Beaumont Sainz, Alfredo
Projects
QoSensor: Diseño de un sensor para el análisis de la QoS en redes de datos
Departamento de Industria - SAIOTEK 2005-2006
DET (UPV/EHU): Armando Ferro, Alejandro Muñoz, Luis Zabala, Igor Delgado, Alfredo Beaumont
Fundación Deusto
09/2005 - 12/2006
Fundación Deusto
09/2005 - 12/2006
Conference Papers
PQoS analysis over a BGP/MPLS IP VPN infrastructure
Jose Oscar Fajardo, Alfredo Beaumont, Begoña Blanco, Alex Muñoz, Fidel Liberal
VI Workshop in G/MPLS Network (WGN6)
Girona, Spain
12-13 April 2007
Girona, Spain
12-13 April 2007
ABSTRACT
This work focuses on the analysis of Quality of Service (QoS) management in controlled scenarios such as corporate networks. We present a testbed based on BGP/MPLS IP VPN networks and show the QoS configuration implemented in the different nodes. The motivation of this work is to obtain stable QoS monitoring procedures that will allow us to deploy optimized QoS management mechanisms. The results are intended to represent users’ satisfaction for different networked services, so we base our QoS evaluation in perceived-QoS (PQoS) schemes. In this paper we proposed a network scenario made up of a VPN connectivity between two corporate sites. Based on the terms included in the SLA and the characteristics of different traffic profiles, we try to monitor the PQoS in different conditions, so we can obtain valuable information for a better traffic classification.
This work focuses on the analysis of Quality of Service (QoS) management in controlled scenarios such as corporate networks. We present a testbed based on BGP/MPLS IP VPN networks and show the QoS configuration implemented in the different nodes. The motivation of this work is to obtain stable QoS monitoring procedures that will allow us to deploy optimized QoS management mechanisms. The results are intended to represent users’ satisfaction for different networked services, so we base our QoS evaluation in perceived-QoS (PQoS) schemes. In this paper we proposed a network scenario made up of a VPN connectivity between two corporate sites. Based on the terms included in the SLA and the characteristics of different traffic profiles, we try to monitor the PQoS in different conditions, so we can obtain valuable information for a better traffic classification.
Application of a PQoS Based Model to the Management of MPLS IP VPNs
Jose Oscar Fajardo, Alfredo Beaumont, Begoña Blanco, Alex Muñoz, Fidel Liberal
V Workshop in G/MPLS Network
Girona, Spain
30-31 March, 2006
Girona, Spain
30-31 March, 2006
ABSTRACT
This paper deals with the management of QoS as perceived by end users in corporate networks. First, we overview some previous results achieved by the research group in the field of estimating and managing the QoS. In this work we accomplished some validation tasks by means of simulation. Going on with the analysis of applicability of the general model to real-world, we propose here to analyze a network scenario that includes an MPLS IP VPN. In this scenario we can take into account all the agents involved in the provision of Internet services and moreover we can carry out a management of QoS in the network.
This paper deals with the management of QoS as perceived by end users in corporate networks. First, we overview some previous results achieved by the research group in the field of estimating and managing the QoS. In this work we accomplished some validation tasks by means of simulation. Going on with the analysis of applicability of the general model to real-world, we propose here to analyze a network scenario that includes an MPLS IP VPN. In this scenario we can take into account all the agents involved in the provision of Internet services and moreover we can carry out a management of QoS in the network.
Software Architecture Based on Multiprocessor Platform to Apply Complex Intrusion Detection Techniques
Armando Ferro, Fidel Liberal, Alejandro Muñoz, Igor Delgado, Alfredo Beaumont
2005 IEEE International Carnahan Conference on Security Techniques
Las Palmas de Gran Canaria, Spain
October 11-14, 2005
Las Palmas de Gran Canaria, Spain
October 11-14, 2005
ABSTRACT
The importance of security issues in network environments has increased greatly lately. Intrusion Detection Systems play an important role in network security environments. Nevertheless, nowadays, data network speed is so high that performing intrusion detection tasks becomes challenging. This paper presents a software architecture that intends to exploit the parallelism available on up-to-date and future workstations to apply intrusion detection rules in high speed networks. To achieve this, a shared memory multiprocessor system has been developed. The system includes a powerful rule language that adds big flexibility to the system.
The importance of security issues in network environments has increased greatly lately. Intrusion Detection Systems play an important role in network security environments. Nevertheless, nowadays, data network speed is so high that performing intrusion detection tasks becomes challenging. This paper presents a software architecture that intends to exploit the parallelism available on up-to-date and future workstations to apply intrusion detection rules in high speed networks. To achieve this, a shared memory multiprocessor system has been developed. The system includes a powerful rule language that adds big flexibility to the system.
