Research of a flow-based model of secure Traffic Engineering routing in an infocommunication network with normalized link-blocking conditions

Abstract

The work improves the flow-based model of secure routing with load balancing in accordance with the Traffic Engineering concept by considering the network security parameters in an information and communication network (ICN). Within the framework of the proposed model, the solution to the technological problem of secure routing with load balancing in an ICN was reduced to solving an optimization problem of linear programming, which guarantees the predictable computational complexity of solutions and low requirements for the computing power of devices responsible for solving routing problems – routers, route servers, controllers, etc. The novelty of the proposed model is the modification of the exponential model of blocking communication links, taking into account normalized conditions to prevent a situation where even the most secure links will be blocked, leading to inefficient use of the link resource. The results of the study of secure routing processes with load balancing in ICN confirmed the model’s effectiveness in considering the network state: its topology, flow characteristics, bandwidth, and congestion of communication links, as well as the probability of their compromise. This made it possible to orient the resulting routing solutions to reduce the congestion of communication links that have a high compromise probability by redistributing traffic to more secure links. In the course of the study, a comparative analysis of the effectiveness of using secure and TE routing models was carried out by a number of indicators. It has been established that the use of SecTE and NormSecTE secure routing models focused on finding a compromise between the Quality of Service and network security indicators. At the same time, the proposed improved model of secure TE routing NormSecTE, based on a more accurate consideration of the probability of compromising communication links, allowed, compared to the SecTE model, to improve the level of network security (packet compromise probability), but with a certain decrease in the level of Quality of Service (average end-to-end packet delay) in the ICN.