Lecture 6: Securing Distributed and Networked Systems. CS 598: Network Security Matthew Caesar March 12, 2013

Similar documents
Lecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011

Goals. EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Solution. Overlay Networks: Motivations.

EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Overlay Networks: Motivations

Overlay Networks: Motivations. EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Motivations (cont d) Goals.

Page 1. How Did it Start?" Model" Main Challenge" CS162 Operating Systems and Systems Programming Lecture 24. Peer-to-Peer Networks"

EE 122: Peer-to-Peer Networks

CompSci 356: Computer Network Architectures Lecture 21: Overlay Networks Chap 9.4. Xiaowei Yang

CS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University

CIS 700/005 Networking Meets Databases

March 10, Distributed Hash-based Lookup. for Peer-to-Peer Systems. Sandeep Shelke Shrirang Shirodkar MTech I CSE

Overlay Networks. Behnam Momeni Computer Engineering Department Sharif University of Technology

CS514: Intermediate Course in Computer Systems

Bayeux: An Architecture for Scalable and Fault Tolerant Wide area Data Dissemination

CRESCENDO GEORGE S. NOMIKOS. Advisor: Dr. George Xylomenos

LECT-05, S-1 FP2P, Javed I.

EE 122: Peer-to-Peer (P2P) Networks. Ion Stoica November 27, 2002

08 Distributed Hash Tables

Overlay and P2P Networks. Structured Networks and DHTs. Prof. Sasu Tarkoma

CSCI-1680 P2P Rodrigo Fonseca

Floodless in SEATTLE: A Scalable Ethernet Architecture for Large Enterprises

Overlay and P2P Networks. Introduction and unstructured networks. Prof. Sasu Tarkoma

BGP. Daniel Zappala. CS 460 Computer Networking Brigham Young University

P2P Network Structured Networks: Distributed Hash Tables. Pedro García López Universitat Rovira I Virgili

Lecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011

Lecture 8: Application Layer P2P Applications and DHTs

Interdomain Routing Design for MobilityFirst

Content Overlays. Nick Feamster CS 7260 March 12, 2007

Routing in Sensor Networks

Scalability In Peer-to-Peer Systems. Presented by Stavros Nikolaou

The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla

Flooded Queries (Gnutella) Centralized Lookup (Napster) Routed Queries (Freenet, Chord, etc.) Overview N 2 N 1 N 3 N 4 N 8 N 9 N N 7 N 6 N 9

Overlay networks. To do. Overlay networks. P2P evolution DHTs in general, Chord and Kademlia. Turtles all the way down. q q q

Telematics Chapter 9: Peer-to-Peer Networks

Main Challenge. Other Challenges. How Did it Start? Napster. Model. EE 122: Peer-to-Peer Networks. Find where a particular file is stored

Handling Churn in a DHT

Scalable overlay Networks

Motivation for peer-to-peer

416 Distributed Systems. Mar 3, Peer-to-Peer Part 2

Introduction to Peer-to-Peer Systems

Peer-to-Peer Systems and Distributed Hash Tables

Security for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818

Motivation. The Impact of DHT Routing Geometry on Resilience and Proximity. Different components of analysis. Approach:Component-based analysis

The Impact of DHT Routing Geometry on Resilience and Proximity. Acknowledgement. Motivation

An Expresway over Chord in Peer-to-Peer Systems

Graph Algorithms. Many problems in networks can be modeled as graph problems.

Peer-to-Peer Systems. Network Science: Introduction. P2P History: P2P History: 1999 today

A Survey of Peer-to-Peer Content Distribution Technologies

Peer-to-Peer Internet Applications: A Review

DISTRIBUTED COMPUTER SYSTEMS ARCHITECTURES

Overlay networks. Today. l Overlays networks l P2P evolution l Pastry as a routing overlay example

Graph Algorithms. Many problems in networks can be modeled as graph problems.

