In all situations, early warning of an attack offers the best chance of defense against that attack. Having detailed information about the attack before it occurs provides a defender with more options to use in his or her defense. These principles are true regardless of when or how an attack occurs. When armed with early warning and information, effective and preemptive countermeasures may be efficiently employed. Unfortunately, the configuration of a network and the speed of electronic communications often prevent any substantive early warning or preemptive informational analysis.
The most common countermeasure employed by networks limits the speed of ingress (incoming) electronic communications by forcing the traffic through one or more filters at the ingress point in order to detect malicious or suspicious traffic. Currently, when malicious or suspicious traffic is identified, the particular signal or packet is quarantined. Each subsequent filter then adds another layer of delay, thereby imposing additional time costs on network traffic and electronic communications. Ultimately, malicious and suspicious attacks on computer networks are a common occurrence causing significant performance and financial loss, while redirecting resources and budgets. The alternative to filtering is to allow network security systems to react to an attack.
Users of networks want the fastest communication speeds for their signals and data packets as they transit the network. This is the optimal communications path. The competing needs for network security against the end users' need for fast communications are one of the many balancing efforts network administrators face. Multiprotocol label switching (MPLS) networks are one solution where balancing the competing needs provides additional opportunities to satisfy the competing demands of security and speed.
MPLS networks are quickly becoming the standard for high-speed network backbones. MPLS networks used by major service providers offer a variety of high-priority paths (optimal) and low-priority paths (suboptimal) for customer traffic based on service level agreements. Thus, network administrators can meet the end users' needs by modifying the choices the end user makes and pays for.
For each MPLS network, there is at least one optimal path corresponding to the optimum speed for each signal or packet. Similarly, there are usually several suboptimal paths corresponding to the suboptimal speeds of signals or packets, the suboptimal speeds being less than the optimum speed. Current MPLS network security limits all of these transmissions to some value below the absolute fastest or optimal speed technologically available, thereby causing the performance of the network to be slower.
Because MPLS networks have a plurality of nodes, there are numerous routes and paths electronic communication signals can travel. This also means networks have numerous ingress points, routes and paths for the malicious and suspicious traffic to traverse. Because each node adds the burden of filtering an electronic signal, the speed of the network dramatically slows down, and the electronic signal travels at an extremely low, suboptimal speed. Optimization of the system also suffers filtration limits. However, without filtration systems, the network and its nodes have limited ability to react to threats when attacked.
The foregoing issues show a need for one or more ways to protect networks, optimize the electronic signal speed, and provide early warning messages without the burden of multiple filters.
In one aspect, the following invention provides for a method for communicating a high-priority signal across a network ahead of a lower-priority signal. The method comprises the steps of:
a. assigning a priority to each signal entering the network
b. identifying any harmful signal associated with any of the signals entering the network;
c. generating a high-priority signal in response to the identification of a harmful signal;
d. identifying and selecting at least one defensive technique for the network;
e. defining a plurality of electronic communication paths, each path capable of carrying a plurality of signals, wherein the step of defining the plurality of paths identifies at least one optimal communication path and at least one suboptimal communication path corresponding with the selected defensive technique;
f. electronically communicating the high-priority signal along the optimal communication path; and
g. delivering the high-priority signal along the optimal communication path to the desired destination prior to delivering any of the lower priority signals.
In another aspect, the invention provides a method for flexible high-priority electronic communication suitable for communicating a plurality of signals across a network, the network having a plurality of electronic communication paths and each signal having a signal priority. The method comprises the steps of:
a. determining a priority for each signal, wherein at least one signal is a high-priority signal;
b. selecting at least one defensive technique, thereby defining a plurality of paths for electronically communicating the signals; and
c. employing one or more of the selected defensive techniques to optimize the electronic communication of the high-priority signal along at least one of the paths, thereby providing delivery of a transmitted high-priority signal faster than transmitted lower-priority signals to a desired destination.
In yet another aspect, the invention provides a method for delivering high-priority signals over a network faster than lower-priority signals. The method comprises:
a. identifying a plurality of paths;
b. ranking each of the plurality of paths from an optimal path to at least one suboptimal path, wherein each path includes an origination node and a termination node;
c. identifying a reaction window, the reaction window defining a desired time difference between the optimal path and suboptimal paths;
d. selecting the optimal path and at least one suboptimal path from the plurality of paths satisfying the reaction window, the selection determined by the reaction window for each origination node and termination node; and
e. delivering the high-priority signal from the origination node to the termination node along the selected path.
Numerous objects and advantages of the invention will become apparent as the following detailed description of the preferred embodiments is read in conjunction with the drawings, which illustrate such embodiments.
The inventive method uses a MPLS network and hyperspeed paths, also known as optimal paths, for command and control, and other high priority traffic. Suboptimal paths, which are slower than optimal paths, are typically used for all non high-priority traffic. This optimal and suboptimal path approach facilitates implementing sophisticated network defense techniques. For example, the time differential between the optimal and suboptimal paths provides a reaction window sufficiently long enough to implement one of many defenses. The communication delay is the amount of time between the origination node, or source node which identifies an attack, and the termination node, or destination node, that receives the warning. The reaction window is the difference in communication delay between the optimal path and a selected suboptimal path. The reaction window also includes the time needed to implement a defense against the identified attack. Data packets sent along hyperspeed paths arrive well in advance of malicious or suspicious traffic to alert network devices and initiate defensive actions. MPLS networks are well suited for this inventive method because MPLS networks logically separate the internal internet protocol (IP) control network from external IP networks that connect with the data plane. The example used herein describes a core MPLS network, but any type of network may adapt and employ the inventive method. The hyperspeed messages are electronic communication signals having at least one data packet. The traffic is the electronic communication carried by the network.
There are one or more optimal paths and a plurality of suboptimal paths between two nodes on the network. This provides for different reaction time windows. The reaction time windows vary, based upon malicious or suspicious traffic, and provide more or less time to implement defensive actions. Depending on its nature and priority, most traffic is sent along suboptimal paths. However, traffic deemed to be malicious or suspicious is sent along the slowest paths. Similarly, the hyperspeed paths are not solely reserved for command and control traffic. Some time-critical traffic, such as interactive voice and video communications, are also sent along faster suboptimal paths and/or hyperspeed paths. Network administrators must balance the speeds of different types of traffic, or risk reducing the reaction time window, thereby decreasing the time available to implement defensive actions.
At least three service differentiation techniques for introducing delays exist. A first service differentiation technique is the queue priority technique, which gives hyperspeed traffic the highest priority. A second service differentiation technique is the delay variation technique, which delays non-hyperspeed traffic for a set period-of-time in queues maintained at the network nodes. A third service differentiation technique is the route variation technique, which forces non-hyperspeed traffic to take slower, suboptimal paths. The third technique requires an algorithm that is discussed in detail hereinbelow. All three service differentiation techniques are useable individually, or in combination, to satisfy specific reaction time windows given the available network resources and constraints. To maximize the overall efficiency of the network, any use of a suboptimal path should incorporate the smallest delay necessary to obtain the desired reaction time window. Suboptimal paths are created by introducing delays in the network.
One of the core capabilities of the inventive method allows the network administrator to identify a threat, or target packet, and send a hyperspeed signal to any node in the network before a target packet arrives at a node under attack. The network administrator can do this in one of two ways. The first way has a single hyperspeed signal arriving before the target packet. The first way provides the network administrator the ability to track multiple target packets and to correlate information about all target packets, regardless of their locations in the network. The second way uses multiple hyperspeed signals, one for each target packet under observation.
Another core capability is the opportunity to collect intelligence, conduct surveillance of the network, and reconnoiter the network. Often, these actions are referred to as Intelligence, Surveillance, and Reconnaissance (ISR). In this context, Intelligence involves integrating time-sensitive information from all sources into concise, accurate and objective reports related to a threat situation. Reconnaissance refers to acquiring information about a threat, possibly a one-time endeavor. Surveillance refers to the systematic observation of a targeted area or group, usually over an extended time. In the event the network administrator needs ISR capabilities for any reason, the scope and speed of ISR is only limited by the connectivity of the nodes via hyperspeed paths, and the reaction time windows offered by these paths.
A third core capability relates to defensive actions. Hyperspeed signals allow the implementation of sophisticated network defenses. The advance warning provided by hyperspeed signaling enables a network to seemingly employ “precognition,” and react to an attack before it reaches the target. The different defenses are discussed in detail hereinbelow.
