Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,

Slides:



Advertisements
Similar presentations
Multihoming and Multi-path Routing
Advertisements

Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Internetworking II: MPLS, Security, and Traffic Engineering
Re-Thinking Internet Architecture
Internet Indirection Infrastructure Presented in by Jayanthkumar Kannan On 09/17/03.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
Host Mobility Using an Internet Indirection Infrastructure by Shelley Zhuang, Kevin Lai, Ion Stoica, Randy Katz, Scott Shenker presented by Essi Vehmersalo.
I3 Status Ion Stoica UC Berkeley Jan 13, The Problem Indirection: a key technique in implementing many network services,
Internet Indirection Infrastructure Ion Stoica and many others… UC Berkeley.
10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.
15-441: Computer Networking Lecture 26: Networking Future.
3-1 Distributed Hash Tables CS653, Fall Implementing insert/retrieve: distributed hash table (DHT) r Hash table m data structure that maps “keys”
CS 268: Lecture 5 (Project Suggestions) Ion Stoica February 6, 2002.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.
I3 Update Ion Stoica and many others… UC Berkeley January 10, 2005.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,
Internet Indirection Infrastructure (i3) Status – Summer ‘03 Ion Stoica UC Berkeley June 5, 2003.
Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.
Overlay, End System Multicast and i3
CS 268: Project Suggestions Ion Stoica February 6, 2003.
Internet Indirection Infrastructure Ion Stoica UC Berkeley June 10, 2002.
CS 268: Project Suggestions Ion Stoica January 23, 2006.
1 CS 194: Distributed Systems Distributed Hash Tables Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer.
Internet Indirection Infrastructure Slides thanks to Ion Stoica.
1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.
CS 268: Overlay Networks: Distributed Hash Tables Kevin Lai May 1, 2001.
CS 268: Lecture 25 Internet Indirection Infrastructure Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
COS 461: Computer Networks
Indirection Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm Slides.
Towards a More Functional and Secure Network Infrastructure Dan Adkins, Karthik Lakshminarayanan, Adrian Perrig (CMU), and Ion Stoica.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Internet Indirection Infrastructure (i3) Ion Stoica Daniel Adkins Shelley Zhuang Scott Shenker Sonesh Surana (Published in SIGCOMM 2002) URL:
Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.
Towards a New Naming Architectures
Middleboxes & Network Appliances EE122 TAs Past and Present.
23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA.
Internet Indirection Infrastructure Ion Stoica April 16, 2003.
End-to-end resource management in DiffServ Networks –DiffServ focuses on singal domain –Users want end-to-end services –No consensus at this time –Two.
Internet Indirection Infrastructure Ion Stoica et. al. SIGCOMM 2002 Presented in CIS700 by Yun Mao 02/24/04.
Papers covered ● K. Lakshminarayanan, D. Adkins, A. Perrig, I. Stoica, “Taming IP Packet Flooding Attacks”, HotNets-II. ● M. Handley, A. Greenhalgh, “Steps.
15-849: Hot Topics in Networking Mobility Srinivasan Seshan.
Information-Centric Networks07a-1 Week 7 / Paper 1 Internet Indirection Infrastructure –Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh.
Transport Layer 3-1 Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012  CPSC.
CIS 3360: Internet: Network Layer Introduction Cliff Zou Spring 2012.
Information-Centric Networks06b-1 Week 6 / Paper 2 A layered naming architecture for the Internet –Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia.
Multimedia & Mobile Communications Lab.
Lectu re 1 Recap: “Operational” view of Internet r Internet: “network of networks” m Requires sending, receiving of messages r protocols control sending,
DHT-based unicast for mobile ad hoc networks Thomas Zahn, Jochen Schiller Institute of Computer Science Freie Universitat Berlin 報告 : 羅世豪.
CS 268: Project Suggestions Ion Stoica January 26, 2004.
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Protocols and Architecture Slide 1 Use of Standard Protocols.
Information-Centric Networks Section # 6.2: Evolved Naming & Resolution Instructor: George Xylomenos Department: Informatics.
Information-Centric Networks Section # 7.1: Evolved Addressing & Forwarding Instructor: George Xylomenos Department: Informatics.
CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.
Ασύρματες και Κινητές Επικοινωνίες
Internet Indirection Infrastructure Ion Stoica UC Berkeley Nov 14, 2005.
Internet Indirection Infrastructure (i3) Ion Stoica Daniel Adkins Shelley Zhuang Scott Sheker Sonesh Surana Presented by Kiran Komaravolu.
: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Network Processing Systems Design
I3 and Active Networks Supplemental slides Aditya Akella 03/23/2007.
Internet Indirection Infrastructure (i3)
CS 268: Lecture 25 Indirection
Internet Indirection Infrastructure
Internet Indirection Infrastructure
EE 122: Lecture 7 Ion Stoica September 18, 2001.
EE 122: Lecture 22 (Overlay Networks)
Presentation transcript:

Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley, CA Internet Architectures: Internet Indirection Infrastructure (i3), …

2 Motivations Today’s Internet is built around a unicast point-to-point communication abstraction: –Send packet “p” from host “A” to host “B” This abstraction allows Internet to be highly scalable and efficient, but… … not appropriate for applications that require other communications primitives: –Multicast –Anycast –Mobility –Service composition (Middleboxes) –…–…

3 Why? Point-to-point communication  implicitly assumes there is one sender and one receiver, and that they are placed at fixed and well-known locations –E.g., a host identified by the IP address xxx.xxx is located in Berkeley

4 IP Solutions Extend IP to support new communication primitives, e.g., –Mobile IP –IP multicast –IP anycast Disadvantages: –Difficult to implement while maintaining Internet’s scalability (e.g., multicast) –Require community wide consensus -- hard to achieve in practice

5 Application Level Solutions Implement the required functionality at the application level, e.g., –Application level multicast (e.g., Fastforward, Narada, Overcast, Scattercast…) –Application level mobility Disadvantages: –Efficiency hard to achieve –Redundancy: each application implements the same functionality over and over again –No synergy: each application implements usually only one service; services hard to combine

6 Key Observation Virtually all previous proposals use indirection! “Any problem in computer science can be solved by adding a layer of indirection”

7 Indirection is Everywhere! “foo.org” IP foo DNS Server foo.org IP foo IP foo DNS (IP home,data) Home Agent IP home IP mobile (IP mobile,data) IP mofile Mobile IP NAT Box IP nat :P nat IP dst :P dst (IP dst :P dst,data) IP dst NAT Internet (IP M  IP R1 ) (IP M  IP R2 ) (IP M,data) (IP R1,data) (IP R2,data) IP R1 IP R2 IP Multicast (IP foot,data) (IP nat :P nat,data)

8 Internet Indirection Infrastructure (i3) Use an overlay network to implement this layer –Incrementally deployable; don’t need to change IP Build an efficient indirection layer on top of IP IP TCP/UDP Application Indir. layer

9 Internet Indirection Infrastructure (i3) Each packet is associated an identifier id To receive a packet with identifier id, receiver R maintains a trigger ( id, R) into the overlay network Sender idR trigger iddata Receiver (R) iddata R

10 Service Model API –sendPacket( p ); –insertTrigger( t ); –removeTrigger( t ) // optional Best-effort service model (like IP) Triggers periodically refreshed by end-hosts ID length: 256 bits

11 Mobility Host just needs to update its trigger as it moves from one subnet to another Sender Receiver (R1) Receiver (R2) idR1 idR2

12 iddata Multicast Receivers insert triggers with same identifier Can dynamically switch between multicast and unicast Receiver (R1) idR1 Receiver (R2) idR2 Sender R1data R2data iddata

13 Anycast Use longest prefix matching instead of exact matching –Prefix p: anycast group identifier –Suffix s i : encode application semantics, e.g., location Sender Receiver (R1) p|s 1 R1 Receiver (R2) p|s 2 R2 p|s 3 R3 Receiver (R3) R1 data p|a data p|a data

14 Service Composition: Sender Initiated Use a stack of IDs to encode sequence of operations to be performed on data path Advantages –Don’t need to configure path –Load balancing and robustness easy to achieve Sender Receiver (R) id T T id R Transcoder (T) T,id data iddata R id T,id data id T,id data

15 Service Composition: Receiver Initiated Receiver can also specify the operations to be performed on data Receiver (R) id id F,R Firewall (F) Sender id F F id F,R data R F,R data id data id data

16 Outline  Implementation Examples Security Architecture Optimizations Applications

17 Quick Implementation Overview i3 is implemented on top of Chord Each trigger t = ( id, R ) is stored on the node responsible for id Use Chord recursive routing to find best matching trigger for packet p = ( id, data )

18 Routing Example R inserts trigger t = (37, R) ; S sends packet p = (37, data) An end-host needs to know only one i3 node to use i3 –E.g., S knows node 3, R knows node R R S R trigger(37,R) send(37, data) send(R, data) Chord circle S R 0 2 m-1

19 Sender (S) Optimization #1: Path Length Sender/receiver caches i3 node mapping a specific ID Subsequent packets are sent via one i3 node [42..3] [4..7] [8..20] [21..35] [36..41] 37R data R cache node Receiver (R)

