THE REAL TIME DATA STREAMS GROUPING NODE MATHEMATICAL MODEL, CONSIDERING LENGTH CHANGING OF GENERATED PACKAGES, PEAK AND MEDIUM DATA TRANSMISSION SPEED, PACKAGE PROCESSING
DELAY AFTER ENCRYPTION
Oleg Yu. Mironov,
The Academy of the Federal Guard Service of the Russian Federatio, Orel, Russia, [email protected]
DOI 10.24411/2072-8735-2018-10136
Keywords: secure corporate multiservice communication networks, real time data streams, admission control, packet switching core network, quality of service, criptotunnel, data encryption nodes.
Object of research of this article are processes of aggregation of traffic in means of cryptographic information security of the protected corporate multiservice communication network. The purpose of article is improvement of the existing mathematical models of knot of grouping applied at estimation of the required channel resource of network to an upkeep of the offered loading with the required quality "from the end in the end" in the direction of taking note of funds of cryptographic information security for parameters of the traffic generated by a terminal terminal inventory. The methodological basis of the conducted research was made by a statistical analysis of parameters of traffic before passing of the procedure of enciphering, separate provisions of the theory of scheduling of an experiment and network calculations. The experimental data of an accessible delay of processing of packages in the boundary router when using of the existing mathematical models of knot of grouping which are based on the theory of the determined network calculation for calculation of the required channel resource are presented in article. Inadequate functioning of these models in the protected corporate multiservice communication network is proved: at aggregation of traffic of IP-telephony the actual and accessible delay exceeds demanded, at aggregation of traffic of video telephony the allocated channel resource is overestimated. The parameter estimation of data flows is made IP-telephony and video telephony at their aggregation in cryptotunnels on an entrance and an exit of means of cryptographic information security. Technical restriction of a possibility of realization of architecture of IntServ in network of access and differentiated upkeep of DiffServ in transport network of the protected corporate multiservice communication network because of enciphering of office information of the alarm RSVP protocol is proved. The advanced mathematical model of knot of grouping considering in injected correction factors influence of the applied funds of cryptographic information security for peak, average transfer rates of data, lengths of the generated packages is offered. In the conclusion conclusions are drawn on need of development on the basis of received on mathematical model dependences of a control algorithm of the admission of data flows in the cryptotunnel taking into account their priority that will allow to use as much as possible in overload conditions the rented channel resource.
Information about author:
Oleg Yu. Mironov, The Federal state government military educational institution of higher education "The Academy of the Federal Guard Service of the Russian Federation", Orel, Russia
Для цитирования:
Миронов О.Ю. Математическая модель узла группирования потоков данных реального времени, учитывающая изменение длин генерируемых пакетов, пиковой и средней скорости передачи данных, задержки обработки пакетов в процессе шифрования // T-Comm: Телекоммуникации и транспорт. 2018. Том 12. №8. С. 78-87.
For citation:
Mironov O.Yu. (2018). The real time data streams grouping node mathematical model, considering length changing of generated packages, peak and medium data transmission speed, package processing delay after encryption. T-Comm, vol. 12, no.8, рр. 78-87.
7тл
At the exit of network devices treat advantages of the offered mathematical apparatus of the description of parameters of traffic minimum time of calculation of the required CR that is especially important by traffic control development of systems where the intensity of receipt of applications for an upkeep and requirements by the time of access to resources of the SCMCN transport network does not allow to use the difficult analytical expressions in the computing plan without the significant increase in efficiency of processors.
At the solution of a problem of providing the top delay of processing of packages in the boundary router (BR) in the
assumption that the mechanism of an upkeep is realized on the basis of one of schedulers of the class WFQ in each router on the way of transfer, the delay for i-th stream should not exceed the value counted on expression:
, BR 'ma* i (re<5 )-'* mtu
Where tBR it is provided due to reservation of a share of a
max; r
channel Rj capacity of a communication channel (Bps), at injected assumptions on the invariance of a delay of transfer of a package on channel k of communication of SCMCN tk {s), a
delay of processing of a package of MTU of a package in a
mcis ,,;„ (s).
