Presentation on theme: "P2P for the People Bringing Peer-to-Peer from the Laboratory into the Windows Operating System Sandeep K. Singhal, Ph.D Product Unit Manager Windows P2P."— Presentation transcript:
Why Care About P2P? Eliminate bottlenecks, improve scalability Lower deployment costs and complexity Faster data transmission Support ad-hoc and disconnected networks Better resilience – no single point of failure Powerful social interactions Reduce Reliance on Servers Direct Client Connections P2P Systems
A P2P Platform in Windows? Well-engineered, supported protocols Secure by default, scale without limits, no servers required Let applications focus on end-user value Platform does the heavy lifting Simplify deployment Broad reach Enterprise management
P2P in Microsoft Windows
P2P Platform in Windows Vista Addres sing and Conne ctivity Experiences Identit y and Namin g Discov ery Sessio n Initiatio n Multi- Party Comm s Applic ation Servic es IPv6TeredoISATAP6to4 P2P Contacts and Auth. P2P name resolution (PNRP) address name resolution People Near Me Serverless Presence and Publishing Application Invitation Overlay Networks Message Multicast and Web Services Shared Database Replicated Files App and Desktop Sharing
What Have We Learned? Technology is hard Ecosystem is complex
What is the Internet? In the lab… Everything is connected Hundreds of hosts Controlled environment In reality… Partial connectivity Billions of hosts Rampant security attacks
IPv6 Ubiquitous addressing 128-bit address space Automatic addressing Better behavior on disconnected networks Improved connectivity Transition technologies such as Teredo
NAT Mechanics Machine A Machine B Send request for web page to gateway box 1 Gateway creates the mapping for and sends to the web 2 Web sends data back to port mapping at NAT 3 NAT looks up mapping and sends to Machine A NAT
Teredo IPv6 tunneling inside IPv4 UDP Hosts get unique IPv6 address Constructed from public IPv4 address/port Used by stack to construct UDP wrapper around IPv6 packet Transparent to application Application programs to IPv6 address and has access to full protocol range, port range, etc. Teredo sessions automatically established on demand
v6 Service Simple Teredo NAT Traversal NAT Send request to service, construct IPv6 address from public IPv4 address/port (e.g. XX:IPv4:port::/64) 1 Future traffic can be send directly to nodes 2 Machine A XX::9D01:101:460:XX Machine C XX::AC01:101:464:XX NAT
v6 Service Complex Teredo NAT Traversal NAT Send request to service, construct IPv6 address from public IPv4 address/port (e.g. XX:IPv4:port::/64) 1 Send a bubble to the destination address to open the NAT mapping 2 Send the packet to relay for delivery to destination 3 Future traffic can be send directly to nodes 5 Machine A XX::9D01:101:460:XX Machine C XX::AC01:101:464:XX NAT Send a response to create a mapping in the NAT 4
The Internet is Big Goal One billion active nodes in active P2P systems Example: Peer Name Resolution Protocol (PNRP), specialized DHT for serverless name resolution Challenge Internet impact is potentially huge One billion nodes, each at 1 bps sent inefficiently… Small beta: Millions…
Questions Correctness Are there bugs? Will it scale and work in complex network topologies? Have we introduced regressions? Characterization How much client / router bandwidth will it use? How much backbone bandwidth will it use? How long does an operation take? Can we make it better?
WiDS is Distributed Simulation
Simulation Design and implementation Discovered protocol behaviors that only become visible at scale Found implementation crashes and race conditions that only occur at scale Deep understanding of bandwidth use Background traffic Active traffic Testbed for optimizations Security modeling and analysis 2 million nodes on 250 machines2 million nodes on 250 machines Internet latency mapsInternet latency maps Different node behaviorsDifferent node behaviors
What Cant We Do (Yet) Validate the entire real stack Production code uses Winsock, not messages Validate system behavior with complex network factors like Teredo Integrate simulation with our automated test systems Simulations are still slow
Hard Lessons Simulation runs fail… Floor buffers throw circuit breakers Power supplies fail Software has bugs … but you have to work around it Separate failed machines from run Run goes on Debug the failure off-line Simulation-based testing and debugging process Automate everything possible to minimize simulation run turnaround time and human error
Security Whats wrong with this picture? Is this better?
Common P2P Attacks Packet drops Packet injection Packet modification or mis-routing Packet delay Topological Distributed Anonymous Mobile At surface, like normal Internet behavior
Our Approach Detailed threat modeling Identify resources critical to system Determine system entry points Analyze impact and mitigations Formal security analysis Simulation Penetration testing Confirm mitigations
What Have We Learned? Design security into the system core PNRP names are cryptographically signed Flower-petal rather than chained resolves Check integrity of leaf nodes in routing tables Shuffle neighbor links, create redundant routes Link creation of value to network load Validate system- critical resources Aggressive use of randomization Examples Security affects performance The choice is usually clear
Technology Is Not Enough! The market must see the value!
Market Perception of P2P P2P is a potentially interesting new technology No legitimate use P2P apps poorly engineered Insecure Poor traffic engineering Apps are hard to write Many toolkits with limited distribution No standards, common programming models, etc. Unproven at scale Hard to deploy
Wikipedia File sharing software P2P development toolkits/forums DieRIAA to protect file sharing rights
Wikipedia File sharing software P2P development toolkits/forums P2P United to protect file sharing rights
Can P2P Provide Value? Windows Meeting Space Effective in-person meetings File exchange and replication Screen/app sharing Note passing Why P2P? Easy to deploy and use Use anywhere, even without Internet connectivity ResilienceHoweverSecure Manageable by enterprise network policy
Demo PNRP (Internet Machine Names) Windows Meeting Space
Potential Scenarios Communication Instant messaging Voice, Video Collaboration Project workspaces File sharing GamingSynchronization Content Distribution Sports scores, weather, news, stock tickers, RSS File bulk transfer, streamed media, live content
Typical Objections P2P does not bring enough value (especially relative the risk)! I know how to deploy servers, why learn something new? How do I control it? How will I monitor it? How can I provision my network?
What Have We Learned? P2P adoption will be driven by legitimate applications that add end-user value Enterprises and ISPs desire predictable network behavior As with all things, P2P must be manageable By policy within the enterprise ISPs… And… there remains much to do…
Call to Action P2P research Helps reduce Internet complexity Ubiquitous transparent end-to-end connectivity Robust and secure systems How to balance security, usability, and performance Help make adoption easier Monitoring and control of P2P traffic, quality of service Models for bandwidth, latency, and cost Applications that bring P2P to the People
Resources Web sites Windows Peer-to-Peer Networking: IPv6 and Teredo: Windows Vista SDK: windowssdk.msdn.microsoft.com (go to Networking->Network Communication) Newsgroupsmicrosoft.public.win32.programmer.networksmicrosoft.public.platformsdk.networkingmicrosoft.public.windows.developer.winfx.indigoBlogsblogs.msdn.com/kevin_ransomblogs.msdn.com/peerchanblogs.msdn.com/raviraoblogs.msdn.com/tparks Platform questions, comments, and feedback Research partnerships, job inquiries, ISVs, and questions