Showing papers by "Bernard Cousin published in 2005"
28 Nov 2005
TL;DR: MMT, the MPLS multicast tree protocol, is proposed, which uses MPLS LSP (label switched path) between multicasts tree branching nodes in order to reduce the multicast routing states in routers and to increase scalability.
Abstract: In this paper, we study multicast tree construction in MPLS network. We discuss the difficulty in combining multicast and MPLS in a network. We describe some MPLS proposals for the multicast traffic and we justify the need for defining a new protocol. Thereafter we propose MMT, the MPLS multicast tree protocol, which uses MPLS LSP (label switched path) between multicast tree branching nodes in order to reduce the multicast routing states in routers and to increase scalability. We present improvements to MMT protocol and we evaluate it in term of scalability and efficiency. Finally, we present simulation results to validate our evaluation and we conclude that the MMT protocol seems promising and well adapted to a possible implementation of multicast traffic engineering in the network.
11 citations
TL;DR: A new approach, Simple Explicit Multicast (SEM), is proposed, which uses an efficient method to construct multicast trees and to deliver multicast packets to all destinations.
5 citations
31 Jan 2005
TL;DR: This paper proposes an algorithm that allows a resolver to update its trusted keys automatically and in a secure way without any delay or any break of the DNS service.
Abstract: The Domain Name System Security Extensions (DNSSEC) architecture is based on public-key cryptography. A secure DNS zone has one or more keys and signs its resource records with these keys in order to provide two security services: data integrity and authentication. These services allow to protect DNS transactions and permit the detection of attempted attacks on DNS.
The DNSSEC validation process is based on the establishment of a chain of trust between zones. This chain needs a secure entry point: a DNS zone whose at least one key is trusted. In this paper we study a critical problem associated to the key rollover in DNSSEC: the trusted keys rollover problem. We propose an algorithm that allows a resolver to update its trusted keys automatically and in a secure way without any delay or any break of the DNS service.
5 citations
15 Nov 2005
TL;DR: A new LAN interconnection technique based on label switching is proposed, which enhances network services, simplifies switch functionalities, while remaining flexible enough to be easily deployed in most LAN environments.
Abstract: Ethernet, which has traditionally been the dominant technology in local area networks, is now facing new challenges due to the fact that networks have scaled and today's applications require more bandwidth and increased robustness against failures. The limitations of Ethernet are mainly imposed by the spanning tree protocol, which is necessary to prevent loops and provide redundancy in a switched network. The successful deployment of Ethernet over MPLS in the metro area have proved that Ethernet LANs can be further enriched with the services enabled by the label switching technique. In this article, we propose a new LAN interconnection technique based on label switching, which enhances network services, simplifies switch functionalities, while remaining flexible enough to be easily deployed in most LAN environments
2 citations
17 Apr 2005
TL;DR: This paper presents a model that reduces the number of trusted keys in resolvers and ensures larger secure access to the domain name space and has been implemented in BIND.
Abstract: Domain Name System Security Extensions (DNSSEC) architecture is based on public-key cryptography. A secure DNS zone has one or more keys to sign its resource records in order to provide two security services: data integrity and authentication. These services allow to protect DNS transactions and permit the detection of attacks on DNS.
The DNSSEC validation process is based on the establishment of a chain of trust between secure zones. To build this chain, a resolver needs a secure entry point: a key of a DNS zone configured in the resolver as trusted. Then, the resolver must find a path from one of its secure entry point toward the DNS name to be validated. But, due to the incremental deployment of DNSSEC, some zones will remain unsecure in the DNS tree. Consequently, numerous trusted keys should be configured in resolvers to be able to build the appropriate chains of trust.
In this paper, we present a model that reduces the number of trusted keys in resolvers and ensures larger secure access to the domain name space. This model has been implemented in BIND.
1 citations
20 Apr 2005
TL;DR: This paper proposes a fault recovery for many-to-one connections based on a cold (preplanned) protection and computes an efficient backup for an arbitrary primary tree using an improved multi-tree algorithm.
Abstract: The dependability of a network is its ability to cope with failures, i.e., to maintain established connections even in case of failures. IP routing protocols (such as OSPF and RIP) do not fit the dependability objectives of today applications. Usual forwarding techniques based on destination address (like IP) induce many-to-one connections. Thus, if a dependable connection is needed, all primary paths and protections having the same destination must be established in a coordinated way. Otherwise, loops may be established. In this paper, we propose a fault recovery for many-to-one connections based on a cold (preplanned) protection. The main advantage of our approach is that the recovery in case of failures is achieved within a short delay. Additionally, with respect to other approaches, the dependability of the routing scheme is increased in the way that it statistically copes with many failures. The algorithm we propose computes an efficient backup for an arbitrary primary tree using an improved multi-tree algorithm.