LNA and DOA Aditya Akella 3/11/2010. A Layered Naming Architecture for the Internet Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia Ratnasamy, Scott.

Slides:



Advertisements
Similar presentations
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Advertisements

1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)
Michael Walfish, Jeremy Stribling, Maxwell Krohn, Hari Balakrishnan, Robert Morris, and Scott Shenker * 7 December 2004 MIT Computer Science and AI Lab.
1 Rethinking the Internet Architecture Process, Architecture, and Troubleshooting Scott Shenker (joint work with many people, including Katerina Argyraki,
DHT-Oriented Architecture: A Prototype Maxwell Krohn, Jeremy Stribling, Michael Walfish MIT Project Demonstration 29 April 2004.
Internet Indirection Infrastructure Ion Stoica and many others… UC Berkeley.
10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.
Middle Boxes Lixia Zhang UCLA Computer Science Dept Sprint Research Symposium March 8-9, 2000.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.
Rethink the design of the Internet CSCI 780, Fall 2005.
Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,
ISOC-Chicago 2001John Kristoff - DePaul University1 Journey to the Center of the Internet John Kristoff DePaul University.
Part I: Core networking concepts Naming & Addressing.
1 Web Proxies Dr. Rocky K. C. Chang 6 November 2005.
CS 268: Computer Networking L-18 Naming. 2 Overview i3 Layered naming DOA SFR.
CS 268: Project Suggestions Ion Stoica January 23, 2006.
1 A Data-Oriented Network Architecture ACM Sigcomm’07 (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, Scott Shenker, I. Stoica)
1 Link Layer & Network Layer Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari Balakrishnan, and Sam Madden Prof. Dina Katabi.
Postmodern Internet Architecture Defense Zhaosheng Zhu Kevin Tan.
1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Indirection Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm Slides.
Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.
Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.
1 TCP/IP architecture A set of protocols allowing communication across diverse networks Out of ARPANET Emphasize on robustness regarding to failure Emphasize.
Towards a New Naming Architectures
Host Identity Protocol
A Layered Naming Architecture for the Internet Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, Michael Walfish.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
What does it take to define an architecture? (Part 2) David D. Clark July, 2012.
Rhys McBreen (How the internet works) X. Contents The Layers and what they do IP Addressing X.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Chapter 6: Packet Filtering
Chapter 13 – Network Security
Protocols and the TCP/IP Suite
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
Naming Examples UUID (universal unique ID) – 128 bit numbers, locally generated, guaranteed globally unique Uniform Resource Identifier (URI) URL (uniform.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Information-Centric Networks07a-1 Week 7 / Paper 1 Internet Indirection Infrastructure –Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh.
Information-Centric Networks06a-1 Week 6 / Paper 1 Untangling the Web from DNS –Michael Walfish, Hari Balakrishnan and Scott Shenker –Networked Systems.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
DNS and Naming Aditya Akella 03/16/2007 Supplemental slides.
A Layered Naming Architecture for the Internet by Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, Michael Walfish.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,
Information-Centric Networks06b-1 Week 6 / Paper 2 A layered naming architecture for the Internet –Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia.
Chapter 2 Protocols and the TCP/IP Suite 1 Chapter 2 Protocols and the TCP/IP Suite.
Multimedia & Mobile Communications Lab.
1 Naming for Internet MMLAB, Seongil Han
Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison.
The Case for Semantic-Free Referencing Hari BalakrishnanScott Shenker Michael Walfish MIT & ICSI/UCB IRIS Project.
Information-Centric Networks06c-1 Week 6 / Paper 3 Middleboxes No Longer Considered Harmful –Michael Walfish, Jeremy Stribling, Maxwell Krohn, Hari Balakrishnan,
15-744: Computer Networking L-18 Naming. 2 How Akamai Works End-user cnn.com (content provider)DNS root serverAkamai server Akamai high-level DNS.
15-744: Computer Networking L-18 Naming. Today’s Lecture Naming and CDNs Required readings Middleboxes No Longer Considered Harmful Internet Indirection.
Information-Centric Networks Section # 6.3: Evolved Naming & Resolution Instructor: George Xylomenos Department: Informatics.
Information-Centric Networks Section # 6.2: Evolved Naming & Resolution Instructor: George Xylomenos Department: Informatics.
Information-Centric Networks Section # 6.1: Evolved Naming & Resolution Instructor: George Xylomenos Department: Informatics.
A Layered Naming Architecture for the Internet Authors: Balakrishnan et al. Presentation: Vinay Goel 01/14/2005 Authors: Balakrishnan et al. Presentation:
K. Salah1 Security Protocols in the Internet IPSec.
Naming Dave Andersen. Lecture warning ● Think “lots of in-class paper discussion” today.
Internet Indirection Infrastructure (i3)
A Layered Naming Architecture
TCP/IP Networking An Example
Overview i3 Layered naming DOA SFR.
An Update on Multihoming in IPv6 Report on IETF Activity
Data-Oriented Network Architecture (DONA)
Presentation transcript:

