• Title/Summary/Keyword: Packet protection

Search Result 74, Processing Time 0.026 seconds

Protection Switching Methods for Point-to-Multipoint Connections in Packet Transport Networks

  • Kim, Dae-Ub;Ryoo, Jeong-dong;Lee, Jong Hyun;Kim, Byung Chul;Lee, Jae Yong
    • ETRI Journal
    • /
    • v.38 no.1
    • /
    • pp.18-29
    • /
    • 2016
  • In this paper, we discuss the issues of providing protection for point-to-multipoint connections in both Ethernet and MPLS-TP-based packet transport networks. We introduce two types of per-leaf protection-linear and ring. Neither of the two types requires that modifications to existing standards be made. Their performances can be improved by a collective signal fail mechanism proposed in this paper. In addition, two schemes - tree protection and hybrid protection - are newly proposed to reduce the service recovery time when a single failure leads to multiple signal fail events, which in turn places a significant amount of processing burden upon a root node. The behavior of the tree protection protocol is designed with minimal modifications to existing standards. The hybrid protection scheme is devised to maximize the benefits of per-leaf protection and tree protection. To observe how well each scheme achieves an efficient traffic recovery, we evaluate their performances using a test bed as well as computer simulation based on the formulae found in this paper.

Unequal Loss Protection Using Layer-Based Recovery Rate (ULP-LRR) for Robust Scalable Video Streaming over Wireless Networks

  • Quan, Shan Guo;Ha, Hojin;Ran, Rong
    • Journal of information and communication convergence engineering
    • /
    • v.14 no.4
    • /
    • pp.240-245
    • /
    • 2016
  • Scalable video streaming over wireless networks has many challenges. The most significant challenge is related to packet loss. To overcome this problem, in this paper, we propose an unequal loss protection (ULP) method using a new forward error correction (FEC) mechanism for robust scalable video streaming over wireless networks. For an efficient FEC assignment considering video quality, we first introduce a simple and efficient performance metric, the layer-based recovery rate (LRR), for quantifying the unequal error propagation effects of the temporal and quality layers on the basis of packet losses. LRR is based on the unequal importance in both the temporal and the quality layers of a hierarchical scalable video coding structure. Then, the proposed ULP-LRR method assigns an appropriate number of FEC packets on the basis of the LRR to protect the video layers against packet lossy network environments. Compared with conventional ULP algorithms, the proposed ULP-LRR algorithm demonstrates a higher performance for various error-prone wireless channel statuses.

A Protection Method using Destination Address Packet Sampling for SYN Flooding Attack in SDN Environments (SDN 환경에서의 목적지 주소별 패킷 샘플링을 이용한 SYN Flooding 공격 방어기법)

  • Bang, Gihyun;Choi, Deokjai;Bang, Sangwon
    • Journal of Korea Multimedia Society
    • /
    • v.18 no.1
    • /
    • pp.35-41
    • /
    • 2015
  • SDN(Software Defined Networking) has been considered as a new future computer network architecture and DDoS(Distributed Denial of Service) is the biggest threat in the network security. In SDN architecture, we present the technique to defend the DDoS SYN Flooding attack that is one of the DDoS attack method. First, we monitor the Backlog queue in order to reduce the unnecessary monitoring resources. If the Backlog queue of the certain server is occupied over 70%, the sFlow performs packet sampling with the server address as the destination address. To distinguish between the attacker and the normal user, we use the source address. We decide the SYN packet threshold using the remaining Backlog queue that possible to allow the number of connections. If certain sources address send the SYN packet over the threshold, we judge that this address is attacker. The controller will modify the flow table entry to block attack traffics. By using this method, we reduce the resource consumption about the unnecessary monitoring and the protection range is expanded to all switches. The result achieved from our experiment show that we can prevent the SYN Flooding attack before the Backlog queue is fully occupied.

Protection and restoration path calculation method in T-SDN (Transport SDN) based on multiple ring-mesh topology (다중링-메시 토폴로지 기반 T-SDN(Transport SDN)에서 보호·복구 경로 계산 방식)

  • Hyuncheol Kim
    • Convergence Security Journal
    • /
    • v.23 no.1
    • /
    • pp.3-8
    • /
    • 2023
  • Multi-domain optical transport networks are not fundamentally interoperable and require an integrated orchestration mechanism and path provision mechanism at the entire network level. In addition, ensuring network survivability is one of the important issues. MPLS-TP (Multi-Protocol Label Switching-Transport Profile) defines various protection/recovery methods as standards, but does not mention how to calculate and select protection/recovery paths. Therefore, an algorithm that minimizes protection/recovery collisions at the optical circuit packet integrated network level and calculates and sets a path that can be rapidly protected/recovered over the entire integrated network area is required. In this paper, we proposed an algorithm that calculates and sets up a path that can be rapidly protected and restored in a T-SDN network composed of multiple ring-mesh topology.

