OCALA: An Architecture for Supporting Legacy Applications over Overlays Dilip Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik Lakshminarayanan 1, Ion.

Slides:



Advertisements
Similar presentations
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Advertisements

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
Lauri Virtanen Supervisor: Professor Raimo Kantola Instructor: Lic.Sc.(Tech.) Nicklas Beijar Faculty of Electronics, Communications and Automation Department.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
SCSC 455 Computer Security Virtual Private Network (VPN)
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
Host Mobility Using an Internet Indirection Infrastructure by Shelley Zhuang, Kevin Lai, Ion Stoica, Randy Katz, Scott Shenker presented by Essi Vehmersalo.
Supporting Legacy Applications in i3 Jayanthkumar Kannan, Ayumu Kubota, Karthik Lakshminarayanan, Ion Stoica, Klaus Wherle.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
Internet Indirection Infrastructure Ion Stoica and many others… UC Berkeley.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
I3 Update Ion Stoica and many others… UC Berkeley January 10, 2005.
IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.
CS 268: Project Suggestions Ion Stoica February 6, 2003.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
CS 268: Project Suggestions Ion Stoica January 23, 2006.
Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.
Circuit & Application Level Gateways CS-431 Dick Steflik.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
OCALA: An Architecture for Supporting Legacy Applications over Overlays Dilip Antony Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik Lakshminarayanan.
Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Data Communications and Networks
Guide to MCSE , Second Edition, Enhanced1 Windows XP Network Overview Most versatile Windows operating system Supports local area network (LAN) connections.
CHAPTER Protocols and IEEE Standards. Chapter Objectives Discuss different protocols pertaining to communications and networking.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
Portable SSH Brian Minton EKU, Dept. of Technology, CEN/CET)‏
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 4: Designing Routing and Switching Requirements.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Seamless Access to Services for Mobile Users Jennifer Rexford Princeton University Joint work with Matvey Ayre, Mike.
TCP/IP Transport and Application (Topic 6)
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
1 Network Layer Lecture 15 Imran Ahmed University of Management & Technology.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.
4061 Session 25 (4/17). Today Briefly: Select and Poll Layered Protocols and the Internets Intro to Network Programming.
Reconsidering Internet Mobility Alex C. Snoeren, Hari Balakrishnan, M. Frans Kaashoek MIT Laboratory for Computer Science.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
Chapter 2 Protocols and the TCP/IP Suite 1 Chapter 2 Protocols and the TCP/IP Suite.
Data Communications and Networks
Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
InfraHIP HIIT ARU Portfolio Seminar Andrei Gurtov.
TCP/IP (Transmission Control Protocol / Internet Protocol)
SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)
Welcome to Early Bird Class
OCALA Overlay Convergence Architecture for supporting Legacy Applications on Overlays Dilip Antony Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik.
Internet Indirection Infrastructure Ion Stoica UC Berkeley Nov 14, 2005.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.
A Sneak Peak of What’s New in Globus GridFTP John Bresnahan Michael Link Raj Kettimuthu (Presenting) Argonne National Laboratory and The University of.
Introduction to Avaya’s SDN Architecture February 2015.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.
Network Programming. These days almost all devices.
CIS 700-5: The Design and Implementation of Cloud Networks
Internet Indirection Infrastructure (i3)
Securing the Network Perimeter with ISA 2004
OSI Protocol Stack Given the post man exemple.
Using MIS 2e Chapter 6 Appendix
Chapter 2 Introduction Application Requirements VS. Transport Services
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Cengage Learning: Computer Networking from LANs to WANs
Presentation transcript:

OCALA: An Architecture for Supporting Legacy Applications over Overlays Dilip Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik Lakshminarayanan 1, Ion Stoica 1, Klaus Wehrle 3 1 UC Berkeley, 2 KDDI Labs, 3 RWTH Aachen University

Motivation Efforts to change Internet : limited success –IP multicast, QoS Overlays provide new features without changing the Internet –Resilient Overlay Networks (RON) : resilience to path failures –Internet Indirection Infrastructure (i3) : mobility, NAT traversal, anycast, multicast But still no widespread deployment –Users unwilling to shift to new application programs –No interoperability between different overlays

Goal 1 – Legacy Application Support Enable legacy applications to work over new network architectures and overlays –Applications that work on IP –Unmodified –Users choose the best overlay for a particular application

Simultaneous access to different overlays Firefox sshd IRC ssh i3 RON Internet IRC Host A (San Jose) Host B (India) Host C (China)

Goal 2 - Interoperability Enable hosts in different overlays to talk to each other –Interoperability between hosts in different overlays –Interoperability between overlay hosts and pure IP hosts –Combined benefits of different overlays

RON Stitching together different overlays Mobility of i3 available for the first hop to the gateway Robustness of RON available for the second hop to the final destination Host A (Berkeley) ssh Host B (India) sshd Gateway (SFO) i3

Goal 3 – Factoring out Common Functionality Lower barrier of providing support for legacy applications over new overlays –Concentrate on architecture; not on supporting legacy applications –Factor out common functionality Example: Authentication & encryption –Plug-in overlays into a common framework

Contents Introduction  Design  Applications  Implementation  Conclusion

Overlay Convergence Architecture for Legacy Applications (OCALA) Overlay Convergence (OC) Layer Overlay ( i3, RON, DOA, HIP …) Overlay ( i3, RON, DOA, HIP …) Legacy Applications (ssh, firefox, explorer, …) Legacy Applications (ssh, firefox, explorer, …) Transport Layer (TCP, UDP, …) Transport Layer (TCP, UDP, …) OC Independent (OC-I) Sublayer OC Dependent (OC-D) Sublayer Interpose an Overlay Convergence Layer between transport layer and overlay networks Application Layer Transport Layer Network Layer Link Layer

Expressing which overlay to use DNS-like names to identify machines (or services) ucb.i3 Interpreted by OC-I OC-I uses suffix to invoke corresponding OC-D instance OC-I OC-D Transport Overlay OC-D resolution mechanism –General (e.g., OpenDHT, DNS, address book) –Overlay specific (e.g., hashing names to IDs in i3) Configuration file –Support applications not using DNS names –Store user preferences Interpreted by OC-D OC-D resolves this name to an overlay specific ID/Address

Legacy App. Transport Layer Host A (ID A ) OC-I OC-D Setting up a new connection i3 Legacy App. Transport Layer Host B (ucb.i3, ID B ) OC-I OC-D 1 DNSreq(ucb.i3) 2 setup(ucb.i3) Name Res. Service (local addrbook, DNS, OpenDHT…) 3 resolve (ucb.i3) RON i3RON … i3RON … 4 ID B 5 overlay specific setup protocol td AB  ID B td BA  ID A i3 tunnel_d = td AB 6 OCI-Setup (pd AB ) 7 pd AB ↔ IP AB pd AB  td AB “ucb.i3”  pd AB pd AB ↔ IP BA pd AB  td BA DNSresp(IP AB ) /8

Legacy App. Transport Layer Host B (ucb.i3, ID B ) OC-I OC-D i3 Legacy App. Transport Layer Host A (ID A ) OC-I OC-D i3 Data Flow i3 td AB  ID B td BA  ID A pd AB ↔ IP AB pd AB  td AB “ucb.i3”  pd AB pd AB ↔ IP BA pd AB  td BA IP A  IP AB data td AB, pd AB data IP A  IP AB pd AB dataIP A  IP AB ID B pd AB dataIP A  IP AB IP BA  IP B data

Simultaneous access to different overlays OC-I i3 Firefox OC-I RON ssh RON IRC ssh … OC-D i3 RON Internet … OC-I i3 IRC … Host A (San Jose) Host B (India) iitm.ac.in.ron Host C (China) chinairc.i3 IP

Stitching together different overlays A sets up tunnel to sfgateway.i3 over i3. B sets up tunnel to iitm.ac.in.ron over RON. OC-I Host A (Berkeley) ssh OC-I Host B (India) iitm.ac.in.ron sshd OC-I Gateway (SFO) sfgateway.i3 i3 OC-D i3 RON i3 RON *.ron  sfgateway.i3

Contents Introduction Design  Applications  Implementation  Conclusion

Applications New functionality enabled by the overlay Example: i3 enables hosts to force all incoming traffic through off-path middleboxes

Demo i3 Webserver dilip-secure.pli3 Remote Client Proxy R Web Browser GET dilip-secure.pli3.ocalaproxy.net GET dilip-secure.pli3 Bro Middlebox (In office) GET dilip-secure.pli3 Internet Communication between non-overlay host and overlay host Web server dilip-secure.pli3 imposes Bro IDS on its path using i3 (At home)

Applications Robust connections over RON Access to machines behind NATs using i3 OCALA Secure Connection –Unsecured wireless prone to eavesdropping

Applications Robust connections over RON Access to machines behind NATs using i3 OCALA Secure Connection –Unsecured wireless prone to eavesdropping –Use encrypted tunnel to gateway –Similar to Google secure wifi

Contents Introduction Design Applications  Implementation  Conclusion

Implementation A user-level proxy tun device used to capture packets Linux, Windows XP and Mac OS X – 40k SLOC of C++ OC-D modules –Dynamically loadable libraries –Simple 5 function call interface – less than 200 lines of glue code –i3, RON OC-D modules written internally –Host Identity Protocol (Andrei Gurtov, HIIT, Helsinki) –Delegation Oriented Architecture (Evelyn Eastmond, Daniel Wendel, Lev Popov, MIT) –OverDoSe (Runting Shi, CMU) GUI for configuring OCALA written in Java

Overheads and Limitations OC-I headers – 14 bytes Micro-benchmarks –OC-I : 40 microseconds per packet –i3, RON OC-Ds : microseconds per packet LAN experiments –90% of the TCP throughput over direct IP Packet rewriting  FTP, SIP will not work

Related Work Overlay-specific application support: –RON, i3, HIP Stitching together multiple address spaces: –AVES, TRIAD, UIP OASIS (U. Wash. & U. Mass.) –Provide isolation, but no interoperability …

Conclusion Enable evaluation of new architectures with real users and real applications –Simplify legacy application support –Bring benefits of new architectures to real users

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.