Redings 15-744: Computer Networking L-14 Future Internet Architecture Required: Servl pper Extr reding on Mobility First Relevnt erlier meeting: CCN -> Nmed Dt Network 2 Outline The Next Internet: More of the Sme? Motivtion nd discussion Some proposls: CCN Nebul Mobility First Performnce Internet 2 Next Genertion Internet Diverse, QoS Internet Architecture Fixed Integrted s Networks -ilities Future Internet Architecture Chnge Me! IA 3 4 1
Four FIA Projects Mobility First Mobility s the norm rther thn the exception generlizes dely tolernt networking Nmed Internet Architecture Content centric networking - dt is first clss entity Nebul Internet centered round cloud computing dt centers tht re well connected epressive Internet Architecture Focus on trustworthiness, evolvbility 5 Key Internet Fetures But mybe there re better wys Wht we lerned bout the current Internet: Simple core with smrt endpoints The IP nrrow wist supports evolution Addresses hve topologicl mening Pcket-bsed communiction All IP hosts cn exchnge pckets Non-essentil functions re services End-to-end trnsport protocols Security is not prt of the rchitecture 6 Outline Motivtion nd discussion Some proposls: CCN Nebul: slides Mobility First IA CCN Discussion Simple core with smrt endpoints The IP nrrow wist supports evolution Addresses hve topologicl mening Pcket-bsed communiction All IP hosts cn exchnge pckets Non-essentil functions re services End-to-end trnsport protocols Security is not prt of the rchitecture 7 8 2
Outline Motivtion nd discussion Some proposls: CCN Nebul Overview Servl Mobility First IA: Wednesdy 9 Motivtion nd Chllenges Doctor Cloud Sensor Advice An internet tht supports trustworthy cloud computing: Security nd trustworthiness Correctness Highly vilble nd relible services Whenever, wherever Evolve with technology Low ltency, incresing bndwidth Economic nd regultion User 10 NEBULA Internet Architecture Dt Plne Design NEBULA dt plne (NDP) Flexible wrt policy, distributed, verifible NEBULA control plne: virtul & extensible networking (NVENT) Trust, isoltion Independent from NDP NEBULA core(ncore) Routers nd dtcenters Dt plne interfce llows n rbitrry control plne over fixed dt plne Control plne cn implement different security policies Pcket forwrding bsed on pth spec tht includes 4 elements per AD hop 1. An identifier domin for the domin 2. A Proof of Consent (PoC) proves provider consented to forwrding the pcket 3. A Proof of Provennce (POP) nodes prove to downstrem nodes tht they forwrded pcket 4. An token tht encodes policy rules for how to forwrd pcket, e.g., QoS, middleboxes, 11 12 3
NDP Pcket Heder Focus is on expressing nd enforcing policies Ws the pcket uthorized (PoC)? Internl resource (token)? Did it ctully follow the PoC pth (PoP)? Routing nd Forwrding in Nebul NDP requests pth NVENT picks bsed on policy Assured pth return to NDP Inserted into NDP pcket Pth is checked on every step 13 14 ICING: Verifying nd Enforcing Pths Assumes seprte mechnism for pth selection Ech node must: 1. Verify tht pth is pproved 2. Verify tht pth hs been correctly so fr 3. Prove to downstrem nodes tht it hs seen pcket NEBULA Core Ncore is highly connected nd high cpcity router tht lso functions s dt center Forwrding nd computing close High vilbility vi redundnt high throughput links A routing complex from multiple chssis Verifying nd enforcing network pths with ICING, Jd Nous, Michel Wlfish, et. l, CoNext 2011 15 16 4
Outline Motivtion nd discussion Some proposls: CCN Nebul Overview Servl (bsed on slides by uthors) Mobility First IA: Wednesdy The Internet of the 1970s Killer Apps: telnet, ftp IMP 3 UCSB IMP 2 SRI IMP 1 UCLA IMP 4 Uth Network designed for ccessing hosts 17 The Internet of the 2000s Wht does Access Involve? Dtcenter Dtcenter Users gnostic of ctul service loction nd host 1. Locte nerby service dtcenter Mp service nme to loction 2. Connect to service Estblish dt flow to instnce Lod blnce between pool of replics 3. Mintin connectivity to service Migrte between interfces nd networks 5
Tody s (Overloded) Abstrctions Access Tody is IP + port Exposes loction Specifies pp. protocol One service per IP TCP/IP connect (IP + port) Enterprise Network Trnsit Provider Dtcenter Flow is five tuple Binds flow to interfce nd loction Cnnot migrte between interfces or networks demux (IP + port) Trnsport Network 4G Cellulr Provider Dtcenter Finding Loction Connecting to DNS Lod-Blnced Web DNS binds service to loction t client (erly binding) Cching nd ignoring TTL excerbtes the problem Slow filover when instnce or lod blncer fil Lod-Blnced Web Dtcenter LB mps single IP to multiple servers Must do this for every pcket on pth -> fte shring Increses complexity nd cost 6
Mintining Connectivity to Mintining Connectivity to VM Migrtion Enterprise Network Dtcenter Multi- Homing 4G Cellulr Provider Physicl Mobility Migrte VMs to blnce lod in the cloud Requires flt ddressing or tunneling within dtcenter Flows brek when switching networks or interfces Contributions Tody s (Overloded) Abstrctions Nming bstrctions s, flows Clen role seprtion in the network stck Softwre rchitecture for services (Servl) -level control/dt plne split -level events TCP/IP connect (IP + port) demux (IP + port) forwrd (IP) Trnsport Network 7
Servl Abstrctions Servl Abstrctions Servl clens the slte (But not completely) Network lyer unmodified! Access Lyer (SAL) Connects to services Mintins connectivity Servl forwrd (IP) Trnsport Network Access = ID Group of processes with identicl functionlity Flow = Invrint demux key Host-locl, ephemerl Loction = IP ddress Loction, interfce Cn chnge dynmiclly Servl connect (serviceid) demux ( serviceid ) flowid forwrd (IP) Trnsport Access Network A Clen Role Seprtion in the Stck Nmes (IDs) Wht you ccess (serviceid), over which flows (flowids), nd t which service instnce (IP ddress) Provider prefix Providerspecific Self-certifying Trnsport Access Network TCP/IP connect (IP + port) demux (IP + port) forwrd (IP) Servl connect (serviceid) demux ( serviceid flowid ) forwrd (IP) IDs llocted in blocks Prefix ensures globl uniqueness Prefix-bsed ggregtion nd LPM A ID lte binds to service instnce ID in first pcket of connection -level routing nd forwrding 8
A -Awre Network Stck Contributions connect(sock, serviceid) bind(sock, serviceid) listen(sock) Nming bstrctions s, flows Clen role seprtion in the network stck Network stck must resolve service to instnce for client Network stck must dvertise service for server Softwre rchitecture for services (Servl) -level control/dt plne split -level events Servl End-host Architecture Dt Plne: The Tble Controller Control API ID Action Rule Stte Prefix A FORWARD Send to ddr A1 Flow Tble Dest Address ID Action Sock/Addr Tble Next Hop IP Forwrding Tble Prefix B FORWARD Send to [A2, A3, A4] Prefix C DEMU Send to listening sock s Prefix D Prefix E DELAY DROP Queue nd notify service controller defult FORWARD Send to A5 9
Access with Servl Adding Instnce Internet Router c d S bind() listen() Controller ID Action Sock/Addr DM s Add DEMU rule Register Dtcenter e Removing Instnce Control Plne: The Controller Applictio n S close() Controller Unregister @ ddress Controller ID Action Sock/Addr DM s Controller DNS Remove DEMU rule 10
Control Plne: The Controller Access with Servl Controller @ ddress d d,e Router bind() ID Action Sock/Addr FWD d Add FORWARD rule /24 c Internet c d bind() Dtcenter e Connecting to Connecting to S socket() Controller S connect() 2 s ID Action Sock/Addr FWD c 2 s ID Action Sock/Addr FWD c Alloctes locl flowid c 2 - SYN To c 11
Lod Blncing in Router Instnce Providing S ID Action Sock/Addr FWD d,e ID Action Sock/Addr DM s From c c 2 - SYN f To e e 2 - SYN From e e 2 - SYN Instnce Providing Access with Servl S c S ccept() c SYN d,e e Router SYN To 3 s c e e 3 2 SYN-ACK ID Action Sock/Addr DM s e e Internet SYN-ACK dt c Dtcenter d e 12
Wht does Access Involve? Migrtion of Flows 1. Locting nerby service dtcenter Mp service nme to loction 2. Connecting to service Estblish dt flow to instnce Lod blnce between pool of replics 3. Mintining connectivity to service Migrte between interfces nd networks s C f C1 Host C Migrte flow 1 -> 2 1 2 RSYN RSYN-ACK ACK 3 4 f S1 Host S s S Multipth with Multiple Subflows Use of Migrtion on Clients s C f C1 f C2 Host C 1 2 3 4 f S1 f S2 Host S s S WiFi Cellulr Sves > 900 MB cellulr dt per month Add flow 2 <-> 4 SYN SYN-ACK ACK Single Servl TCP connection tht never breks 13
Outline Motivtion nd discussion Some proposls: CCN Nebul Mobility First: slides Venkt IA: Wednesdy Looking Ahed Two more lectures on the Internet IA project QoS nd video distribution Then we switch to edge networks Three lectures on wireless Three lectures on other edge networks Done! 64 65 14