ciclo: XXXV

Titolo della tesi: Segment Routing v6: Performance and Security applied research

Segment Routing (SR) is a loose source routing protocol that provides complete control over the forwarding paths by combining simple network instructions. The v6 of the protocol is instantiated on an IPv6 data plane and represents the focus of my research activity. SRv6 has several key features that can be leveraged to re-design weak network- ing models, such as Kubernetes, in order to address container networking issues and to improve their performances. Nevertheless, the protocols also hides some vulnerabilities that has been investigated and exploited to move an attack and to evaluate the resulting impact. In sight of this, per-flow state, which is probably the most significant peculiar- ity of Segment Routing approach, can be considered at the same time a light and a shadow in new networking paradigms scenario. My work has developed along this line. ∗∗∗ The dissertation is composed by four part: Part 1 introduces the actual networking context and the Segment Routing protocol. Part 2 explores the advantages of container technology and how SRv6 could be leveraged to support a Service Function Chaining in a Kubernetes cluster with an appreciated performance improvement. Part 3 discuss SRv6 vulnerabilities and presents the results of some attack simu- lations. Part 4 reports the conclusions of this applied research activity.

11573/1673177 - 2023 - Segment Routing v6 - Security Issues and Experimental Results
Lo Bascio, David; Lomvardi, Flavio - 01a Articolo in rivista
rivista: INTERNATIONAL JOURNAL OF UBIQUITOUS SYSTEMS AND PERVASIVE NETWORKS (Port Williams NS: International Association for Sharing Knowledge and Sustainability) pp. 15-21 - issn: 1923-7332 - wos: (0) - scopus: (0)

11573/1673160 - 2022 - On SRv6 Security
Lo Bascio, David; Lombardi, Flavio - 04c Atto di convegno in rivista
rivista: PROCEDIA COMPUTER SCIENCE (Amsterdam : Elsevier) pp. 406-412 - issn: 1877-0509 - wos: (0) - scopus: 2-s2.0-85132145144 (1)
congresso: The 13th International Conference on Ambient Systems, Networks and Technologies (ANT) / The 5th International Conference on Emerging Data and Industry 4.0 (EDI40) (Oporto)

11573/1426069 - 2016 - Implementing a smart SDN switch with LISP control plane as network function (short paper)
Cianfrani, A.; Samii, M. M. P.; Lo Bascio, D.; Polverini, M. - 04b Atto di convegno in volume
congresso: 5th IEEE International Conference on Cloud Networking, CloudNet 2016 (Pisa; Italy)
libro: Proceedings - 2016 5th IEEE International Conference on Cloud Networking, CloudNet 2016 - (978-1-5090-5093-2)

