Session-Based Mobility An End-to-End Approach Alex C. Snoeren MIT Laboratory for Computer Science (with Hari Balakrishnan, Frans Kaashoek, and Jon Salz)
An Example: SSH Session Remote log in / port forwarding Provides secure remote communication Data compressed and encrypted as a stream SSHd shell elm X app server client ssh
Today’s Network Abstraction System provides a connection service Binds [, ] tuple Any change invalidates the connection No support for periods of disconnectivity SSH Client TCPIP SSH Server TCPIP Each application must perform ad-hoc recovery and disconnection management, or fail
Mobile Networking Challenges 1.Changing end points Change in node attachment point Multi-homing (multiple network interfaces) Readdressing: DHCP renewal, NAT crash, etc. 2.Internet “Suspend/Resume” Wireless device goes out of range Save device power or connectivity costs Transient Internet connectivity outage Complete solution needs to address both
Current Approaches Only solve half the problem Mobile IP, VIP, Physical Media Independence, … MSOCKS, SLM, Application check-pointing, … Don’t support intelligent adaptation Rocks, Mobile sockets, Mobile file systems, … Use application-specific point solutions RTSP, SCTP, SIP multimedia calls, … Web shopping carts, J2EE servlets, … HTTP range requests, FTP restart points, …
Reconsider System Abstraction Many applications create “sessions” Long-lived: collections of connections Entity of processing and resource allocation Can we provide a useful system abstraction? Flexible enough for different users, applications Efficient to implement, leverage shared resources Easy to use, but backwards compatible Session is the salient mobility entity
1, 2, 3… Mobility 1.System Session Abstraction [SBK’01] Collaborative management of end point changes Support for unmodified legacy apps [SaSB’02] 2.Preserving Reliable Connections TCP connection migration [SB’00] 3.Session Continuations [SSaBK’02] Application-guided disconnection handling System support for long-lived sessions [SAB’01]
Goals: Minimally Invasive Overhead only on mobility events As secure as non-mobile situations Require no infrastructure support Demonstrate pure end-to-end solution Deployable via proxies if desired Enable intelligent session adaptation Transparency is always an option
Managing Changing End Points Applications handle discovery Lots of ways to resolve to pair User specifies local network policy Different users, different choices System manages tracking Clear semantics, scalable, and efficient
End-to-End Session Tracking Discovery Service (e.g., Dynamic DNS) Mobile Node foo.bar.edu Discovery Query (e.g., DNS Lookup) Session Initiation xxx.xxx.xxx.xxx Correspondent Node Discovery Update (e.g., DNS Update) Session Update yyy.yyy.yyy.yyy
System Session Abstraction Set of network connections to remote end point All involved in single collaborative activity Application identifies end points, initiates connections System manages tracking Maintains semantics of reliable protocols Exposes changes to apps that register interest /* Find remote end point */ dhost = gethostbyname(dst); /* Validate remote end point */ daddr = valid_address(dhost); /* Create a new session */ sid = session_create(flags, …); /* Specify end points discovery */ set_lookupfunc(sid, gethostbyname, dst, hostname); /* Create two connections */ connect(a, daddr, …); add_connection(sid, a); connect(b, daddr, …); add_connection(sid, b); /* Register interest in changes */ register_handler(sid, mobhandler);
session_create()add_connection() Robust Session Management EstablishedLostConnectingMigrating Frozen Mobility Daemon Session Layer App Not Supported Diffie-Hellman Key Exchange Challenge/Response Protocol C, P Policy Engine Mobility Daemon Session Layer App Policy Engine
Dynamic Library Interposition Legacy Application libmigrate Kernel connect(…) fd Migrate Daemon sid = session_create(); add_connection(sid, …); Session Handle libc connect(…) syscall(connect,…) fd Session Establishment Intercept POSIX API Wrap each connection in its own session
PART 1 Problem: Track changing end points Solution: System session abstraction PART 2 Problem: Preserve reliable connections Solution: TCP Migrate Options PART 3 Problem: Internet “Suspend/Resume” Solution: Session continuations
Connection Preservation Provide stable view of dynamic kernel socket But what about reliable connections? User level: Double buffer, session layer re-sync Full access: Extend transport protocol KernelAppKernelApp Session Layer Session Layer
SYN 0 ACK 1 Transmission Control Protocol The reliable protocol 91% of all bytes, 83% of all packets [CAIDA ’00] SSH, FTP, HTTPS, telnet, IMAP, SMTP, etc. SYN/ACK handshake Negotiates options, sequence space Reliable transport In-order delivery Retransmits lost data ACK 2 DATA 1 ACK 3 DATA 2 SYN 0 / ACK 1
TCP Connection Migration Resume previous connection with new one Provide special Migrate TCP option Sent on SYN packets of new connection Preserve buffers and sequence space Retransmission engine just works Compatible with SACK, FACK, Snoop… Entirely backwards compatible
TCP Connection Migration 1.Initial SYN 2.SYN/ACK 3.ACK (with data) 4.Normal data transfer 5.Migrate SYN 6.Migrate SYN/ACK 7.ACK (with data) SYN 0 ACK 1 SYN 0 / ACK 1 fixedmobile (MigrateOK, …) SYN 22 (Migrate T, …) 5. ACK SYN 46 / ACK DATA 47 ACK DATA 22 ACK 47
TCP State Machine Changes MIGRATE_WAIT 2MSL timeout recv: SYN (migrate T, R) send: SYN, ACK 2 new transitions between existing states - and - 1 new state handles pathological race condition recv: SYN (migrate T, R) send: SYN, ACK recv: RST appl: migrate send: SYN (migrate T, R)
Migration Trace SYN/ACK Buffered Packets (old address) Migrate SYN