LNA and DOA Aditya Akella 3/11/2010

A Layered Naming Architecture for the Internet Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, Michael Walfish From Sigcomm 2004

Architectural “Brittleness” Hosts are tied to IP addresses – Mobility and multi-homing pose problems Services are tied to hosts – A service is more than just one host: replication, migration, composition Packets might require processing at intermediaries before reaching destination – “Middleboxes” (NATs, firewalls, …)

Naming Can Help Proper naming can cure some ills – Layered naming provides layers of indirection and shielding Many proposals advocate large-scale, overarching architectural change – Routers, end-hosts, services LNA proposal: – Changes “only” hosts and name resolution – Synthesis of much previous work

Internet Naming is Host-Centric Two global namespaces: DNS and IP addresses These namespaces are host-centric – IP addresses: network location of host – DNS names: domain of host – Both closely tied to an underlying structure – Motivated by host-centric applications

The Trouble with Host-Centric Names Host-centric names are fragile – If a name is based on mutable properties of its referent, it is fragile – Example: If Joe’s Web page moves to Web links to his page break Fragile names constrain movement – IP addresses are not stable host names – DNS URLs are not stable data names

Key Architectural Questions 1.Which entities should be named? 2.What should names look like? 3.What should names resolve to?

Name Services and Hosts Separately Service identifiers (SIDs) are host- independent data names End-point identifiers (EIDs) are location- independent host names Protocols bind to names, and resolve them – Apps should use SIDs as data handles – Transport connections should bind to EIDs Binding principle: Names should bind protocols only to relevant aspects of underlying structure

The Naming Layers User-level descriptors (e.g., search) App session App-specific search/lookup returns SID Transport Resolves SID to EID Opens transport conns IP Resolves EID to IP Bind to EID Use SID as handle IP hdrEIDTCPSID… IP Transport App session Application

Key Architectural Questions 1.Which entities should be named? 2.What should names look like? 3.What should names resolve to?

SIDs and EIDs should be Flat 0xf436f0ab527bac9e8b100afeff Flat names impose no structure on entities – Structured names stable only if name structure matches natural structure of entities – Can be resolved scalably using, e.g., DHTs Flat names can be used to name anything – Once you have a large flat namespace, you never need other global “handles” Stable-name principle: A stable name should not impose restrictions on the entity it names

Resolution Service Flat Names Enable Flexible Migration <A HREF= >here is a paper <A HREF= >here is a paper HTTP GET: /docs/pub.pdf /docs/ HTTP GET: /~user/pubs/pub.pdf ( ,80, /docs/) ( ,80, /~user/pubs/) /~user/pubs/ SID abstracts all object reachability information Objects: any granularity (files, directories) Benefit: Links (referrers) don’t break Domain H Domain Y

Flat Names are a Two-Edged Sword Global resolution infrastructure needed – Perhaps as “managed DHT” infrastructure Lack of local name control Lack of locality Not user-friendly – User-level descriptors are human-friendly

