Internet Indirection Infrastructure

Transcription

1 Ke Observation Internet Indirection Infrastructure Virtuall all previous proposals use indirection, e.g., Phsical indirection point mobile IP Logical indirection point IP multicast Ion Stoica UC Berkele An problem in computer science can be solved b adding a laer of indirection 4 Motivations Toda s Internet is built around a unicast point-to-point communication abstraction: Send packet p from host A to host B This abstraction allows Internet to be highl scalable and efficient, but not appropriate for applications that require other communications primitives: Multicast Ancast Mobilit Our Solution Build an efficient indirection laer on top of IP Use an overla network to implement this laer Incrementall deploable; don t need to change IP Application Indir. laer TCP/UDP IP 2 5 Wh? Point-to-point communication implicitl assumes there is one sender and one receiver, and that the are placed at fied and well-known locations E.g., a host entified b the IP address is located in Berkele Internet Indirection Infrastructure (i3) Each packet is associated an entifier To receive a packet with entifier, receiver R maintains a trigger (, R) into the overla network R trigger 3 6 1

2 Service Model API sendpacket(p); inserttrigger(t); removetrigger(t) // optional Best-effort service model (like IP) Triggers periodicall refreshed b end-hosts ID length: 256 bits Ancast Use longest prefi matching instead of eact matching Prefi p: ancast group entifier Suffi s i : encode application semantics, e.g., location p a R1 p s 1 R1 p s 2 R2 p s 3 R3 Receiver (R1) Receiver (R2) 7 Receiver (R3) 10 Mobilit Host just needs to update its trigger as it moves from one subnet to another Service Composition: Initiated Use a stack of IDs to encode sequence of operations to be performed on path Advantages Don t need to configure path Load balancing and robustness eas to achieve 2 R1 Receiver (R1) T, Transcoder (T) T, T T R Receiver (R2) 8 11 Multicast Receivers insert triggers with same entifier Can dnamicall switch between multicast and unicast Service Composition: Receiver Initiated Receiver can also specif the operations to be performed on R1 1 2 R2 Receiver (R1) Receiver (R2) Firewall (F) R F,R F F F,R F,R

3 Quick Implementation Overview ID space is partitioned across infrastructure nodes Each node responsible for a region of ID space Each trigger (, R) is stored at the node responsible for Use Chord to route triggers and packets to nodes responsible for their IDs O(log N) hops Optimization: Triangular Routing Use well-known trigger for initial rendezvous Echange a pair of (private) triggers well-located Use private triggers to send traffic [2] S (S) S [30] 37 [2] R R R 2 [30] 30 R Eample Outline ID space [0..63] partitioned across five i3 nodes Each host knows one i3 node R inserts trigger (37, R); S sends packet (37, ) Overview Securit Discussion 37 (S) R 37 R (S) Optimization: Path Length /receiver caches i3 node mapping a specific ID Subsequent packets are sent via one i3 node 37 cache node R 37 R S Eavesdropping A Confluence 2 3 Attacker V 2 3 Some Attacks R Attacker (A) Victim (V) Attacker Loop Dead-End Attacker

4 Constrained Triggers h l (), h r (): well-known one-wa hash functions Use h l (), h r () to constrain trigger (, ) ID: prefi must match ke suffi Left constrained.ke = h l () Right constrained.ke = h r ().ke = h l (.ke) end-host address 19 Design Principles 1) Give hosts control on routing A trigger is like an entr in a routing table! Fleibilit, customization End-hosts can Source route Set-up acclic communication graphs Route packets through desired service points Stop flows in infrastructure 2) Implement forwarding in infrastructure Efficienc, scalabilit 22 Attacks & Defenses Design Principles (cont d) Defense Eavesdropping& Impersonation Loops & Confluences Dead-ends Attack Reflection & Malicious triggerremoval Confluences on i3 public nodes Trigger constraints Pushback Trigger challenges Public i3 node constraints Internet & Infrastructure overlas p2p & End-host overlas i3 Host Infrastructure Data plane Control plane Data plane Control plane Control plane Data plane Outline Eample: Application Specific Routing Overview Securit Discussion Network measurements Quer/repl routing info. Setup routes A Route Service (ROSE-1) ROSE-2 21 D C B 24 4

5 Conclusions Indirection ke technique to implement basic communication abstractions Multicast, Ancast, Mobilit, This research Advocates for building an efficient Indirection Laer on top of IP Eplore the implications of changing the communication abstraction; alread done in other fields Direct addressable vs. associative memories Point-to-point communication vs. Tuple space (in Distributed sstems) 25 5