Hyperspeed signaling enables distributed filtering, teleporting packets, quarantining network devices, tagging and tracking suspicious packets, projecting holographic network topologies, and transfiguring networks. The distributed filtering defense allows network administrators to outsource detection mechanisms to various locations and/or organizations. Teleportation enables packets to be transported by masked or secret routes across a network without being detected. Quarantining enables a network device, segment or path to vanish before it can be affected by an attack. Tagging facilitates the tracking of suspicious traffic and the routing of other traffic accordingly. Network holography conceals a real network and projects an illusory topology. Transfiguration enables network topologies to be dynamically manipulated to adapt to the environment and context of the threat.
Referring to
Route 18 is the sequence of links 16 that an electronic signal travels between an origination or source node 12A, and the intervening nodes 12B and 12C until it reaches a termination or destination node 12F.
Network 10 illustrated in
Virtual private network (VPN) 22, consisting of two sites 24, is connected via network 10 as illustrated in
Using
The same hyperspeed communication process discussed above may be applied to a LAN. Hyperspeed signals are identified by reserving a special set of MAC addresses using fields in 802.1q (VLAN) headers or using 802.1p (Ethernet QoS), depending on the technologies supported by Ethernet switches 26. To implement the hyperspeed communications, most Ethernet switches 26 would require specialized software.
Implemented in a similar manner to hyperspeed communications, queue priority is implemented by programming Ethernet switches 26 to forward hyperspeed frames ahead of all other frames in the memory of Ethernet switches 26. Ethernet switches 26 supporting 802.1p are already equipped for queue priority. Implementing delay variation includes programming Ethernet switches 26 to place non-hyperspeed frames in a queue where the frames wait for a fixed period-of-time.
Route variation is implemented in several ways. One approach is to modify the Spanning Tree Protocol to calculate two spanning trees. The example in
Alternatively, implementing route variation involves programming Ethernet switches 26 to store the loop count in an unused Ethernet header field, and to send frames in loops a fixed number of times. Another alternative employs Virtual LAN (VLAN) 28 hopping. This alternative is also applicable to enterprise networks, described hereinbelow.
Referring to
The type of service (ToS) field or an IP option can be used to distinguish hyperspeed packets 25 from other packets 25. The features of routers 14 of enterprise network 30 determine particular service differentiation techniques available. If routers 14 have the proper features, the queue priority and delay variation techniques are implemented by configuring routers 14 to give priority to hyperspeed packets 25 and to delay non-hyperspeed packets 25 in queues.
Route variation is implemented by manipulating routing protocols (e.g., routing information protocol (RIP) and open shortest path first (OSPF)), or by applying a specialized hyperspeed routing protocol such as Δc protocol, which is discussed in detail hereinbelow.
In the case of enterprise networks 30 employing VLANs 28, Ethernet switches 26 are programmed to permit VLAN 28 hopping. Referring to
Enterprise networks 30 may contain VPNs 22. The implementation of hyperspeed signaling in enterprise networks 30 with VPNs 22 that span multiple geographic locations may require the cooperation of one or more service providers.
Internet protocols require modification of the software in routers 14 and Ethernet switches 26. However, an altered protocol can be wrapped between service provider networks, LANs 28 and enterprise networks 30. Other switches used with computer communications, such as ATM switches, fiber optics, etc., are understood to be used in place of, or in combination with Ethernet switches 26. Hyperspeed packets 25 in the Internet are identified using ToS or optional IP fields. Since the Internet is composed of service provider networks 10, hyperspeed signaling implementations for service provider networks 10 are employed. The same is true of LANs 28 and enterprise networks 30. Enterprise networks, LANs, and participating providers perform hyperspeed routing without the cooperation of non-participating providers. Non-participating providers behave in the standard way while participating networks treat the non-participating providers as if they were links among the participating networks.
Cooperating service providers can also manipulate the Border Gateway Protocol (BGP) to create optimal and suboptimal paths 20 without advertising the optimal (hyperspeed) paths 20 to non-cooperating service providers.
As discussed earlier, hyperspeed signaling helps to implement sophisticated network 10 defense techniques. Some of these defense techniques include: distributed filtering, teleporting packets 25, quarantining network devices, tagging and tracking suspicious packets 25, projecting holographic network 10 topologies and transfiguring networks 10. Due to the speeds required to react, all of the defensive techniques are automated. However, as used herein, the network administrator is identified as the actor, meaning that the network administrator sets the parameters used in the defensive technique. In some defensive techniques, the network administrator may also activate the technique (e.g., in teleportation, he may press “enter” when he wants the teleportation sequence to begin), or he may be the recipient of information (e.g., in tagging, he is notified when the target router is believed to be compromised). However, these actions are usually automated processes with defined responses.
Hyperspeed signaling supports a variety of distributed filtering configurations. The simplest configuration is “egress filtering” that can be used by service provider networks 10 and other entities that transport traffic between a plurality of networks 10. As depicted in
Hyperspeed sentinel messaging enhances flexibility and efficiency by distributing detection and filtration functionality. In addition, it enables service provider networks 10 and other networks 10 that employ multiple detection modalities to maintain low latency. A non-limiting example of other networks 10 includes enterprise networks 30.
The traditional ingress filtering approach is illustrated in
Referring to
The advance-warning configuration enables networks 10 to outsource detection. Copies of suspicious packets are forwarded to a third party having sophisticated detection capabilities. For example, security service providers or government agencies may take advantage of the advance-warning configuration. In the case of security service providers, if the third party detects malicious activity, it can send a hyperspeed signal to trigger filtering. The third party is able to correlate packets observed from multiple client networks 10 and provides sophisticated detection services to its clients without compromising any information or data. Governmental agencies are able to use the same technique for national security related reasons.
Hyperspeed routes 18 are used to teleport packets. Simple teleportation is illustrated in
Another teleportation approach is analogous to stage magic. Stage magicians often use identical twins to create the illusion of teleportation. To set up the act, the magician positions one twin at the source while the other is hidden at the destination. During the act, the magician directs the first twin to enter a box and then secretly signals the other twin to reveal himself at the destination. The same approach is used to create the illusion of packet 25 teleportation.
The staged teleportation approach is illustrated in
An alternative variation of the teleportation approach modifies Step 1. An operator located at router 14F sends a copy of packet 25 to node 12A along a covert hyperspeed path 20A using simple teleportation. Similar to the previous teleportation approach, a casual observer will see packet 25B travel from node 12A to router 14B, and the perceived packet 25B travel from router 14F to node 12G, but not from router 14B to router 14F. This teleportation approach helps conceal the real origins of network messages.
Another alternative of teleportation involves prediction.
Quarantining enables a targeted network device, segment or path 20 to disappear before it can be compromised by an attack. As illustrated in
If the attack reaches the targeted device before it is quarantined, the device is isolated before it can affect other parts of network 10. The device is reconnected only after it is verified to be secure. Because the quarantine messages travel along hyperspeed paths 20, the likelihood that the attack will be thwarted before it impacts the targeted device is increased. The same technique is used to quarantine network segments or deny the use of certain network paths 20.
In a tagging defensive technique, a network administrator tracks path 20 taken by suspicious traffic. An analogy from nature is the ant leaving a trail of pheromones to indicate its path. A network administrator's system 43 sends diagnostic packets 25 via hyperspeed paths 20B to nodes 12 along path 20 taken by a suspicious packet to observe its behavior. If, as illustrated in
Tagging is used to mitigate the effects of attacks that originate from multiple sources, including distributed denial-of-service attacks (DDoS) and other attacks. One of many examples is an attack that is fragmented into five benign packets 25, and is executed only when all five packets 25 are assembled in sequence. Since a single stateful firewall with knowledge about the fragmented attack can detect and block one or more packets 25, implementing a successful attack would require packets 25 to be sent from different locations.
The tagging mechanism counters the fragmented attack by quarantining the target node 12B as soon as anomalous behavior is detected. Packets 25 that constitute the attack are traced back to their origins at perimeter 42 of network 10. Filters 36 and detectors 40 must be appropriately re-configured to detect the attack.
Networks 10 hide their internal structure by using private IP addresses. The hidden nature of the IP addresses enables hyperspeed signaling on networks 10 by projecting illusory internal structures or “holograms.”
Conventional holograms are created using lasers and special optics to record scenes. For example, when a cylindrical piece of glass is used, a scene is recorded from many angles. Once recorded, the original scene can be removed, but the hologram will project the recorded scene according to the viewing angle. If enough angles are recorded, the hologram creates the illusion that the original scene is still in place.