A Lossy Trace with SACK SYN/ACK Migrate SYN Buffered Packets (old address) ACK w/SACK
PART 1 Problem: Track changing end points Solution: System session abstraction PART 2 Problem: Preserve reliable connections Solution: TCP Migrate Options PART 3 Problem: Internet “Suspend/Resume” Solution: Session continuations
Internet Suspend/Resume Intelligent disconnection handling Buffer otherwise lost communications Emulate remote services locally Release resources while disconnected Graceful resumption handling Reallocate resources and restore state Adapt to new network conditions Indicate how to resume processing
Motivating Continuations Observation: complete context inappropriate Some previous state irrelevant, or, even worse, Invalidated due to change in conditions (C.f. TCP Connection state) Similar problem in programming languages Block when state and context is complex Pass continuation if state and context is small Continuations can request blocking behavior
Using Continuations User level App Kernel SL Expand session notion Align with application Annotate state, resources, associated computation Include system state Provide synchronization and preservation assistance Shared attribute/value store Persist local system IPC, file descriptors System invokes continuation at session resumption Generated in response to disconnection notification
Conserving Session Resources SSHd emacs Socket Buffers Network Ports Open Files Kernel Resources dedicated to active session >> Resources dedicated to suspended session Release system resources as well Continuation generation is recursive!
SSH Continuation Don’t suspend until it’s convenient Process pending data, deliver to app or network Only a minimum of state to preserve Auth, crypto, and compression state Preserve IPC to child processes Notify child processes of disconnection Tunneled apps share connectivity fate Added ~250 LOC in an afternoon
Continuation Efficiency Anecdotal evidence of size and speed SSHdFTPd Memory Usage (KB) Restart Latency (msec) SSHdFTPd System Resources Shared Pages Non-Shared Pages Startup Latency Session Overhead Session Continuation
Continuation Solution Spectrum Fast TCP handoff One RTT Normal movement Four RTTs + re-sync Suspend/Resume Complete flexibility Control Channel SYN Response Challenge Data SYN Data SYN/ACK Control Channel SYN/ACK Request Continuation Info Resumed connection +
Conclusion & Future Directions Sessions are viable system abstractions Useful, flexible, and easy to use Admit robust, efficient implementation Continuations enable “suspend/resume” Useful for mobility across hosts? Continuations eliminate dependencies An area for future exploration…
PART 1 Problem: Changing end points Solution: System session abstraction PART 3 Problem: Internet “Suspend/Resume” Solution: Session continuations
System Session Tracking Directly notify remote end point Subject to same delays as communication Discovery service update is off path No impact on handoff performance Rediscover only if necessary Simultaneous moves of both end points
Solution: Session Continuations Need explicit disconnection directive 1.What to do if disconnected 2.What to do upon resumption App needs to answer first question Perform necessary disconnection duties Prepare an answer for question #2 part of #1 Answer to #2 is a session continuation
Application Migrate Architecture Session Layer Session Creation Connectivity Monitor Connectivity Updates Policy Engine Policy Decisions Mobility Events Kernel
Session Continuations Goal: suspend/resume operation Perform needed cleanup on disconnect Specify what to do on resumption How: encapsulate “rest of the session” Package together remaining computation and the state, context & resources necessary to execute it Generate default continuations for sessions that don’t provide their own
Deploying a New Abstraction Legacy Application libc Kernel connect(…) syscall(connect,…) fd Legacy Apps deal in connections, not sessions Managed through the standard POSIX API
An Example: SSH Session Remote log in / port forwarding Provides secure remote communication Data compressed and encrypted as a stream SSHd shell elm X app Mobility Daemon server client ssh Mobility Daemon
SYN 0 ACK 1 TCP Overview Connection-oriented Binds two end points Specified by IP Address SYN/ACK handshake Negotiates options, sequence space Reliable transport In-order delivery Retransmits lost data ACK 2 DATA 1 ACK 3 DATA 2 SYN 0 / ACK 1
Transmission Control Protocol Internet standard for reliable transport 91% of all bytes, 83% of all packets [CAIDA ’00] Transport for many session protocols SSH, FTP, HTTPS, telnet, imap, SMTP, etc ACK
Current Approaches Systems bundle discovery and tracking System does both (e.g. Mobile IP) Limits granularity of tracking -or – Application does both Makes tracking unnecessarily expensive Interface selection is pre-determined
Managing Changing End Points 1.Discover remote end points of interest DNS, service location, resource discovery, … 2.Select appropriate local end point Ethernet, , cellular, Bluetooth, … 3.Communications track both as they move Enhanced Mobile IP, Persistent connections, …
Flexible: Separate Each Activity Applications handle discovery Lots of ways to resolve to pair User specifies local network policy Different users, different choices System manages tracking Follows the application-specified end point Clear semantics, scalable, and efficient
Eliminating Per-Packet Overhead Double buffering takes time, memory Unify session/connection buffers, or Preserve connection buffers Synchronization adds latency Eliminate need to synchronize connections Needs to be entirely backwards-compatible