1 / 20

The X-Bone ICB Meeting July 10, 2003

The X-Bone ICB Meeting July 10, 2003. Joe Touch Director, Postel Center for Experimental Networking Computer Networks Division USC/ISI. IP Base. B. A. D. C. ring-ovl. star-ovl. B. B. A. A. D. D. C. C. xd GUI. Resource Daemon. Overlay Manager. Resource Daemon. Resource

sawyer
Download Presentation

The X-Bone ICB Meeting July 10, 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The X-BoneICB MeetingJuly 10, 2003 Joe Touch Director, Postel Center for Experimental Networking Computer Networks Division USC/ISI

  2. IP Base B A D C ring-ovl star-ovl B B A A D D C C xd GUI Resource Daemon Overlay Manager Resource Daemon Resource Daemon link host router X-Bone IP Overlays Web GUI Multiple views Star Overlay Ring Overlay Base IPv4 Network X-Bone system Automated monitoring

  3. What is the X-Bone? • Virtual Internet Architecture • Consistent with dynamic routing, existing Internet applications and services • Distributed VPN Manager • SNMP-like client/server • Multicast invites • Interfaces • Overlay Language • GUI front-end

  4. Virtual Internet Arch. • VHs & VRs connected by tunnels • VHs add/delete headers • VRs transit only • Completely virtual • Revisitation • Recursion • Network-as-router recursion • Control Recursion (compile-time) • Rename unbound inner network VR interfaces • Network Recursion (run-time) • Phantom VHs at unbound inner network VR interfaces

  5. X-Bone View of VPN • E2E • Closed set of participants • More controlled than PE-based • Support ALL Internet apps • Network, not a full mesh (supports use of an internal AS structure) • IP over IP • Current deployment assumes mcastIP • NO OTHER ASSUMPTIONS • Can use any tunnel to get IP in IP, but uses explicit key distribution (interoperability)

  6. Software Architecture • OM runs the overlay • Control or network recursion • RD configures nodes • SNMP-like transactions • Multicast invites • RD privacy • Security • ACLs, resource counts • S/MIME invites • SSL configuration

  7. Interfaces • Overlay Joe • Node apple • (OS=BSD) (iface a b c) • Node pear • (CPU=P4) (iface p) • Ring r3 • (BW=2M) (mac,gran,gold=apple, one,two,three=pear),(one.p <L> mac.a>)(two.p <M> gran.a>)(three.p <N> gold.a>)(mac.b <X> gran.c)(gran.b <Y> gold.c)(gold.b <Z> mac.c)

  8. Capabilities • Revisitation • Recursion (scalability, multilayer) • Dynamic routing • Integration with DNS • Application deployment

  9. Revisitation E B C D A F Y Z X B C A D E F

  10. Recursion • Hierarchy w/connected sub-overlays • Sub-overlays look like routers Primary overlay Sub-2 Sub-1 Base network

  11. OM 1 Action File Generator Script Application Generator Script edit 3 2 ring-ovl 4 B A D C RD RD (XBone-Auto) Overlay/Node Specific: Ovl Name, IPs, Topol RD 5 RD Node Action File Application deployment (User Input) App-Instance Specific Params

  12. Project Status • DynaBone (DARPA) 10/03 {04? ☺} • Multilayer overlays for dynamic defense • Adding native recursion • X-Tend (NSF) 12/05 • Augmenting X-Bone for education & research • Add features based on need • Add documentation, instruction examples • Green-box install

  13. Due Aug 2003 Net list topology Divide-and-conquer control Layered VPNs Revised API & code Dynamic & secure DNS +1 yr Layered restoration Incremental add/delete Ad-hoc mgt Application ‘jails’, process policy (MAC) Due within 6 mos. IPv6 Cisco Linux IPsec (?) Dynamic routing Proximity topology Revisitation Specific host list, find-and-select, directory discovery (LDAP) Apple OS-X Symbolic hostnames OM fault tolerance (hot backup, state-full recovery) Monitor link performance X-Tensions ☺

  14. 2 Header FAQ • Why two headers? • Inet needs net and link • ARP • Revisitation • Why overlap inside X-Bone, not outside? • Innerlays never reuse interfaces:by construction

  15. Innerlays Outerlay P R M P R M DynaBone architecture Spread-Spectrum Multilayer Internet Overlays 3DES encrypt / Linkstate RC5 encrypt / RIP X MD5 auth / static MD5 auth / static Base network

  16. Performance issues • Nesting: • 800+ parallel innerlays • 15 layers of recursion • Bandwidth as 1/N for recursion

  17. #50 #50 #50 #50 #50 #50 #50 #50 #50 #50 #50 #50 Demo configuration Outerlay TCP S/F – 3DES Others – MD5 UDP – SHA1 50 Innerlays 80 800 Base network

  18. Monitor & Control GUI

  19. Issue Positions • Optimization • Pathchar, proximity, node – OK • Not for link • QoS • Upper-bound, increase delay – OK • No guarantees • IP for simplicity • Any IP encapsulation tunnel • Esp. if it looks like an interface

  20. URLs • All at www.isi.edu/touch • www.isi.edu/xbone • www.isi.edu/xtend • www.isi.edu/dynabone • www.isi.edu/tethernet

More Related