Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 598 MCC – Advanced Internetworks Future Internet Architecture Locator-/Identifier-Split Quirin Scheitle

Similar presentations

Presentation on theme: "CS 598 MCC – Advanced Internetworks Future Internet Architecture Locator-/Identifier-Split Quirin Scheitle"— Presentation transcript:

1 CS 598 MCC – Advanced Internetworks Future Internet Architecture Locator-/Identifier-Split Quirin Scheitle

2 Significant? “The so-called identifier/locator split is recognized by the Internet Engineering Task Force (IETF) community as a next big change in the Internet architecture.” [Cisco Internet Protocol Journal, Volume 12, Nr 1]

3 Outline Motivation: Shortcomings of the present Internet How the idea of a Loc/Id-Split can solve most of these Detailed look at two specific approaches – LISP – HIP

4 Present system has lots of drawbacks IP address is used as Locator and as Identifier – Results in a lot of problems, concerning: Mobility Scalability Security Addressing Multi-Homing

5 Locator-/Identifier-Split An approach followed by many researchers right now Common idea is to use IP addresses as Locators and introduce a new concept of Identifiers. User actually connects to Identifier Identifier typically carried in packet between IP and Transport layer.

6 Don’t get mixed up! The general research area on Locator- Identifier-Splits can be meant by the acronym LISP LISP is also a name of a specific LISP-approach I try to call the idea itself “Loc/Id-Split” – Enough people angry at Cisco for interfering in their google results for LISP programming language ;)

7 The concept of LocID-Split Host AHost B IP B1 IP B2 ID 00:00:0B

8 Host A connects to User/Host/Service/Content 00:00:0B Host AHost B IP B1 IP B2 ID 00:00:0B LOOKUP stream:// content#f7839fd789 LOOKUP stream:// content#f7839fd789

9 Host A connects to User/Host/Service/Content 00:00:0B Host AHost B IP B1 IP B2 ID 00:00:0B ANSWER 00:00:0b ANSWER 00:00:0b

10 Host A connects to User/Host/Service/Content 00:00:0B Host AHost B IP B1 IP B2 ID 00:00:0B ANSWER 00:00:0b ANSWER 00:00:0b Looks like DNS? No, ID is actually used to establish connection Looks like DNS? No, ID is actually used to establish connection

11 Host A connects to User/Host/Service/Content 00:00:0B Host AHost B IP B1 IP B2 ID 00:00:0B Opens connection to ID 00:00:0b Opens connection to ID 00:00:0b

12 So, how to send a packet to this “ID” 00:00:0B ? Host AHost B IP B1 IP B2 ID 00:00:0B Opens connection to ID 00:00:0b Opens connection to ID 00:00:0b Mapping/Lookup of Locator – Different approaches

13 This is where approaches differ Host-based / Network-based / Mixture Host AHost B IP B1 IP B2 ID 00:00:0B Packet typically looks like this: TCP/UDP Identifier IP Packet typically looks like this: TCP/UDP Identifier IP

14 So, this looks complicated and like a lot of change? Change might be not that big (compare HIP implementations) Gains a lot of advantages!

15 Mobility Your ID does not actually change if you connect somewhere else – Right now it does most of the times, so your connections tear down – LocID-Split enables you to keep your connections alive while you’re moving and changing IPs (since they are bound to your ID!)

16 Multi-Homing, Failover, Traffic Engineering Host AHost B IP B1 IP B2 ID 00:00:0B 50%

17 Multi-Homing, Failover, Traffic Engineering Host AHost B IP B1 IP B2 ID 00:00:0B []

18 Multi-Homing, Failover, Traffic Engineering Host AHost B IP B1 IP B2 ID 00:00:0B Hey guys, please send packets to from now on to IP B2 !  Connections can stay alive! Hey guys, please send packets to from now on to IP B2 !  Connections can stay alive!

19 Security IDs can be authenticated – Able to provide true end-to-end security and identity – Network-Authentication approaches (HiiMAP) vs. Host-Authentication approaches (LISP) vs. Mixed (HiiMap) – Approaches reach from signing/encrypting each message to just validating userid on bootstrap – New approaches like using public keys as IDs or depositing them in the Mapping system

20 Specific approaches These were some of the advantages that can be gained, let’s have a look at specific approaches

21 So, what are these various concepts? LISP – Cisco, IETF HIP – IETF – LISP and HIP rather evolutionary and for practical use

22 “LISP” Farinacci et al., first ideas in 2006 Developed by Cisco, aiming to provide a fix to the routing table growth in a short time, with as little change as possible. [Hanka et al] Network-only approach, aiming for quick deployment

