640 likes | 750 Views
Internet Indirection Infrastructure. Ion Stoica UC Berkeley Nov 14, 2005. Motivations. Today’s Internet is built around a unicast point-to-point communication abstraction: Send packet “p” from host “A” to host “B” This abstraction allows Internet to be highly scalable and efficient, but…
E N D
Internet Indirection Infrastructure Ion Stoica UC Berkeley Nov 14, 2005
Motivations • Today’s Internet is built around a unicast point-to-point communication abstraction: • Send packet “p” from host “A” to host “B” • This abstraction allows Internet to be highly scalable and efficient, but… • … not appropriate for applications that require other communications primitives: • Multicast • Anycast • Mobility • …
Why? • Point-to-point communication implicitly assumes there is one sender and one receiver, and that they are placed at fixed and well-known locations • E.g., a host identified by the IP address 128.32.xxx.xxx is located in Berkeley
IP Solutions • Extend IP to support new communication primitives, e.g., • Mobile IP • IP multicast • IP anycast • Disadvantages: • Difficult to implement while maintaining Internet’s scalability (e.g., multicast) • Require community wide consensus -- hard to achieve in practice
Application Level Solutions • Implement the required functionality at the application level, e.g., • Application level multicast (e.g., Narada, Overcast, Scattercast…) • Application level mobility • Disadvantages: • Efficiency hard to achieve • Redundancy: each application implements the same functionality over and over again • No synergy: each application implements usually only one service; services hard to combine
“Any problem in computer science can be solved by adding a layer of indirection” Key Observation • Virtually all previous proposals use indirection, e.g., • Physical indirection point mobile IP • Logical indirection point IP multicast
Application Build an efficient indirection layer on top of IP Indir. layer TCP/UDP IP Our Solution • Use an overlay network to implement this layer • Incrementally deployable; don’t need to change IP
trigger data data data id id R id R Internet Indirection Infrastructure (i3) • Each packet is associated an identifier id • To receive a packet with identifier id, receiver R maintains a trigger (id, R) into the overlay network Sender Receiver (R)
Service Model • API • sendPacket(p); • insertTrigger(t); • removeTrigger(t) // optional • Best-effort service model (like IP) • Triggers periodically refreshed by end-hosts • ID length: 256 bits
Receiver (R1) id id R1 R2 Receiver (R2) Mobility • Host just needs to update its trigger as it moves from one subnet to another Sender
data data data data R2 R1 id id Multicast • Receivers insert triggers with same identifier • Can dynamically switch between multicast and unicast id R1 Receiver (R1) Sender id R2 Receiver (R2)
p|a data p|a data data R1 Anycast • Use longest prefix matching instead of exact matching • Prefix p: anycast group identifier • Suffix si: encode application semantics, e.g., location Receiver (R1) R1 p|s1 R2 p|s2 Sender Receiver (R2) R3 p|s3 Receiver (R3)
idT,id T,id data data data data id R idT,id data Service Composition: Sender Initiated • Use a stack of IDs to encode sequence of operations to be performed on data path • Advantages • Don’t need to configure path • Load balancing and robustness easy to achieve Transcoder (T) Receiver (R) Sender id R T idT
id data idF,R F,R id data data data data R Service Composition: Receiver Initiated • Receiver can also specify the operations to be performed on data Firewall (F) Receiver (R) F Sender idF id idF,R
Outline • Implementation • Examples • Security • Applications • Legacy application support
Quick Implementation Overview • i3 is implemented on top of Chord • But can easily use CAN, Pastry, Tapestry, etc • Each trigger t =(id, R) is stored on the node responsible for id • Use Chord recursive routing to find best matching trigger for packet p = (id, data)