Similarly, the network administrator creates topology 44, which is an illusory topology 44, of network 10 and subsequently distributes the illusory topology 44 to edge nodes 12 of a real network 10, as illustrated in
Transfiguration enables networks 10 to cooperate, much like utilities in the electric power grid, to continue providing services during times of crisis. Network administrators manipulate their internal network 10 topologies, or modify the topologies 44 along perimeter 42 of cooperating networks 10, to lend or lease additional resources as required. Additionally, administrators may modify topologies 44 at perimeter 42 near an attack. This method is analogous to moving the frontline forward or backward during a battle.
Links 16 and nodes 12 may need to be strategically quarantined, disabled or re-enabled based on circumstances. As resources are lost and gained, the roles of devices, especially at perimeter 42, may change. Hyperspeed signaling enables topology 44 changes to occur seemingly instantaneously, and enables devices with special roles to operate in proxy where necessary at perimeter 42. As resources become available, the window for hyperspeed signaling is adjusted as necessary to provide additional reaction time. The resource availability is a result of being regained after being compromised or being leased from other sources.
Implementing hyperspeed signaling in network 10 requires a protocol that applies the queue priority, delay variation and route variation service differentiation techniques appropriately to achieve the target reaction time window. The target reaction window is the desired reaction window where the electronically communicated high-priority signal arrives faster than all lower-priority signals transmitted within the time period. Of these techniques, implementing the route variation technique is relatively complicated. If a network administrator attempts to build explicitly routed paths 20 to satisfy the target reaction time window, the risk of error is high. In addition, if a link 16 or node 12 becomes unavailable, hyperspeed signaling along the affected paths 20 fails, unless new paths 20 are identified.
An automated protocol for constructing paths 20 that satisfy the target reaction time window in a dynamic network environment is desirable. An approach is to run Dijkstra's Algorithm repeatedly to discover multiple paths 20, but the fastest and slowest loop-free paths 20 still may not accommodate the target window. Dijkstra's Algorithm finds the optimal route 18 from s to d by iteratively and greedily removing edges and nodes 12 from a set of unvisited elements until all nodes 12 are visited. A second approach is to modify routing information protocol (RIP) to track the best route 18 as well as the second-best route 18. This approach can be further extended to track as many routes 18 as are necessary, but the number of routes 18 is difficult to determine based on the target window. The first two approaches can be applied in combination with the queue priority and delay variation techniques, but a protocol that works directly with the target window would be the most desirable. That protocol is referred to herein as the Δc Algorithm, and is illustrated by Equation 1 below.
The Δc Algorithm gives the service providers the ability to specify a desired decision window. Thus, it provides a flexible means for delivering control traffic faster than data traffic while maintaining near-optimal speeds on network 10.
The Δc Algorithm for a computer or telecommunications network 10 must be able to see the entire network 10 to allow the Δc Algorithm to properly execute using the complete topology thereof. There are at least two approaches for implementing the Δc Algorithm. One approach is developing a protocol like open shortest path first (OSPF), where information about topology 44 of network 10 is flooded to nodes 12, thereby giving each node 12 a complete picture of network 10, and facilitating independent execution of the Δc Algorithm. Another approach uses a protocol similar to RIP, where each node 12 in a distributed fashion depends on the routes 18 computed by its neighboring nodes 12 in order to compute new routes 18.
Discussed below is the approach using a protocol similar to RIP articulating the Δc Algorithm as a distributed routing protocol, or Distributed Δc Protocol, for computer and telecommunications networks 10. Also discussed below is the Δc Label Distribution Protocol (Δc-LDP), which is an adaptation of the Distributed Δc Protocol targeted for MPLS networks 10. Δc-LDP constructs hyperspeed label switched paths (LSPs) in an MPLS network, facilitating the implementation of the above discussed reactive defense mechanisms such as quarantining compromised network devices before infections spread, teleporting packets 25 via concealed transport mechanisms, and projecting illusory internal topologies 44.
The mathematical theory for expressing and manipulating route 18 restrictions and applicable proofs clarifying the types of restrictions compatible with Δc-LDP are presented below. Simulation results of Δc-LDP are also provided. The independent variables (target Δc, variance in link delays, number of links 16, number of nodes 12 and application of route 18 restrictions) are varied while the dependent variables (routing table size, actual Δc and convergence time) are monitored in randomly-generated networks 10. The simulation results show that the protocol operates well for practical values of Δc, with respect to average link cost (delay).
The Δc Algorithm discovers ranked optimal and suboptimal routes 18 in directed graphs (digraphs) based on a reaction window Δc. The Δc Algorithm offers MPLS service providers an effective means for delivering control traffic faster than data traffic, while maintaining near-optimal speeds on network 10. The definitions and theorems underlying the algorithm are presented herein. For details about graph theory, refer to: G. Chartrand and L. Lesniak, Graphs and Digraphs, Wadsworth and Brooks/Cole, Monterey, Calif., 1986. The following definitions identify the symbolic notation, and provide modified definitions to common definitions within the art.
Definition 1. The length of a route is the number of constituent edges in a route.
Definition 2. The cost of a route is the sum of the costs of the constituent edges in a route.
Definition 3. If p=s, ei, . . . , ej, t is a route from s to t, and q=t, ek, . . . , el, d is a route from t to d, then the concatenation p·q=s, ei, . . . , ej, t, ek, . . . , eld is route from s to d that is formed by following routes p and q in order.
Definition 4. Rs→d denotes the set of all routes from s ∈N to d ∈N in a network digraph Γ=(N, E). Note that S Rs→d is read “S contains a set of routes that share a common source s and destination d.”
Definition 5. If there exist three routes p, q, r ∈S Rs→d such that cost (q)−cost (r)≧Δc for some Δc ∈+ and cost (p)>cost (q), then p is a useless route in S with respect to reaction window Δc. Any other route in S is useful with respect to Δc. If the set S is not given explicitly, it is implied that S is the set of routes in Γ that share the same source and destination as route p.
Definition 6. If S Rs→d then ∇ΔcS={r ∈S|r is useful in S with respect to Δc}.
The subscript “Δc” is often omitted hereinbelow for clarity. Thus, statement r ∈∇S can be read as “r is useful in S.” ∇S S follows directly from the definition of ∇.
Theorem 1. Given a network digraph Γ=(N, E), if p·t·q is the nth-optimal route from s ∈N to d ∈N through some intermediate t ∈N, then both p and q must have a rank of n or better among optimal routes from s to t and t to d, respectively.
Proof Let r=p·t·q be the nth-ranked optimal route from s to d. Let p=pm be the mth-ranked optimal route from s to t. Then, there exist routes p1, p2, . . . , pm-1 with costs c1, c2, . . . , cm-1, each of which is less than cost (p). Also, there exist routes p1·q, p2·q, . . . , pm-1·q from s to d with costs c1+cost (q), c2+cost (q), . . . ,+cost (q) each of which is less than cost (p·q). Thus, there are at least m−1 routes that are more optimal than r, and thus, the rank of r, n, is at least m: n≧m. In other words, p must have a rank of n or better. The result for the rank of q is proved in a similar manner.
Lemma 1. Given a network digraph Γ=(N, E), if there exists an nth-optimal route of length l>1, then there also exists an nth-optimal or better route of length l−1.
Proof Assume that a route r=s, e1, t, e2, . . . , el-1, u, eld of length l>1, and rank n exists for some arbitrary source and destination. The following two routes must also exist: t, e2, . . . , eld of length l−1 that is formed by removing the first node and edge; and s, e1, . . . , El-1, u of length l−1 that is formed by removing the last node and edge. By Theorem 1, both these routes have rank n or better.
Theorem 2. Given a network digraph Γ=(N, E), if there exists an nth-optimal route of length l≧1, then there also exist nth-optimal or better routes of length m for every 0≦m<1.
Proof Theorem 2 is proved by the repeated application of Lemma 1.
Theorem 3. Given a network digraph Γ=(N, E) and some Δc ∈+, if q is a useless route, then both p·q and q·p are useless routes for any route p.
Proof Let q be a route from some t ∈N to some d ∈N, and let p be a route from some s ∈N to t. Because q is useless, there exist two routes q1 and q2 from t to d such that cost (q2)−cost (q1)≧Δc and cost (q)>cost (q2). Let r=p·q; r1=p·q1; and r2=p·q2. Then, r, r1 and r2 are all routes from s to d with costs: cost (r)=cost (p)+cost (q); cost (r1)=cost (p)+cost (q1); and cost (r2)=cost (p)+cost (q2). Then, cost (r2)−cost (r1)=[cost (p)+cost (q2)]−[cost (p)+cost (q1)]=cost (q2)−cost (q1)≧Δc, and cost (q)>cost (q2)cost (p)+cost (q)>cost (p)+cost (q2)cost (r)>cost (r2). Thus, route r is useless. The result for q·p is proved in a similar manner.
