Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tunnelling Through Inner Space Bob Briscoe Jan 2015 Bob Briscoe’s work is part-funded by the European Community under its Seventh Framework Programme through.

Published byAngelina Greene Modified over 8 years ago

Similar presentations

Presentation on theme: "Tunnelling Through Inner Space Bob Briscoe Jan 2015 Bob Briscoe’s work is part-funded by the European Community under its Seventh Framework Programme through."— Presentation transcript:

1 Tunnelling Through Inner Space Bob Briscoe Jan 2015 Bob Briscoe’s work is part-funded by the European Community under its Seventh Framework Programme through the Trilogy 2 (ICT-317756) and the RITE (ICT-317700) projects

2 © British Telecommunications plc the old transport extensibility architecture Source: The dataset collected for: Honda, M., Nishida, Y., Raiciu, C., Greenhalgh, A., Handley, M., and H. Tokuda, "Is it Still Possible to Extend TCP?", Proc. ACM Internet Measurement Conference (IMC'11) 181--192, Nov 2011 (nn): No. of paths tested to ea. port 2 Unknown option stripped from TCP SYN 0 4 8 12 16 20 24 28 32 36 40 ( 4B) MSS ( 2B) SACK-ok ( 3B) WS (10B) TS (12B) MPTCP (6-18B) TFO (shown as 12B) (3B) CRYPT-hello (bare min 84B) CRYPT-INIT-data (3B) CRYPT-INIT 0 TCP SYN TCP Data TCP Option 'Space'

3 © British Telecommunications plc Approach: Tunnel through Inner Space Why should an implementation walk a list of extensions for which it has no code? Extension can be coded to know where to look [Rob Hancock re. IPv6 extensions (Trilogy project, Feb 2010)] options:layer X extensions:layer X+1 * end-2-middle:layer X How to prevent legacy layer X passing corrupt payload to X+1? Examples (see position paper): (L4) Minion (L4) Inner Space (L3) ConEx (L3) Generic UDP tunnelling (GUT) 3 IP TCP Middle- box App IP Middle- box TCP Header & Outer Options Inner Options Within TCP Data TCP Payload Strawman principle: In a middlebox world, it is both more principled and more pragmatic to extend the layer X header within layer X+1 * * In Internet arithmetic, 4+1 = 7

4 © British Telecommunications plc Control Data Inner Space: in the TCP datastream robust to resegmentation Inner Options not prone to stripping in-order delivery of Inner Options out-of-order delivery also available InSpace Option Inner Options TCP Payload Magic No. A InSpace Option Inner Options TCP Payload InSpace Option Inner Options TCP Payload TCPTCP TCPTCP TCPTCP TCPTCP Segmentation when Sent Segmentation when Received 4 Sent Data Size (SDS)Inner Options Offset (InOO)Len 16b14b2b

5 © British Telecommunications plc middlebox domination strategy long term aim authenticated control channel if turned on option authentication today –up to 40% of connections would break –the ends break a working service middlebox domination strategy –Inner Space + option authentication (breaks 0%) then, if middleboxes move into the TCP data –the middleboxes break a working service why shoot yourself in the foot when you can make them shoot themselves in the foot? 5

6 © British Telecommunications plc Inner Space: Implications & Status Switchable transport semantics –Looks like vanilla TCP on the wire –switch inner semantics with TCP options e.g. ordering, encryption, compression –think "extensible Minion" Example: tcpcrypt decomposition cut from 18 to 9 CRYPT sub-options removed handshake latency can encrypt control options, and MAC pure ACKs Progress since Jul'14 –Default mode: Full spec as individual draft (5 revs, presented in tcpm & tcpinc) –TCPbis mode: Full spec available but not submitted http://bobbriscoe.net/projects/2020comms/tcp/draft-briscoe-tcpm-inner-space-sink-00c.txt –ad hoc team formed (~20 people on mailing list) –half-a-dozen doing or planning path traversal testing –2 or 3 planning to implement, including upstreaming 6 PayloadControl Options in-orderout-of-orderboth in-orderDefault(TCP)TCPbis out-of-order(UDP)UDPbis both(SCTP)'TCP2' draft-briscoe-tcpm-inner-space-01 draft-briscoe-tcpm-inner-space-sink-00c (splitting into sub-drafts - in progress) draft-briscoe-tcpm-inner-space-sink-00c (splitting into sub-drafts - in progress) Assessing whether 'TCP2' could satisfy HTTP2 reqs

7

8 © British Telecommunications plc dual handshake... and migration to single 1.different source ports, same dest. port 2.no co-ordination needed between server threads can be physically separate replicas 3.Can use single SYN-U handshake –when server is in cached white-list –once deployment is widespread (no need for white-list) Fall-back to SYN if no SYN-ACK-U Upgraded Client Legacy Server Threads Upgraded Client Upgraded Server Threads SYN-U SYN-ACK SYN RST ACK SYN-U SYN-ACK SYN-ACK-U SYN ACK RST -U = upgraded, i.e. magic no. at start of TCP Data 1 22 Cont... Upgraded Client Upgraded Server SYN-U SYN-ACK-U ACK Cont... 13 8

9 © British Telecommunications plc 00ZZ InSpace Option Suffix Options TCP Payload Magic Suffix Options TCP Payload InSpace Option TCP Payload Prefix Options 00ZZ InSpace Option Suffix Options Prefix Options Control Data Out-of-Order In-Order TCPbis mode: 2 control channels in the datastream Rcvr can reconstruct sent segments - robust to resegmentation TCP has always processed Outer Options on arrival (out-of-order) Inner Space adds two types of Inner Option to avoid middlebox interference –In-order Suffix Options – for stream control –Out-of-order Prefix Options essential for a few ACK-related options* to avoid flow-control deadlock * SACK, MPTCP Data ACK, tcpcrypt MAC of ACK Prefix Options are processed on arrival 9 If this segment is delayed... Suffix Options wait

Download ppt "Tunnelling Through Inner Space Bob Briscoe Jan 2015 Bob Briscoe’s work is part-funded by the European Community under its Seventh Framework Programme through."

Similar presentations

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
Chapter 17 Networking Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.

Chapter 17 Networking Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.
REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel° and Benoit Donnet°. *Université.

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel° and Benoit Donnet°. *Université.
A Test To Allow TCP Senders to Identify Receiver Non-Compliance Toby Moncaster †, Bob Briscoe*, Arnaud Jacquet* † University of Cambridge * BT draft-moncaster-tcpm-rcv-cheat-03.

A Test To Allow TCP Senders to Identify Receiver Non-Compliance Toby Moncaster †, Bob Briscoe*, Arnaud Jacquet* † University of Cambridge * BT draft-moncaster-tcpm-rcv-cheat-03.
Inner Space Bob Briscoe Nov 2014 draft-briscoe-tcpm-inner-space-01 Bob Briscoe’s work is part-funded by the European Community under its Seventh Framework.

Inner Space Bob Briscoe Nov 2014 draft-briscoe-tcpm-inner-space-01 Bob Briscoe’s work is part-funded by the European Community under its Seventh Framework.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
CS 471/571 Transport Layer 5 Slides from Kurose and Ross.

CS 471/571 Transport Layer 5 Slides from Kurose and Ross.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.

CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Computer Networks 2 Lecture 2 TCP – I - Transport Protocols: TCP Segments, Flow control and Connection Setup.

Computer Networks 2 Lecture 2 TCP – I - Transport Protocols: TCP Segments, Flow control and Connection Setup.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
EEC-484/584 Computer Networks Lecture 15 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

EEC-484/584 Computer Networks Lecture 15 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Chapter 3: Transport Layer

Chapter 3: Transport Layer
Midterm Reports of MPTCP-Related Middlebox Behavior Michio Honda, Keio University Yoshifumi Nishida, Dyyno.Inc / WIDE project Costin Raiciu, UCL Mark Handley,

Midterm Reports of MPTCP-Related Middlebox Behavior Michio Honda, Keio University Yoshifumi Nishida, Dyyno.Inc / WIDE project Costin Raiciu, UCL Mark Handley,
EEC-484/584 Computer Networks Lecture 13 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

EEC-484/584 Computer Networks Lecture 13 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
Some slides are in courtesy of J. Kurose and K. Ross Review of Previous Lecture Electronic Mail: SMTP, POP3, IMAP DNS Socket programming with TCP.

Some slides are in courtesy of J. Kurose and K. Ross Review of Previous Lecture Electronic Mail: SMTP, POP3, IMAP DNS Socket programming with TCP.
3-1 Transport services and protocols r provide logical communication between app processes running on different hosts r transport protocols run in end.

3-1 Transport services and protocols r provide logical communication between app processes running on different hosts r transport protocols run in end.
8-1 Transport Layer Our goals: r understand principles behind transport layer services: m multiplexing/demultipl exing m reliable data transfer m flow.

8-1 Transport Layer Our goals: r understand principles behind transport layer services: m multiplexing/demultipl exing m reliable data transfer m flow.

Similar presentations

Ads by Google