|
|
Implementation of mechanisms providing Segment Routing for IPv6 (SRv6) using the FD.io VPP platform
Mjasojedov, Igor ; Dvořák, Jan (referee) ; Koláčková, Aneta (advisor)
The development of the mobile networks of fifth-generation (5G) accomplishes the requirements of transported services. New applications and services put high pressure on bandwidth, reliability and flexibility of the data transport. Due to this trend, network technologies need to be developed to address it and ensure transmission quality. This master's thesis aims at the Segment Routing (SR) concept and its commitment to improving transport quality in the transport part of 5G mobile networks. SR allows the integration of network programming into the traditional design of transport networks. SR uses either MPLS (SR-MPLS) or IPv6 (SRv6) on the forwarding plane. This thesis aims at SRv6. The main goal of the thesis is to design and implement a communication scenario for the transport part of the network with the SRv6 protocol. Docker platform is used to create a topology with all its nodes. The VPP platform is used to enable SRv6 on top of this topology. VPP has the ability to be configured via NETCONF protocol thanks to the Honeycomb agent, which can process NETCONF messages and propagate them to the VPP configuration. This configuration is done by the program Ansible, which can send NETCONF configurations to all SR nodes with Honeycomb installed. Testing and verification of the topology with all SRv6 policies is handled by the TRex traffic generator.
|
|
|
Environment for Testing of DoS Attack Protection Devices
Tran, Dominik ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of an environment and necessary set of tests for an evaluation of the DDoS Protector device in terms of functionality and performance. CESNET is developing device called DDoS Protector for protection against denial of service (DDoS) attacks with focus on volumetric and TCP SYN flood attacks. Current development environment does not support generation of stateful (TCP) network traffic and it's difficult to create complex evaluation tests in terms of interaction between various parts of the device. Goal of this work is to create an environment which enables complex evaluation of the device, including generation of both stateful and stateless network traffic combined with multi-vector DDoS attack, thus approaching real network traffic. Cisco TRex was chosen after examination of available traffic generators. Finally set of tests generating various combination of legitimate traffic and attacks was created and DDoS Protector was successfully evaluated.
|
|
|
Implementation of mechanisms providing Segment Routing for IPv6 (SRv6) using the FD.io VPP platform
Mjasojedov, Igor ; Dvořák, Jan (referee) ; Koláčková, Aneta (advisor)
The development of the mobile networks of fifth-generation (5G) accomplishes the requirements of transported services. New applications and services put high pressure on bandwidth, reliability and flexibility of the data transport. Due to this trend, network technologies need to be developed to address it and ensure transmission quality. This master's thesis aims at the Segment Routing (SR) concept and its commitment to improving transport quality in the transport part of 5G mobile networks. SR allows the integration of network programming into the traditional design of transport networks. SR uses either MPLS (SR-MPLS) or IPv6 (SRv6) on the forwarding plane. This thesis aims at SRv6. The main goal of the thesis is to design and implement a communication scenario for the transport part of the network with the SRv6 protocol. Docker platform is used to create a topology with all its nodes. The VPP platform is used to enable SRv6 on top of this topology. VPP has the ability to be configured via NETCONF protocol thanks to the Honeycomb agent, which can process NETCONF messages and propagate them to the VPP configuration. This configuration is done by the program Ansible, which can send NETCONF configurations to all SR nodes with Honeycomb installed. Testing and verification of the topology with all SRv6 policies is handled by the TRex traffic generator.
|
|
|
Environment for Testing of DoS Attack Protection Devices
Tran, Dominik ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of an environment and necessary set of tests for an evaluation of the DDoS Protector device in terms of functionality and performance. CESNET is developing device called DDoS Protector for protection against denial of service (DDoS) attacks with focus on volumetric and TCP SYN flood attacks. Current development environment does not support generation of stateful (TCP) network traffic and it's difficult to create complex evaluation tests in terms of interaction between various parts of the device. Goal of this work is to create an environment which enables complex evaluation of the device, including generation of both stateful and stateless network traffic combined with multi-vector DDoS attack, thus approaching real network traffic. Cisco TRex was chosen after examination of available traffic generators. Finally set of tests generating various combination of legitimate traffic and attacks was created and DDoS Protector was successfully evaluated.
|
guest ::