send(37, data) 37 R trigger(37,R) send(R, data) Routing Example • R inserts trigger t = (37, R); S sends packet p = (37, data) • An end-host needs to know only one i3 node to use i3 • E.g., S knows node 3, R knows node 35 S 0 2m-1 S 3 20 [8..20] 7 7 [4..7] 3 [40..3] Chord circle 35 [21..35] 41 41 [36..41] 20 37 R 35 R R
37 R data data 37 R cache node Optimization #1: Path Length • Sender/receiver caches i3 node mapping a specific ID • Subsequent packets are sent via one i3 node [8..20] [4..7] [42..3] [21..35] Sender (S) [36..41] Receiver (R)
37 30 R R data data [2] [2] 2 30 37 R R S S 2 [30] [30] Optimization #2: Triangular Routing • Use well-known trigger for initial rendezvous • Exchange a pair of (private) triggers well-located • Use private triggers to send data traffic [8..20] [4..7] [42..3] [21..35] Sender (S) [36..41] Receiver (R)
Outline • Implementation • Examples • Heterogeneous multicast • Scalable Multicast • Load balancing • Proximity • Security • Applications • Legacy application support
send(R2, data) id R2 Receiver R2 (MPEG) Example 1: Heterogeneous Multicast • Sender not aware of transformations S_MPEG/JPEG send(R1, data) send(id, data) Receiver R1 (JPEG) Sender (MPEG) S_MPEG/JPEG id_MPEG/JPEG send((id_MPEG/JPEG, R1), data) id (id_MPEG/JPEG, R1)
(g, data) g x g R1 g R2 R2 (x, data) x R3 x R4 R1 R3 R4 Example 2: Scalable Multicast • i3 doesn’t provide direct support for scalable multicast • Triggers with same identifier are mapped onto the same i3 node • Solution: have end-hosts build an hierarchy of trigger of bounded degree
Example 2: Scalable Multicast (Discussion) Unlike IP multicast, i3 • Implement only small scale replication allow infrastructure to remain simple, robust, and scalable • Gives end-hosts control on routing enable end-hosts to • Achieve scalability, and • Optimize tree construction to match their needs, e.g., delay, bandwidth
Example 3: Load Balancing • Servers insert triggers with IDs that have random suffixes • Clients send packets with IDs that have random suffixes send(1010 0110,data) S1 1010 0010 S1 A S2 1010 0101 S2 1010 1010 S3 S3 send(1010 1110,data) 1010 1101 S4 S4 B
Example 4: Proximity • Suffixes of trigger and packet IDs encode the server and client locations S2 S3 S1 send(1000 0011,data) 1000 1010 S2 S3 1000 1101 1000 0010 S1
Outline • Implementation • Examples • Security • Applications • Legacy applications support
Loop id1 id2 id2 id3 id4 id1 id4 id3 Attacker id A Confluence Dead-End Attacker (A) id2 id3 id1 id2 id1 id2 Attacker Attacker id2 id3 id3 V id2 id3 Victim (V) id2 id3 Some Attacks Eavesdropping R id R S
Right constrained y.key = hr(x) must match ID: prefix key suffix x y 64 128 64 Left constrained x.key = hl(y.key) x.key = hl(y) x y x y end-host address Constrained Triggers • hl(), hr(): well-known one-way hash functions • Use hl(), hr() to constrain trigger (x, y)
Attacks & Defenses Attack Defense
Outline • Implementation • Examples • Security • Applications • Protection against DoS attacks • Service composition platform • Legacy application support
In a Nutshell • Problem scenario: attacker floods the incoming link of the victim • Solution: stop attacking traffic before it arrives at the incoming link • Today: call the ISP to stop the traffic, and hope for the best! • Our approach: give end-host control on what packets to receive • Enable end-hosts to stop the attacks in the network
Why End-Hosts (and not Network)? • End-hosts can better react to an attack • Aware of semantics of traffic they receive • Know what traffic they want to protect • End-hosts may be in a better position to detect an attack • Flash-crowd vs. DoS
Some Useful Defenses • White-listing: avoid receiving packets on arbitrary ports • Traffic isolation: • Contain the traffic of an application under attack • Protect the traffic of established connections • Throttling new connections: control the rate at which new connections are opened (per sender)