Establishment of a secure networking between Secure OSs

  • Lim, Jae-Deok;Yu, Joon-Suk;Kim, Jeong-Nyeo
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2003.10a
    • /
    • pp.2097-2100
    • /
    • 2003
  • Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

  • PDF

Cross-layer Design of Packet Scheduling for Real-Time Multimedia Streaming (실시간 멀티미디어 스트리밍을 위한 계층 통합 패킷 스케줄링 기법)

  • Hong, Sung-Woo;Won, You-Jip
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.11B
    • /
    • pp.1151-1168
    • /
    • 2009
  • Improving packet loss does not necessarily coincide with the improvement in user perceivable QoS because each frame carries different degree of importance. We propose Significance-aware packet scheduling (SAPS) to maximize user perceivable QoS. SAPS carries out two fundamental issues of packet scheduling: "What to transmit" and "When to transmit?" To adapt to the available bandwidth, it is necessarily to transmit the subset of the data packets if the entire set of packets can not be transmitted. "Packet Significance" quantifies the importance of the frame by elaborately incorporating frames' dependency. Greedy approach is used in selecting packets and transmission schedule is determined based on the Packet Significance. The proposed scheme is tested using publicly available MPEG-4 video clips. Decoding engine is embedded in the simulation software and user perceivable QoS is exposeed in termstermiSNR. Throughout the simulation based experiment, the performance of the proposed scheme is compared two other schemes: Size-based packet scheduling and Bit-rate based best effort packet scheduling. SAPS successfully incorporates the semantics of a packet and improves user perceivable QoS significantly. It successfully provides unequal protection to more important packets.

Packet Loss Recovery for H.264 Video Transmission Over the Interne (인터넷 상에서의 H.264 비디오 전송을 위한 패킷 손실 복원에 관한 연구)

  • Ha, Ho-Jin;Kim, Young-Yong;Yim, Chang-Hoon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.32 no.10C
    • /
    • pp.950-958
    • /
    • 2007
  • This paper presents an efficient packet loss resilient scheme for real-time video transmission over the Internet. By analyzing the temporal and spatial dependencies in inter- and intra-frames, we assign forward error correction codes (FEC) across video packets for minimizing the effect of error concealment and error propagation from packet loss. To achieve optimal allocation of FEC codes, we formulate the effect of packet loss on video quality degradation as packet distortion model. Then we propose an unequal FEC assignment scheme with low complexity based on packet correction rate, which uses the packet distortion model and includes channel status information. Simulation results show that the proposed FEC assignment scheme gives substantial improvement for the received video quality in packet lossy networks. Furthermore the proposed scheme achieves relatively smaller degradation of video quality with higher packet loss rates.

A new Fast Recovery Scheme for Resiliency of Attacked Resilient Packet Ring(RPR) (공격받은 IEEE802.17 Resilient Packet Ring(RPR) 망의 Resiliency를 위한 신속한 망 복원방안)

  • Lee, Young-Joo;Koo, Do-Jung
    • Convergence Security Journal
    • /
    • v.8 no.2
    • /
    • pp.57-62
    • /
    • 2008
  • In this paper, we suggest new fast recovery mechanism in RPR network, in case of node addition or removing by exterior attack. A RPR network recovery time is consist of two. Failure detecting time and reporting time are that. In this paper we propose fast recovery mechanism that can reduce each time. In a Legacy recovery mechanism, To report node's state, rpr node transmit protection messages. But interval of this protection messages increase exponentially. Thus A transmission failure of protection message cause delay of reporting of network state. Therefore we propose new node state reporting mechanism that put a node state in type b fairness message. And We also suggest fast failure detecting mechanism.

  • PDF

An Enhanced UBR+(EUBR+) scheme to improve the performance of TCP-over-ATM

  • Kim, Chul;Kim, Young-Tak
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.26 no.9A
    • /
    • pp.1535-1541
    • /
    • 2001
  • TCP is the most widely-used transport layer protocol in current Internet, while ATM technology is used to increase the data communication speed at data link layer and network layer. In the TCP-over-ATM architecture, the most significant problems are (i) the partial packet discarding problem, and (ii) the TCP window timeout problem. Several approaches have been proposed to solve the partial packet discard problem and the timeout problem individually, but none of them considered the two problems together. In this paper, we propose an enhanced UBR+ scheme which supports fairness among the TCP connections using UBR+ scheme, and provides protection of damaged VC from the multiple packet losses in the same TCP sliding window. To analyze its performance, we simulate the proposed scheme using OPNET. The simulation results show that the proposed scheme supports fairness, and also increases the throughput by reducing the probability of multiple cell losses in the same TCP window.

  • PDF

An Enhanced Dynamic Multilayer Routing for Networks with Protection Requirements

  • Urra, Anna;Calle, Eusebi;Marzo, Jose L.;Vila, Pere
    • Journal of Communications and Networks
    • /
    • v.9 no.4
    • /
    • pp.377-382
    • /
    • 2007
  • This paper presents a new enhanced dynamic and multilayer protection(DMP) routing scheme that considers cooperation between packet and wavelength switching domain in order to minimize the resource consumption. The paper describes the architecture of the multilayer network scenario and compares the proposed algorithm with other routing mechanisms applying protection at the IP/multi-protocol label switching(MPLS) layer or at the optical layer. Simulation results show that DMP reduces the number of optical-electrical-optical(o-e-o) operations and makes an efficient use of the network resources compared to non-multilayer proposals.