Proceeding from the approach presented in [20, 21J on the basis of the known functions of receipt and an upkeep it can be calculated on expression:
BR
'max i ~
(,bj-Ljlpj-Rj) | 2Lj | L,ntu
Ri(Pi-n) % h
Ri>Pi>rh
pi>Ri>ri,
(1)
Ri-
Pi
Rt= ^
+ Lj + ¿mtu
tBR ■ + 'maxi T
Hi
"Mill
Pi-n Rk
The analysis of structure of SCMCN showed that in a MCIS grouping of streams in the common stream of the crypto tunnel by transfer and division into substreanis on reception is implemented. For the analytical description of the grouped stream entering from output port of a network element we will use the concept of a characterization of traffic of group streams presented to RFC 2216 [22] according to which n sum (i=l,.„ n) the
streams which underwent the procedure of formation of traffic is described by the cooperative function of receipt (CFR):
Acfr(i) = <
J^bi-maai(Li)
max ( Lj ) + Z Pif t <
/=1
n n
t>
M 1=1
1=1
(2)
1=1 i=l n
Y A, - max (¿/)
i=I_
n n
Z M-lji i=l i=1
Expression (2) allows to describe the worst case of oscillation of traffic of n sources on the basis of which becomes possible to calculate the required channel capacity for n-streams taking into
account providing min/^ ¡- from all entered requirements to QS.
For the grouped data flows are developed for estimation of the required CR model of the isolated upkeep of data flows (expression 3) and model of a group upkeep of data flows on the basis ofCFR (expression 4) [22]:
i=3
p.(h + max(Lj) + L/nlll (Pj-n)_
(3)
.BR {bj-Lj) Lmtu 'max /
(Pi~ri) Rk
Y&-max(£;)
n
Z Pi —-+ max( Lj ) + L
mtu
The effect in a resources consumption at a group upkeep of data flows will be observed only at reservation for each stream of CR focused on efficient transfer rate of data i.e. when performing a condition: p. > R. > q
Within the direction of a research on the basis of expression (1) it is required to solve the inverse problem at the given /m (req) it is required to estimate the necessary CR for an
upkeep of the offered loading allocated for BR:
h-k
RCFR(n) = -
Z (Pi-n)
1=1_
(4)
-max(I,-)
mill(tBR ) +
max i "
Z (Pi-n)
^iniii
RL.
i=1
where max{/.;-) - the maximal length of the generated package
UD
of the sources given from n, min(imax/ ) - minimum required
delay to processing of a package in BR among n of data flows.
The pilot study of adequacy of application of mathematical models of the guaranteed upkeep of data flows of real time
Willi a research objective of applicability of the existing mathematical models within the research assessment of parameters of the traffic of IP-telephony and video telephony generated by the terminal inventory used in SCMCN is made.
For what the natural experiment which scheme is submitted in the figure 5 was made.
Figure 5. The experimental stand for a research of parameters of the traffic generated by a terminal inventory
The statistical analysis of parameters of traffic allowed to define numerical values of parameters of peak and average transfer rate (table 1), lengths of the generated packages and an interpackage interval (figure 6).
Using the obtained statistical data (table 1), the generator of traffic of 1X1A XM 12 created test loading. The emulator of ANUE Network Emulator I!1 channels brought a delay of processing of packages, the reference to a transport segment of SCMCN. The generated loading comes on an upkeep to IP/MPLS the boundary Cisco ASR 1002 router. The stand used for carrying out an experiment is presented in the figure 7.
The total flow of data when grouping was investigated 100 streams of IP-telephony and 40 streams of video telephony that corresponds to full-load characteristics of federal level SCMCN PJSC JSB Avangard. As the studied parameter the maxima! delay of processing of a package in the boundary router at selection of CR estimated on the existing MM acted.
Tab!e 1
Numerical values of parameters of traffic
Values of the broadcast parameters in requests for reservation of CR at rendering of services
Video over IP (H.263 4 C1F) Tandberg Cod ¡an MCU 4205 VoIP (G.1W) Terminal Cisco 7912G
m m bps br kb n- m bps Lr byte Pi' kbps br kb n- kbps k> byte
From the terminal 2,1 8000 0,87 1346 112 8000 96 214
Results of calculation of the required CR when grouping 100 speech and 40 video streams are presented in the figure 8.
2) the delay of the rented communication channels and their channel capacity does not change:
\/k e {K11 tfr = const U Rfr = const
3) between the interacting MCIS s only one cryptotunnel is installed;
4) the maximal delay of processing of MTU of a package in a MCIS does not change at increase in load of a cryptocore:
t*mtu = const;
5) on all objects of SCMCN the MCIS "¡Continent IPC-25" or its analog is used;
6) algorithms "basket of markers" are applied to formation of traffic in all SCMCN routers Tbi=(rhbhpi,Li)
7) the scheme of creation of SCMCN does not differ from the-level architecture offered two with one MCIS and one boundary router (figure 1);
8) in cryplotunnels only the homogeneous data flows are aggregated;
9) losses of packages do not arise in SCMCN because of the terminating size of buffers;
10) in all network devices WFQ algorithm acts as the scheduler of an upkeep of packages;
For identification of influence of a MC!S on parameters of traffic the natural experiment was made the block diagram is submitted in the figure 10.
As a result of carrying out an experiment the software of WireShark is carried out informally precise observations: time of emergence of a package at the MCIS exit is fixed (time of processing of a package in the switchboard is not considered since
G. 711
the switchboard functions in the mirrorings mode of ports, without importation of a padding delay on processing of packages).
Video terminal
Tan&trg Codian MCIS KomineiH 3.5
MCU 4305
x
IK'25
IP- pflOJlL-Ciscn 7912G
-C.71I
H. 2fc4'4CIF ^
J>
Video terminal MCiS KoniLnent 3.5 Tandberg Codian I|>C25 mcua 205
Ethernet 100 Mbps
€> S
//■-phone Cisco 7912(7
Software WlrtShari
Figure 10. The experimental stand for a research of influence of a MCIS on parameters of the traffic generated by a terminal inventory
The received values of the broadcast traffic parameters after passing of a MCIS are presented in table 2, histograms of lengths of the generated packages and an interpackage interval in the figure 11.
Table 2
Numerical values of parameters of traffic at the CIPF exit
Values of the broadcast parameters in requests for reservation of CR at rendering of services
Video over IP (H.263 4 CIF) Tandberg Codian MCU 4205 VoIP(G.l\\) Terminal Cisco 7912G
Pi* mbps V kb ri> mbps Lf, byte Pi' kbps br kb rr kbps Lr byte
At the MCIS exit 1,74 8000 1,22 1392 126 8000 107 254
200 300 400 500
//.264/4C/F
Figure f 1. Histograms of lengths of packages and an interpackage interval at the exit of a MCIS of a data flow of IP-telephony and video telephony
6
575 55 i!5 5 »75
tx t
3 75 35 3« 3
175 25 225 2
1 75 1 5 1 25 1
075 05 025
jtl^lC
I
M2
2 4 6 8 10 12 M 16 18 20 22 2« 26 28 30 32 34 36 38 40
-U110.X admissible delay of processing of a package in switching knot
— — it.'a 1]. experimental delay of a package in iwitching knot at reservation of a resource on K.. „ -tmax the experimental delay of a package in switching knot at reservation of a resource on K,.
Figure 13, Results of estimation of a maximal and accessible delay
of processing of a package in the SCMCN boundary router when granting and) the protected ¡P-telephony, b) the protected video telephony
The pilot studies of" the developed model showed a possibility of obtaining adequate results at estimation of the required CR for an upkeep of the entering loading with the required quality that demonstrates achievement of a stated purpose of the real research.
Conclusions
Efficient functioning of a control system of SCMCN traffic substantially depends on accuracy of estimation of the required CR of network for an upkeep of the grouped stream in transport network of switching of packages after a MCIS.
During the preliminary researches and as a result of model operation it is shown that at the isolated upkeep of data Hows in a segment of network of access with IntScrv the solution of a task guaranteed QS best is implemented on the basis of the known model of service of the guaranteed upkeep of DFRT. This model is based on use of schedulers of WFQ "with transfer rate monitoring" which are introduced in the existing DiffServ segment BR. Data flows after enciphering are transferred as the grouped stream. Resources for its upkeep can be calculated on the basis of improved by grouping knot MM.
References
1. Doctrine of information security of the Russian Federation (Decree of the Russian President of December 5, 2016 No. 646).
2. Information security of JSC Gazprom: problems of the giant Information Security, Information security Magazine, No, 5. 2006, pp. 4-6.
3. Shelkovy D.V., Fokin A.B., Kornilov S.A. (2017), Issledovaniye of mathematical model of knot of switching of the protected corporate
multiservice communication network. Economy and management of control systems. Voronezh, pp. 291-300.
4. The decree of the Russian President of 09.05.2017 No. 203 "About the development strategy of informational society in the Russian Federation for 20! 7-2030".
5. Roslyakov A.V. (2006). The virtual private networks. Bases of construction and application. Moscow, 304 p.
6. Decree of the Russian President of 17.03.2008 No. 351 (edition of 22,05.2015). "About measures for ensuring information security of the Russian Federation when using informational and telecommunication networks of the international informational exchange".
7. Seleznyov LA. (2006). Corporate branch networks on the basis of operator MPLS networks. Technologies and communication facilities. No. 4, pp. 60-64.
8. Lobanov B.S., Bondarev Yu.S., Hlopov B.V. (2010), Increase in effectiveness of information security in corporate communication networks 2010. T-Comm. No. 2, pp. 40-43.
9. Gusarov A.A., Tarasevich S.A., Hokhlov G.G. (2007). Information security in departmental and corporate networks. News of SFU. Technical science. Section IV. Protection of telecommunications, pp. 155-161.
10. Mironov O.Yu. [etc.] (2017). Ensuring the protected data transmission in VPN networks . The Collection of reports of the XXII international open scientific conference "The Modern Problems of Informatization", VGTU, pp. 133-137.
11. Captures M.A. (2001). Creation of the virtual private networks on the basis of MPLS/M technology, A. Zakhvatov. Cisco Systems. 47 p.
12. Bradcn R, (1994), Integrated Services in the Internet Architecture: Overview ID. Clark, S.Shenker. RFC 1633, June 1994.
13. Bernct Y. (2000). A framework of Integrated Services Operation over Diffserv Networks / P.Ford, Yavatkar R., Baker F., Zhang L. - RFC 2998, November, 2000.
14. Blake S. (1998). An Architecture for Differentiated Services / D. Black, M. Carlson, E. Davies, Z. Wang, W. Weiss. - RFC 2475, December, 1998.
15. Kucheryavy E.A. (2004). Traffic control and quality of an upkeep on the Internet. SPb.: Science and technology. 336 p.
16. Stepanov S.N. (2010). Bases of teletraffic of multiservice networks. Moscow. 392 p.
17. Recommendation Y.1540. IP Packet Transfer and Availability Performance Parameters / ITU-T. 1999.
18. Recommendation Y.l 541. Networks Performance Objectives for IP Based Services / ITU-T. 2000.
19. Mironov O. Yu. (2015). Ensuring the guaranteed service of data flows in multiservice communication networks of the industrial function. The Collection of materials of the eighth international youth scientific and practical INFOKOM-2015 conference in SKF MTUSI. Part 1, pp. 202-205.
20. Georgadis L. (1996). Efficient Support of Delay and Rate Guarantees in an Internet / R. Guerin, A. Parekh II Proceedings of ACM SIGCOMM, August 1996, pp. 106-116, ACM SIGCOMM Conference 1996: Stanford, CA, USA.
21. Chenker S. (1997). Specification of Guaranteed Quality of Service /C. Patridge, R. Guerin, RFC 2212, September 1997.
22. Shenker S. (1997). General Characterization Parameters for Integrated Service Network Elements / J. Wroczlawski // September 1997. RFC 2216.
МАТЕМАТИЧЕСКАЯ МОДЕЛЬ УЗЛА ГРУППИРОВАНИЯ ПОТОКОВ ДАННЫХ РЕАЛЬНОГО ВРЕМЕНИ, УЧИТЫВАЮЩАЯ ИЗМЕНЕНИЕ ДЛИН ГЕНЕРИРУЕМЫХ ПАКЕТОВ, ПИКОВОЙ И СРЕДНЕЙ СКОРОСТИ ПЕРЕДАЧИ ДАННЫХ, ЗАДЕРЖКИ ОБРАБОТКИ ПАКЕТОВ В ПРОЦЕССЕ ШИФРОВАНИЯ
Миронов Олег Юрьевич,
ФГКВОУ ВО "Академия Федеральной службы охраны Российской Федерации", Орел, Россия, [email protected] Аннотация
Предметом исследования данной статьи являются процессы агрегации трафика в средствах криптографической защиты информации защищенной корпоративной мультисервисной сети связи. Целью статьи является усовершенствование существующих математических моделей узла группирования, применяемых при оценивании требуемого канального ресурса сети для обслуживания предложенной нагрузки с требуемым качеством "из конца в конец" в направлении учета влияния средств криптографической защиты информации на параметры трафика, генерируемого оконечным терминальным оборудованием. Методологическую основу проводимого исследования составил статистический анализ параметров трафика до и после прохождения процедуры шифрования, отдельные положения теории планирования эксперимента и сетевых исчислений. В статье представлены экспериментальные данные достижимой задержки обработки пакетов в пограничном маршрутизаторе при использовании существующих математических моделей узла группирования, базирующихся на теории детерминированного сетевого исчисления, для расчета требуемого канального ресурса. Доказано неадекватное функционирование данных моделей в защищенной корпоративной мультисервисной сети связи: при агрегации трафика IP-телефонии реально-достижимая задержка превышает требуемую, при агрегации трафика видеотелефонии выделяемый канальный ресурс оказывается завышенным. Произведено оценивание параметров потоков данных IP-телефонии и видеотелефонии при их агрегации в криптотуннелях на входе и выходе средств криптографической защиты информации. Доказано техническое ограничение возможности реализации архитектур IntServ в сети доступа и дифференцированного обслуживания DiffServ в транспортной сети защищенной корпоративной мультисервисной сети связи из-за шифрования служебной информации сигнального протокола RSVP. Предложена усовершенствованная математическая модель узла группирования, учитывающая в введенных поправочных коэффициентах влияние применяемых средств криптографической защиты информации на пиковую, среднюю скорости передачи данных, длины генерируемых пакетов. В заключении сделаны выводы о необходимости разработки на основе полученных на математической модели зависимостях алгоритма управления допуском потоков данных в криптотуннель с учетом их приоритетности, что позволит в условиях перегрузки максимально использовать арендуемый канальный ресурс.
Ключевые слова: защищенная корпоративная мультисервисная сеть связи, потоки данных реального времени, доступ потоков данных, транспортная сеть с коммутацией пакетов, качество обслуживания, криптотуннель, средства криптографической защиты информации.
Литература
1. Доктрина информационной безопасности Российской Федерации (утв. Указом Президента РФ от 5 декабря 2016 г. № 646).
2. Информационная безопасность ОАО "Газпром": проблемы гиганта Журнал "Information Security/ Информационная безопасность". № 5. 2006. С. 4-6.
3. Шелковый Д.В., Фокин А.Б., Корнилов С.А. Исследование математической модели узла коммутации защищенной корпоративной мультисервисной сети связи // Экономика и менеджмент систем управления. Научно-практический журнал. Воронеж, 2017. С. 291-300.
4. Указ Президента РФ от 09.05.2017 № 203 "О стратегии развития информационного общества в Российской Федерации на 2017-2030 годы".
5. Росляков А.В. Виртуальные частные сети. Основы построения и применения. М.: Эко-Трэндз, 2006. 304 с.
6. Указ Президента РФ от 17.03.2008 № 351 (ред. от 22.05.2015). "О мерах по обеспечению информационной безопасности Российской Федерации при использовании информационно-телекоммуникационных сетей международного информационного обмена".
7. Селезнев И.А. Корпоративные филиальные сети на базе операторских MPLS-сетей // Технологии и средства связи. 2006. №4. С. 60-64.
8. Лобанов Б.С., Бондарев Ю.С., Хлопов Б.В. Повышение эффективности защиты информации в корпоративных сетях связи 2010 // T-Comm: Телекоммуникации и транспорт. № 2. 2010. С. 40-43
9. Гусаров А.А., Тарасевич С.А., Хохлов Г.Г. Защита информации в ведомственных и корпоративных сетях // Известия ЮФУ. Технические науки. Раздел IV. Защита телекоммуникаций, 2007. С. 155-161.
10. Миронов О.Ю. и др. Обеспечение защищенной передачи данных в сетях VPN // Сборник докладов XXII международной открытой научной конференции "Современные проблемы информатизации", ВГТУ, 2017. С. 133-137.
11. Захватов М.А. Построение виртуальных частных сетей на базе технологии MPLS. Cisco Systems, 2001. 47 с.
12. Braden R. Integrated Services in the Internet Architecture: Overview / D. Clark, S.Shenker. RFC 1633, June 1994.
13. Bernet Y. A framework of Integrated Services Operation over Diffserv Networks / P.Ford, Yavatkar R., Baker F., Zhang L. RFC 2998, November, 2000.
14. Blake S. An Architecture for Differentiated Services / D. Black, M. Carlson, E. Davies, Z. Wang, W. Weiss. RFC 2475, December, 1998.
15. Кучерявый Е.А. Управление трафиком и качество обслуживания в сети Интернет. СПб.: Наука и техника, 2004. 336 с.
16. Степанов С.Н. Основы телетрафика мультисервисных сетей. М. : Эко-Трэндз, 2010. 392 с.
17. Recommendation Y.I540. IP Packet Transfer and Availability Performance Parameters / ITU-T. 1999.
18. Recommendation Y.I54I. Networks Performance Objectives for IP Based Services / ITU-T. 2000.
19. Миронов О.Ю. Обеспечение гарантированного обслуживания потоков данных в мультисервисных сетях связи промышленного назначения / Сборник материалов восьмой международной молодежной научно-практической конференции "ИНФОКОМ-2015" в СКФ МТУСИ. Часть I, 2015. С. 202-205.
20. Georgadis L. Efficient Support of Delay and Rate Guarantees in an Internet / R. Guerin, A. Parekh / in Proceedings of ACM SIGCOMM, August 1996, pp. 106-116. ACM SIGCOMM Conference 1996: Stanford, CA, USA.
21. Chenker S. Specification of Guaranteed Quality of Service / C. Patridge, R. Guerin. RFC 2212, September 1997.
22. Shenker S. General Characterization Parameters for Integrated Service Network Elements / J. Wroczlawski / SeptemberI997. RFC 2216.