A Path Layer for the Internet

Similar documents
The Impact of Transport Header Encryption on Operation and Evolution of the Internet

Observing Internet Path Transparency

State of ECN and improving congestion feedback with AccECN in Linux

The Impact of Transport Header Encryption on Operation and Evolution of the Internet

Advanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific QUIC

On the State of ECN and TCP Options on the Internet

The Impact of Transport Header Encryption on Operation and Evolution of the Internet. draft-fairhurst-tsvwg-transport-encrypt-04

Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels

UNIT IV -- TRANSPORT LAYER

Networks these days need to handle a lot more

Multipath QUIC: Design and Evaluation

Chapter 5 End-to-End Protocols

Schahin Rajab TCP or QUIC Which protocol is most promising for the future of the internet?

TCP : Fundamentals of Computer Networks Bill Nace

CSE 461 The Transport Layer

Adding Passive Measurability to QUIC

Dissemination of Paths in Path-Aware Networks

xkcd.com End To End Protocols End to End Protocols This section is about Process to Process communications.

CS 421: COMPUTER NETWORKS SPRING FINAL May 24, minutes. Name: Student No: TOT

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

cs144 Midterm Review Fall 2010


IPSec. Overview. Overview. Levente Buttyán

Reliable Transport I: Concepts and TCP Protocol

A New Internet? RIPE76 - Marseille May Jordi Palet

CSE 461 Connections. David Wetherall

QUIC: the details. Robin Marx PhD researcher Hasselt University. Curl-up Prague March 2019

TCP/IP Protocol Suite

Computer and Network Security

ICS 351: Networking Protocols

More Accurate ECN Feedback in TCP draft-ietf-tcpm-accurate-ecn-04

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Middleboxes in Cellular Networks

Network Layer (1) Networked Systems 3 Lecture 8

Islamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4021: Networks Discussion. Chapter 5 - Part 2

An Industry view of IPv6 Advantages

Networking interview questions

Stream Control Transmission Protocol

ECE 435 Network Engineering Lecture 10

Transport Layer Marcos Vieira

User Datagram Protocol

CASP Cross- Application Signaling Protocol

Quickly Starting Media Streams Using QUIC

416 Distributed Systems. Networks review; Day 2 of 2 Fate sharing, e2e principle And start of RPC Jan 10, 2018

CSEP 561 Connections. David Wetherall

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

Business Data Networks and Security 10th Edition by Panko Test Bank

IPv6: Are we really ready to turn off IPv4? Geoff Huston APNIC

CPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

bitcoin allnet exam review: transport layer TCP basics congestion control project 2 Computer Networks ICS 651

Multipath QUIC: Design and Evaluation

AN exam March

OSI Transport Layer. Network Fundamentals Chapter 4. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

Part VI. Appendixes. Appendix A OSI Model and Internet Protocols Appendix B About the CD

CSCI 466 Midterm Networks Fall 2013

Square Pegs in a Round Pipe: Wire-Compatible Unordered Delivery In TCP and TLS

CSEP 561 Connections. David Wetherall

Reliable Transport I: Concepts and TCP Protocol

CSCI-GA Operating Systems. Networking. Hubertus Franke

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Student ID: CS457: Computer Networking Date: 3/20/2007 Name:

A New Internet? Introduction to HTTP/2, QUIC and DOH

DetNet. Flow Definition and Identification, Features and Mapping to/from TSN. DetNet TSN joint workshop IETF / IEEE 802, Bangkok

416 Distributed Systems. Networks review; Day 1 of 2 Jan 5 + 8, 2018

An SCTP-Protocol Data Unit with several chunks

Transport: How Applications Communicate

Communication Networks

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

Request for Comments: 4755 Category: Standards Track December 2006

Solution to Question 1: ``Quickies'' (25 points, 15 minutes)

EE-379 Embedded Systems and Applications Introduction to Ethernet

Mobile IP and Mobile Transport Protocols

Programming Assignment 3: Transmission Control Protocol

Chapter 11. User Datagram Protocol (UDP)

