OPTIMIZING HARD QOS AND SECURITY WITH DISJOINT PATH ROUTING

Background. The combination of secure routing and hard QoS is a worthwhile topic that involves designing and implementing network protocols and systems that can provide high performance and robust protection for data flow due to shared goals. Secure QoS routing over disjoint paths is a challenging problem that requires balancing the trade-off between network security and bandwidth guarantees. Objective . This article investigates a mathematical model that can address secure QoS routing by formulating it as an optimization problem with a linear objective function and linear or bilinear constraints. The objective function aims to minimize the paths compromise probability, while the constraints ensure that the total bandwidth of the paths meets the QoS requirements. Methods. We use computer simulation of hard QoS and security with disjoint path routing. Also we use mathematical programming methods in order to describe secure QoS routing. Results. The article presents a numerical study of the model using different scenarios and parameters. The results show that the model can effectively provide secure QoS routing over disjoint paths with a high bandwidth guarantee level and a low compromise probability. The work analyses the sensitivity of the solutions to the QoS requirements and reveals that there is usually some margin in the bandwidth provision. Conclusions. The proposed model is a promising tool for secure QoS routing over disjoint paths in various network environments.


Introduction
An important place among the means of ensuring the Quality of Service (QoS) in modern information and communication networks (ICNs) is occupied by routing protocols [1,2].They are tasked with determining one or more paths along which the specified QoS indicators would be provided.First of all, we are talking about bandwidth, average packet delay, jitter, and packet loss rate [3][4][5][6][7][8].
It is worth noting that in IP networks, not all protocols meet the requirements for considering multiple QoS indicators when forming metrics and calculating routes.As of now, only the proprietary protocol EIGRP (Enhanced Interior Gateway Routing Protocol) proposed by Cisco [2] takes into account a set of route performance indicators, albeit indirectly, when determining routing metrics: -number of retransmissions (hops); -bandwidth; -packet delay; -packet loss rate; -route link utilization.Within the EIGRP protocol, these indicators are converted into a scalar routing metric traditionally used by routing algorithms, such as DUAL.This approach is quite universal and is used in other IP routing protocols.However, it does not allow us to discuss the guaranteed values of the selected QoS indicators, which is important for most packet flows circulating in modern multiservice ICNs.
In addition, in recent years, network security tasks have come to the fore.Their successful solution is also associated with the involvement of the functionality of all levels of the OSI (Open System Interconnection) model.In this regard, the term "secure routing" appeared when determining routes; in addition to QoS indicators, it is necessary to consider network security indicators [9][10][11][12].The traditional approach is to use an option where the composite protocol metric will additionally take into account another indicator related to network security.This will not lead to revising the set of used route calculation algorithms -Dijkstra, Bellman-Ford, DUAL.However, as the analysis has shown, an approach based on the departure from using graph models for finding the shortest path in a graph and the listed combinatorial optimization algorithms is becoming increasingly common among scientists dealing with routing problems [13][14][15][16].The power of contemporary routers makes it possible to use more modern but also more computationally complex optimization models, methods, and computational 2 algorithms, in which, at the level of optimization criteria and introduced constraints, it is possible to more adequately consider the requirements for the values of certain QoS and network security indicators.
In this work, we will consider and investigate an approach to solving the problem of secure QoS routing based on optimizing the process of calculating a given number of disjoint paths along which the bandwidth requirements are guaranteed to be met, and such an important network security indicator as the probability of packet compromise is improved.

Mathematical Model of Secure QoS Routing over Disjoint M-Paths with Guaranteed Bandwidth
We reviewed existing methods [17][18][19][20] for finding disjoint paths in a network and selected the basic mathematical model for computing routes, which was introduced and analysed in [15,16].We will use the following notation to explain the model in this article: To solve the stated problem of sending the kth flow over disjoint M-paths, we need to obtain the set of variables k j i a , under the constraints: In addition, for every pair of source and destination nodes, the conditions must be satisfied [15,16]: , ; Simultaneously, the basic model imposes the following restrictions on transit nodes, , [16]: .
The initial inequality in the system (4) implies that the transit router i R can only have one path exiting it.Ensuring the satisfaction of the second condition in system ( 4) is essential to ensure that the transit router i R is not involved in more than one path within the computed set of disjoint routes.Implementing the third condition from (4) entails that a path can only depart from a transit router i R if it has previously arrived at that node.
To implement M-Paths routing, it is necessary to predetermine and fix the number of calculated disjoint paths: In a more comprehensive perspective, the acceptable values represented by k  are closely connected to the network's configuration.This connection is notably influenced by factors such as the network's topology, the extent of connectivity among nodes, and the degree of vertices in the G graph, which simulates the source and destination routers.
The basic mathematical model, represented by equations ( 1) to (5), can be adjusted for QoS routing to achieve maximum or predefined bandwidth.This adjustment involves employing a calculated set of disjoint paths.Consequently, additional conditions must be introduced within the framework of the basic model to ensure a specific Quality of Service level concerning bandwidth.In this regard, we define β k path as the minimum threshold value for the bandwidth associated with any set of disjoint paths responsible for transmitting the kth packet flow.Therefore, the subsequent condition can be integrated into the routing model, akin to the methodology in [16]: In this context, the weighting coefficients W take on values surpassing the maximum bandwidth of links in the network.Compliance with condition (6) guarantees that each route within the computed disjoint paths for the kth flow has a bandwidth equal to or exceeding β k path .Let's designate as β k this specific threshold value, for example, as for every kth packet flow.Accordingly, within the model outlined by conditions (1) to (6), the subsequent condition is suggested: The left side of inequality (7) denotes the minimum bandwidth requirement, collectively enabling the use of the computed paths.This lower limit is guaranteed because, according to conditions (6), each disjoint path has a capacity that is equal to or exceeds β k path , albeit potentially surpassing it.Depending on the chosen optimality criterion, achieving the conditions outlined in (7) can be accomplished by increasing the number of employed k  disjoint routes or by raising the threshold β k path value concerning the minimum bandwidth of the paths.
As a result, in [15,16], it is suggested to modify the model ( 1)-( 7) by complementing it, altering the type of optimality criterion, which will be based on maximizing such an objective function: Within the objective function (8), the significance of individual terms is determined by positive weights , i j w .It is essential to select these weights in a manner that prioritizes the minimization of the compromise probability when selecting the set of disjoint paths [15]: Then the probability of compromise for the nth path can be derived according to [3]: 1 where n L is the ordered set of links of the nth path.Finally, the compromise probability of the disjoint paths (multipath) is obtained as [15]:


To guarantee QoS bandwidth assurances in secure routing implementations, it is suggested to frame the routing problem using the model ( 1)- (11) in the following optimization formulation: -The routing decisions' optimality criterion is defined as the maximum value of the objective function (8).
-Constraints ( 1)-( 4) and ( 6) are applied to the routing variables k j i a , and the variables β k path to maintain balance in the routes' capacity.
-Constraints ( 5) and ( 7) are applied to the balancing variables β k path , influencing the number of disjoint routes engaged.
Hence, in the context of implementing a secure routing strategy, employing the model ( 1)-( 11) emphasizes solutions falling under the DiffServ category.From a QoS routing perspective, the solutions obtained adhere to IntServ principles.This is attributed to the fact that the use of the optimality criterion (8) aims to select paths with a high, albeit non-guaranteed, level of network security.However, the incorporation of conditions (7) into the model structure aims to ensure the QoS level concerning bandwidth β k .As a result, the solution to the optimization problem yields a multipatha set of disjoint paths with maximum capacity, ensuring a total bandwidth not below the specified requirements β k and a minimal compromise probability.
In summary, the application of the model ( 1)-( 11) allows the classification of the optimization problem for secure QoS routing over disjoint paths, providing guaranteed bandwidth, as a Mixed Integer Linear Programming (MILP) problem.

Study results of a mathematical model of secure QoS routing in a network over disjoint paths
When examining the model for secure QoS routing over disjoint paths with guaranteed bandwidth ( 1)-( 11), the requirements β k specified in constraint ( 7) play a crucial role.This is because the optimality criterion (8) does not explicitly incorporate parameters related to the bandwidth of links and paths.To meet the conditions outlined in (7), ensuring that the multipath for the kth packet flow will maintain a bandwidth not less than β k .The level of guarantees offered by a particular multipath, as per conditions (7), is determined by the product 4 The characteristics of the model for secure QoS routing in a network will be elucidated through a subsequent numerical illustration.In the context of the examined network depicted in Fig. 1, the first and seventh nodes are designated as routers representing the source and destination of the flow, respectively.Implementing the proposed model results in four distinct scenarios, each characterized by varying probabilities of compromising communication links.These scenarios yield sets of disjoint paths, as outlined in Table 1.Additionally, the table provides information on the bandwidths associated with the links in the network.
Fig. 1 Structure of the network under study The system (12) outlines the collection of possible routes connecting the source and destination nodes: L Table 2 presents the bandwidths and compromise probabilities of the paths (12) available for transmitting packets, linking the source 1 R and destination 7 R routers, under various network link compromise probabilities scenarios.Table 3 displays potential routing solutions, featuring, for instance, two computed disjoint paths.In turn, it provides the bandwidth and compromise probability for each multipath.Additionally, Table 3 shows the extreme bandwidth values and compromise probability for each initial data set.Subsequently, two types of requirements for the total bandwidth of disjoint paths ( β k ) were considered: 300 and 400 pps.In the case when β k = 300 pps, the optimal routing solutions for different variants of ICN link compromise within the framework of models ( 1)- (11) are the ones presented in Table 4.In the case when β k = 400 pps, the optimal solution for all variants of ICN link compromise is the routing solution represented by the fifth multipath in Table 3, i.e., the paths {E1,4, E4,7} and {E1,2, E2,7}.Only this set of disjoint paths ensured the joint fulfilment of conditions ( 6) and (7).

Conclusion
This article presents a mathematical model of secure QoS routing in ICNs (1)-( 11) using disjoint paths.Within the model, the engineering problem of routing was reduced to solving a MILP-class optimization problem with a linear optimality criterion (8) and linear constraints (1)-( 4), (6), and (7).Integers represent the set of variables (1), and the variable β k path is a real number.
The study of the proposed model for calculating routes for different variants of link compromise and QoS requirements confirmed its effectiveness in providing guarantees for path bandwidth and increasing the level of network security in terms of the compromise probability.The logic of the model was that among those multipaths that met the bandwidth requirements, the option that provided the minimum value of the probability of compromise was selected (Table 4).

Table 1 .
Input data for investigating secure QoS routing models

Table 2 .
The bandwidth of the paths available for packet transmission between the source and the destination routers

Table 3 .
Calculation results of the disjoint paths set