Outline. Predicting the Future is Hard! The expressive Internet Architecture: From Architecture to Network. We love all of them!

Similar documents
NSF Future Internet Architecture. Outline. Predicting the Future is Hard! The expressive Internet Architecture: from Architecture to Network

XIA: An Architecture for a Trustworthy and Evolvable Internet

Narrow Waist of the Internet Key to its Success. NSF Future Internet Architecture. The expressive Internet Architecture: From Architecture to Network

XIA: An Architecture for a Trustworthy and Evolvable Internet

Outline. Narrow Waist of the Internet Key to its Success. expressive Internet Architecture: Overview and Next Phase. Three Simple Ideas 9/13/2014

expressive Internet Architecture:

SharkFest'17 US. Experience with the expressive Internet Architecture. Peter Steenkiste Carnegie Mellon University

A Routing Infrastructure for XIA

XIA: Lessons Learned and Open Issues

Next Generation Network Architectures. Srinivasan Seshan!

XIA: Efficient Support for Evolvable Internetworking

Outline. XIA!Vision. P1:!Evolvable!Set!of!Principals. expressive Internet!Architecture Security!Architecture 5/26/2011. Security!

XIA: An Architecture for an Evolvable and Trustworthy Internet

Future Internet CMU XIA & SCION

Introduction to Networks

Rule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs

Internet Technology. 06. Exam 1 Review Paul Krzyzanowski. Rutgers University. Spring 2016

CS4450. Computer Networks: Architecture and Protocols. Lecture 20 Pu+ng ALL the Pieces Together. Spring 2018 Rachit Agarwal

Internet Technology 3/2/2016

And Then There Were More:

CSE 123A Computer Netwrking

Named Data Networking (NDN) CLASS WEB SITE: NDN. Introduction to NDN. Updated with Lecture Notes. Data-centric addressing

SCION: A Secure Multipath Interdomain Routing Architecture. Adrian Perrig Network Security Group, ETH Zürich

CSE 123b Communications Software

Quick announcements. CSE 123b Communications Software. Today s issues. Last class. The Mobility Problem. Problems. Spring 2004

A Polymorphic Network Architecture based on Autonomous Domains DIANA. Domain-Insulated Autonomous Network Architecture

Communications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage

Quick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003

ARP, IP. Chong-Kwon Kim. Each station (or network interface) should be uniquely identified Use 6 byte long address

Bayeux: An Architecture for Scalable and Fault Tolerant Wide area Data Dissemination

OpenADN: A Case for Open Application Delivery Networking

Rule-Based Forwarding

End-to-End Communication

Understanding the Internet

A Layered Protocol Architecture for Scalable Innovation and Identification of Network Economic Synergies in the Internet of Things

Outline. Circuit Switching. Circuit Switching : Introduction to Telecommunication Networks Lectures 13: Virtual Things

Tag Switching. Background. Tag-Switching Architecture. Forwarding Component CHAPTER

Lecture 2: Links and Signaling

Distributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018

CS November 2018

HIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson

Announcements Computer Networking. What is the Objective of the Internet? Today s Lecture

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Interdomain Routing Design for MobilityFirst

Why do we really want an ID/locator split anyway?

VXLAN Overview: Cisco Nexus 9000 Series Switches

M&Ms: CS Freshmen Experience Networks. Department of Computer Science The Johns Hopkins University. Yair Amir Spring 2017 / Week 3 1.

Part I: Future Internet Foundations: Architectural Issues

Abstractions for Routing. Abstractions for Network Routing

Internet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses

SCION: Scalability, Control and Isolation On Next-Generation Networks

Toward Intrusion Tolerant Cloud Infrastructure

APT: A Practical Transit-Mapping Service Overview and Comparisons

Lecture 3. The Network Layer (cont d) Network Layer 1-1

M. AMBROSIN ET AL. 1. Security and Privacy Analysis of NSF Future Internet Architectures

Enabling Efficient and Scalable Zero-Trust Security

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

Bootstrapping evolvability for inter-domain routing with D-BGP. Raja Sambasivan David Tran-Lam, Aditya Akella, Peter Steenkiste

Request for Comments: 2583 Category: Informational ANL May Guidelines for Next Hop Client (NHC) Developers. Status of this Memo

Architecture Summary Document MobilityFirst: A Robust and Trustworthy Mobility-Centric Architecture for the Future Internet*

The Interconnection Structure of. The Internet. EECC694 - Shaaban

Lecture 8. Network Layer (cont d) Network Layer 1-1

CSc 466/566. Computer Security. 18 : Network Security Introduction

Share Count Analysis HEADERS

Network Layer. IP Protocol Stack: Key AbstracHons. Best- Effort Global Packet Delivery. Circuit Switching (e.g., Phone Network)

Networking is IPC : A Guiding Principle to a Better Internet

SaaS Providers. ThousandEyes for. Summary

Reminder: Datalink Functions Computer Networking. Datalink Architectures

Chapter 3: Naming Page 38. Clients in most cases find the Jini lookup services in their scope by IP

Computer Network Fundamentals Spring Week 4 Network Layer Andreas Terzis

SCION: PKI Overview. Adrian Perrig Network Security Group, ETH Zürich

An Industry view of IPv6 Advantages

Application-Specific Configuration Selection in the Cloud: Impact of Provider Policy and Potential of Systematic Testing

Table of Contents. Cisco How NAT Works

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

Kent State University

Networking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ

Internet Design: Big Picture

ATP: Autonomous Transport Protocol

ThousandEyes for. Application Delivery White Paper

Some Lessons Learned from Designing the Resource PKI

FIArch Our understanding of the Internet Architecture Design Principles

OPEN COMPUTE PLATFORMS POWER SOFTWARE-DRIVEN PACKET FLOW VISIBILITY, PART 2 EXECUTIVE SUMMARY. Key Takeaways

Chapter 7 Internet Protocol Version 4 (IPv4) Kyung Hee University

Request for Comments: 1787 T.J. Watson Research Center, IBM Corp. Category: Informational April 1995

Network layer: Overview. Network Layer Functions

15-744: Computer Networking. Middleboxes and NFV

Multicast service model Host interface Host-router interactions (IGMP) Multicast Routing Distance Vector Link State. Shared tree.

CSE 123A Computer Networks

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

CSEP 561 Internetworking. David Wetherall

OPTIMIZING MOBILITY MANAGEMENT IN FUTURE IPv6 MOBILE NETWORKS

IPv6: Are we really ready to turn off IPv4?

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

Networking interview questions

IPv6: An Introduction

Post IPv4 completion. Making IPv6 deployable incrementally by making it. Alain Durand

Design Principles : Fundamentals of Computer Networks Bill Nace

Computer Science 461 Final Exam May 22, :30-3:30pm

MPLS/Tag Switching. Background. Chapter Goals CHAPTER

Transcription:

The expressive Internet Architecture: From Architecture to Network Peter Steenkiste Dave Andersen, David Eckhardt, Sara Kiesler, Jon Peha, Adrian Perrig, Srini Seshan, Marvin Sirbu, Hui Zhang Carnegie Mellon University Aditya Akella, University of Wisconsin John Byers, Boston University Winlab FIA, May 14, 2012 1 How do you Improve on the Internet? The Internet has been tremendously successful Has sustained tremendous growth Supports very diverse set of applications and services Integral part of our society and economy Lots of exciting research on how to improve Internet Security, routing, wireless/mobile, management, But Internet architecture constrains what can be modified Future Internet Architecture frees researchers to go beyond today s IP architecture and infrastructure Multi phase, NSF funded research program Five teams building full scale networks 2 Predicting the Future is Hard! A lot of really smart people don t agree: Named Data Networking: content centric networking data is a first class entity Mobility First: mobility as the norm rather than the exception generalizes delay tolerant networking Nebula: Internet centered around cloud computing data centers that are well connected Background XIA principles i XIA architecture Building XIA Conclusion Outline We love all of them! 3 4 1

XIA Vision Today s Internet We envision a future Internet that: Is trustworthy Security broadly defined is the biggest challenge Supports long term evolution of usage models Including host host, content retrieval, services, Supports long term technology evolution Not just for link technologies, but also for storage and computingcapabilitiesin capabilities the network and end points Allows all actors to operate effectively Despite differences in roles, goals and incentives 5 Client IP Src: Client IP Dest: Server IP TCP Server IP Client retrieves document from a specific web server But client mostlycares about correctness ofcontent, timeliness Specific server, file name, etc. are not of interest Transfer is between wrong principals What if the server fails? Optimizing transfer using local caches is hard Need to use application specific overlay or transparent proxy bad! 6 expressive Internet Architecture A Bit More Detail Src: Client ID Dest: ID Dest: Service ID Name? Flexible Trust Management PDA Client expresses communication intent for content explicitly Networkuses content identifier to retrieve content from appropriate location How does client know the content is correct? Intrinsic security! Verify content using self certifying id: hash(content) = content id How does source know it is talking to the right client? Intrinsic security! Self certifying host identifiers 7 Dest: Client ID ID Dest: ID Anywhere Hash( ) =? Diverse Communicating Entities Intrinsic Security 8 2

Evolvable Set of Principals Identifying the intended communicating entitiesreducescomplexity complexity and overhead No need to force all communication at a lower level (hosts), as in today s Internet Allows the network to evolve a581fe9... Services d9389fa Security as Intrinsic as Possible Security properties are a direct result of the design of the system Do not rely on correctness of external configurations, actions, data bases Malicious actions can be easily identified a581fe9... Services d9389fa Host 024e881 Future Entities 39c0348 9 Host 024e881 Future Entities 39c0348 10 Other XIA Principles Narrow waist for all principals Defines the API between the principals and the network protocol mechanisms Narrow waist for trust management Ensure that the inputs to the intrinsically secure system match the trust assumptions and intensions of the user Narrow waist allows leveraging diverse mechanisms for trust management: CAs, reputation,,p personal, All other network functions are explicit services Keeps the architecture simple and easy to reason about XIA provides a principal type for services (visible) Look familiar? 11 XIA: expressive Internet Architecture Each communication operation expresses the intent of the operation Also: explicit trust management, APIs among actors XIA is a single inter network in which all principals are connected Not a collection of architectures implemented through, e.g., virtualization or overlays Not based on a preferred principal (host or content), that has to support all communication 12 3

What Applications Does XIA Support? Since XIA supports host based communication, today s applicationscontinuetocontinue to work Will benefit from the intrinsic security properties New applications can express the right principal Can also specify other principals (host based) as fallbacks centric applications Explicit reliance on network services Mobile users As yet unknown usage models Outline Background XIA principles i XIA architecture Multiple principals DAG based addressing Intrinsic security Building XIA Conclusion 13 14 What Do We Mean by Evolvability? Narrow waist of the Internet has allowed the network to evolve significantly But need to evolve the waist as well! Can make the waist smarter IP: Evolvability of: Applications Link technologies XIA adds evolvability at the waist: Applications Evolving set of principals Link technologies Multiple Principal Types Hosts XIDs support host based communication similar to IP who? Service XIDs allow the network to route to possibly replicated services what does it do? LAN services access, WAN replication, XIDs allow network to retrieve content from anywhere what is it? Opportunistic caches, CDNs, Autonomous domains allow scoping, hierarchy What are conditions for adding principal types? 15 16 4

Multiple Principal Types Choice involves tradeoffs: Control Trust Efficiency Privacy Service SID Service SID Host HID SID 17 Supporting Evolvability Introduction of a new principal type will be incremental no flag day! Not all routers and ISPs will provide support from day one Creates chicken and egg problem what comes first: network support or use in applications Solution is to provide an. intent and fallback address Dest Intent address allows innetwork AD:HID optimizations based AD:rc on user intent. Fallback address is guaranteed Payload to be reachable 18 Addressing Requirements Our Solution: DAG Based Addressing Fallback: intent that may not be globally understood must include a backwards compatible address Incremental introduction of new XID types Scoping: support reachability for non globally routable XID types or XIDs Needed for scalability Generalize scoping based on network identifiers But we do not want to give up leveraging intent Iterative refinement: give each XID in the hierarchy option of using intent 19 Uses direct acyclic graph (DAG) Nodes: typed did IDs (XID; expressive identifier) Outgoing edges: possible routing choices Simple example: Sending a packet to Dummy source: special node indicating packet sender Intent: final destination of packet with no outgoing edges 20 5

Support for Fallbacks with DAG A node can have multiple outgoing edges Support for Scoping with DAG Client side Server side domain hierarchy Fallback edge (low priority edge) Primary edges A Intermediate node Outgoing edges have priority among them Forwarding to is attempted if forwarding to A is not possible Realization of fallbacks AD 0 AD 1 21 Support scalable routing, binding, migration, mobility, 22 Iterative Refinement: Scoping while Maintaining Intent Client side AD 0 Server side domain hierarchy AD 1 S DAG Addressing Research Questions DAG addressing supports is flexible Fallback, binding, source routing, mobility, bl.. but many questions remain: Is it expensive to process? How big will the addresses be? How do ISPs verify policy compliance? Can they be used to attack network? Can it be deployed incrementally? 23 24 6

Intrinsic Security in XIA XIA uses self certifying identifiers that guarantee security properties p for communication operation Host ID is a hash of its public key accountability (AIP) ID is a hash of the content correctness Does not rely on external configurations Intrinsic security is specific to the principal type Example: retrieve content using XID: content is correct Service XID: the right service provided content Host XID: content was delivered from right host 25 Example of Secure Mobile Service Access X AD BoF SID BOF S2 Server S: SID BoF AD BoF :SID BoF Client C: HID C SID C AD C Server S2: 2 SID BoF AD BoF: :SID BoF Register bof.com AD C :HID C :SID C -> AD BOF :SID BOF XIA Internet AD C2 Client C: HID C SID C AD BoF :2 :SID BoF AD C :HID C :SID C AD BoF :2 :SID BoF AD C2 :HID C :SID C SID Resolv bof.com AD BOF :SID BOF Name Resolution Service 26 Source/destination can choose among up/down hill paths Path control shared between ISPs, receivers, senders Desirable security properties: High availability, even in presence of malicious parties Explicit trust for operations Minimal TCB: limit number of entities that must be trusted No single root of trust Simplicity, efficiency, flexibility, and scalability Path Selection in SCION Architecture Overview PCB PCB Source PCB Destination Distributed Control in XIA Customers have more choices: Choice of XID type, i.e. how is communication operation performed; involves different tradeoffs DAGs add flexibility: fallback, services, Scion offers some control over path selection Service providers have choices as well Use of XID types to optimize new services Scion allowsnewpathoptimization optimization options Use DAGs for binding, scoping, mobility, Provides opportunities for customizing interactions to context 27 28 7

i 5/15/2012 Outline Putting Address into Packet Headers Background XIA principles i XIA architecture Building XIA Forwarding packets Building a network Prototype Conclusion Graphic view A Per node view Node 1 Node 1 Node 0 Node 0 Node 1 Node 1 A 29 30 XIP Packet Header DAGs represent source and destination addresses Array of nodes with pointers Maintains a LastNode field in the header Routers to know where to begin forwarding lookups Router s View on Packet Forwarding AD S SID S s Destinat on nodes Source nodes Version=XIP1.0 Next Header Payload length Hop Limit #Destination #Source nodes nodes XID type Last node = AD 1 160 Bit ID Edge0 Edge1 Edge2 Edge3 XID type 160 Bit ID Edge 0 Edge 1 Edge 2 Edge 3. Last visited node (In packet header) 1. Forward to SID S if possible 2. Otherwise, forward to AD S If router is AD S itself, update last visited node to AD S 32 8

Input Packet Processing Pipeline Source XID Type Classifier AD HID SID Next Dest XID Type Classifier AD HID SID Route Success? Output Principle independent processing defines how to interpret the DAG The core XIA architecture Principle dependent processing realizes forwarding semantics for each XID type Optimizations possible: fast path processing, packet level and intra packet parallelism 33 Evaluation Setup Router Packet generator Software: PacketShader I/O Engine Click modular router multithreaded(12 threads) Hardware: 10Gbit NIC : 4 ports (multi queue support) 2x 6 Core Intel Xeon @ 2.26GHz Forwarding Performance Comparison Fast Path Performance 8% drop 20% drop 351K FIB entries Workload: Identifiers generated using Pareto distribution XIP forwarding is fast! @128 byte FB0 is 8% slower than IP @192 byte FB3 is 26% slower than IP Look-aside cache of 1024 entries Using fast-path processing, the gap between FB0 and FB3 is reduced significantly! 9

Source/destination can choose among up/down hill paths Path control shared between ISPs, receivers, senders Desirable security properties: High availability, even in presence of malicious parties Explicit trust for operations Minimal TCB: limit number of entities that must be trusted No single root of trust Simplicity, efficiency, flexibility, and scalability Path Selection in SCION Architecture Overview PCB PCB Source PCB Destination 37 Xsockets Routing XHCP BIND XIP Protocol Stack Applications XIP Chunking XDP XSP XChunkP Cache ARP Datalink XCMP Open source release of complete prototype this month Support for GENI and VM based experiments 38 XIA Components and Interactions Network User Network Host Support Users Applications Support Services Services Support NetworkeXpressive Internet Protocol Intrinsic Security rthy Network Operation Trustwor 39 Conclusion XIA supports evolution, expressiveness, and trustworthy operation. Multiple principal types, flexible addressing, and intrinsic security But research has just started! Transport protocols, applications, services, Trustworthy protocols that fully utilizes intrinsic security of XIA More information on http://www.cs.cmu.edu/~xia 40 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback