OCALA Overlay Convergence Architecture for supporting Legacy Applications on Overlays Dilip Antony Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik.

Slides:

Advertisements

Similar presentations

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.

Advertisements

Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.

Understanding Internet Protocol

Configuring and Troubleshooting Network Connections

Implementing Inter-VLAN Routing

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.

OCALA: An Architecture for Supporting Legacy Applications over Overlays Dilip Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik Lakshminarayanan 1, Ion.

OCALA: An Architecture for Supporting Legacy Applications over Overlays Dilip Antony Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik Lakshminarayanan.

Supporting Legacy Applications in i3 Jayanthkumar Kannan, Ayumu Kubota, Karthik Lakshminarayanan, Ion Stoica, Klaus Wherle.

Supporting Legacy Applications in Associative Overlay Networks Shelley Zhuang, Ion Stoica {shelleyz, Sahara Retreat January 16-18,

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

IP Address 1. 2 Network layer r Network layer protocols in every host, router r Router examines IP address field in all IP datagrams passing through it.

Internet Indirection Infrastructure Ion Stoica and many others… UC Berkeley.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.

I3 Update Ion Stoica and many others… UC Berkeley January 10, 2005.

CS 268: Project Suggestions Ion Stoica February 6, 2003.

IP Address 1. 2 Network layer r Network layer protocols in every host, router r Router examines IP address field in all IP datagrams passing through it.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

CS 268: Project Suggestions Ion Stoica January 23, 2006.

1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:

1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.

OCALA: An Architecture for Supporting Legacy Applications over Overlays Dilip Antony Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik Lakshminarayanan.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.

Routing ROUTING. Router A router is a device that determines the next network point to which a packet should be forwarded toward its destination Allow.

1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:

© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.

Towards a New Naming Architectures

We will be covering VLANs this week. In addition we will do a practical involving setting up a router and how to create a VLAN.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.

Virtual Private Networking with OpenVPN Wim Kerkhoff Fraser Valley Linux Users Group April 15, 2004.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.

11 KDDI Trial Hub & Spoke Shu Yamamoto Carl Williams Hidetoshi Yokota KDDI R&D Labs.

Portable SSH Brian Minton EKU, Dept. of Technology, CEN/CET)‏

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Professor OKAMURA Laboratory. Othman Othman M.M. 1.

Networking Colin Alworth May 26, Quick Review IP address: four octets Broadcast addresses –IP addresses use all 1’s for the host bits, and whatever.

Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

1 TCP/IP Internetting ä Subnet layer ä Links stations on same subnet ä Often IEEE LAN standards ä PPP for telephone connections ä TCP/IP specifies.

1 Chapter 3: Multiprotocol Network Design Designs That Include Multiple Protocols IPX Design Concepts AppleTalk Design Concepts SNA Design Concepts.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Lectu re 1 Recap: “Operational” view of Internet r Internet: “network of networks” m Requires sending, receiving of messages r protocols control sending,

Presented by Rebecca Meinhold But How Does the Internet Work?

InfraHIP HIIT ARU Portfolio Seminar Andrei Gurtov.

Firewalls Original slides prepared by Theo Benson.

Cisco Discovery Semester 1 Chapter 6 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Internet Indirection Infrastructure Ion Stoica UC Berkeley Nov 14, 2005.

1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)

1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

Software Defined Networking and OpenFlow Geddings Barrineau Ryan Izard.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.

1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.

UDP: User Datagram Protocol. What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host – treats a computer as an.

HIP-Based NAT Traversal in P2P-Environments

Virtual Private Networking with OpenVPN

Internet Indirection Infrastructure (i3)

Chris Meullion Preston Burden Dwight Philpotts John C. Jones-Walker

Network Architecture Introductory material

Review of Important Networking Concepts

Lecture 2: Overview of TCP/IP protocol

IS 4506 Configuring the FTP Service

Presentation transcript:

OCALA Overlay Convergence Architecture for supporting Legacy Applications on Overlays Dilip Antony Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik Lakshminarayanan 1, Ion Stoica 1, Klaus Wehrle 3 1 UC Berkeley, 2 KDDI Labs, 3 University of Tübingen

Motivation Many attempts to improve the Internet: –i3 : mobility, NAT traversal, anycast, multicast –DOA: middlebox support –OverQoS: quality of service –SIFF: resilience against DDoS attacks But still no widespread deployment… Problem: rewriting/porting popular applications for new architectures a daunting task!

Goal Support legacy applications (e.g. ssh, Firefox, IE) over new network architectures and overlays –Enable users to take advantage of new network functionality using their favorite applications!