Migración al kernel de un sensor de análisis de tráfico en redes de alta velocidad
Aritz Bastida, Igor Delgado, Alfredo Beaumont
XX Symposium Nacional de la URSI
Gandia, Spain
September 14-16, 2005
Gandia, Spain
September 14-16, 2005
ABSTRACT
Traffic analyzers play a very important role in Network Engineering. They are used in firewalling, QoS, Intrusion Detection Systems (IDS), network monitoring,and so on. As networks become faster, more traffic needs to be processed and so, traffic analyzers should have more processing power as well. However, the hardware solutions that have been suggested for now are quite expensive so they are not always convenient. As for software solutions, they are generally not too efficient, as they normally run in the user area of the operating system. In this paper, we describe a network traffic analyzer that has been moved to the Linux kernel, so that its performance can be improved and the package loss ratio minimized.
Traffic analyzers play a very important role in Network Engineering. They are used in firewalling, QoS, Intrusion Detection Systems (IDS), network monitoring,and so on. As networks become faster, more traffic needs to be processed and so, traffic analyzers should have more processing power as well. However, the hardware solutions that have been suggested for now are quite expensive so they are not always convenient. As for software solutions, they are generally not too efficient, as they normally run in the user area of the operating system. In this paper, we describe a network traffic analyzer that has been moved to the Linux kernel, so that its performance can be improved and the package loss ratio minimized.
Arquitectura de red para la automatización de pruebas
Alfredo Beaumont, Jose Oscar Fajardo, Eva Ibarrola, Cristina Perfecto
V Jornadas de Ingeniería Telemática (JITEL'05)
Vigo, Spain
September 12-14, 2005
Vigo, Spain
September 12-14, 2005
ABSTRACT
One of the most important tasks of a researcher consists in performing tests to validate the results of the research done. In a network related research work, with complex infrastructure and many configuration parameters, testing our work is usually rather mechanic, tedious and error prone if tests are done manually. In the Networking, Quality and Security Research Group, we have developed a generic test framework to automate this important task, composed of four kind of logical elements: a manager, agents, daemons and formatters. With these four elements, every phase of the process is automated, from test configuration to result formatting. The deployment of this framework has drastically reduced the time needed for the test phase and the number of errors due to mistakes. It has also allowed us to share resources among projects more easily and to schedule test sets when the devices are not being used.
One of the most important tasks of a researcher consists in performing tests to validate the results of the research done. In a network related research work, with complex infrastructure and many configuration parameters, testing our work is usually rather mechanic, tedious and error prone if tests are done manually. In the Networking, Quality and Security Research Group, we have developed a generic test framework to automate this important task, composed of four kind of logical elements: a manager, agents, daemons and formatters. With these four elements, every phase of the process is automated, from test configuration to result formatting. The deployment of this framework has drastically reduced the time needed for the test phase and the number of errors due to mistakes. It has also allowed us to share resources among projects more easily and to schedule test sets when the devices are not being used.
Análisis de mecanismos software para la captura pasiva y procesamiento de tráfico de red
Igor Delgado, Armando Ferro, Alfredo Beaumont, Alex Muñoz
V Jornadas de Ingeniería Telemática (JITEL'05)
Vigo. Spain
September 12-14, 2005
Vigo. Spain
September 12-14, 2005
ABSTRACT
Analysis of network traffic has become a really important task for many fields, from IDS to QoS evaluation. The great increase in the speed of networks, much faster than processor's performance increase, is making difficult to handle the processing of all network packets. One way to solve this problem is to move the processing to the hardware elements. This is a very expensive solution and, in some cases, improving the performance of the capturing software may be enough. Although current general purpose operating systems have been improving the performance of network processing, there is still place for improvement. In this paper we present in detail the way followed by a packet through the operating system until it is processed at user level. Some empirical measurements has been made along the packet journey in order to find the bottlenecks of the capturing process as well as discussing some ways to further increase the performance of the capturing process.
Analysis of network traffic has become a really important task for many fields, from IDS to QoS evaluation. The great increase in the speed of networks, much faster than processor's performance increase, is making difficult to handle the processing of all network packets. One way to solve this problem is to move the processing to the hardware elements. This is a very expensive solution and, in some cases, improving the performance of the capturing software may be enough. Although current general purpose operating systems have been improving the performance of network processing, there is still place for improvement. In this paper we present in detail the way followed by a packet through the operating system until it is processed at user level. Some empirical measurements has been made along the packet journey in order to find the bottlenecks of the capturing process as well as discussing some ways to further increase the performance of the capturing process.
Security constraints and QoS in BGP/MPLS IP VPNs: a transition scenario with a non MPLS-enabled backbone
Jose Oscar Fajardo, Armando Ferro, Alejandro Muñoz, Alfredo Beaumont
IV Workshop in G/MPLS Networks
Girona, Spain
April 21-22, 2005
Girona, Spain
April 21-22, 2005
ABSTRACT
This paper analyses several issues about security and QoS in corporate networks based on BGP/MPLS IP VPN technology. First, we discuss some security requirements and constraints specified for ‘conventional’ BGP/MPLS IP VPNs, where the provider’s transport infrastructure supports MPLS. Likewise, we describe different alternative mechanisms suitable to provide QoS guarantees in this kind of networks. Afterwards, the paper focuses on a transition scenario, where some of the corporate sites may be attached to an IP backbone with no MPLS support. In order to preserve the basic VPN architecture some alternative tunneling approaches are defined. We study some critical security requirements in this scenario and analyse the potential impact of its implementation over the QoS characteristics. We present a testbed based on Linux boxes and some general implementation issues, and finally some empirical results are shown.
This paper analyses several issues about security and QoS in corporate networks based on BGP/MPLS IP VPN technology. First, we discuss some security requirements and constraints specified for ‘conventional’ BGP/MPLS IP VPNs, where the provider’s transport infrastructure supports MPLS. Likewise, we describe different alternative mechanisms suitable to provide QoS guarantees in this kind of networks. Afterwards, the paper focuses on a transition scenario, where some of the corporate sites may be attached to an IP backbone with no MPLS support. In order to preserve the basic VPN architecture some alternative tunneling approaches are defined. We study some critical security requirements in this scenario and analyse the potential impact of its implementation over the QoS characteristics. We present a testbed based on Linux boxes and some general implementation issues, and finally some empirical results are shown.
A New Approach To Analysis Traffic Based On Multiprocessor Architectures
Igor Delgado García, Alfredo Beaumont, Jose Oscar Fajardo, Jose Luis Jodrá
IADAT International Conference on Telecomunications and Computer Networks (IADAT-tcn2004)
San Sebastián, Spain
December 1-3, 2004
San Sebastián, Spain
December 1-3, 2004
ABSTRACT
The current expansion of new services, which require high bandwidth rates, has enforced an increase of network throughput hindering network monitoring. Conventional network traffic analysis tools like tcpdump or ethereal were not designed to keep up with new rates so loss rates are very high. Consequently, we have developed a sensor that exploits multiprocessor features in order to reduce loss rates in high speed networks. Most network traffic analysis require communication among instances yielding synchronization troubles that must be solved. As the sensor splits traffic analysis loads among different processes, they will concurrently access to shared memory areas. Conventional synchronization mechanisms like semaphores are not a good approach because they harm sensor’s performance highly. Hence, in this paper we introduce a number of mechanisms that improve the overall performance of the sensor as a result of an effective communication among instances.
The current expansion of new services, which require high bandwidth rates, has enforced an increase of network throughput hindering network monitoring. Conventional network traffic analysis tools like tcpdump or ethereal were not designed to keep up with new rates so loss rates are very high. Consequently, we have developed a sensor that exploits multiprocessor features in order to reduce loss rates in high speed networks. Most network traffic analysis require communication among instances yielding synchronization troubles that must be solved. As the sensor splits traffic analysis loads among different processes, they will concurrently access to shared memory areas. Conventional synchronization mechanisms like semaphores are not a good approach because they harm sensor’s performance highly. Hence, in this paper we introduce a number of mechanisms that improve the overall performance of the sensor as a result of an effective communication among instances.
Herramienta de Captura y Análisis Concurrente de Tráfico en Redes de Alta Velocidad
Igor Delgado, Alfredo Beaumont, Jose Oscar Fajardo
XIX Simposium Nacional URSI
Barcelona, Spain
September, 2004
Barcelona, Spain
September, 2004
ABSTRACT
As networks become faster, traffic analizers and network intrusion detections systems have big problems handling all the traffic of a network. As a result of the investigation on this topic, looking for parallelism in the processing of the captured traffic, this document presents a tool designed for high-speed network traffic analysis. The tool is based on the concurrent analysis of multiple instances, using shared memory as an interface among instances and between modules of the system. The system includes a powerful rule language with adds big flexibility to the system, and so the tool may work in different areas involving traffic analysis, including both for Intrusion Detection System (IDS) and Quality of Service (QoS) analysis.
As networks become faster, traffic analizers and network intrusion detections systems have big problems handling all the traffic of a network. As a result of the investigation on this topic, looking for parallelism in the processing of the captured traffic, this document presents a tool designed for high-speed network traffic analysis. The tool is based on the concurrent analysis of multiple instances, using shared memory as an interface among instances and between modules of the system. The system includes a powerful rule language with adds big flexibility to the system, and so the tool may work in different areas involving traffic analysis, including both for Intrusion Detection System (IDS) and Quality of Service (QoS) analysis.