An anomalous change in traffic distributions caused by an external inter-domain routing change leads to congestion of some network links, which then affects the network quality or disrupts traffic. Thus, network operators need to promptly deal with these problems by changing the routing policy or by soliciting the help of an involved or neighboring network operator through operator channels. In addition, they need to diagnose situations in which customers are affected by the incident or in which destinations become unreachable. Although this task is indispensable, understanding the situation is difficult since the cause lies outside the operators' network domains. To alleviate the load on operators, we developed a system for monitoring traffic shifts and the disruptions caused by BGP routing changes. It is challenging to extract information that is more valid from a large amount of BGP update messages and traffic flow records. By correlating these data, the system provides meaningful reports and visualized traffic statistics, and it enables operators to easily detect the cause of traffic changes and to investigate the extent of damage. We demonstrate the effectiveness of the system and evaluate its feasibility by applying it to an ISP backbone network. In addition, we present a case study of traffic changes that the system detected.

抄録全体を表示

By focusing on the recent swing to the centralized approach by the software defined network (SDN), this paper presents a novel network architecture for refactoring the current distributed Internet protocol (IP) by not only utilizing the SDN itself but also implementing its cooperation with the optical transport layer. The first IP refactoring is for flexible network topology reconfiguration: the global routing and explicit routing functions are transferred from the distributed routers to the centralized SDN. The second IP refactoring is for cost-efficient maintenance migration: we introduce a resource portable IP router that can behave as a shared backup router by cooperating with the optical transport path switching. Extensive evaluations show that our architecture makes the current IP network easier to configure and more scalable. We also validate the feasibility of our proposal.

抄録全体を表示

ネットワークシミュレーションツールのOPNETについて，モデリング，利用方法に関する基本事項を説明する．対象として，ネットワークシステムの設計・管理，及び，プロトコル・ネットワークの研究開発を担当し，OPNETを利用している，または，これから利用してみようと考えているエンジニアを想定する．まず，OPNETの背景となる仮想NW環境の概念とOPNETツールの全体像について述べる．次に，OPNETを用いたルーチングアーキテクチャ評価の基本的な方法を述べる．最後に，プロトコルモデル開発用ツールであるOPNET Modelerの基本的な使い方について解説する．

抄録全体を表示

The BGPsec protocol, which is an extension of the border gateway protocol (BGP) for Internet routing known as BGPsec, uses digital signatures to guarantee the validity of routing information. However, the use of digital signatures in routing information on BGPsec causes a lack of memory in BGP routers, creating a gaping security hole in today's Internet. This problem hinders the practical realization and implementation of BGPsec. In this paper, we present APVAS (AS path validation based on aggregate signatures), a new protocol that reduces the memory consumption of routers running BGPsec when validating paths in routing information. APVAS relies on a novel aggregate signature scheme that compresses individually generated signatures into a single signature. Furthermore, we implement a prototype of APVAS on BIRD Internet Routing Daemon and demonstrate its efficiency on actual BGP connections. Our results show that the routing tables of the routers running BGPsec with APVAS have 20% lower memory consumption than those running the conventional BGPsec. We also confirm the effectiveness of APVAS in the real world by using 800,000 routes, which are equivalent to the full route information on a global scale.

抄録全体を表示