How to Implement En Route Filtering in NS2
To implement the En Routing Filtering in NS2, we can filter malevolent packets or identify interruptions while the packet is in transit amongst nodes by using this security mechanisms which is often used in wireless sensor networks (WSN) or multi-hop networks. The goal is to filter out invalid or mischievous packets at intermediate nodes, decreasing the load on the end node and enhancing network’s security and performance. The below approach will help you get started the implementation process using ns2:
Steps to Implement En-route Filtering in NS2
It can be accomplished in ns2 by changing the activities of intermediate nodes to examine the packets they forward. If a packet does not match particular criteria (for instance: in terms of security parameters like validation, packet integrity or trust), it is cancelled by the intermediate nodes before it reaches the destination.
In NS2, we can replicate en-route filtering by:
- Altering the packet forwarding behavior of intermediate nodes.
- Launching rules for packet filtering depend on packet content (like source IP, packet checksum, or other metadata).
- Releasing packets that do not pass the filtering rules.
- Set Up NS2 Environment
Make certain that NS2 is installed and properly configured. We will simulate en-route filtering by tailoring how intermediate nodes process packets.
- Create a TCL Script for En-route Filtering
The following sample explains how to replicate en-route filtering in NS2. Intermediate nodes will test each packet they obtain and drop any packet that does not match specific criteria like invalid source IP or packet checksum.
Example TCL Script for En-route Filtering:
# Create a new NS2 simulator
set ns [new Simulator]
# Open trace and NAM output files
set tracefile [open enroute_filtering.tr w]
$ns trace-all $tracefile
set namfile [open enroute_filtering.nam w]
$ns namtrace-all $namfile
# Define wireless network parameters
set val(chan) Channel/WirelessChannel
set val(prop) Propagation/TwoRayGround
set val(ant) Antenna/OmniAntenna
set val(netif) Phy/WirelessPhy
set val(mac) Mac/802_11
set val(ifq) Queue/DropTail/PriQueue
set val(ifqlen) 50
set val(ll) LL
set val(rp) AODV ;# Use AODV routing protocol
set val(x) 1000
set val(y) 1000
set val(num_nodes) 4 ;# Number of nodes
# Create topography for the network
set topo [new Topography]
$topo load_flatgrid $val(x) $val(y)
# Configure node parameters
$ns node-config -adhocRouting $val(rp) \
-llType $val(ll) \
-macType $val(mac) \
-ifqType $val(ifq) \
-ifqLen $val(ifqlen) \
-antType $val(ant) \
-propType $val(prop) \
-phyType $val(netif) \
-channelType $val(chan) \
-topoInstance $topo \
-agentTrace ON \
-routerTrace ON \
-macTrace ON
# Create nodes and set initial positions
set node0 [$ns node] ;# Source node
set node1 [$ns node] ;# Intermediate node 1 (acting as an en-route filter)
set node2 [$ns node] ;# Intermediate node 2 (acting as an en-route filter)