Solution: Overlay Convergence Architecture for Legacy Applications (OCALA) Overlay Convergence (OC) Layer Overlay (DOA, DTN, HIP, i3, RON, …) Overlay (DOA, DTN, HIP, i3, RON, …) Legacy Applications (ssh, firefox, explorer, …) Legacy Applications (ssh, firefox, explorer, …) Transport Layer (TCP, UDP, …) Transport Layer (TCP, UDP, …) OC Independent (OC-I) Sublayer OC Dependent (OC-D) Sublayer Interpose an Overlay Convergence Layer between transport layer and overlay networks

Simultaneous access to multiple overlays OC-I i3 Firefox OC-I RON ssh RON IRC ssh … OC-D i3 RON Internet … OC-I i3 IRC … Host A Host B Host C IP

Which overlay to use? IP address and port number : –Eg: Forward all packets sent to port 22 over RON DNS name: –Eg: Forward all packets sent to berkeley.edu.ron over RON –Eg: Forward all packets sent to berkeley.edu.i3 over i3

Bridging Multiple Architectures Communication across overlays Stitch together functionality OC-I Host A Appl. OC-I Host C (foo.ron) Appl. OC-I Host B (bar.i3) i3 OC-D i3RON i3 RON tunnel path

Legacy Client Gateways – Demo Clients need not run OCALA locally Gateway has special Legacy Client IP (LCIP) module OC-I Appl. OC-I LCIP OV Legacy gateway Overlay (OV) Internet Legacy Client OV Overlay server (dilip.i3) DNSreq(dilip.i3.ocalaproxy.net)

Legacy Server Gateways Server need not run OCALA locally Special OC-D module called Legacy Server IP (LSIP) at gateway LSIP behaves like a software NAT box OC-I Appl. OC-I OV LSIP Legacy gateway Overlay (OV) Internet Overlay client OV Legacy server ( *.gov  OV … Configuration file

Legacy Client Gateways – Demo Can access following links: – g.htmlhttp://ionhome.pli3.ocalaproxy.net:8040/ifconfi g.html – albums.phphttp://rodrigo.pli3.ocalaproxy.net:8040/gallery/ albums.php – _10_Vodafone_UIUC/index.htmlhttp://dilip.pli3.ocalaproxy.net:8040/april/april8 _10_Vodafone_UIUC/index.html

Overlay Convergence Architecture for Legacy Applications (OCALA) Overlay Convergence (OC) Layer Overlay (DOA, DTN, HIP, i3, RON, …) Overlay (DOA, DTN, HIP, i3, RON, …) Legacy Applications (ssh, firefox, explorer, …) Legacy Applications (ssh, firefox, explorer, …) Transport Layer (TCP, UDP, …) Transport Layer (TCP, UDP, …) OC Independent (OC-I) Sublayer OC Dependent (OC-D) Sublayer Interpose an Overlay Convergence Layer between transport layer and overlay networks

Setting up a new connection Legacy App. Transport Layer OC-I Layer OC Layer 1 DNSreq(foo.ov) Name Res. Service (local addrbook, DNS, OpenDHT…) Host A Host B (foo.ov, ID B ) Overlay (DTN, i3, RON) i3RON … 2 setup(foo.ov) 3 resolve(foo.ov) 4 ID B 5 overlay specific setup protocol DNSresp(oc_handle = IP AB ) 8 tunnel_d = td AB 6 1.x.x.x OCI-Setup (pd AB ) 7

Data Flow Overlay (DTN, i3, RON) pd AB ↔ IP AB pd AB  td AB td AB  ID B Legacy App. Transport Layer IP AB datapd AB data IP AB td AB, pd AB dataIP AB ID B pd AB ↔ IP BA td BA  ID A Legacy App. Transport Layer IP BA datapd AB data IP AB Host A (ID A )Host B (foo.ov, ID B ) OC-I OC-D OC-I “foo.ov”  pd AB pd AB  td BA

Implementation Implemented as a proxy to be run by the user. –tun device used to capture packets Works on Linux and Windows XP/2000 –Mac almost done… OC-D modules –Dynamically loadable libraries. –Implemented RON, i3, DOA, HIP OC-D modules. 250 lines of glue code in case of RON. HIP/DOA OC-D modules implemented by HIP/DOA researchers Configuration GUI

Common functionality Functionality required by multiple overlays implemented in the OC-I layer Example: Security –Similar to SSL –Modifications for supporting middleboxes

Conclusion Enables unmodified legacy applications to simultaneously access multiple overlays Stitch together functionality of different overlays Helps network researchers bring functionality of new network architectures to real users