• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.13-25
• /
• 2005

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing PPM based tracing scheme(such as router node appending, sampling and edge sampling) insert traceback information in IP packet header for IP Traceback. But, these schemes did not provide enhanced performance in DDoS attack. In this paper, we propose a 'TTL based advanced Packet Marking' mechanism for IP Traceback. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance traceback performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05b
• /
• pp.1241-1244
• /
• 2003

Diffserv Network의 혼잡 상태에서도 최소 전송속도를 보장하는 AF(Assured Forwarding)은 AF1부터 AF4에 이르기까지 다양한 Class 형태로 존재한다. Core Router나 Edge Router에서 패킷을 Drop 해야 한다면, 처음으로 DE(Default Forwarding) 방식의 패킷이 Drop되고, 피 다음으로 AE4, AF3, AF2, AF1의 등급을 가진 패킷들이 Drop 된다. 이러한 AF 패킷의 전송에서 A Network는 AF1, AE2, AF3, AF4의 순서로 패킷의 우선 순위를 두고, B Network는 그 반대인 AF4, AF3, AF2, AF1의 순서로 패킷의 우선 순위를 둔다면, A Network에서 최고의 품질을 제공받는 AF1 패킷이 B Network로 넘어가면서 가장 낮은 우선 순위의 서비스 품질을 제공받게 되어, B Network에서 패킷 드롭의 상황이 발생하게 되어 가장 먼저 드롭이 일어나게 된다. 이러한 결과는 반대로 B Network에서 A Network로 패킷을 보내는 과정에서도 발생한다. 본 논문은 이러한 AF Class의 패킷을 다른 정책을 가지는 네트워크로 전송할 때 AF 패킷 등급의 손실을 최소화하는 방안을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1591-1594
• /
• 2002

BE(Best-Effort)방식의 인터넷에서 제공되던 Text위주의 서비스 제공 방식이 Multimedia 위주의 서비스로 점차 바뀌어 감에 따라, 기존의 BE(Best-Effort)방식으로는 Multimedia QoS(Quality of Service)를 보장하기가 어려워졌다. 이에 IETF(Internet Engineering Task Force)에서는 변화하는 인터넷 환경에서 QoS 보장을 위해 Diffserv(Differentiated Service)방식을 제안하게 되었다. 본 논문에서는 Content를 제공하는 Linux Web Server에서 패킷을 클래스 분류기준(Classification Method)에 의해 분류하고 Scheduling Algorithm을 적용하여 DSCP(Differentiated Service CodePoint) 값을 Web Server 자체에서 결정하여 경계라우터(Edge Router)로 전송하는 방식을 취하였으며, 이를 토대로 하여 경계라우터의 Traffic 부하를 줄이고, 경계라우터의 코어라우터(Core Router)화를 통해 더욱더 향상된 Differentiated Service를 제공하는 것이 목적이다. 이를 본 논문에서는 ns2 를 통해 IETF에서 제안된 Diffserv방식과 본 논문에서 제안한 방식의 Diffserv 방식과 현재의 BE방식을 비교하여 어느 정도의 성능 향상이 있었는지 비교 분석하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.6B
• /
• pp.331-337
• /
• 2005

The optical Internet is considered as a feasible solution for transporting huge amount of traffic volume in the future Internet. Among optical switching technology for the optical Internet, OBS becomes one of the most promoting solution. Recently, a lebeled OBS(LOBS) architecture is considered for an efficient control on OBS network. Given that a data burst may contain few thousands of IP packets, a single loss of data burst results in a serious throughput degradation in LOBS network. In this paper, we improve the performance of LOBS network by introducing the burst congestion control mechanism. More specifically, the OBS router at the network core detects the network congestion by measuring the loss probability of burst control packet. The OBS router at the network edge reduces the burst generation according to the network condition repored by the OBS router at the network core. Through the simulations, it is shown that the proposed congestion control mechanism can reduce the burst loss probability and improve the LOBS network throughput.