Introduction to TCP/IP networking

Outline Computer Networking. Functionality Split. Transport Protocols

Connections. Topics. Focus. Presentation Session. Application. Data Link. Transport. Physical. Network

CSCI-1680 Transport Layer I Rodrigo Fonseca

NAT, IPv6, & UDP CS640, Announcements Assignment #3 released

CSCI-1680 Network Layer:

TCP/IP Protocol Suite 1

TCP /IP Fundamentals Mr. Cantu

SCTP s Reliability and Fault Tolerance

Transport layer. UDP: User Datagram Protocol [RFC 768] Review principles: Instantiation in the Internet UDP TCP

CSCI-1680 Transport Layer I Rodrigo Fonseca

Transport layer. Review principles: Instantiation in the Internet UDP TCP. Reliable data transfer Flow control Congestion control

Network Security. Thierry Sans

CSC 4900 Computer Networks: Security Protocols (2)

IPv6 Protocol. Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer Cisco Systems, Inc.

Transport Layer. Application / Transport Interface. Transport Layer Services. Transport Layer Connections

Internet Control Message Protocol

PLEASE READ CAREFULLY BEFORE YOU START

ECE697AA Lecture 3. Today s lecture

Networking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ

RID IETF Draft Update

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

CS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [NETWORKING] Frequently asked questions from the previous class surveys

TCP modifications for Congestion Exposure

Transcription:

A Path Layer for the Internet Enabling Network Operations on Encrypted Traffic Mirja Kühlewind, Tobias Bühler, Brian Trammell, ETH Zürich Stephan Neuhaus, Roman Müntener, Zürich Univ. of Applied Sciences and Gorry Fairhurst, Univ. of Aberdeen IEEE/IFIP Conf. on Network and Service Management Tokyo, 28 November 2017 measurement architecture experimentation This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No 688421.The opinions expressed and arguments employed reflect only the authors' view. The European Commission is not responsible for any use that may be made of that information.. Supported by the Swiss State Secretariat for Education, Research and Innovation under contract number 15.0268. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the Swiss Government.

Increasing Deployment of Encryption architecture 2

Increasing Deployment of Encryption architecture % of Mozilla pageloads using TLS 2

Increasing Deployment of Encryption architecture % of Mozilla pageloads using TLS 2

Increasing Deployment of Encryption architecture % of Mozilla pageloads using TLS No management function that needs cleartext access to application headers/payload will work on the new Internet. 2

Protocol Stack Encryption QUIC share of egress traffic at Google (MAPRG, IETF99) QUIC: new, UDP-encapsulated transport, optimized for HTTP/2 Developed/deployed by Google, 7% of Internet traffic end-2016. Under standardization in the IETF, expected deployments 2019. QUIC encrypts everything not needed to establish communication and forward packets. Nothing that uses TCP headers will work on the new Internet, either. 3

Protocol Stack Encryption QUIC share of egress traffic at Google (MAPRG, IETF99) QUIC: new, UDP-encapsulated transport, optimized for HTTP/2 Developed/deployed by Google, 7% of Internet traffic end-2016. Under standardization in the IETF, expected deployments 2019. QUIC encrypts everything not needed to establish communication and forward packets. Nothing that uses TCP headers will work on the new Internet, either. 3

Explicit Cooperation The cleartext party is over, and DPI is dead. Encryption for privacy, security, and protocol evolvability. A third way: replace use of cleartext by in-network functions with endpoint-controlled signaling. Explicit cooperation based on declarative, advisory signals requiring no trust between endpoints and path can reduce disruption driven by increased encryption. 4

Introducing the Path Layer The boundary between network (hop-by-hop, stateless) and transport (end-to-end, stateful) blurred by in-network state. Approach: add a layer to the stack to support these functions and use crypto to reinforce the boundary. Application (higher-level semantics) Transport (end to end streams/messages) Network (hop by hop forwarding) Link (medium access) 5

Introducing the Path Layer The boundary between network (hop-by-hop, stateless) and transport (end-to-end, stateful) blurred by in-network state. Approach: add a layer to the stack to support these functions and use crypto to reinforce the boundary. Path Application (higher-level semantics) Transport (end to end streams/messages) Integrity and Confidentiality Protection (Privacy, Security, and Evolvability) Path Communication (Explicit Cooperation with On-Path Devices) UDP Encapsulation (NAT/middlebox Compatibility) Network (hop by hop forwarding) Link (medium access) 5

Path Layer Principles An endpoint should be able to explicitly expose signals to be used by onpath devices. Everything not intended for use by the path should be encrypted. An endpoint should be able to request signals from devices on the path. An on-path device should not be able to forge, change, or remove a signal sent by an endpoint. The endpoint should control signaling between endpoints and the path, or from one on-path device to another. It should be possible for an endpoint to request and receive signals from a previously unknown on-path device. The mechanism should present no significant surface for amplification attacks. 6

Applications of the Path Layer Transport-Independent On-Path State Latency Measurement Loss and Congestion Measurement Path Trace Accumulation Loss/Latency Tradeoff Path MTU Discovery }Today's talk Generic mechanism allows for future extensibility 7

Sender to Path Signaling sender on-path receiver 8

Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver 8

Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver signal type := value 8

Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver 8

Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver signal type == value 8

Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver 8

Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver MAC OK 8

Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver 8

Basic PLUS Header 31 16 15 0 0 UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S 0 20 24 28 Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9

Basic PLUS Header Recognize 31 PLUS 16 15 0 packets 0 on path UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S 0 20 24 28 Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9

Basic PLUS Header 31 16 15 0 0 UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 Connection 12 state establishment setup PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S 0 20 24 28 Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9

Basic PLUS Header 31 16 15 0 0 UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 PLUS Magic 0xd8007ff L R S 0 12 Connection and Association Token (CAT) Explicit stop signal teardown 20 Packet Serial Number (PSN) 24 28 Packet Serial Echo (PSE) Encrypted 9

Basic PLUS Header 31 16 15 0 0 UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S 0 20 24 Loss 28 and latency measurement Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9

Basic PLUS Header 31 Transport 16 15 prefers 0 0 UDP Source Port loss to latency UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S 0 20 24 28 Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9

Basic PLUS Header Transport is 31 16 15 reordering-tolerant 0 0 UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S 0 20 24 28 Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9

Basic PLUS Header 31 16 15 0 0 UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S 0 20 24 28 Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9

Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10

Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10

Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10

Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10

Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10

Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10

Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10

Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10

Latency Measurement Sender Receiver PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11

Latency Measurement Sender Receiver PSN n PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11

Latency Measurement Sender Receiver PSN n RTT PSN q PSE n PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11

Latency Measurement Sender Receiver PSN n RTT delay PSN q PSE n PSN n+1 PSE q PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11

Latency Measurement Sender Receiver PSN n RTT delay PSN q PSE n PSN n+1 PSE q Observer PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11

Latency Measurement Sender Receiver PSN n RTT delay PSN q PSE n RTTfwd PSN n+1 PSE q Observer PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11

Latency Measurement Sender Receiver PSN n RTT delay PSN q PSE n RTTfwd PSN n+1 PSE q RTTrev Observer PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11

Latency Measurement Sender Receiver PSN n RTT RTTfwd PSN q PSE n RTTest delay PSN n+1 PSE q RTTrev = RTTfwd + RTTrev Observer PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11

Path to Receiver Signaling with Feedback sender on-path receiver 12

Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver 12

Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver signal type := value 12

Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver 12

Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver signal type := value 12

Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver 12

Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver signal type == value MAC OK 12

Path to Receiver Signaling with Feedback application transport fb type=value encrypt path IP sender on-path receiver 12

Path to Receiver Signaling with Feedback application transport fb type=value encrypt path IP sender on-path receiver 12

Extended PLUS Header 31 16 15 0 0 UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 20 24 PLUS Magic 0xd8007ff Connection and Association Token (CAT) Packet Serial Number (PSN) Packet Serial Echo (PSE) L R S 1 28 PCF Type PCF Len II PCF Value (varlen) Encrypted 13

Extended PLUS Header 0 4 8 Extensible 12 signal type 20 24 31 16 15 0 UDP Source Port UDP Length PLUS Magic 0xd8007ff UDP Destination Port UDP Checksum Connection and Association Token (CAT) 28 PCF Type PCF Len II Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted PCF Value (varlen) L R S 1 13

Extended PLUS Header 0 4 8 Extensible 12 signal type 20 24 31 16 15 0 UDP Source Port UDP Length UDP Destination Port UDP Checksum PLUS Magic 0xd8007ff TLV supports Connection unknown signal and Association Token (CAT) handling Packet Serial Number (PSN) 28 PCF Type PCF Len II Packet Serial Echo (PSE) Encrypted PCF Value (varlen) L R S 1 13

Extended PLUS Header 0 4 8 Extensible 12 signal type 20 24 31 16 15 0 UDP Source Port UDP Destination Port Integrity Indicator UDP Length specifies UDP Checksum which portion of the PLUS Magic 0xd8007ff PCF Value is covered L R Sby 1 the TLV supports partial MAC Connection unknown signal and Association Token (CAT) handling Packet Serial Number (PSN) 28 PCF Type PCF Len II Packet Serial Echo (PSE) Encrypted PCF Value (varlen) 13

Extended PLUS Header 0 4 8 Extensible 12 signal type 20 24 31 16 15 0 UDP Source Port UDP Destination Port Integrity Indicator UDP Length specifies UDP Checksum which portion of the PLUS Magic 0xd8007ff PCF Value is covered L R Sby 1 the TLV supports partial MAC Connection unknown signal and Association Token (CAT) handling Variable-length value, Packet Serial Number (PSN) semantics defined by Packet Serial Echo (PSE) signal type 28 PCF Type PCF Len II Encrypted PCF Value (varlen) 13

Loss and Congestion Measurement PSN is serial, so sequence gaps can be used to estimate one-point upstream loss and loss between two points. Full-path loss requires signaling using extended header: PCF type: 1 len:[2,4,8,16] II: 11(full) Cumulative Loss Count (uint[8,16,32,64]) Cumulative ECE Count (uint[8,16,32,64]) Feed-forward of cumulative loss and ECE seen by sender allows accurate counting anywhere along the path. Sender-side sampling allows efficiency tradeoff. 14

Path Tracing 303 27 877 sender receiver 64 174 Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. 15

Path Tracing 303 27 877 sender receiver 64 174 Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. 15

Path Tracing 303 27 877 sender receiver 64 174 Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 15

Path Tracing 303 27 877 sender receiver 64 174 Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 15

Path Tracing 303 27 877 sender receiver 64 174 Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 Orange path: 238 15

Path Tracing 303 27 877 sender receiver 64 174 Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 Orange path: 238 15

Path Tracing 303 27 877 sender receiver 64 174 Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 Orange path: 238 Green path: 968 15

Path Tracing 303 27 877 sender receiver 64 174 Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 Orange path: 238 Green path: 968 15

Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16

Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16

Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16

Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16

Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16

Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16

Building PLUS-aware middleboxes with fd.io VPP fd.io VPP: framework for building userspace network devices on any DPDK platform, using packet vectors for scalability. PLUS middlebox support implemented as VPP nodes Core node handles state machine and basic header flags One extension node per PCF type Modifications to UDP logic to recognize PLUS magic DPDK input IPv4 input IPv4 lookup IPv4 local IPv4/UDP lookup PLUS basic header PCF additional nodes output 17

PLUS and QUIC Both PLUS and QUIC propose encryption and UDP encapsulation to enable transport evolution. PLUS proposes additional explicit signaling to replace information that encryption removes. Declarative and advisory, but better than inference. Many basic PLUS features appear in QUIC in diminished form: QUIC's PN is a PSN, but without echo QUIC's CID is a CAT, but not on every packet Additional QUIC features proposed based on PLUS experience: No PSE, but latency spin bit proposed to replace it for passive RTT 18

Conclusions Adding a path layer to the Internet architecture to enable explicit cooperation between endpoints and middleboxes can support transport protocol evolution while replacing manageability and measurability lost through encryption. PLUS provides a testbed for experimenting with explicit cooperation approaches. 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback