ITINERANT: TCP Socket Migration Titus Winters Dan Berger CS 202: Spring ‘03.

Slides:

Advertisements

Similar presentations

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

Advertisements

Netprog: IPv61 IPv6 Refs: Chapter 10, Appendix A.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

ConnectionMigration 818L Network Centric Computing Spring 2002 Ishan Banerjee.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

Packet Mangling for Fun & Profit A Brief Intro to Netfilter, User Mode Linux, and the Linux TCP/IP Stack.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

TCP Splicing for URL-aware Redirection

Networks 1 CS502 Spring 2006 Network Input & Output CS-502 Operating Systems Spring 2006.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.

1 Netfilter in Linux Bing Qi Department of Computer Science and Engineering Auburn university.

What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.

1 IPv6 Refs: Chapter 10, Appendix A. 2 IPv6 availability Generally not part of O.S. Available in beta for many operating systems. 6-Bone is experimental.

ECCP A Formally-Veriﬁed Migration Protocol For Mobile, Multi-Homed Hosts Matvey Arye Joint work with: Erik Nordström, Robert Kiefer Jennifer Rexford, Michael.

1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Small Form Computing A bump in the wire. The questions ● What can we do with an inexpensive small computer? ● Can we make it a part of a seamless wireless.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

Chapter 17 Networking Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William Stallings.

CORE KAIST EECS Computer Engineering Research Lab A General Purpose Proxy Filtering Mechanism Applied to the Mobile Environment Bruce Zenel Jupyung Lee.

Protocols and the TCP/IP Suite

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

William Stallings Data and Computer Communications 7 th Edition Data Communications and Networks Overview Protocols and Architecture.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

On the Performance of TCP Splicing for URL-aware Redirection Ariel Cohen, Sampath Rangarajan, and Hamilton Slye The 2 nd USENIX Symposium on Internet Technologies.

Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.

Heavy and lightweight dynamic network services: challenges and experiments for designing intelligent solutions in evolvable next generation networks Laurent.

Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

The Implementation of 6TALK Yong-Geun Hong The 1 st GLOBAL IPv6 Summit in AP

4061 Session 25 (4/17). Today Briefly: Select and Poll Layered Protocols and the Internets Intro to Network Programming.

An initial study on Multi Path Routing Over Multiple Devices in Linux 2.4.x kernel Towards CS522 term project By Syama Sundar Kosuri.

Module 10: How Middleboxes Impact Performance

Network Emulation for the Study and Validation of Traffic Models, Congestion and Flow Control in TCP/IP Networks Cheryl Pope Lecturer Department of Computer.

4: Network Layer4b-1 IPv6 r Initial motivation: 32-bit address space completely allocated by r Additional motivation: m header format helps speed.

Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.

IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

CMSC Presentation An End-to-End Approach to Host Mobility An End-to-End Approach to Host Mobility Alex C. Snoeren and Hari Balakrishnan Alex C. Snoeren.

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Software Defined Networking and OpenFlow Geddings Barrineau Ryan Izard.

LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.

MPTCP Proxy MPTCP Client MPTCP Proxy Server.

Network Address Translation (NAT)

GridOS: Operating System Services for Grid Architectures

Internet Protocol Version 6 Specifications

Module 4 Remote Login.

Chris Meullion Preston Burden Dwight Philpotts John C. Jones-Walker

CSE 4340/5349 Mobile Systems Engineering

Network Virtualization

FSU CIS 5930 Internet Protocols

Chapter 40 Remote Method Invocation

FARA: Reorganizing the Addressing Architecture

Net 323 D: Networks Protocols

Chapter 46 Remote Method Invocation

Refs: Chapter 10, Appendix A

NET 323D: Networks Protocols

TCP Connection Management

Chapter 4: outline 4.1 Overview of Network layer data plane

Presentation transcript:

ITINERANT: TCP Socket Migration Titus Winters Dan Berger CS 202: Spring ‘03

Overview Problem Description & Motivation Proposed Solution Netfilter Primer Solution Architecture Conclusion

Problem & Motivation TCP Sockets are identified by (saddr, sport, daddr, dport) + seqno and ackno state No standard mechanism exists to move one end of a socket connection. This could often be quite useful – examples include: Web “spray”/load balancing Mobile & ubiquitous computing

Proposed Solution We set out to provide primitives to facilitate TCP socket migration on Linux. Goals: Transparent to client application Minimally OS level Extend standard socket API – minimize learning curve for server developers

Proposed Solution (cont.) Non-goals: Do not address “application state” migration. Provide no more (or less) security than TCP. Higher level security ramifications considered, but not addressed.

Netfilter Primer “Minimally Intrusive” means no direct kernel modifications. Modifying the TCP state machine seems to require kernel hacking. Netfilter to the rescue!

What’s Netfilter? Netfilter is a series of callback functions within the network stack. The API is non-portable and appeared in linux 2.3.x Initial design and implementation by Paul “Rusty” Russell Each protocol has it’s own set of callback points. We care about IPv4.

Netfilter Concepts A module expresses interest in being invoked at an arbitrary subset of the available callback points – specifying the function and the (global) priority in which it should be called. That function is passed (among other things) a handle to the packet being processed.

Netfilter Hooks in IPv4 Routing Engine Local Sockets 1 In Out Application

Say Again? 1: NF_IP_PREROUTING any received packet which checksums OK. 2: NF_IP_LOCAL_IN packets destined for local sockets 3: NF_IP_FORWARD foreign packets being forwarded 4: NF_IP_POST_ROUTING any outbound packet 5: NF_IP_LOCAL_OUT packets originating from local sockets Routing Engine Local Sockets 1 InOut

Solution Description A new setsockopt(2) option to initiate migration. A netfilter module that registers for PREROUTING and LOCAL_OUT Handles migration process. Completes socket shutdown on intermediate host (FIN/ACK) Nicely symmetric – so the host initiating the migration just “steps out” of the middle.

Migration Flow C S1 S2

Conclusion A working proof of concept was built. It consists of O(1000) lines of code No kernel modifications needed Some details were skipped to make the schedule but could be fixed within the current implementation: Migration isn’t a three way handshake. TCP/Socket options aren’t handled.

Fini Questions?