Presentation is loading. Please wait.

Presentation is loading. Please wait.

SNAMP: Secure Namespace Mapping to Scale NDN Forwarding Alex Afanasyev (University of California, Los Angeles) Cheng Yi (Google) Lan Wang (University of.

Published byEaster Ross Modified over 8 years ago

Similar presentations

Presentation on theme: "SNAMP: Secure Namespace Mapping to Scale NDN Forwarding Alex Afanasyev (University of California, Los Angeles) Cheng Yi (Google) Lan Wang (University of."— Presentation transcript:

1 SNAMP: Secure Namespace Mapping to Scale NDN Forwarding Alex Afanasyev (University of California, Los Angeles) Cheng Yi (Google) Lan Wang (University of Memphis) Beichuan Zhang (University of Arizona) Lixia Zhang (University of California, Los Angeles) 18th IEEE Global Internet Symposium (GI 2015) April 27, 2015

2 NDN overview: basics Two types of packets – Interest packet name nonce optional selectors – Data packet name content signature Names defined by applications – /net/ndnsim/www/index.html/... 2 Name Selectors (opt) Nonce Name Selectors (opt) Nonce Interest packet Name Content Signature Name Content Signature Data packet

3 NDN overview NDN separates – objective of retrieving – specifics of how to do it Interest names exactly what to fetch – matching (secured) Data is retrieved by the network – from caches, in-network storage, or data producers 3 Interest In-network storage Caches Data

4 Problem NDN forwards interest by data names – over 200 million just 2 nd -level DNS names – number of all names applications would use are several orders of magnitude larger, if not infinite – even with all hierarchical aggregation, still too many names How to scale NDN forwarding tables? 4

5 Solution Secure Namespace Mapping (SNAMP) – To cross transit network, names may need to get mapped to (a set of) another names – Interests will carry additional names to guide forwarding process Based on map-n-encap idea – proposed many years back to scale IP routing globally routable and non-routable addresses DNS to map IP-IP encapsulation to forward packets 5 S. Deering. “The Map & Encap Scheme for scalable IPv4 routing with portable site prefixes.” Presentation Xerox PARC, 1996. M. O’Dell. “8+8—An alternate addressing architecture for IPv6.” Internet draft (draft-odell-8+8-00), 1996. D. Farinacci. “Locator/ID separation protocol (LISP).” Internet draft (draft-farinacci-lisp-00), 2007. R. Atkinson, S. Bhatti, and S. Hailes. “ILNP: mobility, multi- homing, localized addressing and security through naming.” Telecommunication Systems, 42(3), 2009. map / encapsulate User Networks Transit networks

6 General Goals Keep the forwarding (routing) table size under control – what goes to the table will be determined by popularity of the data network operation practices tradeoffs between network functionality and cost Avoid any changes for NDN apps semantics – no changes to naming of the data units – no changes to apps 6

7 A Few Terms FIB – forwarding information base (~routing table) DFZ – default free zone (core transit network) Namespace delegation – owner of namespace endorses that interests for the data in the namespace can be satisfied if forwarded towards another namespace (/net/ndnsim) -> (/telia/latvia/terabits) LINK object or just LINK – collection of delegations with preferences from the same namespace (/net/ndnsim) -> (/telia/latvia/terabits 100; /ucla/cs 10) 7

8 System Overview 8

9 More Design Goals and Considerations Do not require routers lookup mapping Do not require changes to the application – a local agent (local NFD?) or an application library performs lookup when needed Invoke mechanism only when necessary – A lot of communication is expected to be local and ad hoc 9

10 Data Retrieval with SNAMP (1) 10

11 Data Retrieval with SNAMP (2) 11

12 Data Retrieval with SNAMP (3) 12

13 Multiple Delegations in the LINK Object Reasons – Producer multihoming – Replicated dataset Impact on interest forwarding – NDN network is supposed to forward interests towards “closest” data available – End-hosts/consumer-networks don’t have knowledge which is “closer” can pick at random and learn over time – DFZ routers have routing and data plane performance parameters informed choice 13

14 Data Retrieval with SNAMP (summary) 14

15 Discovery of the LINK Object Pre-configured knowledge Application-level exchange – Real-time producer can “give” a new link to consumers, when changes occur – LINK can be “sync”ed up Discovery using infrastructure support – NDNS (DNS for NDN, https://github.com/named- data/ndns)https://github.com/named- data/ndns 15

16 Simplified Picture of NDNS Lookup* 16 * Real NDNS lookup includes discovery of NS records and key records to verify validity of the data

17 “Devils are in Details” 17

18 “Evil” Details Format of LINK and how it is included in the Interest Modification of interest forwarding – Impact on processing time/complexity – Possible optimizations Effects on caches – Resiliency to content poisoning – Cache effectiveness 18

19 Format and Use of LINK Object 19

20 Updated Interest Forwarding If LINK not present – apply standard NDN interest forwarding logic – return NACK/no-route if interest cannot be forwarded if LINK present – (if router choses so) verify validity of the link – if LINK includes name of the “own network” apply standard NDN interest forwarding logic – Lookup LINK delegations in FIB, select “best”, and forward 20

21 Example of Interest Forwarding 21 /net/ndnsim is registered with UCLA CS router /net/ndnsim is registered with UCLA CS router /ucla/cs/www /ucla/cs/... /net/ndnsim default FIB

22 Example of Interest Forwarding 22 /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /net/ndnsim/www/index.html + /net/ndnsim/www => - /ucla/cs, 1 - /telia/terabits, 1

23 Example of Interest Forwarding 23 /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /net/ndnsim/www/index.html + /net/ndnsim/www => - /ucla/cs, 1 - /telia/terabits, 1

24 Example of Interest Forwarding 24 /ucla/cs/www /ucla/cs/... /net/ndnsim default FIB /net/ndnsim/www/index.html + /net/ndnsim/www => - /ucla/cs, 1 - /telia/terabits, 1 Own Network /ucla/cs

25 “Own Network” Concept Routers need to know to which network(s) they belong – configuration – automatic discovery Until interest reaches “own” network – can be satisfied from cache based on name of the interest – forwarded strictly using LINK, even if interest name is in the forwarding table need to allow /ucla/cs/alex/homepage to be hosted outside UCLA 25

26 Processing Optimization When LINK present and router makes forwarding decision based on non-default route – decision can be recorded and upstream routers can just use it “SelectedDelegation” 26

27 Effects on Caches Resiliency to content poisoning – When data packets cached, it must be associated with LINK that used – For interest to match cached item, both name and LINK must match Even when routers don’t very LINKs, malicious injected data does not effect legitimate users Cache effectiveness – “Normally” there is a single legitimate LINK No change to cache effectiveness 27

28 Tradeoffs for the Updated Forwarding Gains – Routing table is under control – Routers make conscious decisions on where to forward interest Issues – increased complexity per-interest processing multiple FIB lookups 28

29 Thanks 29

Download ppt "SNAMP: Secure Namespace Mapping to Scale NDN Forwarding Alex Afanasyev (University of California, Los Angeles) Cheng Yi (Google) Lan Wang (University of."

Similar presentations

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
Hierarchical Routing Architecture Introduction draft-xu-rrg-hra-00.txt Routing Research Group Xiaohu XU

Hierarchical Routing Architecture Introduction draft-xu-rrg-hra-00.txt Routing Research Group Xiaohu XU
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.

TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.
CSE331: Introduction to Networks and Security Lecture 8 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 8 Fall 2002.
NDN in Local Area Networks Junxiao Shi The University of Arizona 2014-09-04 1.

NDN in Local Area Networks Junxiao Shi The University of Arizona
Authors: Alexander Afanasyev, Priya Mahadevany, Ilya Moiseenko, Ersin Uzuny, Lixia Zhang Publisher: IFIP Networking, 2013 (International Federation for.

Authors: Alexander Afanasyev, Priya Mahadevany, Ilya Moiseenko, Ersin Uzuny, Lixia Zhang Publisher: IFIP Networking, 2013 (International Federation for.
Addressing operational challenges in Named Data Networking through NDNS distributed database Wednesday, September 18 th, 2013 Alexander Afanasyev

Addressing operational challenges in Named Data Networking through NDNS distributed database Wednesday, September 18 th, 2013 Alexander Afanasyev
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
An Engineering Approach to Computer Networking

An Engineering Approach to Computer Networking
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.

Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Exterior Gateway Protocols: EGP, BGP-4, CIDR Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Exterior Gateway Protocols: EGP, BGP-4, CIDR Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.
Guide to TCP/IP Fourth Edition

Guide to TCP/IP Fourth Edition
Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.

Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.
Forwarding Hint in NFD Junxiao Shi, 2015-05-20 1.

Forwarding Hint in NFD Junxiao Shi,
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Similar presentations

Ads by Google