Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2001, J. Touch USC/ISI. All rights reserved. Nov. 19, 20011 An Architecture for Virtual Internets Joe Touch Director, Postel Center for Experimental.

Similar presentations


Presentation on theme: "Copyright 2001, J. Touch USC/ISI. All rights reserved. Nov. 19, 20011 An Architecture for Virtual Internets Joe Touch Director, Postel Center for Experimental."— Presentation transcript:

1 Copyright 2001, J. Touch USC/ISI. All rights reserved. Nov. 19, An Architecture for Virtual Internets Joe Touch Director, Postel Center for Experimental Networking Computer Networks Division USC/ISI

2 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Outline  Background  Architecture  Projects  X-Bone – FreeBSD/Linux tool to deploy VIs for experiments, testbeds, and lab classes  DynaBone – applying layered Vis for fault tolerance and DDOS resistance  NetFS – OS extension of network control and access API to support concurrent VIs

3 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, – What is a VI? –  A network using encapsulation-based links  A way to test new protocols  A way to share infrastructure  A way to virtualize a network topology  as VM is to memory

4 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Concurrent VIs Star-ovl Ring-ovl IP Base Network

5 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, User’s view of Vis star-ovl A B D C ring-ovl A B D C IP Base A B D C

6 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Uses of VIs  Increase sharing  Concurrent use  Partition resources  Deploy peer services, test protocols  Simplify views of a complex structure  Hierarchies: layering (recursion), divide-and-conquer, embedding  Increase portability  Indirection allows remapping  Remapping for fault tolerance, mobility

7 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Virtual Systems  Logical version of a real, physical resource  Virtual memory  Larger space  Via map memory onto hard disk  Virtual machine  Emulated PCs (VMware), portable code (P-mch, JVM)  Via emulation of PC  Virtual circuit  Multiple connections over a single path  Via packet swithing and end-to-end state

8 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Network Virtualizations  Wire -> virtual wire (packets)  Share links, provide fault tolerance  NIC -> VIF  Emulate multiple end systems  LAN -> VLAN  Share switching / bridging resources  VPNs and overlays  Emulate and share the entire network

9 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Challenges of VIs  Extension of the Internet architecture  Compatible, incrementally-deployable  Scalable deployment and management  Divide-and-conquer, merge, split  Inter-VI access  Access to services across VIboundaries  ‘the Graph Embedding problem’  Optimization, fault tolerance can be hard

10 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, – VI Architecture –  Multihoming  Multiple Internets, not just AS’s  Use VIFs and iterative forwarding  Tunneling  Weak network layer for endpoint addressing  Strong link layer for routing, forwarding control  Integrate with dynamic routing, Ipsec  Addressing  In the end system, e.g., OS API  Naming over the wide area

11 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Multihoming RFC 1122/1123 Host NIC IP address binds to one NIC Multihomed Host NIC IP address binds to each NIC NIC VNIC Virtual Router  Apps can’t select source IP, no IP w/o NIC

12 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Host Implications  Need for an internal router  Must participate in routing protocols  Input interface groups  Inaddr-any on subsets of interfaces  Output interface selection  VIF as source of all traffic  DNS  context sensitive replies

13 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Router Implications  VI-sensitive forwarding  Solve via separate IP spaces (merge VI-ID with endpoint ID)  Intra-VI routing protocols  Solve via admit/exclude rules among subsets of interfaces (preprocess gated/mrtd config files)

14 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Problem: lost context  Incoming tunnel is context  input (de-tunnel, de-IPSEC, demux)  forwarding  route exchanges  Keep this context  retain on decaps.  use as context for processing  currently via separate IP space  later via Overlay ID

15 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Dynamic routing  Double encapsulation:  Overlay endpoints  Overlay link  Supports  Multihop overlay (routing within the overlay)  Multiple visits to a single router DataOvl Ends Ovl LinkBase Inet

16 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, DE Networking DATAA  DQ  RX  Y A  DS  TY  Z Ovl-DOvl-A OLink-TOLink-Q Base-Z HOST Base-X HOST DATAA  D A  D Ovl-C OLink-S Ovl-B OLink-R Base-Y ROUTER

17 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, DE In Action 1. App emits (D)[-,E4] 2. *E routes to VIF1 3. VIF1 adds: source IP (D)[E1,E4] ‘link’ (D)[E1,E2]+[L1,L2] 4. L2 routes to VIF2 5. VIF2 adds ‘phys’ (D)[E1,E4][L1,L2]+[P1,P2] 6. Internet routes (D)[E1,E4][L1,L2][P1,P2]

18 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Parallel tunnels  Multiple paths between two endpoints  allows a single node to play more than once in a single overlay  Multiple tunnels  ‘Strong’ host model (IP per NIC)  Peek-ahead during decapsulation  Provides per-tunnel statistics and control  Aliases  Susceptible to interface contention  Harder to control source address  Requires less OS support