set node3 [$ns node] ;# Destination node
$node0 set X_ 100
$node0 set Y_ 100
$node0 set Z_ 0
$node1 set X_ 300
$node1 set Y_ 300
$node1 set Z_ 0
$node2 set X_ 500
$node2 set Y_ 500
$node2 set Z_ 0
$node3 set X_ 700
$node3 set Y_ 700
$node3 set Z_ 0
# Define filtering criteria for the en-route filter nodes (node1 and node2)
# Here we filter based on the source IP address or some other criteria (e.g., checksum).
# We assume “192.168.1.1” is the source IP that is allowed, others will be filtered.
set allowed_ips [list “192.168.1.1”] ;# List of allowed IP addresses
# Function to check if the packet’s source IP is allowed
proc check_packet_source_ip {src_ip} {
global allowed_ips
if {[lsearch -exact $allowed_ips $src_ip] == -1} {
return 0 ;# Packet should be filtered (IP not allowed)
} else {
return 1 ;# Packet is allowed
}
}
# En-route filtering function (applied at intermediate nodes)
proc enroute_filter {src_ip packet_data} {
if {[check_packet_source_ip $src_ip] == 1} {
puts “Packet allowed from source $src_ip”
return 1 ;# Packet is allowed to continue
} else {
puts “Packet dropped: source $src_ip is not allowed”
return 0 ;# Packet is dropped
}
}
# Function to simulate traffic filtering at an intermediate node
proc intermediate_node {node src_node dst_node src_ip packet_data} {
if {[enroute_filter $src_ip $packet_data] == 1} {
puts “Packet forwarded by intermediate node”
set udp [new Agent/UDP]
$ns attach-agent $node $udp
set null [new Agent/Null]
$ns attach-agent $dst_node $null
$ns connect $udp $null
return $udp
} else {
puts “Packet dropped at intermediate node”
return 0
}
}
# Simulate traffic from node0 to node3 via node1 and node2
set udp0 [new Agent/UDP]
$ns attach-agent $node0 $udp0
# Intermediate nodes apply en-route filtering
set udp1 [intermediate_node $node1 $node0 $node2 “192.168.1.1” “packet_data”]
set udp2 [intermediate_node $node2 $node1 $node3 “192.168.1.1” “packet_data”]
# Create traffic source (CBR) from node0 to node3
if {$udp2 != 0} {
set cbr0 [new Application/Traffic/CBR]
$cbr0 set packetSize_ 512
$cbr0 set rate_ 1Mb
$cbr0 attach-agent $udp0
$ns at 1.0 “$cbr0 start”
$ns at 9.0 “$cbr0 stop”
}
# Schedule simulation end
$ns at 10.0 “finish”
# Finish procedure to close trace and NAM files
proc finish {} {
global ns tracefile namfile
$ns flush-trace
close $tracefile
close $namfile
exec nam enroute_filtering.nam &
exit 0
}
# Run the simulation
$ns run
- Explanation of Key Components
- Source Node (node0): This is the node that invents the packets. It delivers UDP traffic to the destination node (node3).
- Intermediate Nodes (node1 and node2): These nodes operate en-route filtering. They verify the source IP or other principles before forwarding the packet. If the packet is not permitted, it is dropped.
- Destination Node (node3): This is the node that acquires the packets if they successfully pass through the intermediate nodes.
- Allowed IPs: The allowed_ips list states which source IPs are permitted. If a packet originates from an untrusted or unauthorized IP, it is filtered out by the intermediate nodes.
- En-route Filtering Logic: The enroute_filter function validates if the packet is granted to proceed as per the source IP or other conditions.
- Run the Simulation
Save the script as enroute_filtering.tcl and execute it in NS2:
ns enroute_filtering.tcl
Once the simulation ends, you can visualize the network activities using NAM:
nam enroute_filtering.nam
- Simulation Output
During the simulation, the script will result messages signifying whether packets are acceptable or dropped at the intermediate nodes:
Packet allowed from source 192.168.1.1
Packet forwarded by intermediate node
Packet allowed from source 192.168.1.1
Packet forwarded by intermediate node
If a packet is from an illegal IP, it will be dropped:
Packet dropped: source 192.168.1.5 is not allowed
Packet dropped at intermediate node
- Advanced Features for En-route Filtering
You can extend this replication by including more modern features:
- Dynamic Filtering: Update filtering rules dynamically during the simulation in terms of network conditions (such as identifying a mischievous node and congesting it in real-time).
- Packet Inspection: Attach more advanced packet inspection functionalities authenticating packet integrity (checksum validation) or inspecting packet payloads.
- Trust-based Filtering: Use a trust-based or reputation-based system where nodes filter packets as per the reputation of the sender.
- Intrusion Detection: Incorporate an intrusion detection system (IDS) to observe the network and filter out doubtful or malevolent traffic.
Overall, we have concentrated on the implementation and attachment of advanced mechanisms into the simulation network regarding the En-Route Filtering using NS2. You can accomplish this filtering by following the delivered procedure and its examples.
If you want to get En Route Filtering up and running in NS2, definitely swing by ns2project.com. Our skilled developers are there to help you out with top-notch support. You can also grab some project performance tips from our experts. We specialize in wireless sensor networks (WSN) and multi-hop networks, so we’ve got you covered based on your project needs.