IP network QoS and security issues

QoS Problem Analysis
Currently, the public exchange Telephone Network (PSTN) and ATM network can ensure the service quality, while the IP network cannot guarantee the service quality. Therefore, in this section, we analyze the service quality problems of IP networks by comparing the PSTN and ATM technologies and networks. First, let's take a look at the service quality of the PSTN network.
　　
In PSTN, networks and services are not separated and are provided and controlled by the operator. You cannot create new services on your own. You can only select the types of services provided by the carrier. Currently, all services provided by the carrier are basic and complementary services based on the voice service model, A fixed transmission rate (such as 64kb/s) is the biggest feature ).
　　
For a single user, when the PSTN network receives a call request from the user, it can determine whether the end-to-end network resources for the call are available during the connection process. If available, the user is allowed to access the service. Otherwise, the access is rejected. The premise is that the PSTN network knows that the network resources required by each request are 64 KB/s, therefore, it is easy to determine whether the end-to-end Network Resources requested by the user are available.
　　
For the whole network, we can calculate the traffic and flow based on the 64 KB/s resource required for each call by each user, and carry out reasonable planning and design based on over one hundred years of operation experience, improve the resource utilization of the entire network while ensuring the quality of each call service for each user.
　　
Next, let's take a look at the service quality of the ATM network.
　　
Although ATM supports Traffic Engineering and Variable Bit Rate (rt-VBR) that supports real-time services, the most typical usage currently is to provide point-to-point (such as PVC leased lines) multi-Point to multi-point (ATM) services. In addition, ATM currently supports almost all high-level services (IP over ATM ). The high-level IP address will clearly tell the Low-layer ATM how many network resources it needs (such as 155 Mb/s and 622 Mb/s ), however, the IP address does not know how many resources are required for its high-level applications (such as WWW and E-mail. It can be said that the IP address carries a black box for the ATM and cannot guarantee QoS. The Traffic Engineering and rt-VBR functions of ATM are rarely used, and the reason is very clear.
　　
In another way, we can look at the ATM and IP addresses. Currently, almost all high-level services are based on IP addresses, and IP addresses cannot guarantee the service quality. But can't I use ATM? What will happen if we port a sudden data service to an ATM, such as WWW/E-mail/FTP/VoIP over ATM, and remove the intermediate IP layer? It is hard to imagine that the service quality provided by ATM is not better than that provided by IP, and other problems (such as addressing and scalability) of ATM may be more serious.
　　
Next we will discuss the service quality of the IP network.
　　
The IP address was originally designed to carry multiple services, and the network and business are separated. The user access and IP packet transmission services are provided by the ISP, And the content services (such as WWW, FTP, and E-mail) provided by the content provider (ICP.
　　
It is difficult for a single user to ensure the user's QoS on an IP network, including the business types used by the user, the business characteristics and traffic models of the service, and the features and traffic models of the same business in different usage. the access link may use a combination of multiple services and irregular mesh structures, making it difficult to determine the available end-to-end resources. Different data packets in the same business flow may pass through different network paths and the operating time of the telephone network. the operation time is very short compared with that of the IP network, and there is little O & M experience, and so on.
　　
Because QoS Assurance for the entire network is calculated, planned, and designed based on the resource requirements of a single user, if QoS is hard to handle for a single user, the optimal use of network resources is impossible, it is more difficult to ensure the full-network QoS after statistical aggregation.
　　
Security Issue Analysis
It is widely believed in the industry that PSTN and ATM networks are relatively secure. Therefore, similar to the previous section, this section analyzes the security issues of IP networks, this article mainly compares PSTN with ATM technologies and networks.
　　
First, let's take a look at the security of the PSTN network.
　　
Compared with the IP network, the security of the PSTN network comes from several aspects:
　　
PSTN terminals are silly. Smart terminals are located in the carrier network. Users-network interfaces (UNI) and network-network interfaces (NNI) are separated. Both service provision and control are in the hands of operators, and the operator's network only provides services for businesses that can be identified by themselves. Without the participation of the operator's network, it is difficult for users to create a new business only after performing the transformation on the client side. The operator has business control, which means that the operator can only provide services that he considers as secure. Silly terminals make it difficult for users to perform security attacks that require the support of smart terminals, so that common attacks such as viruses and hackers on the IP network are inaccessible on the PSTN, and the security is easily guaranteed.
　　
When PSTN is used to provide IP network access services, the PSTN is the link layer (ACCESS) technology of the IP network. IP data is transparently transmitted only on the PSTN, therefore, it is impossible to use the PSTN access IP address to attack the PSTN network from an IP address.
　　
The cost of security attacks is high. The charging mode and terminal silly features of PSTN make it difficult for customers to launch large-scale attacks (such as distributed denial-of-service attacks and DDOS attacks) effectively because of the high cost.
　　
It is difficult for the customer to trace. The PSTN network has a globally unique and public number (E.164) for all terminals. In case of problems, it is easy to trace the location of the attacker.
　　
Next, let's look at the security of the ATM network.
　　
Compared with IP networks, the security of ATM networks mainly comes from the following aspects:
　　
Without the direct use of the Terminal Services of the ATM, the ATM network is not directly oriented to the user, making it impossible for the customer to issue the ATM signaling or data that the ATM network can identify or identify.
　　
The UNI and NNI of ATM are separated. The relationship between networks and users (IP users or voice users) is to provide users with the passthrough function of information. ATM signaling, data, and equipment are not visible to users, user-generated data cannot attack the ATM network, and the security between the network and the network is ensured by the trust relationship between operators.
　　
An ATM provides a logical private network and an internal private network. Users can only communicate with each other on their own networks. They can only attack their own networks or users on their own networks. The attack targets are limited, and even if an attack occurs, it is easy to trace.
　　
Finally, let's take a look at IP Security.
　　
Compared with SDH, ATM, X.25, and other security networks, the main reasons for the security of IP networks are:
　　
There is no difference between the user-Network Interface (UNI) and the network-Network Interface (NNI) in the IP network, which is visible at the IP layer. The operator's network devices, protocols, and even topology are visible to users. The IP information generated on the user side may end on the user side or on the network, this gives the user side the opportunity to exchange illegal routing information with the carrier's network, and may also attack the carrier's network routers and access servers and other three or more layer-3 devices. In addition, the user-side networks, services, and applications on the edge of the network generally use the TCP/UDP/IP technology. Users can see each other at the IP layer and application layer. This makes interconnection and cost reduction much easier, but it also makes it easier for users to attack each other's networks, applications, and services.
　　
The Intelligence and diversity of terminals increase the difficulty of identifying and preventing security attacks. A variety of services are carried on the same network and do not establish trust relationships between users. As a result, malicious users can easily launch attacks against other users; it is difficult for attacked users to distinguish between valid user access requests and malicious attacks.
　　
The IP technology has developed rapidly, and many defects or bugs in protocol design and software implementation cannot be tested or eliminated before large-scale deployment and use. Such as TCP/IP protocol family implementation, especially security vulnerabilities in Microsoft operating systems.
　　
In addition, the broadband IP technology facilitates the implementation of large-scale attacks, such as distributed denial-of-service attacks. The billing mode of IP addresses leads to low attack costs, and the identity of IP users is hard to determine, this makes it difficult to track attackers.