1. White-listing • Packets not addressed to open ports are dropped in the network • Create a public trigger for each port in the white list • Allocate a private trigger for each new connection
ID1 V Legitimate client (C) ID2 V Web server Attacker (A) 2. Traffic Isolation • Drop triggers being flooded without affecting other triggers • Protect ongoing connections from new connection requests • Protect a service from an attack on another services Transaction server Victim (V)
ID1 V Legitimate client (C) Web server Attacker (A) 2. Traffic Isolation • Drop triggers being flooded without affecting other triggers • Protect ongoing connections from new connection requests • Protect a service from an attack on another services Transaction server Victim (V) Traffic of transaction server protected from attack on web server
Gatekeeper (A) puzzle Server (S) Client (C) puzzle’s solution 3. Throttling New Connections • Redirect new connection requests to a gatekeeper • Gatekeeper has more resources than victim • Can be provided as a 3rd party service IDC C X S A IDP
Outline • Implementation • Examples • Security • Architecture Optimizations • Applications • Protection against DoS attacks • Service composition platform • Legacy application support
Service Composition • Goal: allow third-parties and end-hosts to easily insert new functionality on data path • E.g., firewalls, NATs, caching, transcoding, spam filtering, intrusion detection, etc.. • Why i3? • Make middle-boxes part of the architecture • Allow end-hosts/third-parties to explicitly route through middle-boxes
(idBA, data) (idM:idBA, data) (idM:idAB, data) (idAB, data) Example • Use Bro system to provide intrusion detection for end-hosts that desire so Bro (middle-box) M idM M server B idBA B client A idAB A i3
Outline • Implementation • Examples • Security • Applications • Legacy Application Support
The Problem • New network architectures & overlays provide new features • RON : resilience to path failures • i3 : mobility, NAT traversal, anycast, multicast • … • But still no widespread deployment • How take advantage of new functionality? • Enable popular applications (ssh, Firefox, IE) to benefit from new features
Solutions • Approach 1: rewrite/port apps for each new overlay • time-consuming, tedious, impossible for closed source apps • Approach 2: enable support for legacy applications over multiple overlays • We chose approach 2!
Overlay Convergence Architecture for Legacy Applications (OCALA) Interpose an Overlay Convergence Layer between transport layer and overlay networks Legacy Applications (ssh, firefox, explorer, …) Transport Layer (TCP, UDP, …) IP Layer
Overlay Convergence Architecture for Legacy Applications (OCALA) Interpose an Overlay Convergence Layer between transport layer and overlay networks Legacy Applications (ssh, firefox, explorer, …) Transport Layer (TCP, UDP, …) OC Independent (OC-I) Sublayer Overlay Convergence (OC) Layer OC Dependent (OC-D) Sublayer Overlay (DOA, DTN, HIP, i3, RON, …)
Simultaneous access to multiple overlays Host B Host C ssh Host A IRC OC-I Firefox IRC ssh OC-I … RON … OC-I i3 … OC-D IP i3 RON RON www.cnn.com i3 Internet
Which overlay to use? • IP address and port number : • E.g.: Forward all packets sent to 128.32.132.223 port 22 over i3 • DNS name: • E.g.: Forward all packets sent to odu.edu.ron over RON (Resilient Overlay Networks) • E.g.: Forward all packets sent to odu.edu.i3 over i3
Bridging Multiple Overlays • Communication across overlays • Stitch together functionality Host A Host C (foo.ron) Appl. Appl. Host B (bar.i3) OC-I OC-I OC-I OC-D i3 RON i3 RON RON i3 tunnel tunnel path
Legacy Client Gateways – Demo • Clients need not run OCALA locally • Gateway has special Legacy Client IP (LCIP) module Overlay server (dilip.i3) Legacy gateway Appl. OC-I Legacy Client OC-I OV OV LCIP Internet i3 DNSreq(ionhome.pli3.ocalaproxy.net)
Legacy Client Gateways – Demo Access the following URL using your web browser: http://ionhome.pli3.ocalaproxy.net:8000/ifconfig.html