Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Data-Oriented Network Architecture ACM Sigcomm’07 (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, Scott Shenker, I. Stoica)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 A Data-Oriented Network Architecture ACM Sigcomm’07 (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, Scott Shenker, I. Stoica)"— Presentation transcript:

1 1 A Data-Oriented Network Architecture ACM Sigcomm’07 (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, Scott Shenker, I. Stoica)

2 2 Problem Internet was designed for host-to-host communication -“contact this host...” -ftp, and telnet -care about the location of host Internet is mainly used for data access -“get me this data.....” -data retrieval, service access -care about the content, and be oblivious to location Mismatch between usage and design: -data migration and replication unnecessarily hard -requires Akamai- and BitTorrent-like designs to scale Question: what would the Internet look like if we designed it around data access?

3 3 Style of this Work Almost every aspect of this design is borrowed from other work, but our contribution is the synthesis of these various ideas into a coherent architecture. Mechanisms: HTTP, anycast, pub/sub, SFS, HIP,... Architecture: -content routing:TRIAD -naming: LFN/DOA no new ideas!

4 4 What Do Users Care About? Persistence of names: -Follow data migration: once given a name for some data or service, the user would like that name to remain valid as long as the underlying data or service is available. -Today: HTTP redirects, email forwarding (not sufficient) Availability of data: (both latency and reliability) -Take advantage of replicated data -Today: Akamai/BitTorrent Authenticity of data: -Know that data came from intended source, not from some spoofing adversary. -Today: securing the channel (IPsec, TLS), or PKI

5 5 Current Barriers Rigid and Weak Naming: hostname/path -Ties data to host, making migration/replication hard -Doesn’t help much with authentication Protocol Mess: e.g., DNS, TCP, HTTP -Data isn’t named until the application is invoked -Caching (and other data handling) is application-specific -No low-level support for anycast-like service discovery

6 6 Fix #1: Flat, Self-certifying Names Self-certifying (SFS, HIP) -Data associated with principal P with public key Kp -Names are of the form: Hash(Kp): label -Data requests return: -Can verify name related to Kp, and Kp signed data Name not tied to location, so naming isn’t rigid -resolution mechanism described later

7 7 Gives Better Separation of Concerns Names take care of persistence, authenticity Protocols can then focus on availability -latency -reliability

8 8 Fix #2: Better Protocol Structure Implement replication and caching at lower level: -find closest replica without application-level tricks -caching infrastructure not application-specific DONA does this through two major changes: -insert data-handling shim layer right above IP -resolve name by routing to data (TRIAD) better fate sharing less complicated management No DNS, no lookup, just routing on names

9 9 New Network Entities Data Handlers (DHs): operate at data-handling layer -DHs do name-based routing and caching -a logical DH per administrative unit think of AS hierarchy (and finer grain below) Authoritative Resolvers (ARs): -AR(P) can point to authoritative copy of P’s data -think of as P’s DNS resolver

10 10 New Network Primitives Fetch(name): data request -data name -transport header -application header Register(name): offer to serve data (authenticated) -Register individual data items: Hash(Kp):label -Register authoritative resolver: Hash(Kp):*

11 11 Overview Clients configured with local DH (replaces DNS) to which they send their fetch requests DHs respond to fetch if data is in cache Otherwise, DH routes fetch towards nearest copy of data by sending to a next-hop DH -can insert own address in fetch packet so that it receives data on way back If name isn’t in routing table, fetch routed towards AR

12 12 Routing Fetches Need to implement anycast routing at DONA-layer Use RH hierarchy to guide routing RH

13 13 Register Commands... RHs forward register commands to parents and peers RH AR Copy 1 Copy 2

14 14...Establish Routing State Arrows represent next-hop entries for registered data Scaling: RHs only hold state for items below -core: few TBs -edge: typically far less than a GB RH AR Copy 1 Copy 2

15 15 Anycast Routing of Fetches If there’s an entry for a data item, follow next-hop Otherwise, send to parent Standard routing behavior, but at DONA-layer RH AR Copy 1 Copy 2Client

16 16 DONA Naming makes it easy to authenticate data DONA-layer provides easy access to data: -name-based “resolution through routing” -caching and replication infrastructure DONA makes it easier to build transport, applications

17 17 Extensions Cache both data and fetches: -RSS-like behavior, cache invalidation Policy (tbd): -based on first packet, domains can decide to deny route through proxies ask for more authentication hand back capabilities set up state -think of this as “off path” signaling (PF)

18 18 Open Questions Does this scale? -Boils down to money: edges cheap, core not-so-cheap -Big unknown: (compounded) cache hit rates Is caching and replica-selection too app-specific? -Our guess is no, but the burden of proof is on us Is there an incrementally deployable version of DONA? -Suggestions welcome!

Download ppt "1 A Data-Oriented Network Architecture ACM Sigcomm’07 (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, Scott Shenker, I. Stoica)"

Similar presentations

1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)

1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)
IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.

IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Content Centric Networking in Tactical and Emergency MANETs Soon Y. Oh, Davide Lau, and Mario Gerla Computer Science Department University of California,

Content Centric Networking in Tactical and Emergency MANETs Soon Y. Oh, Davide Lau, and Mario Gerla Computer Science Department University of California,
Incrementally Deployable Information Centric Networking 1 Seyed K. Fayazbakhsh, Yin Lin, Amin Tootoonchian, Ali Ghodsi, Teemu Koponen, Bruce Maggs, KC.

Incrementally Deployable Information Centric Networking 1 Seyed K. Fayazbakhsh, Yin Lin, Amin Tootoonchian, Ali Ghodsi, Teemu Koponen, Bruce Maggs, KC.
Data-Oriented (and Beyond) Network Architecture Article from 2007 SIGCOMM conference Presented by Vilen Looga, M.Sc. DCS Lab Aalto University School of.

Data-Oriented (and Beyond) Network Architecture Article from 2007 SIGCOMM conference Presented by Vilen Looga, M.Sc. DCS Lab Aalto University School of.
Location vs. Identities in Internet Content: Applying Information-Centric Principles in Today’s Networks Instructor: Assoc. Prof. Chung-Horng Lung Group.

Location vs. Identities in Internet Content: Applying Information-Centric Principles in Today’s Networks Instructor: Assoc. Prof. Chung-Horng Lung Group.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
An Engineering Approach to Computer Networking

An Engineering Approach to Computer Networking
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
CDNs & Replication Prof. Vern Paxson EE122 Fall 2007 TAs: Lisa Fowler, Daniel Killebrew, Jorge Ortiz.

CDNs & Replication Prof. Vern Paxson EE122 Fall 2007 TAs: Lisa Fowler, Daniel Killebrew, Jorge Ortiz.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
1 A Course-End Conclusions and Future Studies Dr. Rocky K. C. Chang 28 November 2005.

1 A Course-End Conclusions and Future Studies Dr. Rocky K. C. Chang 28 November 2005.
1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:
1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.

1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Wide-area cooperative storage with CFS

Wide-area cooperative storage with CFS
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Similar presentations

Ads by Google