20 Optimization #2: Triangular Routing Use well-known trigger for initial rendezvous Exchange a pair of (private) triggers well-located Use private triggers to send data traffic [42..3] [4..7] [8..20] [21..35] [36..41] 37R R [2] 2S 37 [2] 2 [30] 30R S [30] 30 data R Receiver (R) Sender (S)

21 Outline Implementation  Examples –Heterogeneous multicast –Scalable Multicast –Load balancing –Proximity

22 Example 1: Heterogeneous Multicast Sender not aware of transformations ( sends MPEG) Receiver R1 specifies that wants to receive JPEG data, while R2 specifies that wants to receive MPEG data Receiver R1 (JPEG) id_ MPEG/JPEG S_ MPEG/JPEG id (id_ MPEG/JPEG, R1) send(id, data) S_MPEG/JPEG Sender (MPEG) send((id _MPEG/JPEG, R1), data) send(R1, data) id R2 Receiver R2 (MPEG) send(R2, data)

23 Example 2: Scalable Multicast i3 doesn’t provide direct support for scalable multicast Solution: have end-hosts build an hierarchy of trigger of bounded degree –multicast tree, using chains of triggers R2R2 R1R1 R4R4 R3R3 g R 2 g R 1 gxgx x R 4 x R 3 (g, data) (x, data)

24 Example 2: Scalable Multicast (Discussion) Unlike IP multicast, i3 1.Implement only small scale replication  allow infrastructure to remain simple, robust, and scalable 2.Gives end-hosts control on routing  enable end-hosts to –Achieve scalability, and –Optimize tree construction to match their needs, e.g., delay, bandwidth

25 Example 3: Load Balancing Servers insert triggers with IDs that have random suffixes Clients send packets with IDs that have random suffixes S S S S4 S1 S2 S3 S4 A B send( ,data) send( ,data)

26 Example 4: Proximity Suffixes of trigger and packet IDs encode the server and client locations S S S3 S1 S2 S3 send( ,data)

27 Example 5: Protection against DOS Attacks Problem scenario: attacker floods the incoming link of the victim Solution: stop attacking traffic before it arrives at the incoming link –Today: call the ISP to stop the traffic, and hope for the best! Approach: give end-host control on what packets they receive –Enable end-hosts to stop the attacks in the network

28 Example 5: Why End-Hosts (and not Network)? End-hosts can better react to an attack –Aware of semantics of traffic they receive –Know what traffic they want to protect End-hosts may be in a better position to detect an attack –Flash-crowd vs. DoS

29 Example 5: Some Useful Defenses 1.White-listing: avoid receiving packets on arbitrary ports 2.Traffic isolation: –Contain the traffic of an application under attack –Protect the traffic of established connections 3.Throttling new connections: control the rate at which new connections are opened (per sender)

30 Example 5: (1) White-listing Packets not addressed to open ports are dropped in the network –Create a public trigger for each port in the white list –Allocate a private trigger for each new connection ID S S Sender (S) Receiver (R) S [ID R ] ID S [ID R ] ID R R R data ID P R R [ID S ] ID P [ID S ] ID R data ID P – public trigger ID S, ID R – private triggers

31 Example 5: (2) Traffic Isolation Drop triggers being flooded without affecting other triggers –Protect ongoing connections from new connection requests –Protect a service from an attack on another services Victim (V) Attacker (A) Legitimate client (C) ID 2 V ID 1 V Transaction server Web server

32 Example 5: (2) Traffic Isolation Drop triggers being flooded without affecting other triggers –Protect ongoing connections from new connection requests –Protect a service from an attack on another services Victim (V) Attacker (A) Legitimate client (C) ID 1 V Transaction server Web server Traffic of transaction server protected from attack on web server Traffic of transaction server protected from attack on web server

33 Server (S) Client (C) Example 5: (3) Throttling New Connections Redirect new connection requests to a gatekeeper –Gatekeeper has more resources than victim –Can be provided as a 3 rd party service ID C C XS puzzle puzzle’s solution Gatekeeper (A) ID P A

34 Another View of Indirection/Delegation Indirection point  point where control is transferred from sender to receiver –Translation/forwarding entry usually controlled by receiver

35 End-host Empowerment Both the sender and receiver are able to explicitly control the service-path –Note: multiple indirection points possible Internet Receiver Indirection point (tussle boundary) Sender Middlebox 1 (M1) M2 M3M4 sender control receiver control

36 Realization: i3 vs DOA Internet i3 M1 M2 R ([id S1,id R ], data) id R [id M2,R] id M1 M1 id M2 S2 i3 Internet M1 R ([id S1,id S2 ], data) id M2 id R id M1 M1 id M2 M2 id S1 S1 M2 id S2 S2 id R R id R R Name resolution infrastructure (e.g., OpenDHT) DOA

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.