i-Path : Network Transparency Project

Slides:

Advertisements

Similar presentations

RIP V1 W.lilakiatsakun.

Advertisements

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

STUN Date: Speaker: Hui-Hsiung Chung 1.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.

NAT: Network Address Translation local network (e.g., home network) /24 rest of Internet Datagrams.

10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.

Adapted from: Computer Networking, Kurose/Ross 1DT066 Distributed Information Systems Chapter 4 Network Layer.

1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.

Introduction to Network Address Translation

CIS 3360: Internet: Network Layer Introduction Cliff Zou Spring 2012.

Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

Mitsubishi Research Institute, Inc Analyses on Distribution of Malicious Packets and Threats over the Internet August 27-31, 2007 APAN Network Research.

I-Path : Network Transparency Project Shigeki Goto* Akihiro Shimoda*, Ichiro Murase* Dai Mochinaga**, and Katsushi Kobayashi*** 1 * Waseda University **

1 Network Layer Lecture 13 Imran Ahmed University of Management & Technology.

1 Network Layer Lecture 15 Imran Ahmed University of Management & Technology.

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

Lectu re 1 Recap: “Operational” view of Internet r Internet: “network of networks” m Requires sending, receiving of messages r protocols control sending,

Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

1 Capacity Dimensioning Based on Traffic Measurement in the Internet Kazumine Osaka University Shingo Ata (Osaka City Univ.)

Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.

Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.

1 Virtual Dark IP for Internet Threat Detection Akihiro Shimoda & Shigeki Goto Waseda University

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

VCC Semester 1 CHAPTER 11. VCC  Content Layer 3 Devices ARP concept Network layer services Routed and routing protocols Protocol analyzer.

Ad Hoc – Wireless connection between two devices Backbone – The hardware used in networking Bandwidth – The speed at which the network is capable of sending.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

1 Computer Networks Chapter 5. Network layer The network layer is concerned with getting packets from the source all the way to the destination. Getting.

INTRODUCTION NETWORKING CONCEPTS AND ADMINISTRATION CSIS 3723

Network Address Translation

CIS 700-5: The Design and Implementation of Cloud Networks

Scaling the Network: The Internet Protocol

Part I. Overview of Data Communications and Networking

Planning and Troubleshooting Routing and Switching

CS4470 Computer Networking Protocols

Chapter 2: Basic Switching Concepts and Configuration

NET323 D: Network Protocols

Chapter 2 Introduction Application Requirements VS. Transport Services

Akari Project an Initiative on Designing a New Generation Network

Cisco Real Exam Dumps IT-Dumps

Packet Sniffing.

* Essential Network Security Book Slides.

NET323 D: Network Protocols

Ling-Jyh Chen, Mario Gerla Computer Science Department, UCLA

Distributed Systems CS

Visible routers in Visible network

Chapter 3 Part 3 Switching and Bridging

CS4470 Computer Networking Protocols

Scaling the Network: The Internet Protocol

COMPUTER NETWORKS CS610 Lecture-29 Hammad Khalid Khan.

Request for Comments(RFC) 3489

DHCP: Dynamic Host Configuration Protocol

Computer Networks Protocols

Distributed Systems CS

Presentation transcript:

i-Path : Network Transparency Project 14th JSPS/NRF Core University Program Seminar on Next Generation Internet i-Path : Network Transparency Project Shigeki Goto* Akihiro Shimoda*, Ichiro Murase* Dai Mochinaga**, and Katsushi Kobayashi*** * Waseda University ** Mitsubishi Research Institute Inc., *** National Institute of Advanced Science and Technology (AIST)

Agenda Introduction Overview of i-Path More Applications Conclusion Background and Motivation Applications Overview of i-Path Data Collection New Software More Applications Conclusion Acknowledgement

The Goal of i-Path project Accessible Information between the hosts Observing the information disclosure policy of all stakeholders along the path

Background Growing demand for backbone bandwidth Introduction Background Growing demand for backbone bandwidth Network performance fluctuation (e.g. throughput) Routers keep rich information Routing table, Link utilization Temperature, Location, Contact point, Supply voltage etc. Not easy to collect right information and to utilize information along the path Because of … Observe the information disclosure policy Status of network depends on variety of factors

