Presentation is loading. Please wait.

Presentation is loading. Please wait.

The End-to-End Principle Anthony D. Joseph Joe Hellerstein CS262a November 28, 2001.

Similar presentations

Presentation on theme: "The End-to-End Principle Anthony D. Joseph Joe Hellerstein CS262a November 28, 2001."— Presentation transcript:

1 The End-to-End Principle Anthony D. Joseph Joe Hellerstein CS262a November 28, 2001

2 CS 262a2 Outline End-to-End principle Design / control from endpoints Advantages Limitations

3 November 28, 2001CS 262a3 The End-to-End Argument Saltzer, Reed, and Clark, 1984 –End-to-End Arguments in System Design Key idea: –A function can only be completely and correctly implemented with the knowledge and help of the applications standing at the communication endpoints –Argument can be applied in many areas: Delivery guarantees, secure transmission of data, duplicate message suppression, and rational principles for organizing layered systems

4 November 28, 2001CS 262a4 Motivation: Simplicity Same argument as for RISC –Occams razor If theres a problem, the simplest explanation is likely the correct one –Argues against low-level function implementation What is a layer? E2E allows for simpler layers –Avoid complex operations that can be handled with simpler logic at app layer

5 November 28, 2001CS 262a5 Layering: Building Complex Functionality into a Network Implicitly optimizes the network for one set of uses Substantially increases the cost of potentially valuable uses that may be unknown/unpredictable at design time May preclude these uses entirely

6 November 28, 2001CS 262a6 Examples of Layering Pitfalls If original Internet design was optimized for telephony-style virtual circuits (like SNA and TYMNET) Wouldnt have experimentation / protocols –DNS, Web, a million ISPs, Napster/Gnutella,…

7 November 28, 2001CS 262a7 Careful File Transfer Transient failures at many levels –Disk errors –Incorrect software FS, FTP, network, … –Hardware errors CPU, memory, network, disk, system crash, … Choices: –Brute force countermeasures, End-to- End checks, Reliable network layer

8 November 28, 2001CS 262a8 Brute Force Countermeasures Make each step/level ultra-resilient to faults Overkill when threats are low probability Uneconomical (e.g., send each byte four times) Not all layers are under FTP designers control

9 November 28, 2001CS 262a9 End-to-End approach Application provides file-transfer specific, end-to-end reliability guarantees –E2E check and retry –Receiver sends checksum of received data to sender for validation Reduces complexity for low probability failures

10 November 28, 2001CS 262a10 Reliable Network Layer Provide very high probablistic guarantee of correct, in order data xmission at network layer –Use network layer ACKs from receiver to sender Is this sufficient? No, hosts may crash, FTP failure, etc. –Hop-by-hop reliability or host-to-host reliability? –Reality: Requires app-specific, app-level protocol Is this necessary? Maybe, depends on links error rate Performance, not correctness –Tradeoff: how good is good enough for a given level?

11 November 28, 2001CS 262a11 Tradeoff Example: Wireless Perfect wireless link-layer retransmission versus end-to-end retransmission Advantages: –Local retransmission can be faster –Avoids loss on wired portion of link Disadvantages –Real-time apps: more variable delay (jitter) –What about unreliable datagrams? Tradeoff: less than perfect transmission

12 November 28, 2001CS 262a12 Network Layer ACKs Is it useful to expose them to the sender app? –Not really, sender app wants to know if receiver acted on the message What if receiver network layer guarantees handling of msg when ACKing? –May still need E2E ack if receiver app could reject message –Requires 2PC if coordinating actions across multiple hosts

13 November 28, 2001CS 262a13 Challenges to the End-to-End Model Slippery slope: Ends Justify Means? Example: ISP access control box –Exon box (CDA enforcement) Content restriction at network level –Restricts access to indecent sites or unrated sites unless an adult enters an authorization code when opening a session (enables router to transmit packets to the site) Good or bad idea? –Alternatives?

14 November 28, 2001CS 262a14 Performance Justifications? Transparent network caching Advantages: –Potential for significant performance improvement Disadvantages: –Loss of network transparency: target doesnt get information Access patterns / information, pay-per-view –Copyright issues?

15 November 28, 2001CS 262a15 More limits? Transparent network redirection Advantages: –Load balancing –Fault tolerance Disadvantages: –Network transparency Explicit handling of persistent sessions required

16 November 28, 2001CS 262a16 More limits? Kerberos version 5 Msg token replay protection –Version 4 relied upon application-level –Programmers usually got it wrong Version 5 supports replay protection Good idea or bad idea?

17 November 28, 2001CS 262a17 More limits? What happens when you cant apply E2E? One way communication channels –Pager networks –Voice store and forward Must be willing to tradeoff delays / extra processing for more robustness –ECC, FEC, etc But, still may need E2E check –Ex: you call the person who paged you

18 November 28, 2001CS 262a18 Summary Where do we find E2E? –Encryption –2PC: doesnt depend on reliability, ordering, etc. –Banking: auditing –Cellular: human retry Have to take it case-by case

Download ppt "The End-to-End Principle Anthony D. Joseph Joe Hellerstein CS262a November 28, 2001."

Similar presentations

Ads by Google