Theorem 4. If p is a useful route in a set SRs→d, then p is a useful route in any set TS for which p ∈T. Symbolically, p ∈∇SRs→dp ∈∇T for all TS|p ∈T.
Proof Because p is useful, there are three possible cases:
Case 1. Three routes do not exist in S. Thus, for any TS, |T|<3; consequently, p is useful in T.
Case 2. No two routes q, r ∈S satisfy cost (q)−cost (r)≧Δc. If two such routes do not exist in S, then two such routes cannot exist in a TS; consequently, p is useful in T.
Case 3. Two routes q, r ∈S exist such that cost (q)−cost (r)≧Δc, but for any q and r it is the case that cost (p)≦cost (q). Consider some TS. Any q and r in T are also in S. For any q and r in S, it must be the case that cost (q)−cost (r)≧Δc and cost (p)≦cost (q); consequently, cost (q)−cost (r)≧Δc and cost (p)≦cost (q) for q and r in T. Thus, p is useful in T.
Equation 1 below, is the Δc Algorithm for targeting a specified reaction window. X is a two-dimensional matrix where entry Xs, dRs→d.
Step
Equation 1, the Δc Algorithm, is limited by its centralized nature. Although it is modeled after distance-vector algorithms, the Δc Algorithm, as written, must be executed with full knowledge of the network topology. Consequently, the Δc Algorithm must be executed centrally, or like OSPF, the complete network topology must be “flooded” to all nodes, which subsequently execute the Δc Algorithm independently.
In the following, Xm denotes the contents of X after the mth iteration of the repeat block starting at Line 3 in the Δc Algorithm.
Lemma 2. Given a connected network digraph Γ=(N, E) and a reaction window Δc ∈+, after m iterations of the Δc Algorithm, Xs, dm is the set of all useful routes of length at most m from s ∈N to d ∈N.
Proof The proof is established using induction. Consider the base case of m=0 iterations. The only non-empty sets in X0 are those from Step 2 that contain exactly one element: the path from each node to itself Thus, after one iteration, every path in any set in X0 is useful. Additionally, since the only zero-length routes are the routes from a node to itself, every useful route of length 0 is an element of some set in X0.
For the inductive step, assume Lemma 2 holds after m iterations and consider Iteration m+1. By the inductive hypothesis, any entry Xs, dm is the set of all useful routes from s to d of length at most m. Any route in S (Step 5), the set of candidate new routes, has a length of at most m+1. Thus, any route in S ∪Xs, dm has a length of at most m+1.
Any route in S is computed as s, e followed by a known route from head (e) to the destination d. Thus, the route is valid and has some cost. The operator ∇Δc selects all useful paths from s to d from the new and old routes, which are then assigned to Xs, dm+1. The function drops all useless paths of length at most m+1. By Theorem 4, the application of VM does not drop any useful route, and by Theorem 3, the function does not drop any route that is part of a longer useful route. Thus, Xs, dm+1 is the set of all useful routes from s to d of length at most m+1.
Theorem 5. The Δc Algorithm terminates when every Xs, d is the set of all useful routes from s ∈N to d ∈N.
Proof It is trivial to see that if the network has only one node, the algorithm will terminate. A connected digraph with at least two nodes must contain a cycle; thus, there are infinitely many routes from a source to a destination. Because N is a finite set, N×N is finite. For each (s, d) ∈N×N, consider the optimal route r from s to d. Because there are a finite number of edges, one edge has the minimum (positive) cost; thus, there are a finite number of routes with cost less than cost (r)+Δc. Consequently, there are a finite number of useful routes for a given source and destination.
Let R be the set of all useful routes in the network. Then R is finite. Let l be the length of the longest route in R, and consider Iteration l. By Lemma 2, Xs, dl is the set of useful routes from s to d of length at most l. Since l is the length of the longest useful route, l iterations are sufficient to ensure that Xs, d is the set of useful routes from s to d regardless of route length.
Consider Iteration l+1. Any route in S has a length of at most l+1. Pick a route q in S with length l+1, source s and destination d. If q exists, it is not an element of Xs, dl. Because Xs, dl contains all useful routes, q must be a useless route and, therefore, is not selected by ∇Δc. Any other route in S is already an element of Xs, dl. Thus, ∀s, d ∈N: Xs,dl+1=∇Δc, (S ∪Xs, dl)=Xs, dl, and Xl+1=Xl, which causes the Δc Algorithm to terminate.
The Δc Algorithm does not terminate early. Consider the longest useful route and remove its first edge. By the contraposition of Theorem 3, the resulting route must be useful. The resulting route has length l−1; thus, Xl−1≠Xl, which prevents the algorithm from terminating at Iteration l. This result can be applied inductively over every previous iteration until the route length is reduced to zero.
The centralized Δc Algorithm, can be transformed into Equation 2, the Distributed Δc Protocol. The Δc Algorithm is modeled after distance-vector routing algorithms, such as RIP. Thus, the Distributed Δc Protocol distributes the workload similarly.
As shown in the Distributed Δc Protocol, each node is responsible for learning all routes for which it is the source. This learning step allows a neighboring node to share fragments of routes that may be used in Step 5 of the Δc Algorithm to compute S. Thus, any node s is responsible for the memory needed to store Xs when executing the Δc Algorithm.
For the sake of simplicity, assume that the network is static and predictable; and all the links are duplex, have a fixed cost and never fail. Implementing the Δc Algorithm in a distributed manner requires each node s begins by initializing the set of routes to itself with s. Each node next sends its known routes to each of its upstream neighbors. Each node next uses the routes received from its downstream neighbors, calculates S and applies ∇ (Steps 5 and 6 of the Δc Algorithm) for all d ∈N; the results are stored in Xs. After every node has completed its calculations, each node once again sends its known routes. Eventually, the routing tables (Xs) converge, and the nodes can terminate the algorithm.
Synchronizing the process (i.e., ensuring that every node is at the same iteration) and knowing when to terminate requires additional communication among the routers. Fortunately, neither synchronization nor termination is necessary to compute the same routes as the Δc Algorithm, in a distributed environment. Thus, the Distributed Δc Protocol simply allows each node to emit its table periodically and indefinitely; hence, the reference to a Distributed Δc Protocol, and not a reference to the Δc Algorithm. The routing tables eventually converge to produce all the useful routes given some Δc.
Equation 2, the Distributed Δc Protocol, is formally described in terms of two routines that execute concurrently at each node s, where t is the update period.
Propagation Routine:
Step
Update Routine:
Step
The send (e, Xs) statement transmits the object Xs along link e. The recv (e, Xu) statement receives an object in Xu and sets e to the link from which Xu was received. For information to be exchanged, the nodes executing these statements must be on opposite ends of link e.
The fundamental properties of ∇ show that the result of the Distributed Δc Protocol is the same as that of the Δc Algorithm.
Theorem 6. Given Γ=(N, E) and some Δc ∈+, for any RRs→d, if S ∪T=R, then ∇R=∇(S ∪∇T).
Proof S ∪T=R implies SR and TR. Also, if r ∈,then r ∉Sr ∈T and r ∉Tr ∈S. Letting r ∈∇R, then by definition, r ∈R.
Case 1. r ∈S. Thus, r ∈S ∪∇T
Case 2. r ∈T. By Theorem 4, r ∈∇T. Thus, r ∈S ∪∇T
By definition, ∇TT, so S ∪∇TS ∪T=R. By Theorem 4, r ∈∇(S ∪∇T). Thus, ∇R∇(S ∪∇T).
Let r ∉∇R.
Case 1. r ∉R. ∇(S ∪∇T)R, so r ∉∇(S ∪∇T).
Case 2. r ∈R. Thus, r is useless in R. By definition, there exist p, q ∈R such that cost (p)−cost (q)≧Δand cost (r)>cost (p). Let p and q be the least-cost such routes in R. Consequently p, q ∈∇R.
Case a. p ∈S. Thus, p ∈S ∪∇T
Case b. p ∈T. By Theorem 4,p ∈∇T. Thus, p ∈S ∪∇T.
Cases a and b also apply to q, so p, q ∈S ∪∇T. Therefore, r is useless in S ∪∇T, so r ∉∇(S ∪∇T).
The contraposition of the result in Cases 1 and 2 is r ∈∇(S ∪∇T)r ∈∇R. Therefore, ∇(S ∪∇T)∇R.
Theorem 7. Given Γ=(N, E) and some Δc ∈+, for any RRs→d, if S ∪T=R, then ∇R=∇/(∇S ∪∇T).