19 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Multi-tunnel vs. aliases Ovl- A Olink- Q Ovl- B Olink- R Ovl- C Olink- S Ovl- D Olink- T Base-X Base-Y Olink-R- Q Olink-T-S Olink-Q- R Olink-S-T Ovl- A Ovl- B Ovl- D Ovl- C S  TX  YDATAC  D A  BQ  RX  Y Multi-tunnel: Which VIF decapsulates? Base-X Base-Y Aliases: One VIF decapsulates both Packets on the wire (same)

20 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, HBH IPSEC  Use where E2E not available  Secures HBH protocols – routing, ICMP

21 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, IPSEC for the overlay DATAOvl-Src, Ovl-DstOLink-Src, OLink-DstBase-Src, Base-Dst Application IPSEC (overlay endpoints) Virtual network IPSEC (overlay links) Base network IPSEC (base endpoints)

22 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, V1 V2 Dyn. Routing + IPSEC  Key-per-link interferes with routing  Solve with VIF using IPIP then IPSEC Tun src  Tun dst IPSEC Tunnel Mode IPSEC DATA IP src  IP dst IIPtran DATA IP src  IP dst 1  Tun srcTun dst IPSEC 2 K1 A B C Z K2 B C Z K1 A

23 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Integrating Routing  Gated / mrtd  via gated.conf / mrtd.conf script processing  isolate RIP announcements within each overlay, separate from base network  Mrouted  via mrouted.conf pre-processing  isolate overlay multicast routing via boundary on virtual IP interfaces

24 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Costs of Encapsulation  Packet MTU limits  Layers eat packet space  May stress impls.  Bandwidth costs  20% (10% IPSEC’d)  Latency costs  msec per hop

25 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Layered double tunnels DATA Base-Src, Base-Dst DATA OvlSrc2-OvlDst2 OLinkS2-OLinkD2 Ovl-Src, Ovl-Dst OLink-Src, OLink-Dst Base-Src, Base-Dst OLink-Src, OLink-Dst

26 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Problem: Service Deployment Action File Generator Script http ring-ovl A B D C XB-OM RD Generic ABone Generator Script Node Action File Node Action File Node Action File Node Action File (User Input) Overlay-Specific Parameters: TCL/ACL, JDK (XBone-Auto) Node-Specific Parameters: Ovl Name, IPs, Topology

27 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Network Reentrancy  Need VI context sensitive:  View of interface list  View of ports  Logins  File systems (for logs)

28 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Problem: Recursion  Easy if deterministic  One inner layer  Harder if policy-based layering  Layer N determines Layer N-1 A A B B policy C C X Y

29 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Recursion solutions:  ARP  Treats lower layer like link  Needs broadcast  BGP  Treat inner network like a transit AS  Needs to determine encapsulation

30 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, ––– Projects –––  X-Bone  DWIM VI Deployment  DynaBone  Multilayer spread-spectrum VIs  NetFS  Context-sensitive views

31 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, – DWIM VIs (X-Bone) –  DWIM concept  API  Useful defaults (esp. to get around complexities)  “COTS” distributed management  Expanding ring search  Soft state with hard backup  Heartbeats  ACLs and resource management

32 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, X-Bone Objectives  Dynamically deploy overlay networks  user/application setup, monitor, teardown  Via existing stacks in new ways  integrate IPsec, dynamic routing  With enhanced capability  hierarchical, stackable  nodes in multiple overlays, in a single overlay multiple times

33 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, X-Bone System View Web GUI X-Bone system Multiple views Automated monitoring link xd GUI Overlay Manager Overlay Manager Resource Daemon Resource Daemon Resource Daemon Resource Daemon Resource Daemon Resource Daemon router host ring-ovl IP Base A B D C A B D C star-ovl A B D C Star Overlay Base IPv4 Network Ring Overlay

34 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Creating the Ring isipc2 eql udelsec cos div sin bbn Internet Ring Ovl. OM RequestResult

35 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, X-Bone Components SNMP/RSVP Distributed Control Impl. Cartwheels VI Architecture

36 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Impact Goals  Reduce deployment effort  Deploy tools easily, overlays effortlessly  Safe configuration, management, monitoring  Existing OSs, apps., network infrastructure  Extend network architecture  Dynamic, concurrent overlays  Recursive / stackable overlays  Share in multiple overlays, multiply in one

37 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, The X-Bone is…  A system for automated overlay deployment  among a closed set of trusted hosts and routers  provide coordination, configuration, management  many details are plug-replaceable  New tricks for overlays (use of overlays)  overlays on overlays on overlays on …  fault tolerance, service deployment  member in multiple overlays, in single multiple times  New tricks for old dogs (extend network arch.)  use existing stacks and applications

38 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, What We Don’t Do…  Optimize the overlay topology  we use a plug-in module (AI folk can provide)  it requires network status (emerging now)  fault tolerance only via ground truth (admin. issue)  X-Bone is capability more than performance (now)  Non-IP overlays  IP is the interoperability layer  IP recurses / stacks nicely

39 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Before/after TaskBefore X-BoneWith X-Bone Select properties manual ad-hoc manual or via program pick from menus Select components manual OOB , phone automated OM finds RDs via multicast Design manualautomated OM computes topology Install manual OOB, telnet, SNMP automated OM configures RD via TCP Monitor Various in-band tools infer from visible state X-Bone tools explicitly monitor state Dismantle telnet, SNMP, or to off-line recorded state automated on command, timer-based

40 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Related Work  Darwin/VNS (CMU)  deploy a reserved core overlay (QoS)  Netscript/VAN (Columbia)  deploy a set of virtual NICs in EEs (Anets)  Detour (U. Wash.) / RONs (MIT)  patch routing with tunnels  VPNs  fence-out, incremental, exclusive, host-focus  Multi-level – MorphNet, Supranet  ATM – GUILN, Switchlets  Manual overlays – Mbone, 6bone, A-Bone

41 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, X-Bone Differences  Integrated end-to-end overlays  overlays as more than an interim solution  extend architecture (IPsec, multihoming)  Recursive Internet architecture  runs on IP; provides IP to upper level  Deploying an alpha-grade tool  increase sharing, ease setup (CAIRN, AN)  simplify applications, user use  safe, secure, coordinated  Production use for classes, testbeds

42 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, X-Bone Users  ISI Network lab – 17 Fbsd/Linux  USC CS net lab – 24 Linux, 48 students  UCL - 6 Fbsd nodes  CAIRN – 10 Fbsd nodes  LUT / 3G - Finnish dynamic mobile svcs Canadian Gov’t (CRC) Project  A-Bone – deploying the backbone

43 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, –AntiDDOS (DynaBone)–  Spread-spectrum parallel defenses  RAID for packets  Adaptive configuration  Proactive and reactive management  Using existing OS/App/protocols  Like X-Bone

44 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Performance tradeoffs Bandwidth Latency CPU load

45 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Bandwidth variations

46 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Latency variations

47 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Outerlay DynaBone architecture Spread-Spectrum Multilayer Internet Overlays Innerlays Base network 3DES encrypt / Linkstate RC5 encrypt / RIP PRMPRM PRMPRM MD5 auth / static

48 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Outerlay Innerlays Base network 3DES encrypt / Linkstate RC5 encrypt / RIP MD5 auth / static PRMPRM PRMPRM Reacting to attack X

49 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, PRM Detail PRMPRM Mux per packet? per TCP? M Demux reorder? drop dups? Monitor inject measure DDOS Attack Detection Performance Metrics (pathchar)

50 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Why use overlays?  PRMs can coordinate  FEC-style replicate on each Innerlay, filter copies at receiver  TCP SYN send on high-security Innerlay, data on high-speed Innerlay; receiver accepts SYNs only from high-security Innerlay  Algorithmic diversity  IPsec, routing, DNS, etc.

51 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, – NetFS –  X-Bone application deployment highlights need for compartmentalized root  Solution:  File system API to network config, sockets  Extends file system’s fine-grained security  Sandboxes services  Sandboxes network management  Single API for network apps across OS’s

52 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Goals  Simple, standard interface  Across different OS’s  File system API and semantics  Fine-grained security  User, group, world, etc.  Per instance of each resource  Context-dependent views  Limits “ifconfig –a” response

53 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Intertwined control interfaces Socket API sockopt ioctl sysctl In-band API routes communication channels

54 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, NetFS control interfaces NetFS File API routes communication channels

55 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, /netfs file system /netfs ifacerouteipfwproto fxp0lo defaultalias1alias2 etherip tcpudp 2526 maskaddr default 10 addrmask ipsec

56 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Named pipe impl. / netfs ifaceroute fxp0 ip addr addrmask Read = Write = route symlink

57 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Process-context view /netfs ifaceroute BA ZYX Process A ~netfs ifaceroute Process B ~netfs ifaceroute

58 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Related work  Linux’s /procfs  Processes  Jail  Limits root access to 1 IP addr per partition  Plan 9’s /net  Sockets  FreeBSD extensions (underway)  Add naming (kernel hack) to interfaces

59 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, – Results –  Architcture  Two layer tunnels (IETF VPN)  Decoupled encapsulation from IPsec (IETF IPsec)  X-Bone, DynaBone, and NetFS targets  DWIM system for experiments / testbeds  X-Bone in FreeBSD 4.x /usr/ports, Linux 7.x* RPM  A-Bone deployment  Implementation fixes  Interative forwarding (IETF TSVWG/SCTP)  Long list of interfaces (dhcp, etc)  IPsec keys on VIFs (FreeS/WAN), no dual-mode

60 Copyright 2001, J. Touch, USC/ISI. All rights reserved. Nov. 19, Further information  X-Bone   FreeBSD 4.3+ in /usr/ports/net/xbone  Linux RPM from website  Papers in Global Internet 1998 (at Globecom), ICNP 2000, Computer Networks July 2001  DynaBone  (coming soon)


Download ppt "Copyright 2001, J. Touch USC/ISI. All rights reserved. Nov. 19, 20011 An Architecture for Virtual Internets Joe Touch Director, Postel Center for Experimental."

Similar presentations


Ads by Google