Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt."— Presentation transcript:

1 Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt Lloyd and Jeff Terrace http://www.cs.princeton.edu/courses/archive/spring09/cos461/ 1

2 Goals of Today’s Lecture Motivations for overlay networks – Incremental deployment of new protocols – Customized routing and forwarding solutions Overlays for partial deployments – 6Bone, Mbone, security, mobility, … Resilient Overlay Network (RON) – Adaptive routing through intermediate node Multi-protocol label switching (MPLS) – Tunneling at L2.5 2

3 Overlay Networks 3

4 4

5 5 Focus at the application level

6 IP Tunneling to Build Overlay Links IP tunnel is a virtual point-to-point link – Illusion of a direct link between two separated nodes Encapsulation of the packet inside an IP datagram – Node B sends a packet to node E – … containing another packet as the payload 6 A B E F tunnel Logical view: Physical view: A B E F

7 Tunnels Between End Hosts 7 A C B Src: A Dest: B Src: A Dest: B Src: A Dest: C Src: A Dest: B Src: C Dest: B

8 Overlay Networks A logical network built on top of a physical network – Overlay links are tunnels through the underlying network Many logical networks may coexist at once – Over the same underlying network – And providing its own particular service Nodes are often end hosts – Acting as intermediate nodes that forward traffic – Providing a service, such as access to files Who controls the nodes providing service? – The party providing the service – Distributed collection of end users 8

9 Overlays for Incremental Deployment 9

10 Using Overlays to Evolve the Internet Internet needs to evolve – IPv6 – Security – Mobility – Multicast But, global change is hard – Coordination with many ASes – “Flag day” to deploy and enable the technology Instead, better to incrementally deploy – And find ways to bridge deployment gaps 10

11 6Bone: Deploying IPv6 over IP4 11 A B E F IPv6 tunnel Logical view: Physical view: A B E F IPv6 C D IPv4 Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Src:B Dest: E Flow: X Src: A Dest: F data Src:B Dest: E A-to-B: IPv6 E-to-F: IPv6 B-to-C: IPv6 inside IPv4 B-to-C: IPv6 inside IPv4

12 Secure Communication Over Insecure Links Encrypt packets at entry and decrypt at exit Eavesdropper cannot snoop the data … or determine the real source and destination 12

13 Communicating With Mobile Users A mobile user changes locations frequently – So, the IP address of the machine changes often The user wants applications to continue running – So, the change in IP address needs to be hidden Solution: fixed gateway forwards packets – Gateway has a fixed IP address – … and keeps track of the mobile’s address changes 13 gateway www.cnn.com

14 IP Multicast Multicast – Delivering the same data to many receivers – Avoiding sending the same data many times IP multicast – Special addressing, forwarding, and routing schemes 14 unicastmulticast

15 MBone: Multicast Backbone A catch-22 for deploying multicast – Router vendors wouldn’t support IP multicast – … since they weren’t sure anyone would use it – And, since it didn’t exist, nobody was using it Idea: software implementing multicast protocols – And unicast tunnels to traverse non-participants 15

16 Multicast Today Mbone applications starting in early 1990s – Primarily video conferencing, but no longer operational Still many challenges to deploying IP multicast – Security vulnerabilities, business models, … Application-layer multicast is more prevalent – Tree of servers delivering the content – Collection of end hosts cooperating to delivery video Some multicast within individual ASes – Financial sector: stock tickers – Within campuses or broadband networks: TV shows – Backbone networks: IPTV 16

17 Case Study: Resilient Overlay Networks 17

18 RON: Resilient Overlay Networks 18 Premise: by building application overlay network, can increase performance and reliability of routing Two-hop (app-level) Berkeley-to-Princeton route app-layer router Princeton Yale Berkeley http://nms.csail.mit.edu/ron/

19 RON Circumvents Policy Restrictions IP routing depends on AS routing policies – But hosts may pick paths that circumvent policies 19 USLEC PU Patriot ISP me My home computer

20 RON Adapts to Network Conditions Start experiencing bad performance – Then, start forwarding through intermediate host 20 A C B

21 RON Customizes to Applications VoIP traffic: low-latency path Bulk transfer: high-bandwidth path 21 A C B voice bulk transfer

22 How Does RON Work? Keeping it small to avoid scaling problems – A few friends who want better service – Just for their communication with each other – E.g., VoIP, gaming, collaborative work, etc. Send probes between each pair of hosts 22 A C B

23 How Does RON Work? Exchange the results of the probes – Each host shares results with every other host – Essentially running a link-state protocol! – So, every host knows the performance properties Forward through intermediate host when needed 23 A C B B

24 RON Works in Practice Faster reaction to failure – RON reacts in a few seconds – BGP sometimes takes a few minutes Single-hop indirect routing – No need to go through many intermediate hosts – One extra hop circumvents the problems Better end-to-end paths – Circumventing routing policy restrictions – Sometimes the RON paths are actually shorter 24

25 RON Limited to Small Deployments Extra latency through intermediate hops – Software delays for packet forwarding – Propagation delay across the access link Overhead on the intermediate node – Imposing CPU and I/O load on the host – Consuming bandwidth on the access link Overhead for probing the virtual links – Bandwidth consumed by frequent probes – Trade-off between probe overhead and detection speed Possibility of causing instability – Moving traffic in response to poor performance – May lead to congestion on the new paths 25

26 We saw tunneling “on top of” IP. What about tunneling “below” IP? Introducing Multi-Protocol Label Switching (MPLS) 26

27 Why Tunnel? Reliability – Fast Reroute, Resilient Overlay Networks (Akamai SureRoute) Flexibility – Topology, protocol Stability (“path pinning”) – E.g., for performance guarantees Security – E.g., Virtual Private Networks (VPNs) Bypassing local network engineers – Censoring regimes: China, Pakistan, … 27

28 MPLS Overview Main idea: Virtual circuit – Packets forwarded based only on circuit identifier Destination Source 1 Source 2 Router can forward traffic to the same destination on different interfaces/paths. 28

29 MPLS Overview Main idea: Virtual circuit – Packets forwarded based only on circuit identifier Destination Source 1 Source 2 Router can forward traffic to the same destination on different interfaces/paths. 29

30 Circuit Abstraction: Label Swapping Label-switched paths (LSPs): Paths are “named” by the label at the path’s entry point At each hop, MPLS routers: – Use label to determine outgoing interface, new label – Thus, push/pop/swap MPLS headers that encapsulate IP Label distribution protocol: responsible for disseminating signalling information A 1 2 3 A 2D Tag Out New D 30

31 Reconsider security problem 31

32 Layer 3 Virtual Private Networks Private communications over a public network A set of sites that are allowed to communicate with each other Defined by a set of administrative policies – Determine both connectivity and QoS among sites – Established by VPN customers – One way to implement: BGP/MPLS VPN (RFC 2547)

33 Layer 2 vs. Layer 3 VPNs Layer 2 VPNs can carry traffic for many different protocols, whereas Layer 3 is “IP only” More complicated to provision a Layer 2 VPN Layer 3 VPNs: potentially more flexibility, fewer configuration headaches 33

34 Layer 3 BGP/MPLS VPNs Isolation: Multiple logical networks over a single, shared physical infrastructure Tunneling: Keeping routes out of the core VPN A/Site 1 VPN A/Site 2 VPN A/Site 3 VPN B/Site 2 VPN B/Site 1 VPN B/Site 3 CE A1 CE B3 CE A3 CE B2 CE A2 CE 1 B1 CE 2 B1 PE 1 PE 2 PE 3 P1P1 P2P2 P3P3 10.1/16 10.2/16 10.3/16 10.1/16 10.2/16 10.4/16 BGP to exchange routes MPLS to forward traffic 34

35 High-Level Overview of Operation IP packets arrive at PE Destination IP address is looked up in forwarding table Datagram sent to customer’s network using tunneling (i.e., an MPLS label-switched path) 35 PE 1 PE 2 PE 3

36 BGP/MPLS VPN key components Forwarding in the core: MPLS Distributing routes between PEs: BGP Isolation: Keeping different VPNs from routing traffic over one another – Constrained distribution of routing information – Multiple “virtual” forwarding tables Unique Addresses: VPN-IPv4 extensions – RFC 2547: Route Distinguishers 36

37 Virtual Routing and Forwarding Separate tables per customer at each router 10.0.1.0/24 RD: Purple 10.0.1.0/24 RD: Blue 10.0.1.0/24 Customer 1 Customer 2 Customer 1 37

38 Forwarding PE and P routers have BGP next-hop reachability through the backbone IGP Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops Two-Label Stack is used for packet forwarding Top label indicates Next-Hop (interior label) Second label indicates outgoing interface / VRF (exterior label) IP Datagram Label 2 Label 1 Layer 2 Header Corresponds to LSP of BGP next-hop (PE) Corresponds to VRF/interface at exit 38

39 Forwarding in BGP/MPLS VPNs Step 1: Packet arrives at incoming interface – Site VRF determines BGP next-hop and Label #2 IP Datagram Label 2 Step 2: BGP next-hop lookup, add corresponding LSP (also at site VRF) IP Datagram Label 2 Label 1 39

40 Layer 3 BGP/MPLS VPNs VPN A/Site 1 VPN A/Site 2 VPN A/Site 3 VPN B/Site 2 VPN B/Site 1 VPN B/Site 3 CE A1 CE B3 CE A3 CE B2 CE A2 CE 1 B1 CE 2 B1 PE 1 PE 2 PE 3 P1P1 P2P2 P3P3 10.1/16 10.2/16 10.3/16 10.1/16 10.2/16 10.4/16 BGP to exchange routes MPLS to forward traffic 40

41 Conclusions Overlay networks – Tunnels between host computers – Build networks “on top” of the Internet – Deploy new protocols and services – Provide better control, flexibility, QoS, isolation, … Underlay tunnels – Across routers within AS – Build networks “below” IP route – Provide better control, flexibility, QoS, isolation, … Next time – Peer-to-peer applications 41

Download ppt "Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt."

Similar presentations

Virtual Links: VLANs and Tunneling

Virtual Links: VLANs and Tunneling
MPLS VPN.

MPLS VPN.
Identifying MPLS Applications

Identifying MPLS Applications
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Internet Routing (COS 598A) Today: Multi-Protocol Label Switching Jennifer Rexford Tuesdays/Thursdays.

Internet Routing (COS 598A) Today: Multi-Protocol Label Switching Jennifer Rexford Tuesdays/Thursdays.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.

CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
Routing Overlays and Virtualization (Nick Feamster) February 13, 2008.

Routing Overlays and Virtualization (Nick Feamster) February 13, 2008.
MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer

MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer
A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.

A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.
Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.

Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.
CS 672 1 Summer 2003 Lecture 14. CS 672 2 Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Middleboxes and Tunneling Reading: Sect 8.5, 9.4.1, 4.5 COS 461: Computer Networks Spring 2011 Mike Freedman

Middleboxes and Tunneling Reading: Sect 8.5, 9.4.1, 4.5 COS 461: Computer Networks Spring 2011 Mike Freedman
1 Overlay Networks Reading: 9.4 COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford Teaching Assistants: Sunghwan Ihm and.

1 Overlay Networks Reading: 9.4 COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford Teaching Assistants: Sunghwan Ihm and.
Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.

Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.
MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.

MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.

Similar presentations

Ads by Google