Proof S ∪T=R implies SR and TR. Also, if r ∈R, then r ∈Sr ∈T and r ∉Tr ∈S. Letting r ∈∇R, then by definition r ∈R.
Case 1. r ∈S. By Theorem 4, r ∈∇S. Thus, r ∈∇S ∪∇T.
Case 2. r ∈T. By Theorem 4, r ∈∇T. Thus, r ∈n∇S ∪∇T.
By definition, ∇SS, and ∇TT. Thus, ∇S ∪∇TS ∪T=R. Then, by Theorem 4, r ∈∇(∇S ∪∇T). Consequently, ∇R∇(∇S ∪∇T).
Let r ∉∇R.
Case 1. r ∈R. ∇(∇S ∪∇T)R, so r ∉∇(∇S ∪∇T).
Case 2. r ∈R. Thus, r is useless in R. By definition, there exist p, q ∈R such that cost (p)−cost (q)≧Δc and cost (r)>cost (p). Let p and q be the least-cost such routes in R. Consequently, p, q ∈∇R.
Case a. p ∈S. By Theorem 4, p ∈∇S. Thus, p ∈∇S ∪∇T.
Case b. p ∈T. By Theorem 4, p ∈∇T. Thus, p ∈∇S ∪∇T.
Cases a and b also apply to q, sop, q ∈∇S ∪∇T. Therefore, r is useless in ∇S ∪∇T, so r ∉∇(∇S ∪∇T).
The contraposition of the result in Cases 1 and 2 is r ∈∇(∇S ∪∇T)r ∈∇R. Therefore, ∇(∇S ∪∇T)∇R.
An important corollary, designated as the first property of ∇ arises from Theorems 6 and 7.
Property 1. If S ∪T=R, then ∇R=∇(S ∪T)=∇(∇S ∪∇T)=∇(S ∪∇T)=∇(∇S ∪∇T).
A second property follows by letting S= and T=R in Theorem 6.
Property 2. ∇59 R=∇R.
A third property follows from applying Property 1 inductively.
Property 3. Given Γ=(N, E) and some Δc ∈+, for any RRs→d, and a family of sets {R1, R2, . . . , Rn} such that ∪i=1nRi=R, it is the case that ∇(∪i=1n∇Ri)=∇R.
Proof The proof follows by induction over n, the number of members in the family. There are three base cases:
Case a. n=0. Thus, R=0. Since ∇RR, it must be that ∇R=. Additionally since there are no members in the family, the union ∪i=1n∇Ri is also empty. Consequently, ∇(∪i=10∇Ri)=∇R.
Case b. n=1. Since there is only one member in the family, it must be the case that R1=R. Thus, the proposition reduces to ∇∇R=∇R, which is Property 2. Consequently, ∇(∪i=11∇Ri)=∇R.
Case c. n=2. Thus, the proposition reduces to ∇(∇R1 ∪∇R2)=∇R, which is Theorem 7 for S=R1 and T=R2. Consequently, ∇(∪i=12∇Ri)=∇R.
The inductive step assumes that the proposition holds for n=k−1 family members. That is, if XRs→d, and {X1, X2, . . . , Xk-1} is a family of sets such that ∪i=1k-1Xi=X, then ∇(∪i=1k-1∇Xi)=∇X. The variables have been renamed for clarity. Proving the proposition for n=k members: Let RRs→d, and let {R1, R2, . . . , Rk} be a family such that ∪i=1kRiR,. Proving:
Upon substituting ∪i=1k∇Ri for R:
Upon separating the kth terms, the following is obtained:
Upon applying Property 1. the following is obtained:
Letting X=∪i=1k-1Ri. Then, according to the inductive hypothesis, ∇(∪i=1k-1∇Ri)=∇X Upon substituting, the following is obtained:
∇(∇X ∪∇Rk)=∇(X ∪Rk). [EQUATION 7]
This result corresponds to Theorem 7 with S=X and T=Rk.
The properties allow the free application of the ∇Δc operator to terms of union expressions to which ∇ is applied. The theorems and properties hold only when the value of Δc, the size of the reaction window, is identical in all uses of ∇Δc.
As mentioned above, the Distributed Δc Protocol mimics the distribution scheme used by distance-vector protocols such as RIP. The Propagation Routine facilitates the distribution of learned routes to upstream nodes while the Update Routine prepends the applicable edge to each propagated route and re-evaluates the useful learned routes. If the routines loop sufficiently many times at each node and the network is connected, then each node eventually learns the best route to satisfy Δc for every destination. Beyond this point, any newly-learned routes are useless and are, therefore, filtered by ∇, thereby indicating route convergence for the network.
If the execution of the Distributed Δc Protocol is synchronized among the nodes, the computations are identical to those of the Δc Algorithm. Because of Properties 1, 2, and 3, however, asynchronous execution eventually yields the same result as synchronous execution. The application of ∇ in Step 5 of the Update Routine of the Distributed Δc Protocol to the intermediate results does not change the final result regardless of the order in which routes are computed and filtered as long as ∇ is the last operation performed.
One caveat involving the application of the Distributed Δc Protocol is that either the links are bidirectional or there is some mechanism that enables the nodes to send routing information to their upstream peers. This problem is apparent in that the Propagation Routine executes send using an inbound link, which is opposite to the normal flow of the data.
In a network, a node does not typically communicate complete routes to its neighbors. Instead, simple next hop information is distributed from node to node, thereby implicitly constructing paths. Non-limiting examples of the hop information may be an IP address in RIP or an outbound label in MPLS. The Distributed Δc Protocol is thus modified so that Xs, d no longer holds complete routes, but a set of tuples (li, lo, eo, c) consisting of an incoming label, outbound label, outbound link and cost.
Two definitions are necessary to map labels to corresponding paths. Let L be a set of labels. Then, let Ys: L→(L ∪{λ})×(E ∪{λ}) be the function that maps incoming labels and edges to outgoing labels and edges at node s. Formally:
Definition 7. Ys(li)=(lo,eo)(li, lo, eo, c) ∈Xs, d for some c∈+ and d e N.
Thus, the function to construct explicit routes originating from s is defined recursively as:
Definition 8.
This definition captures the essence of connection-oriented networks and MPLS networks. The base case corresponds to a packet that has arrived at its destination. The recursive case corresponds to a packet that is forwarded by s along an outbound edge eo to continue processing at the next hop.
The distributed protocol can now be formally refined to accommodate MPLS labels and generate hyperspeed LSPs. Note that newlabel ( ) in Equation 8, the Δc Label Distribution Protocol, below generates a unique label each time it is called.
Propagation Routine:
Step
Update Routine:
Step
Note that ∇ is not used precisely according to its definition, because its parameter should be a set of routes, not a set of tuples. However, the cost of a route is known from its associated tuple, so we let ∇* select the subset of tuples corresponding to useful routes.
Let A be the set of routes computed by the Distributed Δc Protocol, and B be the set of routes computed by the Δc Label Distribution Protocol. Let An be the subset of A that contains all routes in A of length n. To formally define B, consider the label l of each tuple in X (the tuple belongs to some Xs). B contains the route Rs(l) for each such label. Consider the base case of routes of length zero. The Distributed Δc Protocol constructs these routes in Step 2 of the Propagation Routine. Likewise, the Δc Label Distribution Protocol populates the routing table with a λ entry in Step 2 of the Propagation Routine. Thus, there exists a label l such that Rs(l)=s constitutes the same route. Consequently, A0=B0. Note that the cost indicated in Xs, s for the Δc Label Distribution Protocol is indeed the correct cost of the route s.
For the inductive step, assume An-1=Bn-1 and consider An and Bn. A route p in An is constructed in Step 4 of the Update Routine in the Distributed Δc Protocol. Thus, r in Step 4 is a route of length n−1 and exists in An-1 and Bn-1. Clearly, cost (p)=cost (e)+cost (r). Considering Step 4 in the Update Routine of the Δc Label Distribution Protocol, it is clearly the case that an entry corresponding to the same route is constructed by the Δc Label Distribution Protocol. Let l be the label of this new entry in Xs. Thus, since u=head (e), we have Rs(l)=s, e, u·Ru(lo). Because Bn−1 is composed of routes constructed by R, let r=Ru(lo). Consequently, p=Rs(l) ∈Bn, so AnBn. The proposition BnAn is proved in a similar manner. Thus, An=Bn, and finally, A=B. Note that the cost indicated by the entry in Xs, d of the Δc Label Distribution Protocol is correct, assuming that the cost of the route of length n−1 is correct. Therefore, the Δc Label Distribution Protocol is a suitable substitute for the Distributed Δc Protocol, especially for MPLS networks.
Generally, it is infeasible to restart Δc-LDP every time the network topology changes. Instead, Δc-LDP should run constantly and adapt to changes in topology and link costs. Two modifications are necessary to enable Δc-LDP to adapt to network changes. First, if a neighbor advertises a label that the recipient router has recorded from an earlier advertisement, the recipient should adjust the cost in the existing entry to reflect the new advertisement. Second, if a neighbor sends an advertisement where some previously-advertised label is missing, the recipient router should delete the entry for the label.
When the cost of a link changes, the change is reflected in the next update. The change then cascades along all the affected paths, potentially changing the set of useful routes, until the network converges once again. If routes become useless, or a network link fails, the affected routes are not advertised in the next update. This causes the cascading deletion of route entries, which changes the set of useful routes, until the network converges once again.
Routes may need to be restricted in order to implement access control or traffic engineering. Route restrictions may also be required to reflect certain hardware limitations. By way of a non-limiting example, if cut-through switching is used on half-duplex links, then no link should be repeated consecutively in a route.
Because the Δc Algorithm is designed to work on strongly connected digraphs, an equivalent digraph must represent the restrictions. For the purpose of route restrictions, two digraphs are equivalent if they contain the same routes up to edge labels. Node names are not considered, and two edges may share the same label. A digraph Γr is said to implement a restriction r on another digraph Γ, if Γr contains all the routes in Γ allowed by r.
Because a sequence of edge labels (i.e., a route) can be treated as a string, and because walks in network digraphs work similarly to walks in state transition graphs, it is natural to represent route restrictions as regular expressions over the set of labeled links in a network. Because routes in networks can begin and end at any node, an equivalent digraph can implement only certain restrictions. Restrictions expressed in the form −(·*p·*), where p is a regular expression and the wildcard “·” denotes any label, are shown to be implementable. The “−” operator is not traditionally used in regular expressions; however, it is used here to indicate complementation. Thus, the rule −(·*p·*) denotes all the routes that do not contain p as a subroute.
Constructing an equivalent network digraph to enforce a rule r on a network Γ involves two steps. The first step is to construct a digraph Γr* that represents the rule. Γr* contains every possible edge label sequence that obeys r. The second step builds the equivalent digraph Γr that contains the intersection of the set of routes in Γ and the set of routes in Γr*. Because the result is a digraph, the Δc Algorithm executes correctly under any restriction in the given form, as long as Γr is also strongly connected. Note that building Γr is not necessary to execute the Δc Algorithm on a restricted network; Γr is necessary only for proofs. The restriction can be enforced in any convenient manner.
Let r=−(·*p·*) where p is the prohibited subroute. Equation 9, the algorithm for constructing Γr8 (i.e., the first step in constructing the equivalent digraph) is specified below.
Step
a. Build an NFA that accepts·*p·* (“·” requires an individual edge for each label in Γ).
b. Convert the NFA to a DFA.
c. Build the corresponding transition graph. [EQUATION 9]
d. Delete all double circles and corresponding incident edges.
e. Delete the start state indicator.
Theorem 8. The digraph Γr* produced by Equation 9 contains walks that include every edge label sequence except those containing p.
Proof Consider the Deterministic Finite (or Finite-state) Automaton (DFA) corresponding to the complement of L (·*p·*). It may be constructed by taking the DFA from Step b with the complement of its final states. Because the final state in the Non-deterministic Finite Automaton (NFA) has a self-loop for every possible label, any transition from a final state in the DFA ends in another final state. Similarly, the loop at the start state of the NFA causes every state in the DFA to involve the original start state. Therefore, no matter where a walk starts, if it contains p, then it must end in a final state of the DFA. Γr* is essentially the complementary DFA. The final states in the DFA are dead states in the complementary DFA and are, consequently, deleted to create the digraph Γ. All the remaining nodes correspond to final states in the complementary DFA. Because all the nodes involve the original start state, and every node corresponds to a final state in the complementary DFA, walks that start and end at any node in Γr* constitute the members of the complement of L (·*p·*).
A formula for building a digraph with the set of walks equal to the intersection of the sets of walks in two digraphs Γ1=(N1, E1) and Γ2=(N2, E2) is Γ=(N, E) where N=N1×N2 and E is defined such that if (n1, m1, l) ∈E1 and (n2, m2, l) ∈E2, then ((n1, n2), (m1, m2), l) ∈E.
Theorem 9. The set of routes in the digraph Γ is equal to the intersection of the sets of walks in the two original digraphs Γ1 and Γ2.
Proof The digraph Γ is constructed in a similar manner as a DFA that accepts the intersection of the languages accepted by two DFAs. Given the above formula, it is easy to show that for a walk (considering the sequence of edge labels) to exist in Γ, the same walk must exist in both Γ1 and Γ2. Note that the formula may generate standalone nodes that can be deleted without affecting the result.
Thus, any rule expressed as−(·*p·*) can be implemented in any digraph Γ via an equivalent digraph. Consequently, Equation 1, the Δc Algorithm, is compatible with such restrictions.
Rule expressions can be made more expressive by introducing and (), or () and complementation (−) operators.
Theorem 10. If the rule expressions r1 and r2 are compatible with Equation 1, the Δc Algorithm, then the rule expression r1r2 is compatible with Equation 1.
Proof Since r1 and r2 are compatible, they can be expressed as−(·*p·*) and −(·*q·*), respectively. Substituting these terms yields−(·*p·*)−(·*p·*), which can be simplified as−(·*(p+q)·*). A second proof involves the application of the two restrictions in sequence. First, apply r1 to Γ to obtain Γr1; then, apply r2 to Γr2to obtain .
Theorem 11. If the rule expressions r1 and r2 are compatible with Equation 1, the Δc Algorithm, then the rule expression r1r2 is compatible with Equation 1.
Proof Since r1 and r2 are compatible, they can be expressed as−(·*p·*) and −(·*q·*), respectively. Substituting these terms yields −(·*p·*)−(·*q·*). The regular expressions ·*p·* and ·*q·* represent regular languages. Because the two expressions begin and end with ·*, there exist two corresponding NFAs without λ transitions where the start and final states have self-loops for each symbol in the alphabet. Excluding λ transitions allows an NFA to be built that recognizes the intersection of the two regular languages. The start and final states in the resulting NFA also have self-loops for each symbol in the alphabet. Thus, there exists a regular expression corresponding to the intersection of L (·*p·*) and L (·*q·*) that begins and ends in ·*. Consequently, the equivalent rule expression can be expressed in the compatible form −(·*p·*).
Theorem 12. Even if the rule expression r is compatible with Δc, the rule expression −r may not be compatible with Δc.
Proof Since r is compatible, it can be expressed as −(·*p·*). Substituting the term in −r yields·*p·*. Consider the case where p=a in a network with two labels, a and b. The rule expression requires all the paths to contain a. This effectively prohibits route b. The only compatible rule that prohibits b is −(·*b·*), but it also prohibits ab, which should be allowed by −r. Thus, rules containing the “−” operator (except those that are required to fit the form −(·*p·*)), may not be compatible with Δc.
Theorem 13. The route restriction where no link can appear consecutively in a route is compatible with Δc.
Proof. Consider a network with edge labels {l1, l2, . . . 1n}. The restriction can be Expressed−(·*(l1l1,+l2l2+. . . +lnln)·*), which is compatible with Δc.
Different restrictions have different effects depending on the original network topology. For instance, the route restriction in Theorem 13 requires the original network to have at least one loop; otherwise, the result is a digraph that is not strongly connected. If the Δc Algorithm is applied to a digraph that is not strongly connected, it still finds valid routes if they exist, but it does not guarantee the existence of enough routes to satisfy the desired reaction window.
Δc-LDP Performance Analysis
Several aspects of the performance of the Δc-LDP were analyzed using network simulation experiments. The performance metrics include:
Routing Table Size: Routing Table Size is a metric indicating the additional memory that is required at each router (node) to track suboptimal paths. It is computed as the total number of routing table entries for all the nodes divided by the square of the node count. Where only optimal paths are computed, the metric is equal to one.
Actual Δc: Actual Δc is a metric indicating how close Δc-LDP comes to the target Δc without being less than the target Δc. For a given source and destination, the difference in delay corresponds to the difference of the costs of the greatest-cost paths and least-cost paths from the source to the destination. Since there are multiple source-destination combinations, the metric is computed as the average difference for all the combinations.
Path Length Difference. Path Length Difference is a metric indicating the number of additional hops a packet traveling along a subobtimal path must take compared with an optimal path. The metric is computed in the same way as the actual Δc, except that length is used instead of cost.