P2P Network Structured Networks: Distributed Hash Tables. Pedro García López Universitat Rovira I Virgili

Geographic Routing Without Location Information. AP, Sylvia, Ion, Scott and Christos

Challenges in the Wide-area. Tapestry: Decentralized Routing and Location. Key: Location and Routing. Driving Applications

Searching for Shared Resources: DHT in General

! Naive n-way unicast does not scale. ! IP multicast to the rescue. ! Extends IP architecture for efficient multi-point delivery. !

Debunking some myths about structured and unstructured overlays

Searching for Shared Resources: DHT in General

Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science. Masters Thesis

Page 1. Key Value Storage"

Unit 3: Dynamic Routing

An Adaptive Stabilization Framework for DHT

0!1. Overlaying mechanism is called tunneling. Overlay Network Nodes. ATM links can be the physical layer for IP

L3S Research Center, University of Hannover

Cycloid: A constant-degree and lookup-efficient P2P overlay network

Challenges in the Wide-area. Tapestry: Decentralized Routing and Location. Global Computation Model. Cluster-based Applications

Overview Computer Networking Lecture 16: Delivering Content: Peer to Peer and CDNs Peter Steenkiste

Ossification of the Internet

15-744: Computer Networking P2P/DHT

Today. Why might P2P be a win? What is a Peer-to-Peer (P2P) system? Peer-to-Peer Systems and Distributed Hash Tables

P2P: Distributed Hash Tables

CS 347 Parallel and Distributed Data Processing

Scalable overlay Networks

A Decentralized Content-based Aggregation Service for Pervasive Environments

Winter CS454/ Assignment 2 Instructor: Bernard Wong Due date: March 12 15, 2012 Group size: 2

From Routing to Traffic Engineering

Virtual Multi-homing: On the Feasibility of Combining Overlay Routing with BGP Routing

CS 43: Computer Networks. 24: Internet Routing November 19, 2018

Locality in Structured Peer-to-Peer Networks

Peer to Peer Systems and Probabilistic Protocols

Distributed Hash Tables

Peer-to-peer systems and overlay networks

PEER-TO-PEER (P2P) systems are now one of the most

Content. 1. Introduction. 2. The Ad-hoc On-Demand Distance Vector Algorithm. 3. Simulation and Results. 4. Future Work. 5.

Computation of Multiple Node Disjoint Paths

Peer-to-Peer Systems. Chapter General Characteristics

CS 43: Computer Networks Internet Routing. Kevin Webb Swarthmore College November 16, 2017

: Scalable Lookup

CS 640 Introduction to Computer Networks. Today s lecture. What is P2P? Lecture30. Peer to peer applications

Introduction to Mobile Ad hoc Networks (MANETs)

Distributed Systems Final Exam

LECTURE 9. Ad hoc Networks and Routing

Introduction to P2P Computing

To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets. Xiaowei Yang Duke Unversity

Making Gnutella-like P2P Systems Scalable

Peer-to-peer computing research a fad?

Early Measurements of a Cluster-based Architecture for P2P Systems

Inter-AS routing. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley

Routing Support for Wide Area Network Mobility. Z. Morley Mao Associate Professor Computer Science and Engineering University of Michigan

Distributed Systems. 17. Distributed Lookup. Paul Krzyzanowski. Rutgers University. Fall 2016

Transcription:

Lecture 6: Securing Distributed and Networked Systems CS 598: Network Security Matthew Caesar March 12, 2013 1

Today: Distributed Internet Services Previous cycle: how to build Internet services that run at a single location However, some modern services are built across many locations Content distributed over the wide area, multiple sites Need techniques to coordinate operations of distributed software running in the wide area Today: Overlay networks, DHTs 2

Overlay networks: Motivations Protocol changes in the network happen very slowly Why? Internet is shared infrastructure; need to achieve consensus Many proposals require to change a large number of routers (e.g. IP Multicast, QoS); otherwise endusers won t benefit Proposed changes that haven t happened yet on large scale: More addresses (IPv6, 1991) Security (IPSEC, 1993); Multicast (IP multicast, 1990)

Overlay networks: Motivations Also, one size does not fit all Applications need different levels of Reliability Performance (latency Security Access control (e.g., who is allowed to join a multicast group)

Overlay networks: Goals Make it easy to deploy new functionalities in the network Accelerate the pace of innovation Allow users to customize their service

Solution Build a computer network on top of another network Individual hosts autonomously form a virtual network on top of IP Virtual links correspond to inter-host connections (e.g., TCP sessions)

Example: Resilient Overlay Networks Premise: by building an application-layer overlay network, can increase performance and reliability of routing Install N computers at different Internet locations Each computer acts like an overlay network router Between each overlay router is an IP tunnel (logical link) Logical overlay topology is all-to-all (N 2 total links) Run a link-state routing algorithm over the overlay topology Computers measure each logical link in real time for packet loss rate, throughput, latency these define link costs Route overlay traffic based on measured characteristics

A Motivating example: a congested network B R R R R R R C

A Solution: Aan overlay B network Loss=25% Loss=2% C Loss=1% Machines remember overlay topology, probe links, advertise link quality B R R R R R R Path taken by TCP sessions Establish TCP sessions ( overlay links ) between hosts C

Benefits of overlay networks Performance: Difficult to provide QoS at network-layer due to deployment hurdles, lack of incentives, application-specific requirements Overlays can probe faster, propagate more routes Flexibility: Difficult to deploy new functions at IP layer Can perform multicast, anycast, QoS, security, etc

New problem: scalability Outdegree=2 8 A B Problems: Number of links increases with O(n^2) Link-state overhead increases with O(n^3)! C

A Alternative: replace full-mesh with logical ring F B Problem: Stretch increases with O(n) Still requires O(n) state per node D E C

Alternative: replace full-mesh with ring Problem: Stretch: increases with O(n) State: still requires O(n) state per node

Improvement: keep some Stretch: long reduces distance to O(lg n) pointers State: reduces to O(lg n)

Scaling overlay networks with Distributed Hash Tables (DHTs) Assign each host a numeric identifier Randomly chosen, hash of node name, public key, etc Keep pointers (fingers) to other nodes Goal: maintain pointers so that you can reach any destination in few overlay hops Choosing pointers smartly can give low delay, while retaining low state Can also store objects Insert objects by consistently hashing onto id space Forward by making progress in id space General concept: distributed data structures

Different kinds of DHTs Different topologies give different bounds on stretch (delay penalty)/state, different stability under churn, etc. Examples: Chord Pointers to immediate successor on ring, nodes spaced 2^k around ring Forward to numerically closest node without overshooting Pastry Pointers to nodes sharing varying prefix lengths with local node, plus pointer to immediate successor Forward to numerically closest node Others: Tapestry (like Pastry, but no successor pointers), Kademlia (like Pastry but pointers to varying XOR distances), CAN (like Chord, but torus namespace instead of ring)

The Chord DHT 504+16 Fingers maintained for performance 504+8 504+4 Successors 504+3 maintained for 504+2 correctness 504+1 504 Each node assigned numeric identifier from circular id-space

Chord Example: Forwarding a lookup 999 000 106 dest=802 802 Cuts namespace-distance in half per hop + You can divide any integer N in half at most log(n) times = logarithmic stretch

2. Bootstrap forwards message towards joining node s ID, causing message to resolve to joining node s future successor Join(406) 406 Chord Example: Joining a new node 999 000 1. Joining node must be aware of a bootstrap node in DHT. Joining node sends join request through bootstrap node towards the joining node s ID 798 3. Successor informs predecessor of its new successor, adds joining node as new predecessor 410 398

Chord: Improving robustness To improve robustness, each node can maintain more than one successor E.g., maintain the K>1 successors immediately adjacent to the node In the notify() message, node A can send its k-1 successors to its predecessor B Upon receiving the notify() message, B can update its successor list by concatenating the successor list received from A with A itself

Chord: Discussion Query can be implemented Iteratively Recursively Performance: routing in the overlay network can be more expensive than routing in the underlying network Because usually no correlation between node ids and their locality; a query can repeatedly jump from Europe to North America, though both the initiator and the node that store them are in Europe! Solutions: can maintain multiple copies of each entry in their finger table, choose closest in terms of network distance

Goal: Pointers fill each to neighbors pointer that table match entry my with ID topologicallynearby prefix lengths,with nodes (1320 most points with varying to significant 2032 instead digit varied of 2211, even though they both fit in this position) 2032 1320 1320 s pointer table (base=4, digits=4) Increasing digit 0*: 0002 1*: 2*: 2032 3*: 3233 10*: 1023 11*: 1103 12*: 1221 13*: 130*: 131*: 1310 132*: 133*: 1333 1320: 1321: 1321 1322: 1323: 1323 The Pastry DHT 3233 1023 2211 Increasing prefix length 3211 0002 3103 No node fits here, leave blank 1221 My own ID matches, can leave blank (next row down will have more specific match anyway) 0232 1322 1323 2130 1310 0103 3122 1321 1333 1103

1320 s pointer table (base=4, digits=4) 3233 s pointer table (base=4, digits=4) 0*: 0002 1*: 2*: The 2032 Pastry 3*: 3233 0*: 0002DHT 1*: 1320 2*: 2130 3*: 10*: 1023 11*: 1103 12*: 1221 13*: 30*: 31*: 3103 Forward 32*: 3211 to node 33*: in 130*: 131*: 1310 132*: 133*: 1333 320*: 321*: 322*: table with identifier 323*: 1320: 1321: 1321 1322: 1323: 1323 3230: 3231: sharing 3232: longest 3233: prefix with destination 1320 2032 3233 dst=3122 1023 2211 1323 3211 0002 3122 3103 2130 1321 1221 3103 s pointer table (base=4, digits=4) 0*: 0002 1*: 1320 2*: 2032 3*: 30*: 31*: 32*: 3211 1322 33*: 310*: 311*: 0232 312*: 3122 313*: 3100: 3101: 3102: 3103: 1310 0103 Fixes one digit per hop + logarithmic number of digits per hop = logarithmic 1333stretch 1103

3211 s 3122 s 3233 s 1321 s pointer table (base=4, digits=4) 0*: 0002 1*: 1*: 1320 2*: 2*: 2032 2130 3*: 3*: 3122 30*: 10*: 1023 31*: 11*: 3103 32*: 12*: 3211 33*: 13*: 1323 310*: 320*: 130*: 3103 321*: 311*: 131*: 3211 1310 322*: 312*: 132*: 3221 313*: 323*: 133*: 3233 1333 3210: 3120: 3230: 1320: 3211: 3121: 3231: 1321: 3212: 3122: 3232: 1322: 1322 3213: 3123: 3233: 1323: 1323 1320 2032 3233 3211 3103 The Pastry DHT 3231 s pointer table (stored in join pkt) 2211 0*: 0002 1023 1*: 1320 2*: 2130 3*: 3122 30*: 31*: 3103 32*: 3211 33*: 320*: 321*: 1221 3211 322*: 3221 323*: 3233 3230: 3231: 3232: 3233: 3233 0002 0232 1322 1323 2130 1310 0103 3122 1321 Join (dst=3231) 1333 3231 1103

Content Addressable Network (CAN) Associate to each node and item a unique id in a d-dimensional space Properties Routing table size O(d) Guarantees that a file is found in at most d*n 1/d steps, where n is the total number of nodes

CAN Example: Two dimensional space Space divided between nodes All nodes cover the entire space Each node covers either a square or a rectangular area of ratios 1:2 or 2:1 Example: Assume space size (8x8) Node n1:(1,2) first node that joins Cover the entire space

CAN Example: Two dimensional space Node n2:(4,2) joins space is divided between n1 and n2

CAN Example: Two dimensional space Node n2:(4,2) joins space is divided between n1 and n2

CAN Example: Two dimensional space Nodes n4:(5,5) and n5:(6,6) join

Nodes: n1:(1,2) n2:(4,2) n3:(3,5) n4:(5,5) n5:(6,6) Items: f1(2,3) f2(5,1) f3:(2,1) f4(7,5) CAN Example: Two dimensional space

CAN Example: Two dimensional space Each item is stored at the node who owns the mapping in its space

CAN Example: Two dimensional space Query example: Each node knows its neighbors in the d- space Forward query to the neighbor that is closest to the query id Example: assume n1 queries f4

Preserving consistency What if a node fails? Solution: probe neighbors to make sure alive, proactively replicate objects What if node joins in wrong position? Solution: nodes check to make sure they are in the right order Two flavors: weak stabilization, and strong stabilization

Chord Example: weak stabilization 900 885 999 000 Tricky case: zero position on ring 051 122 Check: if my successor s predecessor is a better match for 732 my successor 480 n.stablize(): x=successor.predecessor; 670 if (x in (n, successor)) successor=x successor.notify(n) 619 538 502

Example where weak stabilization n.stablize(): 720 891 fails 999 000 619 x=successor.predecessor; if (x in (n, successor)) successor=x successor.notify(n) 670 480 885 301 900 122 051

Comparison of DHT geometries Geometry Ring Algorithm Chord Hypercube CAN Tree Hybrid = Tree + Ring XOR d(id1, id2) = id1 XOR id2 Plaxton Tapestry, Pastry Kademlia

Comparison of DHT algorithms Node degree: The number of neighbors per node Dilation: Length of longest path that any packet traverses in the network Stretch: Ratio of longest path to shortest path through the underlying topology Congestion: maximum number of paths that use the same link

Security issues Sybil attacks Malicious node pretends to be many nodes Can take over large fraction of ID space, files Eclipse attacks Malicious node intercepts join requests, replies with its cohorts as joining node s fingers Solutions: Perform several joins over diverse paths, PKI, leverage social network relationships, audit by sharing records with neighbors

Hashing in networked software Hash table: maps identifiers to keys Hash function used to transform key to index (slot) To balance load, should ideally map each key to different index Distributed hash tables Stores values (e.g., by mapping keys and values to servers) Used in distributed storage, load balancing, peerto-peer, content distribution, multicast, anycast, botnets, BitTorrent s tracker, etc.

Background: hashing keys Ahmed Yan John function hashes 00 01 02 03 04 05 Viraj... 08

Example keys function hashes Ahmed Yan John Viraj A H M E D 65+72+77+69+68=351 351%9=0 351%8=1 Y A N 89+65+78=232 232%9=7 232%8=1 J O H N 74+79+72+78=303 303%9=6 303%8=2 V I R A J 86+73+82+65+74=380 380%9=2 380%8=2 00 01 02 03 04 05 06 07 08 Ahmed 04 05 06 07 Viraj John Yan Example: Sum ASCII digits, mod number of bins Problem: failures cause large shifts

Solution: Consistent Hashing Hashing function that reduces churn Addition or removal of one slot does not significantly change mapping of keys to slots Good consistent hashing schemes change mapping of K/N entries on single slot addition K: number of keys N: number of slots E.g., map keys and slots to positions on circle Assign keys to closest slot on circle

Solution: Consistent Hashing keys Ahmed Yan John Viraj function A H M E D 65+72+77+69+68=351 351%100=51 Y A N 89+65+78=232 232%100=32 J O H N 74+79+72+78=303 303%100=3 V I R A J 86+73+82+65+74=380 380%100=80 hashes 04 08 26 27 35 41 47 65 70 81 Slots have IDs selected randomly from [0,100] Hash keys onto same space, map key to closest bin Less churn on failure more stable system

Network layer DHTs 44

Scenario: Sending a Letter A Postal Service B 450 Lancaster Ave. 3400 Walnut St. Address: Name: B 3400 Walnut St. Philadelphia, PA 19104 900 Spruce St.

Scenario: Address Allocation A 19107 B 19104 450 Lancaster Ave. 3400 Walnut St. Address: Name: B 3400 Walnut St. Philadelphia, PA 19104 19105

Scenario: Access Control C 3400 Walnut St. Postal Service Inspect mail to 3400 Walnut St. Name: C D 900 Spruce St. Address: 450 Lancaster Ave. Name: C 3400 900 Spruce Walnut St. St. Philadelphia, PA 19104

How Routing Works Today B K Q V Send(msg,Q) J S X A F Each node has an identity Goal: find path to destination

Scaling Requires Aggregation Area 1 1.1 1.2 B K 2.1 Q Area 2 2.2 V Area 4 3.1 J Area 3 S 3.2 3.3 X 4.1 A F 4.2 Pick addresses that depend on location Aggregation provides excellent scaling properties Key is topology-dependent addressing!

Topology-Dependent Addresses Aren t Always Possible Networks can t use topology-dependent addresses because topology changes so rapidly Decades-long search for scalable routing algorithms for ad hoc networks

Topology-Dependent Addresses Aren t Always Desirable Using topology-based addresses in the Internet complicates access controls, mobility, and multihoming Would like to embed persistent identities into network-layer addresses

Can We Scale without Topology- Dependent Addresses? Is it possible to scale without aggregation? Distributed Hash Tables don t solve this problem

This Talk Will describe how to route scalably on flat identifiers that applies to both: Wireless networks: Challenge is dynamics Wired networks: Challenge is scale, policies, and dynamics

Outline Routing on an abstract graph What state is maintained How to route using that state How to correctly maintain state Wireless sensornet implementation Evaluation for Internet routing Conclusions

State maintained at each node Virtual topology A A X F J K FQ S V X K V J J F S Q K K Q V 1. Write down sorted list of IDs 2. Build paths between neighbors in list J X A S F Network topology

How to forward packets Virtual topology X A F K Q V J J F S Q K Send(K,F) K Q V J X A S F Network topology

The stretch problem Virtual topology X A F Resulting path length: 10 hops V V J J X A F S Q K K Q V Send(J,V) J X A S F Network topology Shortest path length: 3 hops

Optimization: shortcutting Virtual topology X A F Resulting path length: 4 hops V V J J X A F S Q K K Q V Send(J,V) J X A S F Network topology Shortest path length: 3 hops

A summary so far The algorithm has two parts Route linearly around the ring Shortcut when possible Up next, the technical details

Joining a new node Virtual topology V X A B B F J J K {A,F,J} F S Q K Join(B) B K Q V J S X A F Network topology

How to maintain state Virtual topology Goal #2: A X F Ensure each pointer path points to correct global successor/predecessor V J J F S Q K K Q V J S X A F Network topology Goal #1: Ensure each pointer path is properly maintained

Path maintenance Virtual link J F (id F, nh X ) (id F, nh P ) (id F, nh A ) (id F, nh S ) (id F, nh F ) (id F, nh F ) J X P A S F Network topology Nodes maintain (endpoint ID, next hop) pairs per-path Local fault detection, teardowns remove path state Local repair sometimes possible

Path maintenance Virtual link J Network topology (id F, Nh X ) J (id F, nh P ) X (id F, nh H nnh S) (id F, nh A nnh S) P (id F, nh S ) A H (id F, nh F ) S F (id F, nh F ) F Nodes maintain (endpoint ID, next hop) pairs per-path Local fault detection, teardowns remove path state Local repair sometimes possible

Challenges of ring maintenance X B X K B V J Q K F V J Q F B K Q V J X F Need to ensure network-level events don t cause ring partitions, misconvergence

Ring maintenance Base mechanism: Discover node Z closest to zero position, distributes Z s ID throughout partition 0 Z S Inductive mechanism: Set N s successor to be the closest among: S S.pred N N s current successor N s successor s predecessor The zero node Z

Ring maintenance: proof sketch Consider ring with nodes {0 N}, assume routing has converged Base case: N s successor must point to 0 Inductive step: k-1 must point to k if k-1 points to S in [k+1 0], S would inform k-1 about S-1 not converged if k-1 points to S in [1 k-2], then k-1 would change to point to zero node 0 not converged [k+1 0] 0 N k k-1 [1 k-2] Reachability property: If there is a network level path between two nodes A and B, A can route to B via the ring

Outline Introduction Routing on an abstract graph Wireless sensornet implementation Motivation behind using flat IDs Methodology: sensornet implementation Results from deployment Evaluation for Internet routing Conclusions

Why flat IDs for wireless? Multihop wireless networks on the horizon Rooftop networks, sensornets, ad-hoc networks Flat IDs scale in dynamic networks No location service needed Flood-free maintenance reduces state, control traffic Developed and deployed prototype implementation for wireless sensornets Extensions: failure detection, link-estimation

Methodology TinyOS implementation: Virtual Ring Routing (VRR) Deployment on testbed: 67 mica2dot motes (4KB memory, 19.2kbps radio) Compared with Beacon Vector Routing (BVR), AODV, DSR Metrics: Delivery ratio, control overhead

Effect of node failure 110 1 Number of of nodes 100 90 80 70 60 Number of nodes BVR delivery ratio VRR delivery ratio 0.95 0.9 0.85 Delivery ratio 50 0 5 10 15 20 Time Time [mins] (mins) Both VRR and BVR perform well BVR s performance degrades because of coordinate instability and overhead to recover from failures 0.8

Transmission overhead 1 Number Fraction of nodes of packets 0.95 0.9 0.85 VRR BVR 0.8 0 20 40 60 80 Messages Time [mins] per data packet Flat routing requires no scoped flooding, which reduces transmission overhead

Effect of congestion 9 1 8 Send rate [pkts/sec] 7 6 5 4 3 2 Packets/sec VRR delivery ratio BVR delivery ratio 0.98 0.96 0.94 Delivery ratio 1 0 1 3 5 7 9 11 13 15 17 19 0.92 Time [mins] Flat-routing resilient to congestion losses, since identifiers topology-independent

Outline Introduction Routing on an abstract graph Wireless sensornet implementation Evaluation for Internet routing Motivation behind using flat IDs Extensions to support policies, improve scaling Performance evaluation on Internet-size graphs Conclusions

Why flat IDs for the Internet? Today s Internet conflates addressing with identity Flat IDs sidestep this problem completely Provides network routing without any mention of location Benefits: no need for name resolution service, simpler configuration, simpler access controls

Challenges of Internet routing Internet routing is very different from wireless routing Challenges: policies, scaling Need new mechanisms to deal with these challenges Policy-safe successor paths Locality-based pointer caching

Flat IDs for Internet routing 4. intermediate routers may cache pointers 2. hosting routers participate in protocol on behalf of hosts ISP Pointer cache: 0x3B57E ISP 0x3F6C0 0x3BAC8 0x3B57E Pointer list: Successor 0x3F6C0 list: 0x3F6C0 0x3BAC8 0x3BAC8 5. external pointers provide reachability across domains 0x3F6C0 0x3B57E (joining host) 3. hosting routers maintain pointers with source-routes to attached hosts successors/fingers 0xFA291 1. hosts are assigned topology-independent flat identifiers

Internet policies today hierarchy #1 hierarchy #2 hierarchy #3 Prefer customer over peer routes Do not export provider routes to peers peer link Source Destination Economic relationships: peer, provider/customer Isolation: routing contained within hierarchy

Isolation External Successor Joining Source host Internal Successor Destination External Successor Isolation property: traffic between two hosts traverses no higher than their lowest common provider in the ISP hierarchy

Policy support Goal: prefer peer route over provider route A Mechanism: Convert peering relationships to Virtual ASes A VirtAS B Peering link C B C Source Destination Source Destination Peering Provider-customer Backup Traffic respects peering, backup, and provider-customer relationships

Evaluation Distributed packet-level simulations Deployed on cluster across 62 machines, scaled to 300 million hosts Inferred Internet topology from Routeviews, Rocketfuel, CAIDA skitter traces Implementation Ran on Planetlab as overlay, covering 82 ASes Configured inter-isp policies from Routeviews traces Metrics: stretch, control overhead

Internet-scale simulations Join overhead [msgs] 250 200 150 100 50 Peering Full-scale Multihoming Singlehoming Ephemeral Stretch 2.4 2.2 2 1.8 1.6 1.4 1.2 With caching No caching 0 1 100 10000 1E+06 1E+08 1E+10 1 1 100 10000 1E+06 1E+08 1E+10 Number of hosts Number of hosts Join overhead <300 msgs, stretch < 1.4 Root-server lookups inflate latency from 54ms to 134ms, Flat IDs has no penalty

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback