Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECCP A Formally-Verified Migration Protocol For Mobile, Multi-Homed Hosts Matvey Arye Joint work with: Erik Nordström, Robert Kiefer Jennifer Rexford, Michael.

Published byMaude Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "ECCP A Formally-Verified Migration Protocol For Mobile, Multi-Homed Hosts Matvey Arye Joint work with: Erik Nordström, Robert Kiefer Jennifer Rexford, Michael."— Presentation transcript:

1 ECCP A Formally-Verified Migration Protocol For Mobile, Multi-Homed Hosts Matvey Arye Joint work with: Erik Nordström, Robert Kiefer Jennifer Rexford, Michael J. Freedman 1

2 Original Internet Architecture 2 Hosts did not move and had a single connection to the Internet

3 Fast Forward Mobile devices have new capabilities – Devices move – Multiple points-of-attachment Servers have changed – VM migration – Multiple network attachments (NICs) – Data-center multihoming 3

4 Extending Network Capabilities Host mobility, VM Migration – Connection shouldn’t break when hosts move Switching seamlessly between WiFi and 4G – Ability to switch between network interfaces Load balancing between network paths across interfaces – Ability to move individual flows between interfaces Having backup routes on alternative interfaces – Maintaining a list of alt. interfaces for connections 4

5 Problems Arise From Current Abstractions 5 No network changes Independent of data delivery semantics Application Connection Control Network Data Delivery TCP in “ESTABLISHED” state Application Network Transport

6 The Flow Abstraction 6 Application Network Connection Control PID Connection PID FlowID1 Flow1 FlowID1 Data Delivery FlowID2 Flow2 FlowID2 IP1 Flow1 IP2 IP3 Flow2 IP4 Application Network Connection Control Data Delivery

7 Our Approach For Handling Device Mobility 7 Alice Bob:IP2 My Address has changed Bob:IP5 Network Connection Control FlowID1 Flow1 FlowID1 IP1 Flow1 IP2 Network Connection Control IP1 Flow1 IP5

8 Contribution 1: ECCP End-to-End Connection Control Protocol Host mobility through end-to-end signaling Transport-layer independence Multipath through new flow abstraction 8

9 Contribution 2: Formal Verification Connection control protocols hard to get right – We show that TCP-Migrate and HIP are incorrect Non-Determinism makes it hard to verify – Unreliable network, changing network identifiers – Non-determinism leads to state-space explosion We show new techniques to enable verification – Verified ECCP in SPIN 9

10 Other End-to-End Protocols 10 ECCPTCP- Migrate MPTCPHIP Formally VerifiedIncorrect Transport Independent Rapid Migration Multipath Capable Per-Flow Migration

11 Protocols Establishing connections Moving flows to new addresses Adding flows to connection Handling NATs Simultaneous migrations 11

12 Connection Establishment Three-way handshakes to establish states Each peer communicates flowID to other peer – Unlike IP addr., doesn’t change during migration – Packets demultiplexed on local flowID Optionally sends alternative addresses to peer for fail-over and additional flows 12

13 The Protocol – Initial Flow 13 SYN (Service S) Flow ID-C SYN (Service S) Flow ID-C SYN-ACK Flow ID-C Flow ID-S SYN-ACK Flow ID-C Flow ID-S ACK Flow ID-C Flow ID-S ACK Flow ID-C Flow ID-S ClientServer Demux on: S Demux on: Flowd ID-C Demux on: Flowd ID-S

14 The Protocol – Changing Addresses 14 RSYN Version #-M Flow ID-M Flow ID-S SRC=IP5 RSYN Version #-M Flow ID-M Flow ID-S SRC=IP5 RSYN-ACK Version #-M Flow ID-M Flow ID-S RSYN-ACK Version #-M Flow ID-M Flow ID-S ACK Version #-M Flow ID-M Flow ID-S ACK Version #-M Flow ID-M Flow ID-S Mobile New Address IP5 Stationary Demux on: Flow ID-S Record addresses IP5 Demux on: Flow ID-M Demux on: Flow ID-S Change address to IP5

15 Version #s Need to use versioning on migration messages HIP, TCP-Migrate use TCP-like sequence #s – Ties connection control to data delivery – Creates problems -- need different semantics 15 “Sequence” Received 0 to N-1 Cannot skip ahead “Version” All previous #s < N Can skip ahead Semantics when getting packet N:

16 Sequence # Semantics are Dangerous 16 RSYN Sequence #n RSYN Sequence #n RSYN-ACK Sequence #n RSYN-ACK Sequence #n StationaryMobile New Address IP5 New Address IP6 RSYN Sequence #n+1 RSYN Sequence #n+1 Can’t process sequence #n+1 because didn’t finish #n

17 Formal Verification 17

18 Formal Verification - Overview Modeled in SPIN Checks for deadlocks – Neither party can send or receive messages Checks for livelocks – Neither party can do anything useful – Each host can ping the other host 18

19 Goals of Connection Control Robust connectivity across mobility events – Maintain up-to-date mapping between flows & IPs – Correct if each host can ping its peer What connection control is NOT – Reliable delivery – Bit-correctness of data (i.e. checksums) – Ordering of data 19

20 Model Checking 101: Explore All Interleavings 20 Process 1 Process 2

21 Model Checking 101: Explore All Interleavings 21 Process 1 Process 2

22 Model Checking 101: Build Global State-Space 22 State 1 State 2 State 3 State 4 State 2 State 4 State 5

23 Verification Challenges Most protocols verified in SPIN sit on top of a reliable data-delivery layer – But for ECCP, the network is unreliable: loss, duplication, and reordering of packets are possible but can cause state-space explosion State-space explosion due to random FlowIDs No notion of time in SPIN – timeouts are tricky – But are needed to recover from packet loss 23

24 Modeling an Unreliable Network 24 Process 1 Process 2 Network Sim Network simulator can drop, reorder or duplicate packets

25 Creates Unnecessary States 25 Process 1 Process 2 2 2 Network Sim 1 1

26 Creates Unnecessary States 26 Process 1 Process 2 2 2 Network Sim 1 1

27 Creates Unnecessary States 27 Process 1 Process 2 2 2 Network Sim 1 1 Relative order does not matter For protocol execution

28 More Efficient Implementation 28 Process 1 Process 2 Network simulator runs as part of the sending process

29 Formal Verification - Completeness Each version # creates new state-space tree So, verification does not reach a fixed point – But, verifies up to 6 migrations for base protocol – 4 migrations for full protocol 29 #1 #2 #3

30 Implementation ECCP part of larger Serval project – Next-generation service-oriented network stack – http://www.serval-arch.org/ Loadable kernel module – Runs on Linux, Android,… Adapts “ESTABLISHED” state of TCP 30

31 Evaluation – Client Interface Changes 31 One of the authors walks through campus, playing music through Google Play Music. No loss in playback quality. WIFI 4G Saves > 2GB cellular data per month

32 Conclusion New abstractions – Decoupling data delivery and connection control – Flows as path-dependent parts of connections Design of demultiplexing keys is important – Independent of network identifiers Ordering semantics are tricky to get right Formal verification is important and possible 32

33 Formal Models http://www.serval-arch.org/eccp/ Implementation http://www.serval-arch.org/ 33

Download ppt "ECCP A Formally-Verified Migration Protocol For Mobile, Multi-Homed Hosts Matvey Arye Joint work with: Erik Nordström, Robert Kiefer Jennifer Rexford, Michael."

Similar presentations

Serval: An End-Host Stack for Service-Centric Networking

Serval: An End-Host Stack for Service-Centric Networking
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:01008672.

IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101

Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Transport Protocols Slide 1 Transport Protocols.

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Transport Protocols Slide 1 Transport Protocols.
COS 461: Computer Networks

COS 461: Computer Networks
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
1 Version 3.0 Module 10 Routing Fundamentals and Subnetting.

1 Version 3.0 Module 10 Routing Fundamentals and Subnetting.
What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.

What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.
IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.

IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:
Lecture 8 Modeling & Simulation of Communication Networks.

Lecture 8 Modeling & Simulation of Communication Networks.
Host Identity Protocol

Host Identity Protocol
What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.

What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
Process-to-Process Delivery:

Process-to-Process Delivery:
Module 10. Internet Protocol (IP) is the routed protocol of the Internet. IP addressing enables packets to be routed from source to destination using.

Module 10. Internet Protocol (IP) is the routed protocol of the Internet. IP addressing enables packets to be routed from source to destination using.

Similar presentations

Ads by Google