23 PI/PA Space Organizations want IP addresses to be statical Identifiers of their services – Want to keep their neat /30 prefix over multiple ISP changes ISPs want IP addresses to be a coherent block that gets traffic into their network – Want to allocate all their customers in a /8 prefix – Solves routing table growth problem Dual aims come from dual use of IP as Locator and Identifier! – Organizations want to be identified, ISPs want to make sure their IP ranges are routed to them

24 Concept “LISP follows a network-based map-and- encapsulate scheme, this means no changes to hosts are needed, everything happens in the network. Also, in LISP, both identifiers and locators can be IP addresses or arbitrary elements like a set of GPS coordinates or a Mac address.” []

25 LISP OverviewSlide 25 Why LISP was developed? LISP originally conceived to address Internet Scaling – What causes scaling issues? IP addresses denote both location and identity today Overloaded IP address semantic makes efficient routing impossible IPv6 does not fix this – Why are scaling issues bad? Routers require gobs of expensive memory to hold the Internet Routing Table It’s expensive for network builders Replacing equipments for the wrong reason – to hold routing table rather than implementing new features It’s not GREEN… “… routing scalability is the most important problem facing the Internet today and must be solved … ” Internet Architecture Board (IAB) October 2006 Workshop (written as RFC 4984) “… routing scalability is the most important problem facing the Internet today and must be solved … ” Internet Architecture Board (IAB) October 2006 Workshop (written as RFC 4984)


27 Reasons for growth Everyone wants PI space Multihoming Traffic Engineering







34 So, what do we gain? Forwarding plane of routers can be very small and efficient as there is no incentive for anyone to have PI space anymore Lookup namespace will be more complex, but is not in forwarding path

35 LISP 1.x uses routable EIDs, LISP 2/3 do not. LISP 1.5 better incrementally deployable!



38 So, this ID  Locator Lookup? Remember: LISP wants as few changes to the current architecture as possible Sounds like the weak point in these terms? (Scalability, Flexibility) “In particular, although the base LISP specification defines the format of messages to query the mapping system and to receive responses from that system, it makes no assumptions on the architecture of potential mapping systems. As a result, several mapping systems have been proposed[0,1,4,5,6,10].” – Include DHTs [draft-hu-lisp-dht-00] – “Several such databases have been proposed, among them: LISP-CONS [CONS], LISP-NERD, [NERD] and LISP+ ALT [ALT]. “ [draft-ietf-lisp-ms-06]CONSNERDALT – LISP-ALT seems to be most popular right now Builds overlay network with GRE tunnels and BGP announcements Basically, provides a network architecture to route IDs to the correct ETR – Could not find proper discussion why this is any better than recent infrastructure? FIXME – (ID space not flat, still hierarchical, still prefixes announced via BGP?) Aggreation!




42 Two similar problems out there DNS: Rate is very small, state possibly infinite BGP: Rate is significant, but state is smaller – Think about which goals these databases follow DNS provides ID-to-IP Mapping – Not in forward path, speed less critical  Full Pull BGP provides IP-to-Locator Mapping – Forward path, speed crucial  Full Push ID-to-Locator Mapping somewhere in between, but where?

43 Available Schemes NERD, ALT, EMACS, CONS, DHTs… Amount of research in this field shows that this is one of the very big topics in Locator/Identifier-Split!


45 Problems with NERD? Remember LISP aims for O(10^10) hosts [LISP TutorialIETF Vancouver Dec 2007]

46 LISP-ALT: “Alternative Topology” The most popular approach, used within the global test network Uses a network of routers running BGP over GRE tunnels to build this “alternate topology” ETRs announce their EID prefixes Massive use of aggregation to achieve small routing tables

47 LISP-Alt: Details Still, ETRs are responsible for the EID-to- Locator mapping ALT topology provides only knowledge which router owns which EID prefix ITRs send map requests into ALT, ALT forwards this to the correct router Router sends answer straight back to ITR – Data probes



50 Why is ALT used? Remember, LISP aims for fast implementation with reducing the routing table size – Uses BGP and GRE technology widely in use – Decentral – Very good for incremental deployment Though, in my opinion, not an option for global scale deployment

51 LISP-DHT Follows main assumption: “A domain must be able to control the server that provides the authoritative mappings for the identifiers allocated to its hosts.” [LISP-DHT] Adapted Chord to meet this criteria

52 LISP-DHT using Chord EID is directly used as Chord-ID – Redundancy? Usually handled by duplicating entries to neighbours, though not acceptable here Extended Chord to handle several entities behind one ID, identified by tuple