Convergence Time: Convergence Time is a metric measuring the time taken for network 10 to stabilize after Δc-LDP is started. Convergence is deemed to occur when no routing table changes are detected for a complete update period.
The primary variables considered in the simulation experiments include:
Target Δc: Target Δc is a variable defining the target reaction window. Different applications may have different requirements, so the effect of this variable on Δc-LDP execution is a consideration.
σ Link Delay: The standard deviation (σ) of the Link Delay addresses the different lengths, bandwidths and transmission delays for different links. Δc-LDP seeks to construct paths with target differences in delays. Thus, the effect of the standard deviation of link delays on Δc-LDP execution is of concern.
Node Count: The Node Count variable is used to evaluate the performance of Δc-LDP in large networks.
Link Count: Link Count variable is used to evaluate the performance of Δc-LDP. If there are a greater number of links, then there are a greater number of available alternate paths, whereby each of the alternate paths may have different costs.
Because the applicable restrictions apply only to links 16 and a simulation experiment focusing on link count yields results that are easy to interpret, the simulation experiment was performed eight (=23) times with different combinations of three restrictions. The applicable restrictions were:
No link can connect a node to itself: Having a self-loop gives a node an additional option for adding an arbitrary delay, but the overall effect is the same as having additional queuing memory.
No two links can connect the same two nodes: Two links between the same two nodes provide alternate paths with differing costs, but with the same sequence of hops.
No path can have the same link appear consecutively: It is counterintuitive for a router to “bounce” a packet back along the same link on which the packet was received. This restriction may be required for some network technologies (e.g., cut-through networks with half-duplex links).
The simulation experiments employed a discrete event simulator. The simulator models the behavior of a network with bidirectional full-duplex links that queue packet transmission events according to a total delay computed based on the propagation delay, bandwidth and packet size. Network nodes discover the estimated link costs using ping packets. The simulation experiments implemented Δc-LDP with extensions to handle link costs changes and link failures.
Each simulation experiment was executed on a randomly generated network with varying link costs and a strongly connected topology. Link propagation delays were sampled from a normal distribution. Bandwidth was expressed in scientific notation, where the coefficient was sampled from a uniform distribution and the exponent was selected from a subset of integers with equal probability.
Each simulation experiment used ten samples for each value of a variable, and computed the mean and standard deviation of each performance metric. Since it would have been cost and time prohibitive to test Δc-LDP for all possible combinations of values of the variables, a few representative samples were selected, and the results were used to guide the selection of new samples. The simulation experiments and the results obtained are discussed below. Unless otherwise specified, the variables are set as shown in Table 1.
The simulation investigated whether the Routing Table Size metric grows linearly with respect to Target Δc. One starting assumption was that actual Δc would also vary linearly because Δc-LDP was designed to find an Actual Δc that is nearest to the Target Δc. Additional starting assumptions were the Path Length Difference and Convergence Time metrics would vary linearly because the link costs were selected to have a low variance in this simulation experiment.
The simulation was repeated for three network sizes. The first network had two nodes with one link connecting them. The second network had three nodes and two links, and the third network had four nodes and three links.
Referring to
Given that average link cost is 0.002 seconds, the results of the simulation experiment indicate that the desired delay should not exceed the average link cost by very much. As the requested delay (Target Δc) grows, Δc-LDP has to branch among many more possible paths to discover the quickest path with the requested delay. The amount of branching can quickly consume router memory in the case of networks whose nodes have many links.
Referring to
This simulation investigated if increasing σ Link Delay would improve Δc-LDP performance. Because Δc-LDP seeks to produce paths with different costs, having a wider selection of link costs potentially improves performance.
The simulation was performed using a four-node, three-link network with Target Δc=0.01 sec, which is about five times the average link cost (Mean Link Delay). The simulation was performed starting with a standard deviation (σ) of zero for randomly generated link delays. The standard deviation was incremented by 0.0001 for each subsequent run.
Referring to
The previous simulations addressed the effects of network size on Δc-LDP performance. The following simulations attempt to distinguish the effects of the Node Count and Link Count variables on Δc-LDP performance.
The Node Count simulation was performed on a nine-link network with Target Δc=0.004 sec, which is about twice the average link cost (Mean Link Delay). Starting with a node count of three, each iteration adds another node for a total eight iterations. The last iteration involving a network with ten nodes operates on trees. Further iterations would require an increase in the number of links.
The total number of paths in the network, however, increases because there are more destinations. Examining the three-node network, there are 40 times more paths per node than optimal routing, corresponding to 360 routing table entries. For the ten-node network, there are about 500 routing table entries.
The Link Count simulation was performed to clarify the effects of the Link Count variable on Δc-LDP performance. Specifically, the simulation identified whether extra links improve the performance measured in terms of Actual Δc and Path Length Difference, but degrade the performance measured in terms of Routing Table Size and Convergence Time. The simulation was conducted on a seven-node network. Starting with six links, the link count was incremented by one in every subsequent run until the network had twenty links.
The Route Restrictions simulation repeated the simulation involving the Link Count variable eight more times, once for each combination of network and route restrictions. The maximum number of links tested in these experiments was thirteen. The time required to simulate Δc-LDP on a network with many links but few nodes can be prohibitive.
The results show the restrictions on the network structure (i.e., restrictions on self-loops and duplicate links) have little effect on Δc-LDP with respect to the established metrics. Conversely, precluding immediate link repetition in computed paths greatly affects the performance with respect to all the metrics. In the following graphs, the lines corresponding to unrestricted paths are labeled u, and those corresponding to restricted paths are labeled r. Because a seven-node, six-link network is a tree (i.e., a graph without loops), the route restriction prevents the construction of any alternative path. Thus, the data point at l=6 for any r-labeled line is invalid.
The performance of Δc-LDP is greatly affected by the Mean Link Delay and Target Δc variables. In general, varying link costs (delays) is good, but Target Δc should not exceed about three times the cost of the fastest link in the network, unless there are restrictions in place to prevent fast links from being overused. Generally, route restrictions should be avoided.
Δc-LDP seeks to find the alternative least-cost path whose cost is at least Target Δc greater than the optimal path. The presence of additional links offer more opportunities for Δc-LDP to optimize paths. On the other hand, additional links generate more intermediate paths that consume router memory and increase path computation time. Balancing available resources, resilience to link failure and path optimization can require trial and error procedures. Finally, while the simulation experiments were conducted using Δc-LDP, the results would hold for all implementations of the Δc Algorithm.
The Distributed Δc Protocol is designed to create optimal and suboptimal routes in general computer and telecommunications networks. The Δc Label Distribution Protocol (Δc-LDP) is an adaption of the Distributed Δc Protocol that is specifically designed to construct hyperspeed label switched paths in MPLS networks, enabling service providers to implement sophisticated reactive defense mechanisms. Simulation experiments of Δc-LDP for a variety of network and protocol configurations demonstrate that it operates well for practice values of Δc with respect to average link costs (delay).
Using the foregoing description, one embodiment of the invention communicates a signal, or packet 25, across network 10 ahead of a lower-priority signal, or packet 25. The invention comprises the step of assessing each signal, or packet 25, as it enters network 10 at node 12, origination node 12 or source node 12. Origination node 12 and source node 12 may be referred to as origination point and source point. The final node 12 is also termination node 12, which is also referred to as the termination point. The assessing step employs filters 36 and/or detectors 40.
The signal, or packet 25, is analyzed as part of the assessing step. After assessing each signal, a priority is assigned to the signal. At least one path 18 is a high-priority path 18, and the signal, or packet 25, may use this high-priority path 18 if the assessment deems it is necessary.
If a fast preliminary assessment is used, it may deem a signal, or packet 25, more or less harmful or suspicious prior to assigning a priority thereto. Most signals entering network 10 from outside are deemed to be suspicious solely because they come from outside network 10. In the event one or more of the signals, or packets 25, are assessed to be harmful, suspicious or malicious, a lower-priority is assigned thereto. Signals, or packets 25, coming from inside network 10 (e.g., command and control packets 10 that are part of the defensive techniques or from network administrators) are typically assigned high-priority (hyperspeed).
After the preliminary assessment, the signal, or packet 25, is assigned a priority and allowed to enter network 10. As the signal, or packet 25, travels toward its destination, the complete assessment is still taking place at detectors 40. If the complete assessment determines that the signal, or packet 25, is indeed malicious, a high-priority signal is immediately generated and transmitted. Because the high-priority sentinel signal travels at “hyperspeed” and the malicious packet travels at “normal” speed, the sentinel signal will arrive at the destination first and destroy the malicious packet. Other signals, or packets 25, are assigned a high-priority if the nature of the signal warrants such a priority.
