CARAT Access Control and Quality of service in

CARAT Access Control and Quality of service in ATM Networks Sylvain Gombault Maryline Laurent Gwenn Gueguen Olivier Paul ENST de Bretagne CELAR France Telecom - RD

CARAT - Goals • Filtering at the ATM and TCP/IP levels. • High Speed. – 622 Mb/s on cells. • Qo. S preservation. – Delay on the ATM cells filtering can be precomputed. • Easy to manage.

Overview • Located between a public and a private network. • Made of 3 modules: – Manager. – Signalling filter. – Cell-level filter. • Can be easily integrated to the existing equipment. • Modules are configured through a single language.

The manager • Translates the access control policy expressed by the security officer into a set of access control commands that can be used – by the signalling filter. – by the cell filter.

The signalling filter • Based on a SUN ATM signalling protocol stack. • Modifications on Q 93 B module. • Signalling messages parsing module. • Filter. • Signalling messages construction module. – Address masquerading.

Cell-level filter • IFT/CNET NICs – 622 Mb/s mono-directional. – Analyse of the first AAL 5 frame cell – Possible action: commutation • Reject : Trash VC. • Accept : Leave VC unchanged. – Deterministic cell analysis time. – On the fly configuration modification. • IFT Driver – Remote configuration. – Handles several managers. • Configuration library. Solaris PC RPC Demon IFT Driver Filtering memory ATM Cells Extraction

Conclusions • Good performance (throughput, delay) – Patented Cell Analysis scheme. – Dynamic Configuration Adaptation. • Test results complete ISP TCP/IP level ACP (400 rules): – 70% memory was used (1. 4 M/ 2 M). – 1. 7 s maximum delay. • ATM & TCP/IP Access Control Capabilities. – Native ATM Applications Control. • “Plug-in” controller. – Easy Adaptation to the Existing Equipment. – New functions can be easily integrated. • Easy to manage