Key Architectural Questions 1.Which entities should be named? 2.What should names look like? 3.What should names resolve to? DOA

Delegation Names usually resolve to “location” of entity Packets might require processing at intermediaries before reaching destination Such processing today violates layering – Only element identified by packet’s IP destination should inspect higher layers Delegation principle: A network entity should be able to direct resolutions of its name not only to its own location, but also to chosen delegates

Take-Home Points from LNA Two flat naming layers fix brittleness – SIDs and EIDs Delegation is a powerful primitive – The follow-on DOA paper shows that With flat SID/EID + delegation: – Like hosts, data becomes first-class entity – Middleboxes gracefully accommodated IP will continue to be a rigid infrastructure – But naming is more malleable and can reduce architectural brittleness – Deployment requires Changes to hosts Global resolution infrastructure

Michael Walfish, Jeremy Stribling, Maxwell Krohn, Hari Balakrishnan, Robert Morris, and Scott Shenker From OSDI 2004 Middleboxes No Longer Considered Harmful

The Problem Middlebox: interposed entity doing more than IP forwarding (NAT, firewall, cache, …) Not in harmony with the Internet architecture No unique identifiers and on-path blocking:  Barrier to innovation  Workarounds add complexity NAT B Host A New traffic class Firewall Host D C

Reactions to the Problem DOA goal: Architectural extension in which: Middleboxes first-class Internet citizens Harmful effects reduced, good effects kept New functions arise Purist: can’t live with middleboxes Pragmatist: can’t live without middleboxes Pluralist (crazy researchers): purist, pragmatist both right

DOA: Delegation-Oriented Architecture Architectural extension to Internet. Core properties (borrowed from LNA): 1. Use globally unique identifiers for hosts 2. Let receivers, senders invoke (and revoke) off- path boxes: delegation primitive NAT Host A Firewall Host D xf12312 B C

Globally Unique Identifiers for Hosts (EIDs) Location-independent, flat, big namespace Hash of a public key  self-certification, security EIDs Carried in packets DOA hdr IP hdr transport hdr body source EID destination EID

Delegation Primitive Let hosts invoke, revoke off-path boxes Receiver-invoked: sender resolves receiver’s EID to  An IP address or  An EID or sequence of EIDs DOA header has destination stack of EIDs Sender-invoked: push EID onto this stack IP hdr transport hdr body source EID destination EID stack

DOA in a Nutshell Delegate IP: j End-host EID: e h IP: i h j DHT LOOKUP( e h ) Process Source EID: e s IP: i s End-host replies to source by resolving e s Authenticity, performance: discussed in the paper DOA Packet IP i s j transport body DOA e s e h DOA transport DOA e s e h

A Bit More About DOA Incrementally deployable (same as LNA). Requires:  Changes to hosts and middleboxes  No changes to IP routers (design requirement)  Global resolution infrastructure for flat IDs

Off-path Firewall e h  (i h, Rules) Network Stack isis jeses [e FW e h ] ihih j eses eheh eheh e FW j DHT Source EID: e s IP: i s Firewall End-host ihih j EID: e FW EID: e h Sign (MAC) Verify

Off-path Firewall: Benefits Simplification for end-users who want it  Instead of a set of rules, one rule:  “Was this packet vetted by my FW provider?” Firewall can be anywhere, leading to:  Third-party service providers  Possible market for such services  Providers keeping abreast of new applications DOA enables this; doesn’t mandate it.

Reincarnated NAT End-to-end communication Port fields not overloaded  Especially useful when NATs are cascaded isis eses eded eded NATed network DHT Source EID: e s IP: i s Destination EID: e d isis eses eded NAT e d 

Summary and Conclusion DOA’s goals: architectural extension to: – Reduce middleboxes’ badness + keep goodness DOA’s properties: – Topology-independent, globally unique host ids – Let end-hosts invoke off-path boxes DOA lets users, admins outsource functions – Competitive market in managed services – Can reconcile the purist and the pragmatist Delegation: new property, not new philosophy