53 LISP-DHT using Chord DHTs usually require a node to join, build adjacencies etc. before they can do a lookup. Obviously, not every node can join DHT and carry load. – Concept of “stealth nodes”, which only look up but do not announce themselves – Neat integration of security, by letting only authenticated nodes actually join the DHT – Security concept based on certificates proposed

54 LISP-DHT Summary Full Pull approach, yet very fast by using DHTs Fully automatic, not error prone Highly scalable Authority and full control of entries within administrative boundaries of EID prefix owner


56 Evaluation [Evaluating the Benefits of the Locator/Identifier Separation, Bruno Quoitin, Luigi Iannone, Cédric de Launois, Olivier Bonaventure, ACM MobiArch 07] FIBs reduced to a few thousand entries Path redundancy at least doubled “BGP paths cannot be more than 2 since the simulated dual-homed stubs only receive one BGP route for each destination prefix from each provider.”

57 LISP advantages Improved routing scalability BGP-free multihoming in active-active configuration Address family traversal: IPv4 over IPv4, IPv4 over IPv6, IPv6 over IPv6, IPv6 over IPv4 Inbound traffic engineering Mobility Simple deployability No host changes are needed [ on_Protocol]

58 What else can LISP be used for? Scaling Internet core routing tables Low-OpEx active-active multi-homing for Enterprises Low-OpEx active-active multi-homing for ISPs Provider independence (avoids site renumbering) Data Center mobility of Virtual Machines (VMs) Data Center Server Load Balancing (SLBs) enhancement A/V Truck Roll (Broadcasting industry) L2 or L3 VPNs with or without parallelism Slow hand-set mobility in localized regions Better residential multi-homing IPv6-only site connectivity over existing (IPv4) Internet Movement/reallocation of Cloud Computing Resources Slide from Cisco’s “LISP Overview’

59 Global LISP Testbed total of 106 boxes, 18 countries Operated by google, facebook, msn, cisco, deutsche bank, level3, microsoft, T-Labs []

60 Short Wrap-up of LISP Network-based, no changes to hosts whatsoever Quick, increased deployment Fix for routing table growth, multi homing, traffic engineering Available in Cisco IOS, open source solutions, global testbed available IETF, Cisco, UPC

61 HIP Developed at IETF since 1999, first stable version in 2007 Inserts cryptographic namespace between Transport and Network Layer No changes needed in applications or routers (changes reside in network stack of host) Provides much more features than LISP Aims for security, mobility, multi-homing

62 Achievements Mobility Multi-Homing Security NAT / IPv4 / IPv6 traversals

63 Identifiers Are called Host Identifiers (HI) and are hashes of public keys – Host owns public/private key pair – Provide immediate, straightforward ways for authentication, integrity and confidentiality – Look like IPv6 addresses, beginning with 2001:0010::/28 (routing “Orchid”) and completed with a 100 bit public key hash

64 More on Identifiers IPv4 offers only a 32-bit namespace – Here so called “Local Scope Identifiers (LSI)” are used, as 32 bits do not provide a big enough namespace to anticipate collisions on a global scale. Implemented for compatibility.

65 HIP Mapping Current system proposes the usage of DNS Not as a system to look up the Locators for a HIT, but to provide a tuple as answer to usual requests Full pull, easy to implement, generally slow to update

66 HIP Basic Exchange 4-way-handshake In regular mode, HIT of responder is known, in “Opportunistic mode” only IP of responder is known  prone to MITM attacks

67 67 Protocol overview Initiator Responder I1: HIT I, HIT R or NULL R1: HIT I, {HIT R, puzzle, DH R, HI R } sig I2: {HIT I, HIT R, solution, DH I, HI I } sig R2: {HIT I, HIT R, authenticator} sig User data messages Control Data Varied hardness, can be based on ressource availabilty, level of trust, or other factors Nothing specific to Initiator in here, so precalculation of these messages possible

68 More about HIP puzzles Nota bene: With recent infrastructure, they protect ONLY against CPU/Memory exhaustion (attacker can still flood) Idea: Responder sends chunk of data (puzzle) to Initiator, plus parameter k Initiator has to find value J, so that the k LSB of Hash(puzzle || J) are zero. Sends J back. Responder quickly checks if J satisfies demands

69 Even more HIP puzzles RFC is not actually specifying a technique Turns out hard to actually avoid keeping any state and still be stable against attacks Provides idea: Create a table of pre-calculated puzzles, use HIT I and RLOC I values to calculate index of this table

70 Details about HIP puzzles Several approaches for the puzzle proposed Image from “Cost-based and Time-based Analysis of DoS-resistance in HIP” Good reading for this topic: “Analysis of the HIP Base Exchange Protocol” Tuomas Aura1, Aarthi Nagarajan2, and Andrei Gurtov3, ACISP 2005

71 Effectiveness of HIP Puzzles Image from “Cost-based and Time-based Analysis of DoS-resistance in HIP”

72 HIP Mobility Mapping system can carry several Locators Active emission of “Readdress” packets What about – Mobile nodes that move too fast for DNS? – If both nodes move at the same time?

73 HIP Rendezvous Mechanism RFC 5204-bis, recently expired HIP node can register withy any “RVS” server, and note this in the HIT’s DNS entry Basically just relays the connection setup packets to the nodes’ recent locators Source: rfc5204-bis-00

74 HIP Mobility and Security Mobility updates possibly a security weakness if sending too much data to a new Locator before receiving an adequate amount of data back

75 Threat Scenario YouTube DDoS Attackers DDoS Victim Request big video or other ressource

76 Threat Scenario YouTube DDoS Attackers DDoS Victim Hey, we are all relocated!

77 Threat Scenario YouTube etc. DDoS Attackers DDoS Victim Hey, we are all relocated!

78 HIP Mobility and Security  Use a credit algorithm for not fully trusted hosts asking for relocation

79 HIP Transport Security HIP proposes to use IPSEC’s ESP in transport mode Provides encryption for all layers above IP

80 HIP Privacy HITs do not have to be registered anywhere and/or kept constant over a long time Still, observation and correlation might reveal a lot “BLIND” approach uses hashes of to hide ID Other approaches use proxy servers to hide locators

81 Hi 3 Motivation: Puzzles only protect against CPU/Memory exhaustion attacks. Possible to protect against DDoS flood attacks? HIP using the “Internet Indirection Infrastructure” (i3) i 3 forms the control plane. Using i3, the four-way- handshake is completed safely IPSEC-aware middle boxes (“SPINATs”) are placed into the data plane Responder tells – Initiator a SPINATs IP to use – SPINATs to open connections for properly authenticated source IPs Also provides mobility through Rendezvous service in i 3

82 Control Plane

83 Data Plane

84 Acceptance of HIP Productively used at one Boeing factory Three open source implementations – OpenHIP, HIP4BSD, HIPL Active, growing user community

85 Sources There is a bunch of different people working on HIP, so sometimes it is hard to tell whether a paper talks about “the real HIP” What is the real HIP? Wikipedia says “HIP was specified in the IETF HIP working group. An Internet Research Task Force (IRTF) HIP research group looks at the broader impacts of HIP“IETFworking group Internet Research Task Force So, the RFC listed as “active” on the WG’s website are “binding”

86 So … Is LISP or HIP a better approach? What does the audience think? Actually, they are rather complementary than competing, as each of them is aiming for a different thing Yet, once one of them is wide-scale implemented it might just succeed (interim solutions hold the longest!)

87 Summary HIP: Public keys as IDs, broad support, host- only approach LISP: “Delegated” EIDs, broad support, network-only approach


89 Backup Slides

90 Two approaches of LISP Map-and-Encap – Host sends packet to IPv4-Adress (which is an ID) – egress Router looks up Locator for this ID (map) – egress Router inserts a new IP layer into the packet containing the locators. Thereby encapsulates other IP header (which is ID) Address Rewriting

91 Map-and-Encap The Locator Identifier Separation Protocol (LISP) by David Meyer, Cisco Systems

92 Two approaches of LISP Address Rewriting – Use top bits of IPv6 address as Locator, lower bits as identifier – egress router maps (looks up Locator for ID) and rewrites the top bits However, probably due to the lack of IPv6 deployment, IPv4 compatible map-and-encap is used



95 Different approaches to fix these drawbacks Evolutionary approaches introduce patches that always keep backward compatibility  Therefore often not really good solutions  Clean-Slate approaches model a new system “as it should be”, without caring about the recent system  Obvious critique about these is that they are not viable to implement, but yet they provide valuable insights in how a network SHOULD be designed

96 Worked example Show how user connects to identifier, IP is used as a locator  IP is actually resolved from ID Isn’t that similar to DNS? No, DNS actually resolved BEFORE connection setup into IP adress  DNS mapping change can not affect current connection.

97 Failover Can be so much faster! – Connection is established between IDs – If one link at a node fails, it can actively announce a new Locator (=IP) for that connection to the other host – Immediate, active failover, without loosing the connection

98 Resilience Part of my B.Sc. thesis was to look at keeping up multiple similar paths between two nodes (e.g. for tele surgery). Due to the huge complexity of the problem there was not actually much time left in my thesis for that. Basic problems do not change with LISP, e.g. WDMs still hide whether two data stream actually share the same fiber somewhere

99 Scalability Dedicate a few slides to this. Scalability improvements actually depend on which approach is used DHTs perform better than huge routing tables Get rid of huge routing tables at routers and replace them with sth better (some approaches)

100 Addressing Gives you flexibility what to assign a ID to – A user? A website? A certain video? A sensor? Gives freedom to access content, users, services Possibility to cleanly redesign CDNs


102 LISP (RID-based)Dino, Dave, Jason, Vince10/2006 - 102 How LISP Works Internet Provider A Provider B S ’ s ID is R ’ s ID is C D R S AB On host subnet C is (PA from Provider A) D is (PA from Provider A) On Loopback interfaces: C is (PA from Provider B) D is (PA from Provider B) 1) S wants to talk to R, S gets R ’ s ID from DNS 2) S sends packet to R with SA=, DA= 3) S ’ s default router is router A, A does route lookup for, matches on default route,indicator to tunnel encapsulate 4) A builds outer IP header with SA=, DA=, IP-prot= “ LISP-control ” 5) When packets flow to C, IP-prot is “ LISP-control ” means to send an ICMP ID-mapping packet to SA (, the ICMP packet contains Locators & 6) A caches ID-mapping of>{,} 7) Subseqent packets from S, A will set outer DA to (the Locator for R), IP-prot= “ LISP-data ” 8) Packets are addressed to C, which decapsulates tunnel packet and delivers to R. 9) If connectivity to changes, due to Provider A path is down or R moves, A gets back a ICMP-host-unreachble (from any router on the path) for address Subsequent packets from S get enapsulated by A to address 10) Periodically A can send IP-prot= “ LISP-control ” packets to the unreachable locator address and when the SA is that Locator address in the returning ICMP ID-mapping message, A can conclude the Locator is reachable again 11) C could glean ID->Locator mapping when decapsulating and avoid the signalling step back. 12) A could encapsulate packets for S with alternating SA Locator address so when C gleans, it can get all Locator addresses for S ’ s ID.

103 LISP (RID-based)Dino, Dave, Jason, Vince10/2006 - 103 LISP Overview Uses well-known IP-in-IP tunneling technology – IDs are stored in the inner IP header (the header the source host builds) – Locators are stored in the outer IP header (the header the tunnel ingress router builds) The tunnel endpoint routers: – Keep the ID-to-Locator(s) cache – The Locator Addresses are the IP addresses of the egress tunnel router(s) The tunnel endpoint routers can be: – First-hop and last-hop routers (directly connected to endpoints) – Site-resident border routers – And for TE cases, provider-resident routers

104 NERD: A Not-so-novel EID to RLOC Database [LISP TutorialIETF Vancouver Dec 2007Slide 21]

105 LISP (RID-based)Dino, Dave, Jason, Vince10/2006 - 105 LISP Drawbacks If PI addresses are used for IDs – LISP requires them to be routable FIXME Bullshit How to reduce routeable PI usage: – Create an economic incentive to not use them For large sites renumbering is costly, so they pay and can afford routeable PIs Small sites use PA because renumbering is easier and they can ’ t afford routeable PIs We just created a provider revenue generator but they need to share that revenue with peer providers since others bear the cost of carrying PI routes as well – Create a automatic method for renumbering So it ’ s easy to renumber when there is a PA site change Then PA addresses are used for IDs everywhere Mobility fail

106 How to compare those? – How much change in end hosts? Applications? Sockets API? Kernel? – How much change in network? Routers? DNS / ID to Locator mapping service? Rather Evolutionary / rather clean-slate? How active / “alive” / progressed are these approaches?

107 So, how to send a packet to this “ID” 00:00:0B ? Host AHost B IP B1 IP B2 ID 00:00:0B Opens connection to ID 00:00:0b Opens connection to ID 00:00:0b Host A’s network stack does all the lookup & encryption!

108 HIP – Changes in DNS setup, but not necessary – Backwards compatible Strong focus on security – How good is it, though? What problems does it solve, which not? Critique / reception Who worked on it, how popular is it? – Working LKM (Linux Kernel Module), active community





Download ppt "CS 598 MCC – Advanced Internetworks Future Internet Architecture Locator-/Identifier-Split Quirin Scheitle"

Similar presentations

Ads by Google