredsoastoidentifywhotheyareandwheretheyarecomingfrom,sincetheyhave
steppedoverthelineofnetworkcontrolthattetherstheusertoitspolicy.Administratorscan
generallyusetheSSLVPNapplicationtoachievethefollowing:a)Identifywhoisaccessingwhatapplication
b)Controlwhatapplicationinformationispresentedtotheuserattheremotelocation
c)Determinehowtheuserisabletointeractwiththeapplication(i.e.whichpartsofthe
applicationtheycanaccess)
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
45/70
45
d)Securetheconnectionfromtheclientmachinebacktotheapplication
e)Avoidhavingusersleavetracesoftheapplicationanditsaccessontheclientmachine
SSLbrowserusesportTCP/443(HTTPsecuremode)whenitisconnectedtoaVPNconcentrator.TheportisnormallyalreadyopenedonthefirewalltotheDMZandthismeans
thatSSLhasthebenefitofnotrequiringanyconfigurationchangestofirewalls.SSLisbuiltintoalloftheleadingbrowsersandtheSSLVPNisoperatingsystemsandbrowser
independent,whichmeansthatuserscanaccesstheVPNregardlessoftheOperatingsystem
andbrowserbeingusede.g.UNIX,Linux,MicrosoftInternetExplorerorMozilla.[1,24]
4.7MPLSVPNsforRemoteAccess
MPLSVPNisatechnologythatallowsserviceproviderstohavecompletecontrolover
parametersthatarecriticaltoofferingitscustomersserviceguaranteeswithregardtobandwidththroughputs,latenciesandavailability.ThetechnologyenablessecureVPNstobe
builtandallowsscalabilitythatwillmakeitpossibleforserviceproviderstoofferassured
growthtoitscustomerswithouthavingtomakesignificantinvestments.Serviceproviderswouldnowbegearedtoprovidebandwidthondemand,videoconferencing,VoiceoverIP
(VoIP),multimediaservicesandahostofothervalueaddedservicesthatcouldrevolutionize
thewayacorporatebusinessworks.
MPLSbasedVPNsreducescustomernetworkingcomplexity,costsandtotallydoawaywith
therequirementofin-housetechnicalworkforce.Ratherthansettingupandmanagingindividualpoint-to-pointcircuitsbetweeneachofficeusingapairofleasedlines,MPLS
VPNcustomersneedtoprovideonlyoneconnectionfromtheirofficeroutertoaserviceprovideredgerouter.MPLSVPNsallowsserviceproviderstodeployscalableVPNsand
buildthefoundationtodelivervalueaddedservices.Suchservicesinclude:[1,2,6,17]
1)Connectionlessservice:MPLSVPNshastheadvantageofbeingconnectionlessandsince
TCP/IPisbuiltonpacket-based,connectionlessnetworkparadigm,itmeansthatnoprioractionisneededtoestablishcommunicationbetweenhoststherebymakingcommunications
easyforbothparties.CurrentVPNsolutionsimposeaconnection-oriented,point-to-point
overlayonthenetwork.
2)Centralizedservice:SinceaVPNshouldbeabletogiveserviceprovidersmorethana
mechanismforprivatelyconnectinguserstointranetservicesandalsoprovidingaflexiblewayofdeliveringvalue-addedservicestotargetedcustomers,buildingVPNsinlayer3
allowssuchdeliveryoftargetedservicestoagroupofusersrepresentedbyaVPN.
3)Scalability:MPLS-basedVPNsusethepeermodelandlayer3connectionlessarchitecture
toleverageahighlyscalableVPNsolution.Thepeermodelrequiresacustomersitetoonlya
peerwithoneprovideredge(PE)routerasopposedtoallothercustomeredge(CE)routers
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
46/70
46
thataremembersoftheVPN.TheconnectionlessarchitectureallowsthecreationofVPNsinlayer3thuseliminatingtheneedfortunnelsorvirtualcircuits(VCs).
4)Security:MPLSVPNsofferthesamelevelofsecurityasconnection-orientedVPNsand
assuchpacketsfromoneVPNdonotinadvertentlygotoanotherVPN.Securitycanbe
providedattheedgeofaprovidernetwork,ensuringpacketsreceivedfromacustomerareplacedonthecorrectVPNandcanalsobeprovidedatthebackbonewhereVPNtrafficis
keptseparatetherebymakinganymaliciousspoofing(i.e.anattempttogainaccesstoaPErouter),almostimpossiblebecausethepacketsreceivedfromcustomersareIPpacketsand
theseIPpacketsmustbereceivedonaparticularinterfaceorsub-interfacetobeuniquely
identifiedbyaVPNlabel.
MPLSVPNsareuniquebecauseyoucanbuildthemovermultiplenetworkarchitectures,includingIP,ATMandFrameRelaynetworksandsincetheyareconnectionless,itmeans
thatnospecificpoint-to-pointconnectionmapsortopologiesarerequired.Theyalsocreatea
robustplatformforconvergedservicesthatallowcost-effective,any-to-anyconnectivity.InMPLS-basedVPNs,eachVPNisassignedanidentifier,calledaRouteDistinguisher(RD),
whichisuniquewithinthenetwork.MPLS-enabledIPVPNnetworksprovidethefoundation
fordeliveringnextgenerationvalue-addedIPservices,suchasmultimediaandmulticast
applicationsupport,VoIPandintranetcontenthosting,whichallrequirespecificservicequalityandprivacy.SinceQoSandprivacyarebuiltin,theynolongerrequireseparate
engineeringforeachservice.Fromasingleaccesspoint,itisnowpossibletodeploymultiple
VPNs,eachofwhichdesignatesadifferentsetofservices.Thisflexiblewayofgroupingusersandservicesmakesitpossibletodelivernewservicesmorequicklyandatamuch
lowercost.InanMPLS-enabledVPN,BorderGatewayProtocoldistributesinformation
aboutVPNsonlytomembersofthesameVPN,providingnativesecuritythroughtrafficseparationandadditionalsecurityisassuredbecausealltrafficisforwardedusingLSPs,
whichdefineaspecificpaththroughthenetworkthatcannotbealtered.Thislabeled-based
paradigmisthesamepropertythatassuresprivacyinFrameRelayandATMconnections.ItshouldalsobenotedthataspecificVPNcanbeassociatedwitheachinterfacewhentheVPN
isprovisioned.[8]
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
47/70
47
Figure4.3RemoteaccesstoMPLSVPNs
AnMPLSVPNvirtualhomegateway(VGH)isessentiallyarouterfunctioningasanMPLS
provideredge(PE)router,withthisVGH/PEpositionedatthedemarcationbetweenthe
terminationofremote-accesssessionsandthebeginningoftheMPLSVPNcorenetwork.
BasedonVPN-aware,DHCPserver-assignedIPaddress,ordynamicallyassignedIPaddressspacefromaRADIUS-basedAAAserver,theVGH/PEiscapableofassigningtheproper
layer3IPaddressesandplacingtheremote-accessusersessionsintotheproperMPLS-
VPNs.ThisfunctionalityisbasedontrueIProutingprotocolsandIProuting,incontrasttothepoint-to-pointtunnelconceptusedforIPSecandSSL.[1]
ThefeaturesofMPLSVHG/PEallowremote-accessdesignflexibilityeitherforprovidersofMPLSVPNs.Forproviders,theyallowtheflexibilityofin-sourcingfunctionssuchas
DHCP,RADIUSauthenticationandIPaddressassignmentonapeer-customerorper-VPN
basis,yetallowsomecustomerstoremainthisfunctionalitywithintheirowncomputingsupportboundariesthroughtheuseofMPLSDHCPrelayandRADIUSproxyfeaturesand
forcustomers,theseadvancedfeaturesallowtheflexibilityofmaintainingcontroloverthesesecurityfunctionsoroutsourcingthesefunctionstotheMPLSVPNserviceproviderbecauseremoteaccessusersareconnectingtotheVHG/PEfromnon-businesslocations,itisprudent
toauthenticateandauthorizeapprovedusersviaAAAsolutions.Thecooperativedesignof
theMPLSVHG/PE,DHCPandRADIUS-basedAAAserversworktogethertofacilitatearobust,flexibleandsecureremote-accesssessiontoMPLSVPNcustomerdomains.Withthe
userauthenticatedandplacedintotheproperMPLSVPN,enterpriseapplicationresources
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
48/70
48
areavailabletotheremoteuser,whethertheyusedial-up,andcable,DSLorwirelessformsofaccess.[1]
Oneofthedistinctionswithremote-accesstoMPLSVPNsisthattheremoteuserconnection
seldomtransitionsthepublicinternetbutratherstayswithintheMPLSprovidersprivate
accessnetworkuntilitreachestheMPLSVPNserviceedgeofferedbytheprovider.Theseremote-accessuserscanthenestablishVPNaccesstoMPLScorenetworkswheretheyare.
ForcompaniesthatchoosetooutsourcetheirprivateWANnetworkstoprovider-managedMPLSVPNs,remoteaccesstoMPLSVPNsaccommodatethecompanysteleworker
populationbutincaseswhereaninternetconnectionisforremote-access,IPSecorSSLVPN
technologycanbeusedtosecurethispublicportionoftheaccesslink.[1,2]
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
49/70
49
Chapter5
WirelessApplicationProtocol
5.1Introduction
WirelessApplicationProtocol(WAP)isanapplicationenvironmentandsetof
communicationprotocolsforwirelessdevicesdesignedtoenablemanufacturer,vendorandtechnologyindependentaccesstotheinternetandadvancedtelephonyservices.WAPisa
globalstandardthataddssupportforstandardinternetcommunicationprotocolsandalsofor
protocolssuchasIP,TCPandHTTP.Itdoesthisbyaddingtheseinternetprotocolsand
standardsandthenprovidinginteroperableoptimizationssuitabletothewirelesstelecommunicationsenvironment.TheWAPspecificationsprovideanenvironmentthat
permitswirelessdevicestoutilizeexistinginternettechnologies;italsodefinesasetof
protocolsinapplication,session,transaction,securityandtransportlayers,whichenableoperators,manufacturersandapplicationproviderstomeetthechallengesinadvanced
wirelessservicedifferentiationandfast/flexibleservicecreation.WirelessApplication
Protocolenableseasyandfastdeliveryofrelevantinformationandservicestomobileuserswithwirelessterminalswithlimiteddisplaysanddatatransfercapabilities.Itisa
specificationforasetofcommunicationprotocolstostandardizethewayinwhichcellular
devicesuseInternetaccess.[16,20]
SomeoftheinitialgoalsfortheestablishmentofWAPincludes,bringinginternetbasedcontentandservicestohandheldwirelessdevices,workingacrossglobaltechnologies,
allowingthecreationofcontentthatworksacrossmanytypesoflinklayersanddevicetypesandalsotouseexistingstandardswhereverpossibleandithasbeenshownthatwithminimal
riskandinvestment,WAPenablesoperatorstodecreasechurn,cutcostsandincreaserevenuesbyimprovingexistingvalueaddedservicesandofferingexcitingnewerservices.It
shouldalsobenotedthatasbandwidthsincrease,thecostofthatbandwidthdoesnotfallto
zeroandthesecostsresultsfromhigherpowerusageintheterminals,highercostsintheradiosections,greateruseofRFspectrum,andincreasednetworkloading.Inaddition,the
originalconstraintsWAPwasdesignedfor-intermittentcoverage,smallscreens,lowpower
consumption,widescalabilityoverbearersanddevicesandonehandedoperation-arestillvalidin3Gnetworks.Inexpectation,thebandwidthrequiredbyapplicationusersshould
steadilyincreaseandtherefore,thereisstillaneedtooptimizethedeviceandnetwork
resourcesforwirelessenvironments,soastooptimizesupportformultimediaapplicationsthatcontinuetoberelevant.
AquestionofinterestwillbewhythechoiceofWAPwhenthereareothertechnologiesthatcouldhavethesamefunctionalitieslikeWAPbutitshouldbeknown,thatinthepast,
wirelessinternetaccesshasbeenlimitedbythecapabilitiesofhandhelddevicesandwireless
networks.WAPutilizesstandardssuchasXML,userdatagramprotocol(UDP),andInternet
protocol(IP)andmanyoftheprotocolsarebasedonInternetstandardssuchashypertext
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
50/70
50
transferprotocol(HTTP)andTLSbuthavebeenoptimizedfortheuniqueconstraintsofthewirelessenvironment:lowbandwidth,highlatency,andlessconnectionstability.The
technologyutilizesbinarytransmissionforgreatercompressionofdataandisoptimizedfor
longlatencyandlowbandwidth.WAPsessionscopewithintermittentcoverageandcan
operateoverawidevarietyofwirelesstransports.[16]
Likehavebeenmentionedabove,WAPpromisestodecreasechurn,cutcostsandincreasethesubscriberbasebothbyimprovingexistingservices,suchasinterfacestovoice-mailand
prepaidsystems,andfacilitatinganunlimitedrangeofnewvalue-addedservicesand
applicationssuchasaccountmanagementandbillinginquiries.Newapplicationscanbeintroducedquicklyandeasilywithouttheneedforadditionalinfrastructureormodifications
tothephone.Thiswillalsoallowoperatorstodifferentiatethemselvesfromtheircompetitors
withnew,customizedinformationservice.WAPisaninteroperableframework,enablingtheprovisionofend-endturnkeysolutionsthatwillcreatealastingcompetitiveadvantage,build
consumerloyaltyandincreaserevenues.
WAPapplicationscanbeinstalledonordinarywebserverstogetherwithotherwebapplications.GettingaWAPapplicationonlineentailsbuildingcontentandsupportingback-
endsystemsaswellasprovidingaccessibilitytotheapplication.ThelatestversionofWAP
calledWAP2.0isanextgenerationsetofspecificationsthatoptimizesusageofhigher
bandwidthsandpacket-basedconnectionsofwirelessnetworksworldwide.Whileutilizingandsupportingenhancementsinthecapabilitiesofthelatestwirelessdevicesandinternet
contenttechnologies,WAP2.0alsoprovidesmanagedbackwardscompatibilitytoexisting
WAPcontent,applicationsandservicesthatcomplywithpreviousWAPversions.
TherearesomemajorarchitecturalcomponentsofWAP2.0andtheseinclude:[16,18]
1.ProtocolStackSupport:InadditiontotheWAPStackintroducedinWAP1,WAP2.0
addssupportandservicesonastackbasedonthecommonInternetstackincludingsupport
forTCP,TLSandHTTP.Byencompassingbothstacks,WAP2.0providesaconnectivitymodelonabroaderrangeofnetworksandwirelessbearers.
2.WAPApplicationEnvironment:Nominallyviewedasthe'WAPBrowser',theWAP2.0ApplicationEnvironmenthasevolvedtoembracedevelopingstandardsforInternetbrowser
markuplanguage.ThishasledtothedefinitionoftheXHTMLMobileProfile
(XHTMLMP).XHTMLMPisbasedonthemodularityframeworkoftheeXtensible
HyperTextMarkupLanguage(XHTML)developedbytheWorldWideWebConsortium(W3C)toreplaceandenhancethecurrentlyusedHTMLlanguagecommontoday.Theuseof
InternettechnologiesisnotnewforWML,asWML1isafullyconformantXMLlanguagein
itsownright.
3.AdditionalServicesandCapabilities :TheWAPspecificationshavehaditemsthatwere
neitherpartofthe'WAPStack'northe'WAPBrowser'buthelpedtoenrichtheenvironmentdefinedintheWAPspecifications.WiththeWAP2.0,thereisaconsiderableincreaseinthe
numberoffeaturesavailabletodevelopers,operatorsandusers.
7/31/2019 IP Routing for Next Generation Network Services Thesis Report
51/70
51
5.2WAPArchitectureOverview
WAPspecifiestwoessentialelementsofwirelesscommunication:anend-to-endapplication
protocolandanapplicationenvironmentbasedonabrowser.TheapplicationprotocolisalayeredcommunicationprotocolthatisembeddedineachWAPuseragent.Thenetworkside
includesaservercomponentimplementingtheotherendoftheprotocolthatiscapableof
communicatingwithanyWAPuseragents.Theroleoftheservercomponentisalsotoactas
agatewaytoroutetherequestofauseragenttoanapplicationserver.Physically,thegatewaycanbelocatedinatelecomorcomputernetwork,inordertobuildabridgebetween
thetwodifferentnetworks.Ausersaccesstointernetbasedservicesrequiresthatthe
informationtobedeliveredistransmittedbetweenaWAPclientandaWAPserver.Thewirelessapplicationprotocoltypica
Top Related