Introduction Motivation Disclosing information leads to improved End-to-End visibility End-to-End visibility provides benefit to end hosts and operators Monitoring network status Reporting events and troubleshooting Reduction in operational cost Providing transparency of underlying networks

Applications Enhanced Congestion Control Best peer selection in Introduction Applications Enhanced Congestion Control Best peer selection in P2P communication applications Adjust optimal bit rate in VoD Dynamic network configuration (e.g. according to Time zones) Selection of the appropriate path (e.g. Not violating policies related to content management)

Data Collection Explicit Network Information Collection Along a Path Overview Data Collection Explicit Network Information Collection Along a Path SIRENS *(Simple Internet Resource Notification Scheme) Based on the cross layer approach Bottleneck bandwidth Interface queue capacity Corruption losses etc. Scalable network information measurement * K. Nakauchi and K. Kobayashi. An explicit router　feedback framework for high bandwidth-delay product　networks. Computer Networks, 51(7):1833–1846, 2007.

Structure of shim-header Overview Structure of shim-header Inserted between the network and transport headers

Information Disclosure Overview Information Disclosure Prohibit to access some Information on routers Unwilling to disclose inside network status Security Cost Each ISP has a disclosure policy End hosts have their disclosure policy Negotiation: requests and responses OK to Disclose? OK to Disclose? OK to Disclose?

Observing Information Disclosure Policies Selective requests and responses Policy: Alice & Bob allow to disclose beyond 3rd hop router. Implementation: Alice does not send req. for her neighbor & the next neighbor routers, i.e.,1st & 2nd hops. Bob does not send back res. same as Alice, i.e., 6th & 7th hops. Results: Alice obtains 3-5 hops data. Bob obtains 3-7 hops data

New Software Tools Receiver Sender i-Path Router (a) Send a SIRENS request packet TCP Data TCP Data TCP Data TCP Data (b) Receive the request packet and reply Receiver Sender i-Path Router (c) Receive the reply packet and make xml files TCP Data TCP Data Developed software xml

Snapshot of the Visualization Tool Dark colored (Blue) routers Data Collection: Enabled Gray colored routers Data Collection: Not enabled or Not Exist

Network Threat Detection More applications Network Threat Detection S.Nogami, A.Shimoda and S.Goto, Detection of DDoS attacks by i-Path flow analysis, (in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010. DDoS Packets destination: TARGET Source IP Address: Spoofed IP Address TARGET IP address : X.X.X.X Internet Back　Scatter Packets destination: Spoofed IP Address Source: TARGET Attackers extraneous hosts/servers

NAT traversal Different kind of NATs: More applications Different kind of NATs: full cone, restricted cone, port restricted cone, symmetric K.Tobe, A.Shimoda and S.Goto, NAT traversal with transparent routers, (in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010 Symmetric NAT Symmetric NAT is the most difficult NAT of all. In a symmetric NAT, any request from an internal IP address and a port number to some destination IP address and port number is mapped to a unique external IP address and a unique port number. If the same host sends a packet from the same source address and the same port number but to a different destination, a different mapping is used. Only the external host that receives a packet from an internal host can send a UDP packet back to the internal host. Symmetric NATs are used when high security communication is required. And Symmetric NATs are installed as routers in business enterprises and also as high-end routers for home use. symmetric NAT

Current Status and Future Plans i-Path project wiki http://i-path.goto.info.waseda.ac.jp/trac/i-Path/ Dai Mochinaga, Katsushi Kobayashi, Shigeki Goto, Akihiro Shimoda, and Ichiro Murase, Collecting Information to Visualize Network Status, 28th APAN Network Research Workshop, pp.1—4, 2009. Network application utilizing collected information Demonstration on R&D testbed: JGN in Japan Demonstration at SC09, Portland, OR, Nov. 2009

Conclusion We proposed new method disclosing network information i-Path Offering end-to-end visibility, transparency Observing privacy protection Respecting disclosure policy

Acknowledgement This project is supported by National Institute of Information and Communications Technology (NICT), Japan.