Presentation is loading. Please wait.

Presentation is loading. Please wait.

i-Path : Network Transparency Project

Published bySusanto Agus Kartawijaya Modified over 6 years ago

Similar presentations

Presentation on theme: "i-Path : Network Transparency Project"— Presentation transcript:

1 i-Path : Network Transparency Project
14th JSPS/NRF Core University Program Seminar on Next Generation Internet i-Path : Network Transparency Project Shigeki Goto* Akihiro Shimoda*, Ichiro Murase* Dai Mochinaga**, and Katsushi Kobayashi*** * Waseda University ** Mitsubishi Research Institute Inc., *** National Institute of Advanced Science and Technology (AIST)

2 Agenda Introduction Overview of i-Path More Applications Conclusion
Background and Motivation Applications Overview of i-Path Data Collection New Software More Applications Conclusion Acknowledgement

3 The Goal of i-Path project
Accessible Information between the hosts Observing the information disclosure policy of all stakeholders along the path

4 Background Growing demand for backbone bandwidth
Introduction Background Growing demand for backbone bandwidth Network performance fluctuation (e.g. throughput) Routers keep rich information Routing table, Link utilization Temperature, Location, Contact point, Supply voltage etc. Not easy to collect right information and to utilize information along the path Because of … Observe the information disclosure policy Status of network depends on variety of factors

5 Introduction Motivation Disclosing information leads to improved End-to-End visibility End-to-End visibility provides benefit to end hosts and operators Monitoring network status Reporting events and troubleshooting Reduction in operational cost Providing transparency of underlying networks

6 Applications Enhanced Congestion Control Best peer selection in
Introduction Applications Enhanced Congestion Control Best peer selection in P2P communication applications Adjust optimal bit rate in VoD Dynamic network configuration (e.g. according to Time zones) Selection of the appropriate path (e.g. Not violating policies related to content management)

7 Data Collection Explicit Network Information Collection Along a Path
Overview Data Collection Explicit Network Information Collection Along a Path SIRENS *(Simple Internet Resource Notification Scheme) Based on the cross layer approach Bottleneck bandwidth Interface queue capacity Corruption losses etc. Scalable network information measurement * K. Nakauchi and K. Kobayashi. An explicit router feedback framework for high bandwidth-delay product networks. Computer Networks, 51(7):1833–1846, 2007.

8 Structure of shim-header
Overview Structure of shim-header Inserted between the network and transport headers

9 Information Disclosure
Overview Information Disclosure Prohibit to access some Information on routers Unwilling to disclose inside network status Security Cost Each ISP has a disclosure policy End hosts have their disclosure policy Negotiation: requests and responses OK to Disclose? OK to Disclose? OK to Disclose?

10 Observing Information Disclosure Policies
Selective requests and responses Policy: Alice & Bob allow to disclose beyond 3rd hop router. Implementation: Alice does not send req. for her neighbor & the next neighbor routers, i.e.,1st & 2nd hops. Bob does not send back res. same as Alice, i.e., 6th & 7th hops. Results: Alice obtains 3-5 hops data. Bob obtains 3-7 hops data

11 New Software Tools Receiver Sender i-Path Router (a) Send a SIRENS
request packet TCP Data TCP Data TCP Data TCP Data (b) Receive the request packet and reply Receiver Sender i-Path Router (c) Receive the reply packet and make xml files TCP Data TCP Data Developed software xml

12 Snapshot of the Visualization Tool
Dark colored (Blue) routers Data Collection: Enabled Gray colored routers Data Collection: Not enabled or Not Exist

13 Network Threat Detection
More applications Network Threat Detection S.Nogami, A.Shimoda and S.Goto, Detection of DDoS attacks by i-Path flow analysis, (in Japanese, to appear) 72nd National Convention of IPSJ, Mar DDoS Packets destination: TARGET Source IP Address: Spoofed IP Address TARGET IP address : X.X.X.X Internet Back Scatter Packets destination: Spoofed IP Address Source: TARGET Attackers extraneous hosts/servers

14 NAT traversal Different kind of NATs:
More applications Different kind of NATs: full cone, restricted cone, port restricted cone, symmetric K.Tobe, A.Shimoda and S.Goto, NAT traversal with transparent routers, (in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010 Symmetric NAT Symmetric NAT is the most difficult NAT of all. In a symmetric NAT, any request from an internal IP address and a port number to some destination IP address and port number is mapped to a unique external IP address and a unique port number. If the same host sends a packet from the same source address and the same port number but to a different destination, a different mapping is used. Only the external host that receives a packet from an internal host can send a UDP packet back to the internal host. Symmetric NATs are used when high security communication is required. And Symmetric NATs are installed as routers in business enterprises and also as high-end routers for home use. symmetric NAT

15 Current Status and Future Plans
i-Path project wiki Dai Mochinaga, Katsushi Kobayashi, Shigeki Goto, Akihiro Shimoda, and Ichiro Murase, Collecting Information to Visualize Network Status, 28th APAN Network Research Workshop, pp.1—4, 2009. Network application utilizing collected information Demonstration on R&D testbed: JGN in Japan Demonstration at SC09, Portland, OR, Nov. 2009

16 Conclusion We proposed new method disclosing network information
i-Path Offering end-to-end visibility, transparency Observing privacy protection Respecting disclosure policy

17 Acknowledgement This project is supported by National Institute of Information and Communications Technology (NICT), Japan.

Download ppt "i-Path : Network Transparency Project"

Similar presentations

RIP V1 W.lilakiatsakun.

RIP V1 W.lilakiatsakun.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.

Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.
NAT: Network Address Translation 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 138.76.29.7 local network (e.g., home network) 10.0.0/24 rest of Internet Datagrams.

NAT: Network Address Translation local network (e.g., home network) /24 rest of Internet Datagrams.
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Network Layer4-1 NAT: Network Address Translation 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 138.76.29.7 local network (e.g., home network) 10.0.0/24 rest of.

Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
Adapted from: Computer Networking, Kurose/Ross 1DT066 Distributed Information Systems Chapter 4 Network Layer.

Adapted from: Computer Networking, Kurose/Ross 1DT066 Distributed Information Systems Chapter 4 Network Layer.
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.

1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
Introduction to Network Address Translation

Introduction to Network Address Translation
CIS 3360: Internet: Network Layer Introduction Cliff Zou Spring 2012.

CIS 3360: Internet: Network Layer Introduction Cliff Zou Spring 2012.

Similar presentations

Ads by Google