Routing protocols for wireless ad hoc networks have traditionally focused on finding paths with minimum hop count. However, such paths can include slow or lossy links, leading to poor throughput. A routing algorithm can select better paths by explicitly taking the quality of the wireless links into account. In this paper, we conduct a detailed, empirical evaluation of the performance of three link-quality metrics— ETX, per-hop RTT, and per-hop packet pair—and compare them against minimum hop count. We study these metrics using a DSR-based routing protocol running in a wireless testbed. We find that the ETX metric has the best performance when all nodes are stationary. We also find that the per-hop RTT and per-hop packet-pair metrics perform poorly due to self-interference. Interestingly, the hop-count metric outperforms all of the link-quality metrics in a scenario where the sender is mobile.

Abstract—Ethernet does not scale well to large networks. The flat MAC address space, whilst having obvious benefits for the user and administrator, is the primary cause of this poor scalability; other recent efforts to improve upon Ethernet’s scalability have addressed symptoms, rather than this underlying cause. In this paper we present MOOSE, Multi-level Origin-Organised Scalable Ethernet, an Ethernet switch architecture that performs in-place rewriting of MAC addresses in order to impose a hierarchy upon the address space without reconfiguration or modification of connected devices. This removes the need for switches to maintain large forwarding databases, is of direct use in implementing improved routing, and allows for a variety of other scalability and security innovations. I.

ii Multicast is the transmission of datagrams to a group of zero or more hosts identified by a single destination group address. It provides a simple yet robust and efficient communication mechanism. Various categories of multicast routing protocols have been developed to perform the fixed wireline network multicasting and the wireless mobile ad hoc network multicasting separately. But less work has been done for the multicast routing between these two networks except for some work done with mobile IP for multicasting in fixed infrastructure cellular network, which consists of stationary base stations and one hop mobile endpoints. In this thesis, a multicast gateway (MGW) is designed and implemented to solve the challenge of multicast routing in the mixed network that consists of a fixed subnet and a wireless mobile multi-hop ad hoc subnet. Simulations were conducted on the network simulator ns-2 to evaluate the performance of data delivery ratio and control overhead of protocol combinations of four fixed multicast protocols (in PIM-Sparse Mode or in PIM-Dense Mode) and two mobile ad hoc multicast protocols, i.e., Multicast Ad-hoc On-demand Distance Vector (MAODV) and On-Demand Multicast Routing Protocol (ODMRP), with the functionality of MGW by varying the sender and receiver numbers as well as scaling the subnet size. Our pioneer work of MGW has fulfilled the multicast data transmission for this mixed network. It also provides a model for the future study in this area. iii

Abstract—Networks cannot be managed without communication among geographically distributed network devices and control agents. Unfortunately, computer networks today lack an autonomic mechanism that enables such communications, and the stopgap solutions used in practice are seriously flawed. To address the problem, this paper presents the design and implementation of the Meta-Management System (MMS), a network-layer subsystem that provides robust and universal support for management plane communications. The MMS is autonomic, able to self-configure, self-heal, self-optimize, and selfprotect. Furthermore, it is efficient, scalable, and evolvable. We demonstrate the practicality of the MMS via a fully functional implementation that runs on commodity hardware. The MMS software is freely available. Index Terms—Autonomic communication, network management, security, performance, system design and implementation. I.

The Double Authentication (DA) scheme presented in [1] is designed to provide security against impersonation attack to link state routing protocol at a lower computational cost as compared to the existing schemes, such as, digital signature scheme [2]. In this paper, we present a key distribution scheme that can be used for generating and distributing keys to provide DA. This scheme leads to a storage complexity for each router that varies linearly with the number of routers in the network in the worst case (fully connected network with n nodes). Moreover, for router with four or less average number of links, the storage complexity falls below log 2 n. This scheme also increases the security robustness of DA as the subverted routers can collude only if they are neighbors. 1

Abstract — In current network routing domains, routing information exchange usually lacks protection based on confidentiality. This makes network routing vulnerable to a variety of security attacks. In this paper, we present a framework to provide confidentiality for a link state routing protocol. This framework involves creation of a trust structure among routers as well as key management. Routing information is encrypted so that it can be accessed only by authorized routers. We present an implementation framework for our approach by extending Open Shortest Path First (OSPF), a commonly deployed link-state routing protocol. Based on our performance assessment, we have found that the additional cost in implementing our scheme has fairly moderate impact on the overall performance. I.

The Border Gateway Protocol (BGP) is the Internet’s inter-domain routing protocol. One of the major concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet is vulnerable to various forms of attack. This paper examines the Internet’s routing architecture and the design of BGP in particular, and surveys the work to date on securing BGP. To date no proposal has been seen as offering a combination of adequate security functions, suitable performance overheads and deployable support infrastructure. Some open questions on the next steps in the study of BGP security are posed.

In current network routing domain, routing information lacks protection based on confidentiality. This makes network routing vulnerable to many types of security attacks. In this paper, we present a framework to provide confidentiality for link state routing protocol. This framework involves creation of a trust structure among routers and key management. The routing information is encrypted, so that it can be accessed only by authorized routers. We present an implementation framework for our approach by extending Open Shortest Path First (OSPF) intra-domain routing protocol. Based on our performance assessment of the routers, we infer that the additional cost in implementing this scheme does not bring down the overall performance. I.

The implementation of Public Internet Protocol (IP) address space is a key factor in the size and growth of Internet data centers. IP addressing space decisions affect how many servers can be hosted at a data center, and they influence the kind of network connectivity technology that will be used and even how web sites are implemented. This paper describes IP addressing issues for Internet data centers. First, we provide an overview of Internet addressing and routing: we discuss IP networks, autonomous systems, and high-level Internet network routing. Key Internet constraints are described, particularly the finite amount of IP address space and autonomous systems and the current addressing and routing policies that result from those constraints. We then go over key IP address design decisions. The Internet data center builder needs to decide what address space to use, the size of that address space, the autonomous system number to use, and the address allocation policy to use with customers. These choices are constrained by the difficulty of obtaining space, the required speed of implementation, Internet Service Provider (ISP) routing policies, ISP connectivity decisions, and security requirements. Next, we describe how these design choices affect technology choice and implementation with the data center, by using virtual web site design and Network Address Translation (NAT) as examples. We then provide examples of how address space constraints affect the design of Intel Online Services (IOS) data center address spaces and other technology choices. The last section discusses some trends and future technologies that may alleviate IP address constraints.

Syntax-based vulnerability testing is a static black-box testing method for protocol implementations. It involves testing the Implementation Under Test (IUT) with a large number of mutated Protocol Data Units (PDUs), built by intentionally disobeying the protocol’s syntax. Security vulnerabilities can be discovered by detecting anomalous behaviour or crashes in the IUT (e.g. segmentation faults, buffer, heap or stack overflows, etc.) when it attempts to parse and use a mutated PDU. Previous research has led to the development of a protocol testing framework and methodology for syntax-based testing of protocols, whose abstract syntax is based on ASN.1 (Abstract Syntax Notation), and whose transfer syntax is based on BER or DER (Basic or Distinguished Encoding Rules). These protocols have syntactic structure information embedded in the PDU. However, many protocols are not specified using such standards and do not include embedded syntactic structure information. Instead the byte sequence of the data in the PDUs is specified using frame-based PDU definitions in the protocol specification. This paper presents research that extends the previous testing tools and techniques to include frame-based protocols. OSPF is such a protocol. Several well-known OSPF protocol implementations are tested for protocol vulnerabilities. Security vulnerabilities have been found in some implementations.