• Journal of KIISE:Information Networking
• /
• v.29 no.4
• /
• pp.358-367
• /
• 2002

The IETF Differentiated Services (Diffserv) WG focused on Providing service differentiation on the Internet. One problem of the Diffserv Assured Services (AS) architecture is that it cannot guarantee fairness and throughput assurance. In this paper, we propose two schemes for guaranteeing fairness among the various target rates in the AS architecture. One is a variant of RED with IN and OUT (RIO), called the improved RIO (IRIO). The other is a variant of Time Sliding Window (TSW), called the improved TSW (ITSW). To validate the Proposed schemes, their behaviors are then examined under various simulation environments. The simulation results showed that IRIO and ITSW improved fairness and the throughput assurance in the AS architecture.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.159-163
• /
• 2003

The term "VPN", or Virtual Private Network, generally means the public network of vendors which is providing a communication net and other network using WWW as a backbone of Its WAN. the existing VPN is expected to reduce expenses and will improve the productivity, however, the network provider should accept the management complexity and the overhead after tunneling and encryption. But MPLS VPN can provide efficient VPN which would not need the address transformation and the additional overhead made by tunneling after giving separately ID. This paper describes the protocol for MPLS VPN which is about a node that moves based on Customer Edge (CE) router and supports a scheme for QoS.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10c
• /
• pp.421-423
• /
• 2001

본 논문은 IETF에서 제안한 차등화서비스모델(Differentiated Service Model)을 지원하는 라우터를 리눅스상에 구현하였다. 구현한 라우터는 기존의 리눅스에서 지원하는 에지 라우터의 단점을 개선하기 위하여 구현한 ingress marker를 사용하였다. 구현된 ingress marker는 AF 클래스의 트래픽을 미터링하고 마킹하기 위해 사용되는 trTCM을 포함하고 있으며, 이 ingress marker를 사용한 에지 라우터는 병목이 발생한 경우에도 각 클래스간 독립적으로 서비스를 보장해 줄 수 있다. 각 클래스간 성능보장은 AF PHB를 통해 기존 라우터와 비교 실험하여 검증하였다.

• ETRI Journal
• /
• v.24 no.2
• /
• pp.97-108
• /
• 2002

Optical Border Gateway Protocol (OBGP) is an extension to BGP for Optical Cross Connects (OXCs) to automatically setup multiple direct optical lightpaths between many different autonomous domains. With OBGP, the routing component of a network may be distributed to the edge of the network while the packet classification and forwarding is done in the core. However, it is necessary to analyze the stable convergence functions of OBGP in case of lightpath failures. In this paper, we first describe the architecture of the OBGP model and analyze the potential problems of OBGP, e.g., virtual BGP router convergence behavior in the presence of lightpath failure. We then propose an OBGP convergence model derived from an inter-AS (Autonomous System) relationship. The evaluation results show that the proposed model can be used for a stable OBGP routing policy and OBGP routing convergence under lightpath failures of the optical Internet.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.8B
• /
• pp.683-690
• /
• 2003

In this paper we present a theoretical framework for the network design with delay QoS guarantee to a voice at the packet level. Especially, we propose a method for estimating the bandwidth at the ingress edge routers accommodating the voice connections and data sessions in the next-generation If network. First, we describe network architecture for VoIP (Voice over IP) services in the NGN (Next Generation Network). After that, we propose a procedure for dimensioning the bandwidth at the output port of a router that accommodates voice and data traffic using the non-preemptive queuing system with strict priority service scheme. Via numerical experiments we illustrate the implication of the proposition.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04d
• /
• pp.202-204
• /
• 2003

변화하는 인터넷 환경에서의 005 보장은 빼놓을 수 없는 중요한 과제로 각종 제안들이 나오고 있다. 본 논문에서는 IETF(Internet Engineering Task Force)에서 제안한 Diffserv 네트워크에서 Host-to-Host의 QoS 보장에 관하여 다루었으며, DSCP(Differentiated Service Codepoint)값의 설정을 Edge Router가 아닌 Host에서 수행하여 경계라우터의 Traffic 부하를 줄이고, MWRR2(Modified Weighted Round Robin Mode2) 방식의 스케줄링을 통해 더욱더 향상된 Diffserv network에서의 Host-to-Host QoS를 제공하는 것이 목적이다. 본 논문은 IETF에서 제안된 Diffserv 방식과 본 논문에서 제안된 Diffserv 방식의 효율성 입증을 위하여, ns2 시뮬레이션을 사용하여, 비교 분석하였다.