Connection-oriented path setup is becoming one of the key features of the next-generation Internet with the Multi- Protocol Label Switched (MPLS) framework and its generalized version GMPLS addressing the automated label switched path (LSP) setup. Despite the significant technological progress in various LSP implementations, the integration of robust security features for authentication and authorization for global path setup remains an open issue. However, security is becoming essential for carrier-grade operations as it directly translates to inter-carrier’s service level agreements and user’s satisfaction with quality of the services purchased. In this paper, we propose to study the applicability of NSIS (Next Step Signaling Protocol) for LSP setup signaling with security features; NSIS is a generic protocol for configuring network nodes that supports multiple existing transport and security protocols. We design an NSIS application called NSIS-LSP which takes advantage of the NSIS transport security features and has own features for application layer authentication. Unlike the existing path setup protocols that refer to security mechanisms between neighboring domains for resource provisioning, NSIS-LSP also allows mutual authentication between source and remote provisioning domains. We use an open-source NSIS testbed and simulations to obtain the performance results, which show that the NSIS-LSP application carries significant potential for future implementations.
A new NSIS application for LSP setup with security features
GRECO POLITO, SILVANA;
2010-01-01
Abstract
Connection-oriented path setup is becoming one of the key features of the next-generation Internet with the Multi- Protocol Label Switched (MPLS) framework and its generalized version GMPLS addressing the automated label switched path (LSP) setup. Despite the significant technological progress in various LSP implementations, the integration of robust security features for authentication and authorization for global path setup remains an open issue. However, security is becoming essential for carrier-grade operations as it directly translates to inter-carrier’s service level agreements and user’s satisfaction with quality of the services purchased. In this paper, we propose to study the applicability of NSIS (Next Step Signaling Protocol) for LSP setup signaling with security features; NSIS is a generic protocol for configuring network nodes that supports multiple existing transport and security protocols. We design an NSIS application called NSIS-LSP which takes advantage of the NSIS transport security features and has own features for application layer authentication. Unlike the existing path setup protocols that refer to security mechanisms between neighboring domains for resource provisioning, NSIS-LSP also allows mutual authentication between source and remote provisioning domains. We use an open-source NSIS testbed and simulations to obtain the performance results, which show that the NSIS-LSP application carries significant potential for future implementations.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.