In one embodiment, each high-priority signal and each low-priority signal comprise a plurality of packets 25. Each packet 25 is encrypted and/or encapsulated in another packet 25, and then each packet 25 is transmitted along the optimal communications path 20 to a stage point, where it is converted to its original form and forwarded further along a normal path 20.
In another embodiment, a plurality of optimal communications paths 20 are employed. Packets 25 are fragmented and the fragments are teleported along a plurality of optimal communications paths 20. As previously discussed packet 25 may be an Internet Control Message Protocol packet 25.
Although, it is preferred to reserve the optimal path 20 for high-priority signals, there may be defensive techniques that require use of an optimal path 20.
At least one technique is identified and selected for network 10. The service differentiation techniques discussed above provide for a group of defensive techniques from which one or more may be selected and implemented. The service differentiation techniques are selected from a group consisting of a queue priority, a delay variation, a route variation, or combinations thereof. Defensive techniques are selected from the group consisting of precognition, distributed filtering, teleporting packets, quarantining network devices, tagging and tracking suspicious packets, projecting holographic network topologies, transfiguring networks, and combinations thereof. The overall defensive strategy may include a combination of techniques, at least one selected from each group of service differentiation techniques and defensive techniques.
In one embodiment, the optimum defensive technique is defined by using the steps of assessing, analyzing and selecting, which embody the foregoing discussions on defensive techniques. As part of the identifying step, a defensive technique for exploiting a reaction window associated with the signals is selected.
A plurality of electronic communication paths 20 are defined for network 10. Each path 20 is capable of carrying a plurality of signals, or packets 25. While defining the plurality of paths 20, at least one optimal communication path 20 and at least one suboptimal communication path 20 corresponding with the selected defensive technique are identified. The high-priority signal is communicated along the optimal communication path 20 where it is delivered to the desired destination prior to delivery of any of the lower priority signals. The lower-priority signals are communicated along suboptimal communication routes 18 or paths 20. In one embodiment, the high-priority signal delivers a signal, packet 25, acting as a sentinel message to at least the termination point within the reaction window to enable the deployment of a defensive technique.
During the analyzing step discussed above, marketable data is identified. The marketable data identifies the type of data contained in the signal, or packet 25, and associates that data with the type of use. Marketable data is selected from the group consisting of online games, music, video, telecommunications, video communications, streaming video, cloud computing services and applications, business communications, network command, control and optimization, or combinations thereof
The invention provides for an embodiment with flexible electronic communication of high-priority signals, or packets 25, using a method that is suitable for communicating a plurality of signals across network 10. In this case, network 10 has a plurality of electronic communications paths 20 and each signal has a signal priority. The signal priorities range from high-priority to low-priority. The variety of electronic communications paths 20 provide for part of the flexibility of the invention. Similarly, the plurality of defensive techniques provide for flexibility. Adaptability of the invention to different threats, such as harmful threats, malicious threats or suspicious threats provides for additional flexibility.
A priority is determined for each signal, and, when required, at least one signal is a high-priority signal. A defensive technique is selected, thereby defining the plurality of paths 20 for electronically communicating the signals. One or more of the previously discussed selected service differentiation techniques are employed to optimize the electronic communication of the high-priority signal along at least one of paths 20, thereby providing delivery of a transmitted high-priority signal faster than transmitted lower-priority signals to a desired destination. Defensive techniques are discussed above.
Another embodiment to delivering high-priority signals over network 10 faster than lower-priority signals is described as part of this invention. In this embodiment, a plurality of paths 20 are identified. Each of the plurality of paths 20 are ranked from an optimal path 20 to at least one suboptimal path 20, wherein each path 20 includes an origination node 12 and a termination node 12. A reaction window is identified and defines a desired time difference between optimal path 20 and suboptimal paths 20. Optimal path 20 and at least one suboptimal path 20 are selected from the plurality of paths satisfying the reaction window. The selecting of optimal path 20 and at least one suboptimal path 20 are determined by the reaction window for each origination node 12 and termination node 12. The high-priority signal is delivered from origination node 12 to termination node 12 along the selected path 20.
The embodiment includes a step of selecting a plurality of suboptimal paths 20 that satisfy the reaction window, and a step of selecting a suboptimal path 20 having the smallest reaction window. As part of the identifying a reaction window, each path 20 at each node 12 in network 10 is identified, where nodes 12 are between origination node 12 and termination node 12. From this identification of each path 20 at each node 12, optimal path 20 and suboptimal paths 20 for each node 12 are also identified. Once paths 20 are identified at each node 12, the ranking step further ranks each optimal path 20 and suboptimal path 20 from each node 12. The identity of optimal and suboptimal paths 20 across the network 10 are continuously updated, thereby maintaining a ranked set of optimal paths 20 and suboptimal paths 20.
In the foregoing embodiments, network 10l is selected from the group consisting of local area networks, service provider networks, enterprise networks, the Internet, cloud infrastructures, and combinations thereof. The foregoing embodiments are also applicable to almost any network. Some non-limiting examples include networks having video content providers, market traders, commodities traders, music providers, etc.
Another non-limiting example implementing an embodiment of the inventive method is illustrated in
Applying the route variation technique via the Δc-LDP of Equation 8, at least two MPLS Label Switched Paths 20 (LSPs) are constructed from Label Edge Router (LER) 14A to LER 14F. Two examples of the numerous paths 20 that may be constructed in network 10 are presented in this example. The optimal (hyperspeed) path 20A is the path A-B-C-F, representing the label switched paths (LSPs) through LER 14A, label switching router (LSR) 14B, LSR 14C, and LER 14F, in that order. Similarly, the suboptimal path 20B (reserved for normal and suspicious traffic) is the path of A-D-E-F, where D is LSR 14D, and E is LSR 14E.
In this non-limiting example, the selected defensive technique is egress filtering, so hub 41 with three attached detectors 40A, 40B, and 40C is placed before LER 14A. The slowest detector, illustrated by detector 40B for this example, requires about 50 milliseconds to complete an examination, and the delay from detector 40B to LER 14A is about 3 milliseconds. Thus, the target Δc is 53 milliseconds.
Optimal path 20A, the path of A-B-C-F, has a delay of about 30 milliseconds, and suboptimal path 20B, the path of A-D-E-F, has a delay of about 85 milliseconds, giving an actual Δc of about 55 milliseconds for traffic traveling from LER 14A to LER 14F. Note that a similar configuration would exist for traffic traveling from LER 14F to LER 14A to thwart attacks from site 24B to site 24A, but these details are omitted in this example for brevity.
In the non-limiting example, an attacker with access to site 24A sends malicious traffic to site 24B in attempt to gain access to site 24B. The malicious traffic, in the form of malicious packet 25, takes route 18B which is suboptimal path 20B, whereby it passes hub 41 and enters network 10 via LER 14A at time=0 milliseconds. At this point, network 10 is not aware that the traffic is malicious. Hub 41 sends copies of the traffic to each detector 40A, 40B, and 40C. All three detectors 40 begin examining the traffic simultaneously at time=0 milliseconds, because the delay from hub 41 to each detector 40 is the same as the delay from hub 41 to LER 14A. In this example, detector 40C determines that the traffic is malicious after about 20 milliseconds of examination, which is at time=about 20 milliseconds, so it immediately sends sentinel message 35 to LER 14F. Sentinel message 35 takes optimal path 20A, which is the hyperspeed path and route 18A. The delay for sending sentinel message 35 from detector 40C to LER 14A is about 3 milliseconds, so sentinel message 35 enters network 10 at time=about 23 milliseconds. The delay of path 20A is 30 milliseconds, so sentinel message 35 arrives at 14F at time=about 53 milliseconds. LER 14F records the traffic identifier provided by sentinel message 35. The delay of suboptimal path 20B is about 85 milliseconds, so malicious packet 25 arrives at LER 14F at time=about 85 milliseconds, which is about 30 milliseconds after the arrival of sentinel message 35. LER 14F quickly identifies the malicious packet 25 and destroys it, thereby preventing it from affecting site 24B.
Other embodiments of the current invention will be apparent to those skilled in the art from a consideration of this specification or practice of the invention disclosed herein. Thus, the foregoing specification is considered merely exemplary of the current invention with the true scope thereof being defined by the following claims.
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/US11/42817 | 7/1/2011 | WO | 00 | 8/20/2013 |
Number | Date | Country | |
---|---|---|---|
61446381 | Feb 2011 | US | |
61453260 | Mar 2011 | US |