90 likes | 188 Views
Tunneling Continued/ End-to-End Principle. CS 4251: Computer Networking II Nick Feamster Spring 2008. Why Tunnel?. Security E.g., VPNs Flexibility Topology Protocol Bypassing local network engineers Oppressive regimes: China, Pakistan, TS… Compatibility/Interoperability
E N D
Tunneling Continued/End-to-End Principle CS 4251: Computer Networking IINick FeamsterSpring 2008
Why Tunnel? • Security • E.g., VPNs • Flexibility • Topology • Protocol • Bypassing local network engineers • Oppressive regimes: China, Pakistan, TS… • Compatibility/Interoperability • Dispersion/Logical grouping/Organization • Reliability • Fast Reroute, Resilient Overlay Networks (Akamai SureRoute) • Stability (“path pinning”) • E.g., for performance guarantees
MPLS Overview • Main idea: Virtual circuit • Packets forwarded based only on circuit identifier Source 1 Destination Source 2 Router can forward traffic to the same destination on different interfaces/paths.
Circuit Abstraction: Label Swapping D • Label-switched paths (LSPs): Paths are “named” by the label at the path’s entry point • At each hop, label determines: • Outgoing interface • New label to attach • Label distribution protocol: responsible for disseminating signalling information 2 A 1 Tag Out New 3 A 2 D
Layer 3 Virtual Private Networks • Private communications over a public network • A set of sites that are allowed to communicate with each other • Defined by a set of administrative policies • determine both connectivity and QoS among sites • established by VPN customers • One way to implement: BGP/MPLS VPN mechanisms (RFC 2547)
Placement of Function • “End to End Arguments in System Design” • One typically draws a box around the communication subsystemand defines an interface between it and the rest of the system • Once this boundary is defined, the question of where function should be placed is at the forefront • The “End-to-End Argument” • Function can be completely implemented only with the help of the application • Dumb network, smart endpoints
Example: File Transfer • Data could be corrupted or lost • In transit • At the receiver when read • In memory • Where should the checks for correct transmission be performed? • E2E argument says that the application should be the one to perform these checks (e.g., at the application layer)
Examples of Applying E2E • Delivery guarantees • Application may not only need to know that a message was received, but also that the receiver acted on the message • Secure transmission of data • Network elements that transmit data must be trusted to securely manage keys, etc. • Authenticity of message must still be checked by application • Upshot: communicating subsystem does not need to provide management for all traffic
More Examples • Duplicate message suppression • Where should duplicates be supressed? • In-order message delivery