SharkFest'17 US. Experience with the expressive Internet Architecture. Peter Steenkiste Carnegie Mellon University

Similar documents
NSF Future Internet Architecture. Outline. Predicting the Future is Hard! The expressive Internet Architecture: from Architecture to Network

Outline. Narrow Waist of the Internet Key to its Success. expressive Internet Architecture: Overview and Next Phase. Three Simple Ideas 9/13/2014

XIA: Lessons Learned and Open Issues

expressive Internet Architecture:

Outline. Predicting the Future is Hard! The expressive Internet Architecture: From Architecture to Network. We love all of them!

XIA: An Architecture for a Trustworthy and Evolvable Internet

A Routing Infrastructure for XIA

Narrow Waist of the Internet Key to its Success. NSF Future Internet Architecture. The expressive Internet Architecture: From Architecture to Network

XIA: An Architecture for a Trustworthy and Evolvable Internet

Next Generation Network Architectures. Srinivasan Seshan!

XIA: An Architecture for an Evolvable and Trustworthy Internet

Communications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage

Quick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003

CSE 123A Computer Netwrking

CSE 123b Communications Software

Quick announcements. CSE 123b Communications Software. Today s issues. Last class. The Mobility Problem. Problems. Spring 2004

IPv6: An Introduction

Introduction to Networks

RMIT University. Data Communication and Net-Centric Computing COSC 1111/2061. Lecture 2. Internetworking IPv4, IPv6

Lecture 2: Internet Architecture

Named Data Networking (NDN) CLASS WEB SITE: NDN. Introduction to NDN. Updated with Lecture Notes. Data-centric addressing

XIA: Efficient Support for Evolvable Internetworking

CSCI-1680 Network Layer:

EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane

Introduction to computer networking

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Hybrid Information-Centric Networking

VXLAN Overview: Cisco Nexus 9000 Series Switches

Announcements Computer Networking. What is the Objective of the Internet? Today s Lecture

DD2490 p IP Multicast routing. Multicast routing. Olof Hagsand KTH CSC

Lecture 3 Protocol Stacks and Layering

Outline. CS5984 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Host Mobility Problem Solutions. Network Layer Solutions Model

Outline. CS6504 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Dr. Ayman Abdel-Hamid. Mobile IPv4.

IP Mobility vs. Session Mobility

The Design Space of Network Mobility

IP Address Assignment

CS4700/5700: Network fundamentals

SJTU 2018 Fall Computer Networking. Wireless Communication

Planning for Information Network

Networking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ

Architectural Approaches to Multi-Homing for IPv6

APT: A Practical Transit-Mapping Service Overview and Comparisons

ECE 650 Systems Programming & Engineering. Spring 2018

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 12

Chapter 4 Network Layer: The Data Plane

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

Fundamental Issues. System Models and Networking Chapter 2,3. System Models. Architectural Model. Middleware. Bina Ramamurthy

Chapter 4: network layer. Network service model. Two key network-layer functions. Network layer. Input port functions. Router architecture overview

TCP/IP THE TCP/IP ARCHITECTURE

CSEP 561 Internetworking. David Wetherall

Lecture 8. Network Layer (cont d) Network Layer 1-1

Connection Oriented Networking MPLS and ATM

Chapter 16 Networking

CSC 401 Data and Computer Communications Networks

Addressing protocols. TELE3118 lecture notes Copyright by Tim Moors Aug-09. Copyright Aug-09, Tim Moors

Comcast IPv6 Trials NANOG50 John Jason Brzozowski

precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)

Information Centric Networks and Named Data Networking

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

CS 43: Computer Networks The Link Layer. Kevin Webb Swarthmore College November 28, 2017

Interdomain Routing Design for MobilityFirst

Different Layers Lecture 20

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Introduction to Internetworking

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

LOGICAL ADDRESSING. Faisal Karim Shaikh.

Assignment - 1 Chap. 1 Wired LAN s

Category: Standards Track June Mobile IPv6 Support for Dual Stack Hosts and Routers

CS 43: Computer Networks The Network Layer. Kevin Webb Swarthmore College November 2, 2017

Computer Networking: A Top Down Approach Featuring the. Computer Networks with Internet Technology, William

Internet Protocol (IP)

COMP211 Chapter 4 Network Layer: The Data Plane

Network Security. Thierry Sans

On the Internet, nobody knows you re a dog.

Examination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk SOLUTIONS

IPv6 : Internet Protocol Version 6

History. IPv6 : Internet Protocol Version 6. IPv4 Year-Wise Allocation (/8s)

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Communicating over the Network

Foreword xxiii Preface xxvii IPv6 Rationale and Features

SC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers

Rule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs

Networking Fundamentals

Layering and Addressing CS551. Bill Cheng. Layer Encapsulation. OSI Model: 7 Protocol Layers.

IT4405 Computer Networks (Compulsory)

CS610 Computer Network Final Term Papers Solved MCQs with reference by Virtualians Social Network

Ossification of the Internet

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

CS4700/CS5700 Fundamentals of Computer Networks

Overlay and P2P Networks. Introduction and unstructured networks. Prof. Sasu Tarkoma

iscsi Technology: A Convergence of Networking and Storage

IPv6 Rapid Deployment (6rd) in broadband networks. Allen Huotari Technical Leader June 14, 2010 NANOG49 San Francisco, CA

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

Migration to IPv6 from IPv4. Is it necessary?

cs144 Midterm Review Fall 2010

CS4700/CS5700 Fundaments of Computer Networks

Transcription:

SharkFest'17 US Experience with the expressive Internet Architecture Peter Steenkiste Carnegie Mellon University Dave Andersen, David Eckhardt, Sara Kiesler, Jon Peha, Adrian Perrig, Srini Seshan, Marvin Sirbu, Hui Zhang Carnegie Mellon University Aditya Akella, University of Wisconsin John Byers, Boston University Bruce Maggs, Duke SharkFest'17 US Carnegie Mellon University June 19-22, 2017

Role of the Internet Protocol (IP) IP is the shared language that is shared by all networks IP is simple on purpose IP creates abstraction layer that hides underlying technology from network application software Splits protocol stack Allows network technology and applications to evolve independently Network Applications Network Technology Applications SMTP HTTP TCP UDP IP Ethernet Wifi BT Zigbee LTE Coax twisted pair RF Fiber 60GH 2

Narrow Waist of the Internet Key to its Success Has allowed Internet to grow and evolve dramatically in the last 40 years Adoption throughout society Applications Internet Protocol Link Technologies E-commerce, social networks, cyber-physical, Transformation usage models Host-based content, services Revolution in infrastructure Kilobits/sec -> Terabits/sec Copper -> fiber + wireless

But Narrow Waist Has Also Become an Obstacle Security is a huge problem no support built into the network (IP) DOS attacks, address spoofing, routing attacks, New usage models add Applications complexity, overhead Evolvability Internet Protocol Link Technologies Content, service networking require a level of indirection Adding functionality in the network is difficult IPv6, multicast, caching, transparent middleboxes,..

Overview of XIA Motivation Concepts Implementations Some XIA use cases What we got right Some lessons learned Outline What we got almost right Funded by NSF through the FIA and FIA-NP programs 5

Three Simple Ideas Support multiple types of destinations Not only hosts, but also content, services, etc. Not having to force communication at a lower level (e.g., hosts) reduces complexity and overhead Flexible addressing gives network more options for successfully completing communication operations Include both intent and fallback address Supports evolvability, network diversity, fault recovery, mobility,.. Intrinsic security guarantees security properties as a direct result of the design of the system Security Do not rely on external configurations, data bases,.. 6

Multiple Principal Types Associated with different forwarding semantics Support heterogeneity in usage and deployment models Hosts XIDs support host-based communication who? Service XIDs allow the network to route to possibly replicated services what does it do? LAN services access, WAN replication, Content XIDs allow network to retrieve content from anywhere what is it? Opportunistic caches, CDNs, Set of principal types can evolve over time 7

Supporting Evolvability Introduction of a new principal type will be incremental no flag day! Not all routers and ISPs will provide support from day one Creates chicken and egg problem - what comes first: network support or use in applications Solution is to provide an. intent and fallback address Intent allows the network to optimize based on user intent Fallback must be guaranteed to be reachable and is used if the intent fails NID:HID NID:HID. Payload Dest Src 8

Flexible Addressing: DAGs Combining intent and fallback address offers flexibility for network in completing request Set of principal types can evolve Also supports scoping Implemented as DAGs. NID:HID NID:HID. Payload Dest Src Cache Cache Cache S NID S HID S Source network Internet Destination network 9

Intrinsic Security in XIA XIA uses self-certifying identifiers that guarantee security properties for communication operation Host ID is a hash of its public key accountability (AIP) Content ID is a hash of the content correctness Does not rely on external configurations Useful for bootstrapping e-e security solutions Intrinsic security is specific to the principal type: Content XID: content is correct Service XID: the right service provided content Host XID: content was delivered from right host 10

Nice, but Can we build it? Is it complicated? Does it work? Is it a real network? 11

XIA Protocol Stack https://github.com/xia-project/ Xsockets Routing XHCP DNS Applications Chunking XDP XSP XChunkP Cache ARP XIA XCMP Datalink First XIA Prototype released in May 2012 Includes full XIA protocol stack, SID/ support, utilities But not quite perfect more on this later Available as open source on github 12

But the Network Gets More Complicated! Not really: per-xid additions are relatively small Forwarding engines are simple: often based on exact match Intrinsic security is not used during forwarding Biggest difference is in routing: that is where the smarts are! Good synergy with SDN! XID Type Classifier Packet In NID HID SID Control Data N Fwding Success? Y Packet Out 13

Internet 101 IP Packet Dest IP Src IP Data Server IP Address Network Host CMU 128.2 DNS IP delivers packets to hosts across a set of networks 14

Expressive Internet 101 XIA Packet Dest XIA Src XIA Data Server XIA Address NID HID SID CMU NID CMU DNS XIA delivers packets to hosts across a set of networks 15

It is not a Real Network without Wireshark! Originally developed by Michel Machado (BU) As part of his XIA implementation in Linux kernel Extended and adapted for the CMU XIA implementation Supports roughly the (new versions of) the protocols shown on previous slide 16

AD HID SID 18

AD:d79a0f34002bf44e3a62ac06d1ffda509ce95b6f 4 1 - AD:d79a0f34002bf44e3a62ac06d1ffda509ce95b6f 2 - HID:01c9e61351515fc9aa53a1c093f73ce705037b1e 3 - SID:8114ae4343b20a6fac42db3d0abf9da8d09d33d9 4 - HID:01c9e61351515fc9aa53a1c093f73ce705037b1e 5 - SID:374784ea077f5806cdae115997ca84e8f276be25 NID H HID SID NID S NID S SID 19

Outline Overview of XIA Some XIA use cases Caching Mobility Incremental deployment Network diversity Some lessons learned 20

More Interesting Uses of XIA Evolvability:, SID, Network level Caching Incremental Deployment Mobility Destination Types Flexible Addressing Intrinsic Security Service Anycast Extreme Evolvability Path-based Fwding: Scion 21

XIA Content Retrieval Service Content Host ID: ID: Control Trust Nearest From Same Anywhere as Instance Today ID choice involves tradeoffs: Efficiency Privacy Service SID Content Host HID SID Content Content Content Content Content Content Service SID 22

Mobility is a Key Requirement Inter-domain mobility remains a challenge in today s Internet AD C Active sessions New sessions Requires separation of identifier and locator for XIA: AD H Internet AD F1 AD F2? Identifier = HID Locator = DAG 23

Maintaining an Active Session HID SID NID N HID SID NID o Client Address: AD S Internet Signed Change of address Mobile host informs peer of change of address Signed using private key associated with HID; sent over transport session Example of rewriting the DAG AD old Old Locati on Also: binding to service instance, in-path services, AD new 24

Finding a Mobile Device NID H NID S SID HID Rendez-vous service keeps track of location of its users Based on updates from client device Can take many forms: home network, global service, hot spot provider, DNS,. Rendez-vous point forwards packets to mobile device, e.g., SYN SID Mobile device rewrite DAG AD S Signed Change of address Internet AD home Home Loca tion RV Svc Signed Change of address AD foreign 25

Incremental Deployment of XIA 4ID: IPv4 address as an XID IPv4 encapsulation between XIA network islands Leverages fallback for legacy networks No need for statically configured tunnels! AD B HID B 4ID B Represents IPv4 address of AD S 26

4ID in Action: Partially Deployed XIA Networks XIA Network A IPv4 Network XIA Network B B AD B HID B 4ID B Entering IPv4 network: Encapsulate XIA packet with IP header Entering XIA network: Remove IP header for native XIA packet processing Dynamic encapsulation: no static tunnels 27

XIA Supports Network Diversity Core networks: NID only Same as today Eyeball networks NID,, SID, New service models Customer networks: NID, HIS, SID,, Also customization XID NID 28

Leveraging XIA Features Evolvability really is Incremental deployment of new features Dealing with legacy infrastructure Diversity: local custom features in edge, core Richer functionality in the network Built-in support for content and service centric networking SID: routing, security, : file systems, video Anycast for availability, performance, Multicast, pub-sub, DTN, content variants, In-network processing using SIDs in the DAG (e.g., mobility) Platform for FIA networking research 29

Outline Overview of XIA Some XIA use cases Some lessons learned XIDs have different roles Engineering a protocol stack 30

Overview of XIA IDs The set of XIDs can evolve over time and domains do not have to support all XID types Expectation: rich network edge with a simple core Minimum requirement for interoperability is that all transit domains must support NIDs Same as today: universal reachability of prefixes Each edge domain should support at least one end-point XID type 31

XID Support Rich edges Server Basic NID Forwarding CMU CMU NID S XID 32

Initial XID Types Network identifier identifies a network (NID) Used for scoping, global connectivity Host identifier identifies a host (HID) NID HID equivalent to IP address Service identifier identifies a socket (SID) In addition to or instead of an HID Can be ephemeral or well-known SID Content identifier identifies static content () is hash of content 33

s are Special lookup will often fail Many domains/routers will not support s A lot of content may not appear in any cache Many caches are too far off path Opportunistic s are only used for the request packet Data delivery uses address provided by client Typically an NID HID SID address Discovery packets 34

Content Retrieval based on s NID S HID Content Host HID SID Content Content Content Content Content Content Content 35

New Discovery XID Types XID type depends on the search criteria Named : the n is derived from the name (not the content) Can be used for certain types of dynamic content Intrinsic security based on signing of content Anycast SID: access replicated services Forwarding tables controlled by service provider based on its internal criteria (Pub-sub based on bloomfilters) 36

Building an Information-centric XIA-based Network Is XIA an ICN architecture - No, sorry Networks must do more than retrieving content There are many different types of content Information retrieval is complex But XIA-based networks can be informationcentric! How do we engineer such a system? Does content replace host as destination, or we add it as a first class citizen? 37

Original XIA Implementation Applications Xsockets Datagram Stream Content XDP XIA Stack (Click) XSP XIA Datalink Chunking I Cache ICN Support (optional) -based ICN support tightly integrated into protocol stack Semantics: packet sent to requests content Any node with the content replies with the content 38

Design Creates Many Problems Protocol stack was large and complex Caches are large, and involve a lot of policy support is mainly relevant at network edge! Performance was poor Datalink packets are small! Downloading a video requires a huge number of request, each of which is unreliable Why should content get preferential treatment? 39

How s work today: They Discover Content NID S :HID S NID P :HID P. Payload Content Disovery Dest Src 1. Nearby Cache request discovers nearest copy of content (cache, origin) Cache delivers content over reliable stream connection 3. NID P :HID P NID C :HID C. Payload Client checks content using intrinsic security 40 2. Far, far away Dest Src Data Tranfsfer Origin Server

Current XIA Implementation Applications Chunking I Cache Xsockets Datagram Stream Content ICN Support (optional) XDP XSP XIA Stack (Click) XIA Datalink Discovery support Shared by all discovery XIDs Separating unicast data transfer from discovery makes architecture simpler and more generic Transport choice is orthogonal decision 41

Conclusion Experience with the XIA prototype and experiments provided many insights Multiple XID types offers a principled way of adding functionality to the network Fallbacks allow not only evolvability but also opportunistic and custom XID types Intrinsic security checks authenticity endpoints XIA s flexibility supports ICN network design but not at the detriment of other functions 42

https://github.com/xia-project/ Core stack: XIA, datagram, streaming, sockets Support for NID, HID, SID,, mobility, FID, 4ID, n, asid Netjoin protocol: host/router joining network Bootstrapping an SDN-controlled domain Routing, naming, XARP, XCMP,.. Relatively basic implementations Sample applications, scripts, utilities, 43

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback