MultiFath TCP (MPTCP) is a recent TCP extension that enables hosts to send data over multiple paths for a single connection. It is already deployed for various use cases, notably on smartphones. In ...parallel with this, there is a growing deployment of encryption and authentication techniques to counter various forms of security attacks. Tcpcrypt and TLS are some of these security solutions. In this paper, we propose MPTCPsec, a MultiPath TCP extension that closely integrates authentication and encryption inside the protocol itself. Our design relies on an adaptation for the multipath environment of the ENO option that is being discussed within the IETF tcpinc working group. We then detail how MultiPath TCP needs to be modified to authenticate and encrypt all data and authenticate the different TCP options that it uses. Finally, we implement our proposed extension in the reference implementation of MultiPath TCP in the Linux kernel and we evaluate its performance.
Segment Routing (SR) is a powerful tool to solve traffic engineering in large networks. It enables steering the traffic along any arbitrary network path while limiting scalability issues as routers ...do not need to maintain a global state. Mathematical programming approaches proposed so far for SR either do not scale well with the size of topology or impose a strong limit on the number of possible detours (typically at most one). Moreover they do not support Segment Routing fully by ignoring the adjacency segments. This paper leverages column generation, a widely used technique for solving large scale linear programs, combined with a novel dynamic program for solving the pricing problem. Our approach reaches near optimal solutions with gap guarantees by also computing a strong lower-bound tighter than the multi-commodity flow relaxation. It scales even on large topologies and exploits the full expressiveness of SR including adjacency segments. Our experiments compared with existing traffic engineering techniques on various topologies and demand matrices demonstrate the advantages of our approach in terms of scalability, any-time behavior and quality of the solutions.
Leveraging eBPF to Make TCP Path-Aware Jadin, Mathieu; De Coninck, Quentin; Navarre, Louis ...
IEEE eTransactions on network and service management,
2022-Sept., 2022-9-00, 20220901, Letnik:
19, Številka:
3
Journal Article
Recenzirano
The Transmission Control Protocol (TCP) is one of the key Internet protocols. It is used by a broad range of applications. TCP was designed when there was typically a single path between a client and ...a server. Today's networks provide higher path diversity, yet TCP still only uses the single path selected by the network layer. This limits the ability of TCP to react to events such as interdomain failures or highly congested peering links. We propose the TCP Path Changer (TPC), a set of eBPF programs that are incorporated into the Linux TCP/IP stack to make it more agile. To illustrate the benefits of our approach, we first demonstrate that TPC can quickly reroute an ongoing TCP connection around a failure. We then show that TPC can also monitor the round-trip-time of active TCP connections and automatically reroute them if it becomes too high. Our evaluation of TPC in emulated networks evidences the significant performance benefits of a path-aware transport protocol.
The Case for Pluginized Routing Protocols Wirtgen, Thomas; Denos, Cyril; Coninck, Quentin De ...
2019 IEEE 27th International Conference on Network Protocols (ICNP),
2019-Oct.
Conference Proceeding
Routing protocols such as BGP and OSPF are key components of Internet Service Provider (ISP) networks. These protocols and the operator's requirements evolve over time, but it often takes many years ...for network operators to convince their different router vendors and the IETF to extend routing protocols. Some network operators, notably in enterprise and datacenters have adopted Software Defined Networking (SDN) with its centralised control to be more agile. We propose a new approach to implement routing protocols that enables network operators to innovate while still using distributed routing protocols and thus keeping all their benefits compared to centralised routing approaches. We extend a routing protocol with a virtual machine that is capable of executing plugins. These plugins extend the protocol or modify its underlying algorithms through a simple API to meet the specific requirements of operators. We modify the OSPF and BGP implementations provided by FRRouting and demonstrate the applicability of our approach with several use cases.
Securing MultiPath TCP Jadin, Mathieu; Tihon, Gautier
IEEE EUROCON 2017 -17th International Conference on Smart Technologies,
2017-July
Conference Proceeding
MultiPath TCP (MPTCP) is a recent TCP extension that enables hosts to send the data belonging to one connection over multiple paths. It is already deployed for various use cases, notably on ...smartphones. In parallel with this, there is a growing deployment of encryption and authentication techniques to counter various forms of attacks. Tcpcrypt and the Transport Layer Security (TLS) are some of these security solutions. In this paper, we propose MPTCPsec, a MultiPath TCP extension that closely integrates authentication and encryption inside the protocol and shows how it counters several types of attacks.
IPv6 Segment Routing (SRv6) is a modern version of source routing that is being standardised within the IETF to address a variety of use cases in ISP, datacenter and entreprise networks. Its ...inclusion in recent versions of the Linux kernel enables researchers to explore and extend this new protocol.
We leverage and extend the SRv6 implementation in the Linux kernel to demonstrate two very different usages of this new protocol. We first show how entreprise networks can leverage SRv6 to better control the utilisation of their infrastructure and demonstrate how DNS resolvers can act as SDN controllers. We then demonstrate how SRv6Pipes can be used to efficiently implement network functions that need to process bytestreams on top of a packet-based SRv6 network.
Software Resolved Networks Lebrun, David; Jadin, Mathieu; Clad, François ...
Proceedings of the Symposium on SDN Research,
03/2018
Conference Proceeding
Enterprise networks often need to implement complex policies that match business objectives. They will embrace IPv6 like ISP networks in the coming years. Among the benefits of IPv6, the recently ...proposed IPv6 Segment Routing (SRv6) architecture supports richer policies in a clean manner. This matches very well the requirements of enterprise networks.
In this paper, we propose Software Resolved Networks (SRNs), a new architecture for IPv6 enterprise networks. We apply the fundamental principles of Software Defined Networks, i.e., the ability to control the operation of the network through software, but in a different manner that also involves the endhosts. We leverage SRv6 to enforce and control network paths according to the network policies. Those paths are computed by a centralized controller that interacts with the endhosts through the DNS protocol. We implement a Software Resolved Network on Linux endhosts, routers and controllers. Through benchmarks and simulations, we analyze the performance of those SRNs, and demonstrate that they meet the expectations of enterprise networks.
To reflect the key role played in our society by the network technologies, the networking courses have moved to Bachelor degrees where they are taught to large classes. We report our experience in ...developing an open-source ebook that targets those introductory networking courses and a series of open educational resources that complement the ebook.
Abstract
Modification of hyaluronan (HA) accumulation has been shown to play a key role in regulating inflammatory processes linked to the progression of multiple sclerosis (MS). The aim of this ...study was to characterize the enzymatic activity involved in HA degradation observed within focal demyelinating lesions in the experimental autoimmune encephalomyelitis (EAE) animal model. EAE was induced in 3-month-old female C57BL/6J mice by immunization with myelin oligodendrocyte glycoprotein 33–35 (MOG33–35) peptide. The mice were monitored for 21 days. Formalin-fixed paraffin-embedded tissue from control and EAE mice were labeled with an immunoadhesin against HA, antibodies against KIAA1199 and glial fibrillary acidic protein, a marker for astrocytes. In situ hybridization was conducted using a KIAA1199 nucleic acid probe. In histologic sections of spinal cord from EAE mice, abnormal HA accumulation was observed in the close vicinity of the affected areas, whereas HA was totally degraded within the focal loci of damaged tissue. KIAA1199 immunoreactivity was exclusively associated with focal loci in damaged white columns of the spinal cord. KIAA1199 was mainly expressed by activated astrocytes that invaded damaged tissue. Similar findings were observed in tissue from an MS patient. Here, we show that KIAA1199, a protein that plays a role in a HA degradation pathway independent of the canonical hyaluronidases such as PH20, is specifically expressed in tissue lesions in which HA is degraded. KIAA1199 expression by activated astrocytes may explain the focal HA degradation observed during progression of MS and could represent a possible new therapeutic target.
PDF
